Hyperconverged storage solutions require the installation of a virtual storage appliance on each host. However, in the case of VSAN, because it is embedded in the ESXi kernel, all the Virtual SAN smarts are already built in to the hypervisor and there are no additional components to install. Just 2 clicks and it can be enabled. There is no separate virtual appliance and no additional management overheads. Because it is embedded in the hypervisor VSAN provides the shortest path for I/O, making storage operations optimally efficient and does not consume CPU resources unnecessarily. Even during maintenance operations and VM migrations, storage operations are seamlessly handled.
vSAN Is Integrated within vSphere• Critical services converged in hypervisor kernel
• High performance, low latency & low resource requirements• No physical or virtual appliances to manage• Minimal software for reliability• Direct I/O path from VMs to hardware
• Management & Policy integration - vCenter• Capacity, Performance & Health Information
integrated into vCenter• Per VM(vmdk) policy capabilities
Hyperconverged storage solutions require the installation of a virtual storage appliance on each host. However, in the case of VSAN, because it is embedded in the ESXi kernel, all the Virtual SAN smarts are already built in to the hypervisor and there are no additional components to install. Just 2 clicks and it can be enabled. There is no separate virtual appliance and no additional management overheads. Because it is embedded in the hypervisor VSAN provides the shortest path for I/O, making storage operations optimally efficient and does not consume CPU resources unnecessarily. Even during maintenance operations and VM migrations, storage operations are seamlessly handled.
Greater Consolidation Ratio Lowers Cost per VM
vSphere
Storage VM(per server)
Typical HCI vSAN In-Kernel HCI
Storage VM consumes resourcesData paths are inefficientAdditional management bolted on
2x CPU and 3x memory efficiencyNative vMotion and DRSSimple, single management pane
vSphere / vSAN
12
3 4
5
1 23&4* Network
1* Network
7
vSAN 5.5March 2014
vSAN 6.0March 2015
All Flash64 Node ClusterX2 Hybrid PerformanceVSAN SnapshotsVSAN ClonesRack Awareness
vSAN 6.2March 2016
vSAN 6.1September 2015
Stretched ClusterReplication - 5 Min RPORoot Cause AnalysisHealth Monitoring
DeduplicationCompressionErasure Coding (RAID 5/6)Quality of Service Performance & Capacity MonitoringExpanded Virtual SAN Ready Nodes
VMware Storage:A history of data integrity, data availability & data resiliency
vSAN – Continued Innovation
vSAN 6.5December 2016
iSCSI Target2 Node Direct Connect512e Disk SupportCloud Automation
• Datastore level, data-at-rest encryption for all objects on vSAN Datastore
• Enabled at cluster level, supporting hybrid, all-flash, and stretched clusters
• No need for self encrypting drives (SEDs), reducing cost and complexity
• Works with all vSAN features, including deduplication and compression
• Integrates with all KMIP compliant key management technologies, including SafeNet, Hytrust, Thales, Vormetric, etc.
vSphere vSAN
vSAN Datastore
Presenter
Presentation Notes
Key Message/Talk track: Addressing changes in requirements can be a challenge, and a potential risk for data center administrators. Requirements around security can often make compliance a much more challenging endeavor. By addressing concerns such as security of data natively in the hypervisor one can have the confidence that VMware vSphere running vSAN can address those concerns efficiently and effectively using software that they already know. This is exactly what vSAN 6.6 offers. Data at rest encryption that is built right into vSAN, easily enabled by a few clicks of a mouse. ---------------------------------- Overview: Datastore level, data at rest encryption for all objects on vSAN datastore Enabled at cluster level, supporting hybrid, all-flash, and stretched clusters No need for self encrypting drives! (SEDs) Reducing cost and complexity Works with all vSAN features Integrate with all KMIP compliant key management technologies, including SafeNet, Hytrust, Thales, Vormetric, etc. ---------------------------------- Details: No vCenter dependency Cluster wide setting that provides encryption of all data at rest. (data in flight is transmitted unencrypted) All core dumps are encrypted Works with all vSAN features Hybrid and All Flash Space Efficiency technologies such as dedup & compression, RAID5/6 QoS, Checksum Stretched clusters (Witness VM is not encrypted. No data is stored on witness, and not encrypting reduces attack matrix) Transparent to other vSphere features. (e.g. vMotion, vSphere Replication, etc.) Encryption occurs in last step for highest level of protection. Encryption at final step achieves highest level of protection with AES-256. Encrypting earlier would require running ECB degraded mode, not acceptable in financial institutions. FIPS certification pending (In progress at this time). Uses same modules as “VM Encryption.” The OpenSSL is in progress: http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140InProcess.pdf The VM Kernel module is listed: http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140IUT.pdf Integration with major central key management technologies that are KMIP compliant Configured in UI Tested with SafeNet, Hytrust, Thales, Vormetric, but other KMIP should work. Supports KMS servers running as KMS clusters to ensure high availability Encrypted vSAN must have KMS available in order to boot. vSAN datastore must upgraded to the vSAN on-disk format version 5.0, as a part of vSAN 6.6 Enabling encryption requires that all disks in disk group to be reformatted vSAN disk groups are not usable without keys vSAN encryption a part of Enterprise licensing Encryption needs CPU resources, and can introduce some levels of CPU overhead. The amount will be dependent on the type and volume of I/O activity. Witness host is not encrypted. Why? It is more secure to not encrypt the witness node. If the witness node is encrypted, it has to store all the credentials to get the secret key from the Key Management Server (KMS). These credentials become another attack surface that we have to protect. However, since witness runs in a virtual environment, it is easier to be attacked than regular hosts which run in physical environments. Not encrypting witness node reduced attack surface and makes the system more secure. What can be leaked on the witness node includes number and size of each vSAN object, their log sequence number, and policy. None of these are sensitive user data. ---------------------------------- Definitions: FIPS PUB 140-2: “Federal Information Processing Standard” (FIPS) Publication 140-2, is a U.S. government computer security standard used to accredit cryptographic modules. AES: Advanced Encryption Standard (AES), is a specification for the encryption of electronic data established by the U.S. National Institute of Standards and Technology (NIST) in 2001
Supporting a Broad Variety of Use Cases
Business Critical Apps (SAP, DMZ)
Virtual Desktops (VDI)
DR / DA
Cloud Native AppsDatabases (SQL/Oracle)
ROBOManagementClusters
Containers Solutions TBA Q2 FY19
vSAN
CH2M, Telecomuting
University of South Carolina , Rent-A-Center
(CINgroup, COOP, Whirlpool)
(Cincinnati Bell, Century Link)
(Yellow Page Canada, Sugar Creek Packing)
Work Space One – VDI Reference Architecture
(Peter Cremer NorthAm, Discovery )
Presenter
Presentation Notes
Summary: Customer facing Use Case slide with active web links to the associate white papers.
Continuous re-platforming leverages next-gen hardwareto deliver the lowest $/Gig and $/IOPS
Broadest Deployment Options from HCI to SDDC Built on Industry-Leading VMware Hyper-Converged Software (HCS)
Certified SolutionsvSAN Ready Nodes
Engineered AppliancesVxRail
Virtual SAN Ready Nodes
Build Your OwnDell “Servers”
Virtual SAN Hardware Compatibility
Lifecycle Management
EMC Federation HCI Appliance
VMware HCSVirtual SAN + vSphere + vCenter
VMware HCSVirtual SAN + vSphere + vCenter
VMware HCSVirtual SAN + vSphere + vCenter
Disk Controller SSD HDD
Cloud FoundationVxRack, EHC
Certified PartnerHardware
NSX
vRealize
VMware HCSVirtual SAN + vSphere + vCenter
SDDC Manager
Presenter
Presentation Notes
Summary: The consumption models. We are all expected to lead with VxRail. It is the easiest of the consumption choices, but not always the most suitable solution. vSAN – DIY – Your customer takes on the responsibility vSAN Ready Nodes – Certified Solutions – but there is still significant engineering that the customer will be responsible VxRail – Not plug & Play, but totally engineered appliance NSX & Cloud – Final step to Software Defined Data Center with a path to the public cloud.
Simplicity, Scale, & Savings.
Turnkey hyper-converged VMware appliance
Quality of Service Data ProtectionData Efficiency Services
VxRailMarket
Cloud Storage
Presenter
Presentation Notes
VxRail comes fully loaded with everything included: RecoverPoint for VMs provides Replication, data protection, and advanced disaster recovery , and 5 licenses of RecoverPoint for VMs comes with each appliance node. VMware Data Protection and optional Data Domain for centralized de-duplicated backup and recovery EMC CloudArray allowing for storage capacity expansion from the appliance with scalable cloud-based storage to the public cloud (our own or others). 1TB appliance storage comes with each appliance. And, a Market where pre-loaded applications exist for customers to extend the value of their appliance, and will be populated over time with more and more applications.
Summary : Despite our competitors opposing view vSAN IS a mature product and it has become a mature product in a very short time period. The VMware vSAN Product Team continues to deliver advancements in scalability, performance, security and lower costs to support an agile, software-defined data center. *** Important*** Understand that VxRail is an appliance product utilizing vSAN (other VMware software products) and Dell EMC hardware validated and certified to enhance the customer experience by minimize storage complexity. So there will be a lag from General Availability (GA) of vSAN software revisions and validation and acceptance of the latest revisions applied to VxRail products. *** Explanation of the process *** Response from Product Group: We have a policy to pick up major new releases (to VxRail) at Update 1 - but, after that point, we are averaging less than 20 calendar days to validate and release post VMware GA. We are working hard to reduce this time and have an aspirational goal to get to the same day - but there is no commitment
vSAN/VxRail Salient Characteristic
• Storage management integrated into hypervisor
• No additional software installation required– No additional training required
• Approved for DoD use under DISA STIG Framework– Certificate of Networthiness (CoN) from U.S. Army
• Native encryption of data-at-rest (no need for Self Encrypting Drives (SEDs))
• Support for Storage Policy Based Management
• Integration with multiple Public Cloud Providers
Differentiators for RFIs, RFQs and RFPs
Presenter
Presentation Notes
Summary : These are simply lockout specs for RFP/RFQ responses
Next Steps to Get Started with vSAN & VxRail
Start with vSAN Assessment
• Understand the needs of your environment in just one week!
• Contact your VMware Partner, SEs or Rep for a free vSAN assessment
StorageHub – Demos and Guideswww.storagehub.vmware.comFree Hands-On Labsvmware.com/go/vsanlabVirtual Blocks – vSAN Blogblogs.vmware.com/virtualblocks/vSAN Sales [email protected] Test Drive – No ChargeFull Agenda & Registration Portal
Presenter
Presentation Notes
As you look to extend your virtualization strategy to storage and beyond, we have additional information to help you on that journey. You can start with a free vSAN Assessment to quickly understand how vSAN could fit in your environment today. If you’re looking to do some research on your own, then check out our resources on StorageHub or get your hands on vSAN through one of our free, online Hands-On Labs. For the latest news and information, stay plugged in to Virtual Blocks, a blog focused on all things vSAN from our product experts.
