vSAN supports two-node deployments. Two-node vSAN deployments are used for remote offices/branch offices (ROBO) that have a small number of workloads, but require high availability.

vSAN two-node deployments use a third witness host, which can be located remotely from the branch office. Often the witness is maintained in the branch office, along with the management components, such as the vCenter Server.

Two-Node vSAN Deployments Earlier than vSAN 6.5

vSAN releases earlier than 6.5 that support two-node deployments require a physical switch at the remote site.

Early two-node vSAN have a requirement to include a physical 10 Gb switch at the remote site. If the only servers at this remote site were the vSAN hosts, this could be an inefficient solution.

With this deployment, if there are no other devices using the 10 Gb switch, then no consideration needs to be given to IGMP snooping. If other devices at the remote site share the 10 Gb switch, use IGMP snooping to prevent excessive and unnecessary multicast traffic.

PIM is not required because the only routed traffic is witness traffic, which is unicast.

Two-Node Deployments for vSAN 6.5 and Later

vSAN 6.5 and later supports two-node deployments.

With vSAN version 6.5 and later, this two-node vSAN implementation is much simpler. vSAN 6.5 and later allows the two hosts at the data site to be directly connected.

To enable this functionality, the witness traffic is separated completely from the vSAN data traffic. The vSAN data traffic can flow between the two nodes on the direct connect, while the witness traffic can be routed to the witness site over the management network.

The witness appliance can be located remotely from the branch office. For example, the witness might be running back in the main data center, alongside the management infrastructure (vCenter Server, vROps, Log Insight, and so on). Another supported place where the witness can reside remotely from the branch office is in vCloud Air.

In this configuration, there is no switch at the remote site. As a result, there is no need configure support for multicast traffic on the vSAN back-to-back network. You do not need to consider multicast on the management network because the witness traffic is unicast.

vSAN 6.6 and later uses all uncast, so there are no multicast considerations. Multiple remote office/branch office two-node deployment are also supported, so long as each has their own unique witness.

Common Considerations for Two-Node vSAN Deployments

Two-node vSAN deployments provide support to other topologies. This section describes common configurations.

For standard deployment considerations, please refer to the following official documentation:

For more information on two-node configurations and detailed deployment considerations outside of network, see the official documentation.

Running the Witness on Another Two-Node Cluster

vSAN does not support running the witness on another two-node cluster.

Witness Running on Another Standard vSAN Deployment

vSAN supports witness running on another standard vSAN deployment.

This configuration is supported. Any failure on the two-node vSAN at the remote site does not impact the availability of the standard vSAN environment at the main data center.

Witness Running in vCloud Air

vSAN allows you to run a witness in vCloud Air.

This configuration is also supported. Refer to the official documentation on running a witness in vCloud Air here: Running VMware vSAN Witness Appliance in VMware vCloud Air.