December 11, 2023

Using Tag-Based SPBM Policies to Manage Your Storage

In this SPBM series (Storage Policy Based Management), we will review and explore the many options for using SPBM to manage your virtual storage. SPBM policies are categorized into three main areas; Storage Capabilities and Services, Data Services, and Tags.​​​​​​​

Tag-Based SPBM image-20230119211341-1

Storage Capabilities and Services SPBM policies are used when datastores, such as vSAN and vVols, are represented by the storage provider or VASA. The VASA reports the capabilities and services that a vendor’s array is capable of providing.

Data Services SPBM policies use host-based services and are also represented by the storage providers. You use the information from the storage provider when defining host-based data services. Data Services Policies do not affect the placement of objects or VMs but rather the services they may use such as encryption or SIOC v2.

Tag-based SPBM policies may be used for numerous functions and are often used when a datastore is not represented by a storage provider. VMFS and NFS typically fall into this category although it is not limited to these.



Tag-Based SPBM Policies

Many are familiar with SPBM policies when used with vSAN or vVols, as they have some incredible features and functionalities. But another valuable SPBM use is with Tags and Categories. By using tags, we can create high-level generic, or custom and detailed policies. With tag-based SPBM, you can create specific categories and tags based on almost anything you can envision. Performance levels or tiers, disk configurations, locations, OS type, departments, and disk types such as SAS, SATA, or SSD are just a few examples. The categories and tags you can create are almost limitless!

Say you want to make sure VI admins place Linux VMs on a specific datastore. You can create a Category for OS and a Tag for Linux. Then you can associate those tags with any number of datastores you want to house only Linux VMs. This enables VI admins to simply choose the Linux SPBM policy and only the compatible datastores, or datastore clusters will be displayed and available.


Setting up Categories and Tag-Based SPBM Policies

With tag-based SPBM, you have the ability to utilize multiple tags within a single policy. In fact, if you’re crazy enough, you can use up to 128 tags in a virtual machine storage policy! Subsequently, you can be exceedingly specific. You may have different departments with different storage requirements or require separations for security purposes. You could create a Category for a Department and create tags with Financial, HR, and Engineering. Also, if you want to put them on different types of storage like VMFS or NFS, or maybe SATA, SAS, or SSD, you can add these tags to a single SPBM policy.

Example; Category: Department, Tag: Financial, Category: Disk Type, Tag: SAS. Now you add these tags to your corresponding datastore and create a “Financial” SPBM policy that uses those tags. This helps to ensure the correct placement of VMs during creation, cloning, or migration.

If the VM is moved or becomes non-compliant with the policy, a built-in vCenter alarm will be triggered to show non-compliance. This allows you to remediate the issue then and bring the VM back to compliance.

Here is a short video demonstrating setting up categories and tags and creating Tag based SPBM policies:


Another benefit, you can change or add to the underlying storage related to a policy without having to modify the policy itself. You add the related tags to a datastore, and now that datastore is associated with that policy. You may also associate these policies with datastore clusters, further simplifying the management of underlying storage.

Tag-based SPBM policies are not limited to tags alone. They may also be used in conjunction with vSAN, vVols, and host-based services, allowing additional customized policies.  You may create an SPBM policy that applies to vVols located in different physical locations. This allows you to use the VASA provider for the storage capability and tags for a specific physical location. Permitting you to limit certain VMs to use vVols, but only at a specific site. See the quick demo below of using vVols and Tags together.


Tag-Based SPBM


Tracking and Reporting

With the categories and tags you have created, there are other benefits you may be able to utilize. Tags may be used for tracking and reporting. For instants, if you tagged all your HR VMs, you could run a query to see all the HR VMs, and the resources they are using.  If the appropriate categories and tags are utilized, you could query to see what VMs are using VM encryption. Below are a few examples of PowerCLI using tags to query the environment.

Get-VM -Tag Linux
Name PowerState Num CPUs MemoryGB
---- --------- -------- --------
Linux-VMFS-VM PoweredOn 1 2.000

Get-Datastore -Tag Linux
Name FreeSpaceGB CapacityGB
---- -------- ----------
N-VMFS 587.306 699.750

Get-VM -Tag Windows
Name PowerState Num CPUs MemoryGB
---- ------- -------- --------
Windows-VMFS-VM PoweredOff 1 4.000
Win10-3 PoweredOn 2 4.000
jm-ws2016 PoweredOn 2 4.000
Win10-2 PoweredOn 2 4.000

Get-Datastore -Tag California
Name FreeSpaceGB CapacityGB
---- --------- ----------
N-VVol-Cali 2,048.000 2,048.000


There are advanced options that allow you to enforce the placement of objects when using SPBM. This KB (2142765), shows how to set the enforcement level of your policies. The options are 0,1 and 2. Where 0 is NO enforcement, 1 is SOFT enforcement, and 2 is HARD enforcement, meaning you cannot violate the SPBM policy placement.

The use of Tag-based SPBM is something I’ve used extensively, and it enabled me to allow other, less technical, admins to provision VMs and easily determine datastore placement based on VM functionality, OS, and or performance requirements. If you have not explored tag-based SPBM policies, you are missing out. Especially with the added benefit of querying the tags in your environment.


SPBM Resources


Stay Tuned for the SPBM Blog Series

  1. Using Tag-based SPBM Policies to Manage Your Storage
  2. Storage Capabilities and Services
  3. Data Services SPBM Policies



Filter Tags

Compliance Storage ESXi vCenter Server vSAN vSphere NFS Virtual Volumes (vVols) VMFS Blog Demo Feature Walkthrough Tool Overview Deploy