Okay I know...the whole purpose of SDDC is to distribute over several nodes. BUT, we are building a test environment and only need to have vSAN and vCenter run insofar as to allow us to proceed with encrypting the data.
I found a YouTube video that talked about forcing it to install on only one node.
Is that possible? What kind of hardware and other considerations would be needed to support this?
Is there any way to do any of this "virtually" so we don't need to buy another server?
Has anyone set this up in their lab this way?
A single vSAN Host is not a supported configuration by VMware. You need at least 2 hosts for ROBO deployments or 3 hosts for a minimum standard installation.
I don't know if this is even possible, but even if there is a hack for it, I would not recommend it. vSAN relies heavily on the physical storage subsystem. For example on the storage controller and suitable drivers (this is also checked by the health checks). And even if you get it virtualized as nested esxi or with kvm somehow, it can lead to unforeseen behavior and errors.
In my opinion, this is useless for a lab environment. You never know if an error is caused by this unsupported setup or if it will behave that way in production, too.
I think he's talking about the vSAN data-at-rest encryption, not about the VM encryption.
vSAN data-at-rest encryption, is a VM encryption, adapted for use in a vSAN cluster. Therefore, this is not the same thing. And therefore it is used not because it is super encryption, but because it is required by vSAN technology.
Good points. This would only be our test lab and never in production but it is a valid point that you don't know how it would act if you do it with one host. We're trying to build a test environment to test interaction with a key manager and just wanted to know what we need to set up to make this happen. Since I had found the information on the one host set up I wanted to know if it was a "for real" thing or just not done.
Sounds like I need a minimum of 3 Intel servers running one SSD drive for the cache and at least one SSD/Flash for capacity. Then put ESXi on it and it can be clustered in the vSAN.
Thanks for taking the time to answer my question!
"Is it possible to deploy vSAN on one node?" Off course. You can create a one node cluster while deploying VCSA or even manually.
Is it supported? NO
Is it recommended? NO
What you are looking for, is a way to test vSAN in a test environment. Rather than creating a non-supported test environment that will not mirror anything close to a production deployment; I would highly recommend other avenues for testing.
Some ways to test vSAN safely is by using Hands-on-lab (HOL). We have several vSAN labs (and more on the way) so that people can play around with vSAN. One of the labs in particular, allows you test encryption as well.
You can also contact your VMware rep and ask for assistance for a vSAN POC. If there is no hardware available, and no HW vendors can provide temporary HW; then you can ask your VMware rep to look into "Test Drive" for a vSAN POC.
When testing a product or features, you should test close to what you have in mind for a potential production deployment; otherwise, your results will not be applicable. If you are buying a new car, you wouldn't drive it with only one wheel, would you?
Here is one of my blog posts about vSAN Encryption, what you need, and how to enable it. If you need more info on it, let me know.