Skip to main content
🎤 Speaking at Red Hat Summit 2026 GPUs take flight: Safety-first multi-tenant Platform Engineering with NVIDIA and OpenShift AI Learn More
Fix Helm Failed to Download Chart

Download [patched] Vsan Witness Appliance

The vSAN Witness Appliance is a purpose-built virtual machine that acts as a tie-breaker in 2-node or stretched cluster configurations. It essentially runs a "stripped-down" version of ESXi that stores only metadata, ensuring cluster availability without requiring a full third host. Availability & Download

You can download the appliance as an OVA (Open Virtual Appliance) file directly from the Broadcom/VMware Support Portal.

Version Matching: It is critical to download a version that matches your specific vSphere/vSAN environment (e.g., 7.x, 8.x) to ensure compatibility.

Licensing: The appliance includes an embedded license for its function as a witness, so you generally don't need to provide an extra ESXi license for it. Deployment Review

The deployment process is straightforward but requires specific networking attention:

Ease of Setup: Since it is an OVA, you can deploy it via the "Deploy OVF Template" wizard in vCenter.

Sizing Tiers: During deployment, you choose from "Tiny," "Medium," or "Large" configurations based on the number of components in your cluster. For most homelabs, "Tiny" or "Medium" is sufficient. download vsan witness appliance

Networking Requirements: The appliance requires two VMkernel adapters: one for Management and one for vSAN traffic. You must ensure the witness host can communicate with the data nodes over the vSAN network, often requiring static routes if they are on different subnets. Performance & Resource Usage

Low Footprint: Because it doesn't run actual workloads (VMs), it has very low CPU and memory requirements.

Compute Limitation: You cannot power on regular VMs on a witness appliance; its sole purpose is to store witness components and maintain quorum. Pros & Cons Pros Cons

Cost-Effective: Eliminates the need for a physical third server in 2-node setups.

Dependency: If the witness goes down in a 2-node cluster, the cluster cannot survive a subsequent node failure.

Simple Deployment: Standard OVA format is familiar to vSphere admins. The vSAN Witness Appliance is a purpose-built virtual

Networking Complexity: Requires careful VLAN and routing configuration for vSAN traffic.

Maintenance: Can be managed and patched similarly to a standard ESXi host.

Site Placement: In stretched clusters, it must reside in a separate "third site" to be effective.

Step 1: Navigate to the VMware Customer Connect Portal

Open your browser and go to: https://customerconnect.vmware.com/

Note: Do not use Google’s cached old links to “my.vmware.com” as they may redirect improperly.

Step 4: Select Your vSAN Version

You will be presented with a list of all available vSAN versions (e.g., vSAN 8.0 Update 3, vSAN 7.0 Update 3, etc.). Step 1: Navigate to the VMware Customer Connect

  • Critical: Click the dropdown or triangle icon next to the exact version running on your ESXi hosts.
  • Do not click the main "Download" button for the ISO file.

Phase 3: Deploying the Appliance (OVA)

You deploy this just like any other virtual appliance. Ideally, deploy it to a management cluster or a host that is not part of the vSAN data cluster you are configuring.

  1. Log in to the vSphere Client (HTML5).
  2. Right-click on a Datacenter, Cluster, or Host where you want to run the Witness.
  3. Select Deploy OVF Template.
  4. Select Local File and browse to the downloaded .ova file. Click Next.
  5. Review Details: Verify the version matches your requirements. Click Next.
  6. Accept License Agreements: Click Next.
  7. Select Name and Folder: Give it a recognizable name (e.g., vSAN-Witness-SiteA).
  8. Select Storage: Choose the datastore where the Witness VM configuration will live (Standard VMFS, NFS, or local storage is fine; it does not need to be on the vSAN datastore it is witnessing).
  9. Select Networks:
    • Map the Management Network (This is required for vCenter communication).
    • Map the vSAN Network (This is the isolated VMkernel port for vSAN traffic to talk to the data nodes).
    • Tip: You can add networks later, but defining them now is easier.
  10. Customize Template:
    • Enter a root password.
    • Configure Networking (Static IP or DHCP).
    • Enter Subnet Mask, Gateway, DNS, and Domain.
  11. Ready to Complete: Review settings and click Finish.

Phase 5: Assigning the Witness to the Cluster

Now that the Witness is a standalone host in your vCenter inventory, you must assign it to your vSAN cluster.

  1. Navigate to your vSAN Cluster (where your data nodes reside).
  2. Click Configure > vSAN > Services.
  3. Under the "Services" tab, click Edit.
  4. Scroll down to vSAN Stretched Cluster.
  5. Toggle the switch to Enabled.
  6. A wizard will open asking for:
    • First Failure Domain: Select the hosts for Site A (e.g., "Preferred").
    • Second Failure Domain: Select the hosts for Site B (e.g., "Secondary").
    • Witness Host: Browse and select the Witness Appliance host you added earlier.
  7. Click OK.

vCenter will now configure the cluster logic. The Witness host will move from being a generic host in your inventory to being "owned" by the Stretched Cluster configuration.

Download: vSAN Witness Appliance — Overview and Steps

Important Requirements

| Item | Requirement | |------|--------------| | ESXi version | The Witness Appliance version must exactly match the vSAN version running on your primary and secondary sites. | | Deployment format | OVA (Open Virtual Appliance) | | vSAN License | Stretched Cluster license feature required | | Networking | Layer 2 or Layer 3 connectivity between Witness and both data sites | | Storage | The Witness Appliance requires a dedicated datastore (does not use vSAN storage) |

Prerequisites

Before downloading, ensure you have the following:

  1. A valid VMware Customer Connect account. The software is behind a paywall, accessible only with an entitlement for vSphere Enterprise Plus or a vSAN license.
  2. Your vSAN License Key. The download portal verifies that your license includes Stretched Cluster capabilities.
  3. Version Compatibility. The Witness Appliance version must exactly match the vSAN version running on your ESXi hosts (e.g., vSAN 7.0 needs Witness 7.0).

Related Articles

Docker Captain announcement
DevOps

I Am a Docker Captain

In April 2026 I joined the Docker Captains program — a community of experts who share Docker knowledge worldwide.

Tank OS - Secure OpenClaw with Podman containers
DevOps

Tank OS: Secure OpenClaw Deployments with Podman

Red Hat maintainer Sally O'Malley releases Tank OS — a Podman-based bootable container image that makes enterprise OpenClaw agent deployments safer and manageable at scale.

OpenClaw gateway.controlui.allowinsecureauth configuration guide
DevOps

OpenClaw gateway.controlui.allowinsecureauth Explained

What is openclaw gateway.controlui.allowinsecureauth? When to enable it, what security risks it carries, and safer alternatives for non-TLS deployments.

OpenClaw gateway.controlui.basepath configuration guide
DevOps

OpenClaw gateway.controlui.basepath Configuration Guide

How to configure openclaw gateway.controlui.basepath to serve the Control UI under a subpath. Reverse proxy, Nginx, Traefik, and Kubernetes ingress examples.

All Articles
Luca Berton Ansible Pilot Ansible by Example Open Empower K8s Recipes Terraform Pilot CopyPasteLearn ProteinLens Heaven Art Shop TechMeOut

Free 30-min AI & Cloud consultation

Book Now