Deploy the VMware vSAN Witness Mode

As detailed in the earlier section, follow the VMware vSAN Witness Design guidance to understand the requirements. The VMware vSAN witness appliance is a specialized VMware ESXi installation that provides quorum and tiebreaker services for stretched clusters in VMware Cloud Foundation.

This appliance must be deployed in a third location that is separate from the VMware ESXi hosts in both the Primary Site (OCI Dedicated Region A) and Secondary Site (OCI Dedicated Region B).

If the latency requirements are met and a dedicated OCI FastConnect is established from both Primary and Secondary sites to this third location, the Witness Appliance can be deployed in any suitable VMware ESXi environment.

For this deployment, we deployed the Witness OVA in an Oracle Cloud VMware Solution SDDC located in another OCI Public Region, which we will call OCI Dedicated Region C, with CIDR range: 172.30.0.0/16.

Ensure appropriate network connectivity exists from the Witness Region (OCI Dedicated Region C) to both Primary and Secondary sites. Update route tables and security rules accordingly to allow communication between the Witness appliance, the VMware vCenter in the Primary Site (OCI Dedicated Region A), and VMware ESXi hosts in both Primary and Secondary sites.

Once the Witness OVA is deployed and the appliance is ready with the required network connectivity established, add the Witness Appliance into the Primary Site’s (OCI Dedicated Region A) vCenter using its IP address. DNS resolution is not essential for this step.

After adding the Witness Appliance to VMware vCenter, verify that the MTU is set to 9000 and that vmk0 is configured for VMware vSAN and VMware vSAN Witness traffic. vmk1 can be left unconfigured.