When you use vSAN, you can define virtual machine storage requirements, such as performance and availability, in a policy.

vSAN ensures that each virtual machine deployed to vSAN datastores is assigned at least one storage policy. After they are assigned, the storage policy requirements are pushed to the vSAN layer when a virtual machine is created. The virtual device is distributed across the vSAN datastore to meet the performance and availability requirements.

vSAN uses storage providers to supply information about underlying storage to the vCenter Server. This information helps you to make appropriate decisions about virtual machine placement, and to monitor your storage environment.

What are vSAN Policies

vSAN storage policies define storage requirements for your virtual machines.

These policies determine how the virtual machine storage objects are provisioned and allocated within the datastore to guarantee the required level of service. When you enable vSAN on a host cluster, a single vSAN datastore is created and a default storage policy is assigned to the datastore.

When you know the storage requirements of your virtual machines, you can create a storage policy referencing capabilities that the datastore advertises. You can create several policies to capture different types or classes of requirements.

Each virtual machine deployed to vSAN datastores is assigned at least one virtual machine storage policy. You can assign storage policies when you create or edit virtual machines.

Note: If you do not assign a storage policy to a virtual machine, vSAN assigns a default policy. The default policy has Failures to tolerate set to 1, a single disk stripe per object, and a thin-provisioned virtual disk.
The VM swap object and the VM snapshot memory object adhere to the storage policies assigned to a VM, with Failures to tolerate set to 1. They might not have the same availability as other objects that have been assigned a policy with a different value for Failures to tolerate.
Note: If vSAN Express Storage Architecture is enabled, every snapshot is not a new object. A base VMDK and its snapshots are contained in one vSAN object. In addition, in vSAN ESA, digest is backed by vSAN object. This is different from vSAN Original Storage Architecture.
Table 1. Storage Policy - Availability
Capability Description
Failures to tolerate (FTT) Defines the number of host and device failures that a virtual machine object can tolerate. For n failures tolerated, each piece of data written is stored in n+1 places, including parity copies if using RAID-5 or RAID-6.

If fault domains are configured, 2n+1 fault domains with hosts contributing capacity are required. A host which does not belong to a fault domain is considered its own single-host fault domain.

You can select a data replication method that optimizes for performance or capacity. RAID-1 (Mirroring) uses more disk space to place the components of objects but provides better performance for accessing the objects. RAID-5/6 (Erasure Coding) uses less disk space, but performance is reduced. You can select one of the following options:
  • No data redundancy: Specify this option if you do not want vSAN to protect a single mirror copy of virtual machine objects. This means that your data is unprotected, and you might lose data when the vSAN cluster encounters a device failure. The host might experience unusual delays when entering maintenance mode. The delays occur because vSAN must evacuate the object from the host for the maintenance operation to complete successfully.
  • No data redundancy with host affinity: Specify this option only if you want to run vSAN Shared Nothing Architecture (SNA) workloads on the vSAN Data Persistence Platform.
  • 1 failure - RAID-1 (Mirroring): Specify this option if your VM object can tolerate one host or device failure. To protect a 100 GB VM object by using RAID-1 (Mirroring) with an FTT of 1, you consume 200 GB.
  • 1 failure - RAID-5 (Erasure Coding): Specify this option if your VM object can tolerate one host or device failure. For vSAN OSA, to protect a 100 GB VM object by using RAID-5 (Erasure Coding) with an FTT of 1, you consume 133.33 GB.
    Note: If you use vSAN Express Storage Architecture, vSAN creates an optimized RAID-5 format based on the cluster size. If the number of hosts in the cluster is less than 6, vSAN creates a RAID-5 (2+1) format. If the number of hosts is greater than 6, vSAN creates a RAID-6 (4+1) format. When the cluster size eventually expandss or shrinks, vSAN automatically readjusts the format after 24 hours from the configuration change.
  • 2 failures - RAID-1 (Mirroring): Specify this option if your VM object can tolerate up to two device failures. Since you need to have an FTT of 2 using RAID-1 (Mirroring), there is a capacity overhead. To protect a 100 GB VM object by using RAID-1(Mirroring) with an FTT of 2, you consume 300 GB.
  • 2 failures - RAID-6 (Erasure Coding): Specify this option if your VM objects can tolerate up to two device failures. To protect a 100 GB VM object by using RAID-6 (Erasure Coding) with an FTT of 2, you consume 150 GB. For more information, refer to Using RAID 5 or RAID 6 Erasure Coding in vSAN Cluster.
  • 3 failures - RAID-1 (Mirroring): Specify this option if your VM objects can tolerate up to three device failures. To protect a 100 GB VM object by using RAID-1 (Mirroring) with an FTT of 3, you consume 400 GB.
Note: If you create a storage policy and you do not specify a value for FTT, vSAN creates a single mirror copy of the VM objects. It can tolerate a single failure. However, if multiple component failures occur, your data might be at risk.
Site disaster tolerance This rule defines whether to use a standard, stretched, or 2-node cluster. If you use a vSAN stretched cluster, you can define whether data is mirrored at both sites or only at one site. For a vSAN stretched cluster, you can choose to keep data on the Preferred or Secondary site for host affinity.

  • None - standard cluster is the default value. This means that there is no site disaster tolerance.

  • Host mirroring - 2 node cluster defines the number of additional failures that an object can tolerate after the number of failures defined by FTT is reached. vSAN performs object mirroring at the disk group level. Each data host must have at least three disk groups or three disks in a storage pool to use this rule.

  • Site mirroring - stretched cluster defines the number of additional host failures that an object can tolerate after the number of failures defined by FTT is reached.

  • None - keep data on Preferred (stretched cluster). If you do not want the objects in a vSAN stretched cluster to have site failure tolerance and you want to make the objects accessible only on the site that is configured as Preferred, use this option.

  • None - keep data on Secondary (stretched cluster). If you do not want the objects in a vSAN stretched cluster to have site failure tolerance and you want to make the objects accessible only on the secondary site, use this option. These objects are not affected by the Inter-Switch Link (ISL) or witness host failures. They remain accessible if the site chosen by the policy is accessible.

  • None - stretched cluster. If you select this option, vSAN does not guarantee that the objects will be accessible if one of the sites fails, and such objects can consume too much ISL bandwidth and can increase latency for objects that use the site mirroring policy. Use this policy only when you cannot use the other policies during some temporary condition where there is a capacity constraint (CPU/memory/storage) in the cluster.

Table 2. Storage Policy - Storage rules
Capability Description
Encryption services Defines the encryption options for the VMs that you deploy to your datastore. Choone one of the following options:
  • Data-At-Rest encryption: Specify this option if you want to apply encryption to the data that is stored in your datastore.
  • No encryption: Specify this option if you do not want to apply any form of encryption to your data.
  • No preference: Specify this option if you do not want to explicitly apply any encryption rules. By selecting this option, vSAN applies both rules to your VMs.
Space efficiency Defines the space efficiency options for the VMs that you deploy to your datastore. Choose one of the following options:
  • Deduplication and compression: Specify this option if you want to apply both deduplication and compression to your data.
  • Compression only: Specify this option if you want to apply only compression to your data.
    Note: For vSAN Original Storage Architecture, compression is a cluster-level setting. For vSAN Express Storage Architecture, compresson only is performed at the object level. This means that you can use compression for one VM but not for another VM in the same cluster.
  • No space efficiency: Specify this option if you do not want to apply compression to your objects.
  • No preference: Specify this option if you do not want to explicitly apply any space efficiency rules. By selecting this option, vSAN applies all space efficiency rules to your VMs.

Storage tier Specify the storage tier for all VMs with the defined storage policy. Choose one of the following options:
  • All flash: Specify this option if you want to make your VMs compatible with all-flash environment.
  • Hybrid: Specify this option if you want to make your VMs compatible with only hybrid environment.
  • No preference: Specify this option if you do not want to explicitly apply any storage tier rules. By selecting this option, vSAN makes the VMs compatible with both hybrid and all flash environments.
Table 3. Storage Policy - Advanced Policy Rules
Capability Description
Number of disk stripes per object The minimum number of capacity devices across which each replica of a virtual machine object is striped. A value higher than 1 might result in better performance, but also results in higher use of system resources.

Default value is 1. Maximum value is 12.

Do not change the default striping value.

In a hybrid environment, the disk stripes are spread across magnetic disks. For an all-flash configuration, the striping is across flash devices that make up the capacity layer. Make sure that your vSAN environment has sufficient capacity devices present to accommodate the request.

IOPS limit for object Defines the IOPS limit for an object, such as a VMDK. IOPS is calculated as the number of I/O operations, using a weighted size. If the system uses the default base size of 32 KB, a 64-KB I/O represents two I/O operations.

When calculating IOPS, read and write are considered equivalent, but cache hit ratio and sequentiality are not considered. If a disk’s IOPS exceeds the limit, I/O operations are throttled. If the IOPS limit for object is set to 0, IOPS limits are not enforced.

vSAN allows the object to double the rate of the IOPS limit during the first second of operation or after a period of inactivity.

Object space reservation Percentage of the logical size of the virtual machine disk (vmdk) object that must be reserved, or thick provisioned when deploying virtual machines. The following options are available:
  • Thin provisioning (default)
  • 25% reservation
  • 50% reservation
  • 75% reservation
  • Thick provisioning
Flash read cache reservation (%) Flash capacity reserved as read cache for the virtual machine object. Specified as a percentage of the logical size of the virtual machine disk (vmdk) object. Reserved flash capacity cannot be used by other objects. Unreserved flash is shared fairly among all objects. Use this option only to address specific performance issues.

You do not have to set a reservation to get cache. Setting read cache reservations might cause a problem when you move the virtual machine object because the cache reservation settings are always included with the object.

The Flash Read Cache Reservation storage policy attribute is supported only for hybrid storage configurations. Do not use this attribute when defining a VM storage policy for an all-flash cluster or for a vSAN ESA cluster.

Default value is 0%. Maximum value is 100%.

Note: By default, vSAN dynamically allocates read cache to storage objects based on demand. This feature represents the most flexible and the most optimal use of resources. As a result, typically, you do not need to change the default 0 value for this parameter.

To increase the value when solving a performance problem, exercise caution. Over-provisioned cache reservations across several virtual machines can cause flash device space to be wasted on over-reservations. These cache reservations are not available to service the workloads that need the required space at a given time. This space wasting and unavailability might lead to performance degradation.

Object checksum If the option is set to No, the object calculates checksum information to ensure the integrity of its data. If this option is set to Yes, the object does not calculate checksum information.

vSAN uses end-to-end checksum to ensure the integrity of data by confirming that each copy of a file is exactly the same as the source file. The system checks the validity of the data during read/write operations, and if an error is detected, vSAN repairs the data or reports the error.

If a checksum mismatch is detected, vSAN automatically repairs the data by overwriting the incorrect data with the correct data. Checksum calculation and error-correction are performed as background operations.

The default setting for all objects in the cluster is No, which means that checksum is enabled.
Note: For vSAN Express Storage Architecture, object checksum is always on and cannot be deactivated.
Force provisioning If the option is set to Yes, the object is provisioned even if the Failures to tolerate, Number of disk stripes per object, and Flash read cache reservation policies specified in the storage policy cannot be satisfied by the datastore. Use this parameter in bootstrapping scenarios and during an outage when standard provisioning is no longer possible.

The default No is acceptable for most production environments. vSAN fails to provision a virtual machine when the policy requirements are not met, but it successfully creates the user-defined storage policy.

When working with virtual machine storage policies, you must understand how the storage capabilities affect the consumption of storage capacity in the vSAN cluster. For more information about designing and sizing considerations of storage policies, refer to "Designing and Sizing a vSAN Cluster" in vSAN Planning and Deployment.

How vSAN Manages Policy Changes

vSAN 6.7 Update 3 and later manages policy changes to reduce the amount of transient space consumed across the cluster.

Transient capacity is generated when vSAN reconfigures objects for a policy change.

When you modify a policy, the change is accepted but not applied immediately. vSAN batches the policy change requests and performs them asynchronously, to maintain a fixed amount of transient space.

Policy changes are rejected immediately for non-capacity related reasons, such as changing a RAID-5 policy to RAID-6 on a five-host cluster.

You can view transient capacity usage in the vSAN Capacity monitor. To verify the status of a policy change on an object, use the vSAN health service to check the vSAN object health.

View vSAN Storage Providers

Enabling vSAN automatically configures and registers a storage provider for each host in the vSAN cluster.

vSAN storage providers are built-in software components that communicate datastore capabilities to vCenter Server. A storage capability typically is represented by a key-value pair, where the key is a specific property offered by the datastore. The value is a number or range that the datastore can provide for a provisioned object, such as a virtual machine home namespace object or a virtual disk. You can also use tags to create user-defined storage capabilities and reference them when defining a storage policy for a virtual machine. For information about how to apply and use tags with datastores, see the vSphere Storage documentation.

The vSAN storage providers report a set of underlying storage capabilities to vCenter Server. They also communicate with the vSAN layer to report the storage requirements of the virtual machines. For more information about storage providers, see the vSphere Storage documentation.

vSAN 6.7 and later releases register only one vSAN Storage Provider for all the vSAN clusters managed by the vCenter Server using the following URL:

https://<VC fqdn>:<VC https port>/vsan/vasa/version.xml

Verify that the storage providers are registered.

Procedure

  1. Navigate to vCenter Server.
  2. Click the Configure tab, and click Storage Providers.

Results

The storage provider for vSAN appears on the list.
Note: You cannot manually unregister storage providers used by vSAN. To remove or unregister the vSAN storage providers, remove corresponding hosts from the vSAN cluster and then add the hosts back. Make sure that at least one storage provider is active.

What are vSAN Default Storage Policies

vSAN requires that the virtual machines deployed on the vSAN datastores are assigned at least one storage policy.

When provisioning a virtual machine, if you do not explicitly assign a storage policy, vSAN assigns a default storage policy to the virtual machine. Each default policy contains vSAN rule sets and a set of basic storage capabilities, typically used for the placement of virtual machines deployed on vSAN datastores.

Table 4. vSAN Default Storage Policy Specifications
Specification Setting
Failures to tolerate 1
Number of disk stripes per object 1
Flash read cache reservation, or flash capacity used for the read cache 0
Object space reservation 0
Note: Setting the Object space reservation to zero means that the virtual disk is thin provisioned, by default.
Force provisioning No

If you use a vSAN Express Storage Architecture cluster, depending on your cluster size, you can use one of the ESA policies listed here.

Table 5. vSAN ESA Default Storage Policy Specifications - RAID-5
Specification Setting
Failures to tolerate 1
Number of disk stripes per object 1
Flash read cache reservation, or flash capacity used for the read cache 0
Object space reservation Thin provisioning
Force provisioning No
Note: RAID-5 in vSAN ESA supports three host clusters. If you enable auto-policy management, the cluster must have four hosts to use RAID-5.
Table 6. vSAN ESA Default Storage Policy Specifications - RAID-6
Specification Setting
Failures to tolerate 2
Number of disk stripes per object 1
Flash read cache reservation, or flash capacity used for the read cache 0
Object space reservation Thin provisioning
Force provisioning No
Note: To use RAID-6, you must have at least six hosts in the cluster.

You can review the configuration settings for the default virtual machine storage policy when you navigate to the VM Storage Policies > name of the default storage policy > Rule-Set 1: VSAN.

For best results, consider creating and using your own VM storage policies, even if the requirements of the policy are same as those defined in the default storage policy. In some cases, when you scale up a cluster, you must modify the default storage policy to maintain compliance with the requirements of the Service Level Agreement for VMware Cloud on AWS.

When you assign a user-defined storage policy to a datastore, vSAN applies the settings for the user-defined policy on the specified datastore. Only one storage policy can be the default policy for the vSAN datastore.

vSAN Default Storage Policy Characteristics

The following characteristics apply to the vSAN datastore default storage policies.

  • A vSAN datastore default storage policy is assigned to all virtual machine objects if you do not assign any other vSAN policy when you provision a virtual machine. The VM Storage Policy text box is set to Datastore default on the Select Storage page. For more information about using storage policies, refer to the vSphere Storage documentation.
    Note: VM swap and VM memory objects receive a vSAN default storage policy with Force provisioning set to Yes.
  • A vSAN default policy only applies to vSAN datastores. You cannot apply a default storage policy to non-vSAN datastores, such as NFS or a VMFS datastore.
  • Objects in a vSAN Express Storage Architecture cluster with RAID 0 or RAID 1 configuration will have 3 disk stripes, even if the default policy defines only 1 disk stripe.
  • Because the vSAN Default Storage Policy is compatible with any vSAN datastore in the vCenter Server, you can move your virtual machine objects provisioned with the default policy to any vSAN datastore in the vCenter Server.
  • You can clone the default policy and use it as a template to create a user-defined storage policy.
  • You can edit the default policy, if you have the StorageProfile.View privilege. You must have at least one vSAN-enabled cluster that contains at least one host. Typically you do not edit the settings of the default storage policy.
  • You cannot edit the name and description of the default policy, or the vSAN storage provider specification. All other parameters including the policy rules are editable.
  • You cannot delete the default storage policy.
  • A default storage policy is assigned when the policy that you assign during virtual machine provisioning does not include rules specific to vSAN.

Auto Policy Management

Clusters with vSAN Express Storage Architecture can use Auto Policy Management to generate an optimal default storage policy, based on the cluster type (standard or stretched) and the number of hosts. vSAN configures the Site disaster tolerance and Failures to tolerate to optimal settings for the cluster.

The name of the auto-generated policy is based on the cluster name, as follows: ClusterName - Optimal Default Datastore Policy

When you enable Auto Policy, vSAN assigns a new optimal policy to the vSAN datastore, and that policy becomes the datastore default policy for the cluster.

To enable Auto Policy management, use the slide control on vSAN > Services > Storage > Edit.

Change the Default Storage Policy for vSAN Datastores

You can change the default storage policy for a selected vSAN datastore.

Prerequisites

Verify that the VM storage policy you want to assign as the default policy to the vSAN datastore meets the requirements of virtual machines in the vSAN cluster.

Procedure

  1. Navigate to the vSAN datastore.
  2. Click Configure.
  3. Under General, click the Default Storage Policy Edit button, and select the storage policy that you want to assign as the default policy to the vSAN datastore.
    Note: You can also edit the Improved Virtual Disk Home Storage Policy. Click Edit and select the home storage policy that you want to assign as the storage policy for the home object.
    You can choose from a list of storage policies that are compatible with the vSAN datastore, such as the vSAN Default Storage Policy and user-defined storage policies that have vSAN rule sets defined.
  4. Select a policy and click OK.
    The storage policy is applied as the default policy when you provision new virtual machines without explicitly specifying a storage policy for a datastore.

What to do next

You can define a new storage policy for virtual machines. See Define a Storage Policy for vSAN Using vSphere Client.

Define a Storage Policy for vSAN Using vSphere Client

You can create a storage policy that defines storage requirements for a VM and its virtual disks. Define a storage policy in vSphere Client

In this policy, you reference storage capabilities supported by the vSAN datastore.

Prerequisites

  • Verify that the vSAN storage provider is available. Refer to View vSAN Storage Providers.
  • Required privileges: Profile-driven storage.Profile-driven storage view and Profile-driven storage.Profile-driven storage update
Note: Clusters with vSAN Express Storage Architecure can use Auto Policy management. For more information, refer to What are vSAN Default Storage Policies.

Procedure

  1. Navigate to Policies and Profiles, then click VM Storage Policies.
  2. Click Create.
  3. On the Name and description page, select a vCenter Server.
  4. Type a name and a description for the storage policy and click Next.
  5. On the Policy structure page, select Enable rules for "vSAN" storage, and click Next.
  6. On the vSAN page, define the policy rule set, and click Next.
    1. On the Availability tab, define the Site disaster tolerance and Failures to tolerate.
      Availability options define the rules for failures to tolerate, Data locality, and Failure tolerance method.
      • Site disaster tolerance defines the type of site failure tolerance used for virtual machine objects.
      • Failures to tolerate defines the number of host and device failures that a virtual machine object can tolerate, and the data replication method.
      For example, if you choose Dual site mirroring and 2 failures - RAID-6 (Erasure Coding), vSAN configures the following policy rules:
      • Failures to tolerate: 1
      • Secondary level of failures to tolerate: 2
      • Data locality: None
      • Failure tolerance method: RAID-5/6 (Erasure Coding) - Capacity
    2. On the Storage Rules tab, define the encryption, space efficiency, and storage tier rules that can be used along with the HCI Mesh to distinguish the remote datastores.
      • Encryption services: Defines the encryption rules for virtual machines that you deploy with this policy. You can choose one of the following options:
        • Data-At-Rest encryption: Encryption is enabled on the virtual machines.
        • No encryption: Encryption is not enabled on the virtual machines.
        • No preference: Makes the virtual machines compatible with both Data-At-Rest encryption and No encryption options.
      • Space Efficiency: Defines the space saving rules for the virtual machines that you deploy with this policy. You can choose one of the following options:
        • Deduplication and compression: Enables both deduplication and compression on the virtual machines. Deduplication and compression are available only on all-flash disk groups. For more information, see Deduplication and Compression Design Considerations in vSAN Cluster.
        • Compression only: Enables only compression on the virtual machines. Compression is available only on all-flash disk groups. For more information, see Deduplication and Compression Design Considerations in vSAN Cluster.
        • No space efficiency: Space efficiency features are not enabled on the virtual machines. Choosing this option requires datastores without any space efficiency options to be turned on.
        • No preference: Makes the virtual machines compatible with all the options.
      • Storage tier: Specifies the storage tier for the virtual machines that you deploy with this policy. You can choose one of the following options. Choosing the No preference option makes the virtual machines compatible with both hybrid and all flash environments.
        • All flash
        • Hybrid
        • No preference
    3. On the Advanced Policy Rules tab, define advanced policy rules, such as number of disk stripes per object and IOPS limits.
    4. On the Tags tab, click Add Tag Rule, and define the options for your tag rule.
      Make sure that the values you provide are within the range of values advertised by storage capabilities of the vSAN datastore.
  7. On the Storage compatibility page, review the list of datastores under the COMPATIBLE and INCOMPATIBLE tabs and click Next.
    To be eligible, a datastore does not need to satisfy all rule sets within the policy. The datastore must satisfy at least one rule set and all rules within this set. Verify that the vSAN datastore meets the requirements set in the storage policy and that it appears on the list of compatible datastores.
  8. On the Review and finish page, review the policy settings, and click Finish.

Results

The new policy is added to the list.

What to do next

Assign this policy to a virtual machine and its virtual disks. vSAN places the virtual machine objects according to the requirements specified in the policy. For information about applying the storage policies to virtual machine objects, see the vSphere Storage documentation.