You can configure the File Services, which enable you to create file shares on your vSAN datastore. You can enable vSAN File Services on a regular vSAN cluster, a vSAN stretched cluster, or a vSAN ROBO cluster.
- Active Directory (AD) domain if you are planning to create an SMB file share or an NFSv4.1 file share with the Kerberos security.
- A static IP address to use as the single point of access to vSAN file shares. For best performance, the number of IP addresses must be equal to the number of hosts in the vSAN cluster.
Note: For the file servers, vSAN File Services support only the IPV4 addresses.
- The static IP addresses should be part of the Forward lookup and Reverse lookup zones in the DNS server.
- All the static IP addresses should be from the same subnet.
- vSAN File Services are supported on DVS version 6.6.0 or later. Create a dedicated port group for vSAN File Services in the DVS.
- To enable vSAN File Services, an additional 4 cores CPU and 10 GB physical memory are required for each host.
MacLearning and Forged Transmits are enabled as part of the vSAN File Services enablement process for a provided DVS port group.
For standard switches, the Promiscuous Mode and Forged Transmits are enabled as part of the vSAN File Services enablement process.
If NSX-based networks are being used, ensure that MacLearning is enabled for the provided network entity from the NSX admin console, and all the hosts and File Services nodes are connected to the desired NSX-T network.
- Navigate to the vSAN cluster and click Configure > vSAN > Services.
- On the File Service row, click Enable.
The Configure File Service wizard opens.
- Review the checklist on the Introduction page, and click Next.
- In the File service agent page, select one of the following options to download the OVF file.
Option Description Automatic approach This option lets the system search and download the OVF.Note:
- Ensure that you have configured the proxy and firewall so that vCenter can access the following website and download the appropriate JSON file.
- If an OVF is already downloaded and available, then following the options are available:
- Use current OVF: Lets you use the OVF that is already available.
- Automatically load latest OVF: Lets the system search and download the latest OVF.
Manual approach This option allows you to browse and select an OVF that is already available on your local system.Note: If you select this option, you should upload all the following files:
- In the Domain page, enter the following information and click Next:
- File service domain: The domain name should have minimum two characters. The first character should be an alphabet or a number. The remaining characters can include an alphabet, a number, an underscore ( _ ), a period ( . ), a hyphen ( - ).
- DNS servers: Enter a valid DNS server to ensure the proper configuration of File Services.
- DNS suffixes: Provide the DNS suffix that is used with the file services. All other DNS suffixes from where the clients can access these file servers should also be included. File Services does not support DNS domain with single label, such as "app", "wiz", "com" and so on. A domain name given to file services should be of the format thisdomain.registerdrootdnsname. DNS name and suffix must adhere to the best practices detailed in https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/plan/selecting-the-forest-root-domain.
- Directory Service: Configure an Active Directory domain to vSAN File Services for authentication. If you are planning to create an SMB file share or an NFSv4.1 file share with Kerberos authentication, then you must configure an AD domain to vSAN File Services.
Enter appropriate values in the following text boxes to configure the Active Directory domain to vSAN File Services:
Option Description AD domain
Fully qualified domain name joined by the file server.
Organizational unit (Optional)
Contains the computer account that the vSAN File Services creates. In an organization with complex hierarchies, create the computer account in a specified container by using a forward slash mark to denote hierarchies (for example, organizational_unit/inner_organizational_unit).Note: By default, the vSAN File Services create the computer account in the Computers container.
User name to be used for connecting and configuring the Active Directory service.
This user name authenticates the active directory on the domain. A domain user authenticates to the file server on the domain controller and creates vSAN File Services computer accounts, related SPN entries, and Files DNS entries (when using Microsoft DNS). As a best practice, create a dedicated service account for the file services.This user should have the following privileges in the organizational unit:
- Create and delete Computer Objects.
- Read and Write ms-DS-PrincipleName.
- Read and Write uPNSuffixes.
- (Optional) Add/Update DNS entries
Password Password for the user name of the Active Directory on the domain. vSAN File Services use the password to authenticate to AD and to create the vSAN File Services computer account.Note:
- vSAN File Services does not support the following:
- Read-Only Domain Controllers (RODC) for joining domains because the RODC cannot create machine accounts. As a security best practice, a dedicated org unit should be pre-created in the Active Directory and the user name mentioned here should be controlling this organization.
- Disjoint namespace.
- Spaces in organizational units (OUs) names.
- Multi domain and Single Active Directory Forest environments.
- Only English characters are supported for Active Directory user name.
- Only single AD domain configuration is supported. However, the file servers can be put on a valid DNS subdomain. For example, an AD domain with the name
example.comcan have file server FQDN as
- Pre-created computer objects for file servers are not supported. Make sure that the user provided here have sufficient privilege over the organizational unit.
- vSAN File Services update the DNS records for the file servers if the Active Directory is also used as a DNS server and the user has sufficient permission to update the DNS records. vSAN File Services also has a Health Check to indicate if the forward and reverse lookups for file servers are working properly. However, if there are other proprietary solutions used as DNS servers, the Vi admin should update these DNS records.
- In the Networking page, enter the following information, and click Next:
- Subnet mask
- In the IP Pool page, enter the following information, select a Primary IP, and then click Next.
Consider the following while configuring the IP addresses and DNS names:
- IP address
- DNS name
- Affinity site: This option is available if you are configuring vSAN file service on a stretched cluster. This option allows you to configure the placement of the file server on Preferred or Secondary site. This helps in reducing the cross-site traffic latency. The default value is Either, which indicates that no site affinity rule is applied to the file server.
Note: If your cluster is a ROBO cluster, ensure that the Affinity site value is set to Either.
In a site failure event, the file server affiliated to that site fails over to the other site. The file server fails back to the affiliated site when it is recovered. Configure more file servers to one site if more workloads can be expected from a certain site.Note: If the file server contains SMB file shares, then it does not failback automatically even if the site failure is recovered.
- To ensure proper configuration of File Services, the IP addresses you enter in the IP Pool page should be static addresses and the DNS server should have records for those IP addresses. For best performance, the number of IP addresses must be equal to the number of hosts in the vSAN cluster.
- You can enter up to 32 IP addresses.
- You can use the following options to automatically fill the IP address and DNS server name text boxes:
AUTO FILL: This option is displayed after you enter the first IP address in the IP address text box. Click the AUTO FIL option to automatically fill the remaining fields with sequential IP addresses, based on the subnet mask and gateway address of the IP address that you have provided in the first row. You can edit the auto filled IP addresses.LOOK UP DNS: This option is displayed after you enter the first IP address in the IP address text box. Click the LOOK UP DNS option to automatically retrieve the FQDN corresponding to the IP addresses in the IP address column.Note:
- All valid rules apply for the FQDNs. For more information, see https://tools.ietf.org/html/rfc953.
- The first part of the FQDN, also known as NetBIOS Name, should not have more than 15 characters.
The FQDNs are automatically retrieved only under the following conditions:
- You should have entered a valid DNS server in the Domain page.
- The IP addresses entered in the IP Pool page should be static addresses and the DNS server should have records for those IP addresses.
- Review the settings and click Finish.
The OVF is downloaded and deployed. The file services domain is created and the vSAN file services is enabled. File servers are started with the IP addresses that were assigned during the vSAN File Services configuration process.
- The OVF is downloaded and deployed.
- The file services domain is created and the vSAN file services is enabled.
- The file servers are started with the IP addresses that were assigned during the vSAN File Services configuration process.
- A File Services VM (FSVM) is placed on each host.
Note: The FSVMs are managed by the vSAN File Services. Do not perform any operation on the FSVMs.