This article was created to expand on the Official Documentation with more details for deploying the snapshot service appliance for vSAN and assist in vSAN appliance setup issues proactively. 

vSAN 8.0u3 or later

Misconfigured snapshot appliance, or root certificates not trusted for deploying vSAN Snapshot Appliance can lead to side effects and issues where it cannot be managed.

• Where the vSAN snapshot appliance needs to be deployed and configured correctly with trusted certificates to ensure vCenter recognizes it and installs plugin for managing it. 

Requisites before deploying

Before deploying the appliance the following should be done for an easier deployment process. 

1: On the DNS server. Create a PTR record that will match the snapshot appliance name. [snap-name.domain]

2: Download the needed certificate for the deployment. 

• https://vcenter.fqdn.com/certs/download.zip

In the folder for the zip file, extract and open 'Linux' folder, and the certificates in there. 

Inspect the different certificates (under details), where you need to find the certificate where the Subject will be the same as your vCenter FQDN. 

• Once you find the correct cert, using a text editor, open the certificate that ends in ".0", that matches the same name as you found previously. 
• Copy all contents of this from (from 'Begin' to 'End', and paste into a different text file (keep open, as will be needed for appliance deployment). Close the original certificate file. 

Deploying the Appliance from OVF

Right click the vSAN cluster, and click 'Deploy OVF Template' . Then select "Local file" and provide the OVA template for snapshot appliance. 

• The template can be downloaded from support.broadcom.com,
  • VMware vSAN > 8.x > VMware vSphere Hypervisor (ESXi) > View Group > Drivers & Tools (sub-menu at top) > VMware Snapshot Service Appliance

1:Provide the hostname for the appliance (that matches the PTR record created earlier). 

2: Select your Cluster resource, and check Automatically power on deployed VM. 

3: Click next until needing to choose your vSAN, select correct vSAN for appliance and hit next. 

4: Select the port group for the appliance that matches and is able to reach the domain, hit next. 

For customizing the template, it should look similar to this screen shot: 

1: Application

• Hostname (same as PTR record again/ for domain).
• Password (set one for the appliance). 

2: Networking

• Gateway
• Domain name 
• Search path [path to search for DNS record].
  • For the record, if large domain with multiple records, consider having a smaller OU to search from for the record. As latency between VC, DNS, and Snapshot appliance could impact behavior. 
• Domain name server [Domain server ip addresses for record lookup]
• Network IP [for the appliance, blank is DHCP]. 
• Network prefix (prefix length) - [24 is most commonly used and recommended, but match the existing prefix length for network its part of]

3: vCenter server configuration

•  vCenter server host name (FQDN of vCenter)
• Administrator user name (the local/built-in administrator user, the default is below; if SSO was not altered). 
  • [email protected] 
• The built in administrator password (same that you would use to log into vCenter with that built-in administrator user). 
• vCenter Server Certificate (paste the contents, copied from earlier certificate in pre-requisites)
• vCenter Server Single Sign on Domain. This will be same domain as the local SSO/built-in administrator. Paste in the domain (no host names)
  • Default Example: vsphere.local

Click Next, and deploy. 

The appliance will deploy and vCenter will configure the snap plugin, to be ready for use. 

• May have to refresh the browser (vCenter UI) after deployed in order to sync the plugin to appliance. Where you will have options to automate snapshots. 

*If you are still having issues with deploying this appliance.

Please log a case with Broadcom support, so the issue can be investigated further. 

Documentation: Deploying the Snapshot Service Appliance Environment