When you are configuring your ESX/ESXi host to work in conjunction with SAN, you must make your whole environment failure resistant and protect it against host failures.

For each type of server failover, you must follow these practices:

Approaches to server failover work only if each server has access to the same storage. Because multiple servers require a lot of disk space, and because failover for the storage system complements failover for the server, SANs are usually employed in conjunction with server failover.

When you design a SAN to work in conjunction with server failover, all ESX/ESXi hosts must see all datastores that the clustered virtual machines use.

Although a datastore is accessible to a host, all virtual machines on that host do not necessarily have access to all data on that datastore. A virtual machine can access only the virtual disks for which it was configured. In case of a configuration error, virtual disks are locked when the virtual machine boots so no corruption occurs.


As a rule, when you boot from a SAN, each boot volume should be seen only by the host that is booting from that volume. An exception is when you try to recover from a failure by pointing a second host to the same volume. In this case, the SAN volume in question is not really for booting from a SAN. No host is booting from it because it is corrupted. The SAN volume is a regular non-boot volume that is made visible to a host.