Articles in this section

See more

About VAST Uplink

Kris Weylo
  • Updated
Follow

VAST Uplink is a cloud-based SaaS that enables you to manage all VAST clusters deployed by your organization anywhere in the world, through a single cloud portal. You can use VAST Uplink to:

  • Monitor performance history and capacity utilization.

  • Visualize capacity utilization predictions.

  • Monitor cluster alarms and events.

  • Create new users and assign super user status if necessary.

  • Access the VAST Data support dashboard, easily create support request tickets and view your support history.

VAST Uplink gives you a high-level view aggregated across all of your VAST Data clusters, providing the most useful real-time monitoring information at a glance, while also enabling you to access a more detailed view of the health, status, version levels, performance, and configuration of all clusters. You can view audit logs of various security-related processes in VAST Uplink. The portal also provides quick access to all alarms and tickets in parallel views.

VAST Uplink is enabled by request only, and accessed through a unique subdomain for your organization. A VAST cluster reports to VAST Uplink only when such reporting is enabled in the VAST cluster's VMS.

Tip

To set up VAST Uplink usage for the first time, register an Uplink subdomain and then register each cluster that you want to monitor from Uplink.

Privacy and Security Considerations

When reporting to VAST Uplink is enabled on a VAST cluster, the cluster collects and sends data to Uplink.

What Data is Collected?

The following information is collected:

  • Information about VAST Cluster components and configuration settings (CNodes, DNodes, SSDs, protection policies, and so on).

  • Cluster metrics (such as those available in VAST Cluster analytics reports).

  • The VMS capacity estimation cache, including folder names. This information is collected from clusters running VAST Cluster 4.5 and higher.

  • Data flows collected by the cluster's VMS, including UIDs or usernames, host IPs, virtual IPs, and view names.

How Data is Sent?

  1. A cluster is registered with Uplink to a particular tenant using super user credentials (user credentials are not stored).

    During registration, the cluster acquires a cluster-specific access token.

  2. The cluster’s management CNode sends data to Uplink using the Uplink’s reporting REST API over HTTPS (https://api.cloud.vastdata.com:443) with TLS 1.2/1.3, which requires the cluster access token. The API is presented via a GCP API gateway.

  3. The API gateway forwards the data to internal processes for storage.

Where Data is Stored?

  • Information about VAST Cluster components and configuration settings is stored in Postgres.

  • Cluster metrics are stored in BigTable, BigQuery and Google Cloud Storage.

  • Capacity estimation and data flow data are stored in BigTable.

All data is encrypted both in-flight and at-rest.

How Data is Accessed?

The data stores (Postgres, BigTable, BigQuery, Google Cloud Storage) are not directly accessible. Authenticated users access the data through Uplink API servers which are connected to the data stores via a private network.

  • Users authenticate to a particular tenant-scoped subdomain. The tenants and account management are handled by Google Identity Platform.

  • A mandatory multi-factor authentication (MFA) using TOTP one-time codes is enforced by the Uplink API server.

  • After successful authentication, a session token is returned which allows the Uplink UI to make tenant-scoped API calls to the Uplink API server.

    The Uplink API server provides a tenant-scoped read-only set of APIs ensuring there is no inappropriate access to the data.

Note

All session and access tokens expire after one hour and must be refreshed. For interactive user logins, the session token may be refreshed a maximum of 23 times before the user must re-authenticate. The refresh is done automatically unless the user logs out.

Caution

After five unsuccessful login attempts an account becomes locked and must be unlocked by VAST Support.

How Do I Control Access to Data?

When you register for Uplink, your Uplink subdomain is created with an initial super user account owned by you.

This account can grant or revoke access for additional users or super users by creating and managing Uplink user or super user accounts.

These actions can be performed without the intervention of VAST Support, providing you with direct control of access to your Uplink subdomain.

Tip

All access attempts (both successful and failed) and user actions are recorded in the Uplink’s audit log.

Related articles

Comments

0 comments

Article is closed for comments.