vSAN stretched cluster requires a witness host deployed in a third location, different from the location of both availability zones.
VMware Cloud Foundation, you deploy the vSAN witness appliance instead of using a dedicated physical ESXi host as a witness host. Unlike a general purpose ESXi host, the witness appliance does not run virtual machines and its only purpose is to serve as a vSAN witness.
Deploy the vSAN Witness Host in a Third Location for an NSX-T Workload Domain Start the deployment of multiple availability zones in the NSX-T workload domain by deploying the vSAN witness host as a virtual appliance in a third location, such as an instance of VMware Cloud Foundation in another region.
Configure the VLAN for the Management Network and Enable SSH on the vSAN Witness Host for an NSX-T Workload Domain After the initial start, use the ESXi Direct Console User Interface (DCUI) to configure the management network on the appliance of the vSAN witness host in VMware Cloud Foundation.
Add the vSAN Witness Appliance as a Standalone Host to the NSX-T Workload Domain To use the witness appliance in the third location as a witness host for the vSAN stretched cluster in the NSX-T workload domain in VMware Cloud Foundation, you add the witness host as a standalone host in the vCenter Server instance for the workload domain.
Configure the Witness VMkernel Adapter on the vSAN Witness Host for an NSX-T Workload Domain To enable the vSAN data communication to both availability zones, configure the witness network on the vSAN witness host in VMware Cloud Foundation.
Add Static Routes for the vSAN Witness Host for an NSX-T Workload Domain In VMware Cloud Foundation, configure routing for vSAN witness traffic so that the vSAN witness host can exchange system data with the management components for the workload domain.