With vSphere 7 or later, vSAN can be configured to serve NFS/SMB shares. vSAN makes these services available through VMware vSAN File Services Appliance.
Before you begin, you will need a few things configured:
You must create a separate port group for vSAN file services, as both promiscuous mode and forged transmits will be configured on the port group when the service is enabled.
A set of IP addresses and corresponding DNS records. The number of IPs needed will depend on the number of hosts in the vSAN Cluster. These IP addresses are for the vSAN file service nodes, which will be deployed on each host in the vSAN cluster. I am using a 3-node vSAN cluster for this blog, so I need three IP address/DNS record combinations ready.
Download vSAN File Service OVF files if your vCenter cannot connect to the internet.
If you are standing up a POC in a nested lab, remember that the vSAN hosts will need at least 16 GB of memory. Otherwise, you will most likely run into issues enabling the vSAN service.
The service is enabled from the cluster's configuration section under vSAN | Services.
However, as mentioned before you must create a separate port group for vSAN file services, as both promiscuous mode and forged transmits will be configured on the port group when the service is enabled. You do not want to enable promiscuous mode and forged transmits on a port group used for other traffic types. I have created a port group called "LabvSAN_FileService_PG," which will be used when enabling the service. The port group was created with all the defaults.
The required OVF files are automatically downloaded if your vCenter can connect to the internet; however, in most cases, it wouldn't be for security reasons. If your vCenter cannot connect to the internet, you can download the OVF files from the vSAN download page and manually load them to ENABLE the service.
Once the OVF files are loaded to the appliance, it would start the configuration by modifying the port group to enable promiscuous mode and forged transmits. It would also deploy the File Service Nodes onto the ESXi hosts in the cluster.
Here is a complete list of tasks:
Once done, refresh the vSphere Client and head back to vSAN | Services, and you will be indicated that the file services have been enabled, but a File Service Domain needs to be configured. Note that sometimes you might have to wait a bit longer for the CONFIGURE DOMAIN button to appear. You do not need to refresh the screen more than once.
Click "CONFIGURE DOMAIN" to start the configuration.
We start by specifying a File Service Domain name. Remember that this is unique to this vSAN Cluster's file service and has nothing to do with your active directory domain.
On the Networking screen, enter the common configuration (DNS/Gateway) and the IP addresses set aside for the vSAN File Service Nodes. If clicking LOOKUP DNS doesn't populate the hostnames, verify whether the DNS server details entered are accurate. It could also mean that either the DNS servers are not reachable or the DNS records have not been created yet.
On the Directory service screen, you can enable access to Active Directory. Doing so is required if you plan to create SMB/NFS shares with Kerberos authentication within the file service domain. Without access to the active directory, you could only create NFS shared with AUTH_SYS.
Once the active directory has been successfully authenticated, it will move to the review screen. Click FINISH to initiate the creation of the vSAN File Service Domain.
You should see the following tasks completed successfully.
Once completed, check the status of the File Service under vSAN | Services.
You should now be able to create NFS/SMB shares under vSAN | File Shares
Downloading vSAN File Services OVF Files
Head onto the vSAN Downloads page.
Select the version corresponding to your vSAN version.
And download all the OVF package files.
