Articles in this section

VAST on Cloud

Sara Levy
  • Updated
Follow

VAST on Cloud enables you to spin up virtual VAST Clusters on ephemeral cloud resources on a flexible, demand basis. The feature is ideal for providing extra capacity and high CPU for short term jobs such as rendering media. With VAST on Cloud, you can transfer data, with the benefit of data reduction, to a cloud cluster, run your workloads on the cloud resource and replicate the outputs back to the on-premises cluster.

The VAST on Cloud solution uses the AWS CloudFormation service, which provisions and configures a stack of virtual resources as a VAST Cluster using a template. The cluster is installed and configured with a management access IP, and with VIP pools pre-configured for replication and protocol access, enabling you to start running your workloads quickly.

We recommend using the global snapshot clone feature to instantly replicate data from your on-premises cluster to a VAST on Cloud cluster, and to use async replication to periodically replicate your output to your on-premises cluster. Follow the sections below to create a VAST on Cloud cluster and start working.

Once your cluster is installed in the cloud, you can use a global snapshot clone with background sync to fully copy the data to the cloud, or without background sync in which case only the metadata is copied and data is read from the source on demand. You can alternatively replicate the data using VAST async replication. The method described below uses a global snapshot clone with or without background sync.

Limitations

  • Data on the VAST on Cloud is lost if the cluster is brought down by AWS, such as if you build the stack using a spot instance and that spot is brought down during operation.

  • As described below, the most convenient method for making your data available to the VAST on Cloud cluster is through a global snapshot clone of a snapshot on your on-premises cluster. This makes the data instantly available for your workloads. Note that ongoing changes on a data path that you cloned using a global snapshot clone are not synced with the VAST on Cloud cluster. The data you work with is sourced from the specific snapshot that you clone.

  • VAST on Cloud clusters do not support expansion or OS upgrade.

Prerequisites

  • AWS account with Virtual Private Cloud (VPC) with private subnet, andn VPC Endpoints for CloudFormation and S3 services.

  • Connection between the subnet that will be used and the network in which the on-premises cluster resides.

  • AWS account with allow permission for the following actions:

    • sns:ListTopics

    • ec2:Attach*

    • ec2:AuthorizeSecurityGroupEgress

    • ec2:AuthorizeSecurityGroupIngress

    • ec2:CreateLaunchTemplate

    • ec2:CreateManagedPrefixList

    • ec2:CreateNetworkInterface

    • ec2:CreateSecurityGroup

    • ec2:CreateTags

    • ec2:DeleteLaunchTemplate

    • ec2:DeleteManagedPrefixList

    • ec2:DeleteNetworkInterface

    • ec2:DeleteSecurityGroup

    • ec2:Describe*

    • ec2:Detach*

    • ec2:Get*

    • ec2:ModifyInstanceAttribute

    • ec2:ModifyManagedPrefixList

    • ec2:ModifySecurityGroupRules

    • ec2:RebootInstances

    • ec2:ReportInstanceStatus

    • ec2:RequestSpotInstances

    • ec2:RevokeSecurityGroupEgress

    • ec2:RevokeSecurityGroupIngress

    • ec2:RunInstances

    • ec2:StartInstances

    • ec2:StopInstances

    • ec2:TerminateInstances

    • sns:ListTopics

  • An EC2 KeyPair to use for SSH access to the cluster stack

Creating a VAST on Cloud Cluster

  1. Contact us and request a private offer to purchase the VAST on Cloud fixed capacity product at a rate of 0$/month.

  2. Browse to the AWS Marketplace.

  3. Click View all products and search for Vast Data.

  4. From the search results, select the product called VAST on Cloud fixed capacity.

  5. Scroll down the product page and confirm that you have a contract option with a rate of $0. The contract option appears like this:

    VoCPrivateOffer.png

    This contract only appears after we make you a private offer (see step 1).

  6. Click Continue to Subscribe and then Add a purchase order.

  7. Click Accept Contract, review the terms and choose Confirm to accept.

  8. Click Continue to Configuration.

  9. On the Configure this Software page, select the latest version from the Select a version dropdown.

  10. From the Select a region dropdown, select the region where you want to deploy the VAST on Cloud cluster.

  11. Click Continue to Launch.

  12. On the Launch this software page, from the Choose Action dropdown, select Launch CloudFormation.

  13. Click Launch.

  14. Click Next

  15. In the Stack name field, enter a unique name for the stack. This will be the cluster name.

  16. Under RequiredParameters, complete the template parameters:

    VPC

    Select the Virtual Private Cloud where you want to host the cluster.

    InstanceMarketTypeParameter

    Select an instance type:

    • on-demand

    • spot

    Note

    When choosing an instance type, consider that if the cluster is brought down, the data on the cluster is lost and the cluster needs to be re-installed.

    KeyName

    Select an existing EC2 KeyPair to enable SSH access to the cluster.

    IgnoreNFSPermissions

    This setting is false by default and is designed to enable you to avoid permission checking for client access to data on the created cluster.

    When you replicate data to the VAST on Cloud cluster, the user and group permissions will be replicated as well. However, the provider configurations on your on-premises cluster are not automatically replicated. You can either connect any relevant provider(s) to the VAST on Cloud cluster or you can set this setting to true. If you will not be able to or prefer not to connect the VAST on Cloud cluster to a provider that can authorize user and group permissions for the data that you want to replicate to the cloud, you can set this to true. The VAST on Cloud cluster will then not check permissions of NFS and S3 clients accessing the data on the cluster.

    SubnetID

    Select the subnet in which the cluster should reside.

    InstanceType

    Choose i3en.24xlarge, which is the only supported instance type. It provides 50TB capacity.

    SecurityGroupId / CreateNewSecurityGroup

    Either select a security group ID from the SecurityGroupId field to select an existing security group or set CreateNewSecurity to True to create a new security group.

    The security group should have the following TCP ports open for ingress: 80,443,445,6126,20106-20107,22,20048,5551,111,2049,49902,49001. All ports should be open for egress, and ICMP should be open for ingress.

    SecurityRulesCIDRs

    Applicable if you selected CreateNewSecurityGroup. Specify up to ten CIDRs from which to allow inbound access.

  17. Click Next.

  18. Click Next.

  19. Click Submit.

    The process of creating the stack begins and the status of the stack is shown as CREATE_IN_PROGRESS at first. When the process is complete, the status changes to CREATE_COMPLETE.

Cloud Cluster Initial Configuration

When the cluster is created, the cluster's network configuration details for the cluster appear on the Outputs tab.

The cluster is created with the following configuration:

Configuration

Key in CloudFormat Outputs Page

VMS Management IP

ClusterMgmt

VIP pool for protocol access

ProtocolVips

VIP pool for replication

ReplicationVips

VMSMonitor

Links to the VMS monitor, which reports the cluster's installation progress.

Use this to monitor the initial installation progress, until the VMS is up. Then use the VMS's Activities page to continue monitoring the cluster's installation.

Replicating Your Workload to VAST on Cloud

In order to replicate your workload to your VAST on Cloud cluster, we recommend using a global snapshot clone because it enables instant cloning of your data, providing you with instant access to the data from your VAST on Cloud cluster.

  1. Browse to the cluster's VMS management IP, which is listed as ClusterMgmt IP in the Outputs tab of the AWS CloudFormation > Stacks page).

    The VMS VAST Web UI appears.

  2. Log into VMS with a VMS manager user name and password.

    For the default user name and password, see Managing VAST Cluster Passwords.

  3. Verify on the Activities page that the cluster_deploy task is complete. If not, wait until it is complete before continuing.

  4. Create a replication peer to establish a peer relationship between the on-premises cluster and the VAST on Cloud cluster.

    1. Verify that there is a VIP pool for replication on the on-premises cluster (a VIP pool with role replication).

      To create a new VIP pool for replication, see Managing Virtual IP Pools.

    2. On either the on premises cluster or the VAST on Cloud cluster, go to the Virtual IP Pools tab of the Network Access page and record at least one of the IPs that belong to a replication VIP pool.

    3. On the other cluster, go to the Replication Peers tab of the Data Protection page.

    4. Click Create Peer and fill the following fields:

      Peer Name

      Enter a name for the peer configuration. The peer configuration will be mirrored on the other cluster and have the same name on both clusters.

      For example: OnPremtoCloudRep

      Remote VIP

      Enter any one of the VIPs in the replication VIP pool range of the other cluster.

      The remote VIP is used to establish an initial connection between the peers. Once the connection is established, the peers share their external network topology and form multiple connections between the VIPs.

      If the remote peer's replication VIP pool is changed after the initial peer configuration, the new VIPs are learned automatically if the new range of IPs in the modified VIP pool intersects with the previous IP range. However, if the new IP range does not intersect with the old range, the remote VIP must be modified on the local peer.

      For example: 198.51.100.200

      Local VIP Pool

      From the drop-down, select the replication VIP Pool configured on the local cluster.

      On the VAST on Cloud cluster, this is called replicationPool.

      Secure Mode

      Select a secure mode for the peer:

      • Secure. Replication to this peer will be encrypted over the wire with mTLS.

        Secure mode requires a certificate, key and root certificate to be uploaded to VMS for mTLS encryption.

      • None. Replication to this peer will not be encrypted over the wire.

      Caution

      This setting cannot be changed after creating the replication peer.

    5. Click Create.

  5. On the on-premises cluster, make sure you have a suitable snapshot to clone to the VAST on Cloud cluster for the workload. You can use a snapshot that was created by a protected path if the point in time meets your needs, or you can create a snapshot of the current data. To create a single current snapshot:

    1. From the left navigation menu, select Data Protection and then Snapshots

    2. Click Create Snapshot.

    3. Complete the fields:

      Field

      Description

      Tenant

      Select a tenant where the local path that you want to capture resides.

      Name (required)

      Enter a name for the snapshot.

      Path (required)

      Enter the path to a directory. The snapshot will include all files and folders under the specified directory at the time of taking the snapshot.

      Expiration time

      If you want to make sure the snapshot expires some time in the future, specify that time here.

      Indestructible

      Enable this setting if you want the snapshot to be indestructible. This setting protects the snapshot from accidental or malicious deletion. For more information about indestructibility, see Keeping Indestructible Backups.

      Caution

      After saving the snapshot, you won't be able to delete the snapshot or disable its indestructibility without performing an authorized unlocking of the cluster's indestructibility mechanism.

    4. Click Create.

      The snapshot is created and is listed on the Snapshots page.

  6. On the VAST on Cloud cluster, open the Global Snapshot Clones tab of the Data Protection page.

  7. Click Create Global Snapshot Clone and complete the fields:

    Name

    Enter a name for the snapshot clone.

    Background sync

    This is an optional setting that causes all of the snapshot data to be copied from the source to the destination after the clone is created. During the copying stage, read requests are directed to the source if the requested data is not yet copied. When the copying is complete, the clone becomes a local directory.

    Leave this setting disabled if you want to ensure that only the data required for use on the VAST on Cloud cluster is copied. By default, snapshot data will be copied only when there is a request to read data.

    Target tenant

    The tenant on the local cluster to which you want to clone the snapshot.

    Target Path

    The local path on the target tenant to create, where you want the clone to reside. An existing path is not valid.

    Source cluster

    Select the replication peer that you configured in step Step 4.

    Source tenant

    Select the tenant on the on premises cluster where the path that you want to clone resides.

    Source path

    After selecting Source cluster, select a path on the on premises cluster that you want to clone. The dropdown offers you a selection of paths that are protected by protected paths or by manual snapshots.

    Source snapshot

    After selecting the source path, select the specific snapshot to clone. The dropdown shows you all available snapshots for the selected source path.

  8. Click Create.

    The path that you specified as the Source path is now cloned on the VAST on Cloud cluster. The directory structure of the data that was captured by the cloned snapshot is immediately accessible to clients. If you chose to disable background sync, data will be read from the source cluster and copied on request. If you enabled background sync, all of the data will be synced to the VAST on Cloud cluster and then accessible on the VAST on Cloud cluster.

Accessing the Cloned Data Path

To access the cloned data path from a client:

  • Client mounts should use the protocolsPool VIP pool on the VAST on Cloud cluster.

    To find the IPs in the protocols VIP pool, open the Virtual IP Pools tab of the Network Access page. The IP ranges included in the pool are displayed in the IP Ranges column.

  • File permissions are replicated with the data. If you set IgnoreNFSPermissions to False in the template parameters, make sure to connect the provider(s) that store the relevant user and group entries to the VAST on Cloud cluster.

  • Configuration of view, view policy and provider may be needed to enable client access to the cloned path depending on the client's chosen access protocol.

    Note

    The default cluster configuration provides a view of the root path of the file system, exposed to NFSv3 with no IP restrictions. So it is possible to mount the root path '/' from an NFSv3 client with no further configurations and access the cloned directory under that.

Replicate the Workload Output to the On-Premises Cluster

Since the VAST on Cloud cluster is ephemeral, it's important to set up replication of the workload's output data to the on premises cluster.

To do this, create a protection policy on the VAST on Cloud cluster and then a protected path on the output folder:

  1. From the left navigation menu, select Data Protection and then Protection Policies.

  2. Click + Create Protection Policy.

  3. In the Add Protection Policy dialog, complete the fields:

    Field

    Description

    Policy name

    Enter a name for the protection policy.

    Peer

    Select the replication peer that you created already.

    Snapshot prefix

    Enter a prefix for the snapshot names.

    The name of each snapshot will be <prefix>_<timestamp>, where <prefix> is the prefix specified here and <timestamp> is the time the snapshot is created, in the format yyyy-mm-ddTHH:MM:SS.SSSSSSzzz (T denotes time and doesn't represent a value, zzz is the timezone, and the time is accurate to the microsecond). For example, if the prefix is dev, a snapshot taken at 8:15 pm UTC on 20th November 2024 would be named dev_2024-11-20T20:15:06.144783UTC.

  4. If you want to make the protection policy indestructible, enable the Indestructible setting. This setting protects the policy and its snapshots from accidental or malicious deletion. For more information about indestructibility, see Keeping Indestructible Backups.

    Caution

    After saving the protection policy, you won't be able to delete the policy or disable its indestructibility without performing a procedure for authorized unlocking of the cluster's indestructibility mechanism.

    Note

    If a replication peer is configured, the indestructibility setting will be replicated to the peer.

  5. Set up one or more replication schedules:

    Note

    If you want to set up multiple schedules, click the Add Schedule button to display more scheduling fields in the dialog.

    • To set the start time, click in the Start at field. In the calendar that appears, click the start date you want and adjust the start time:

      Set_start_time.png

      Note

      When a protected path is active, it performs an initial data sync to the replication peer immediately after being created. The initial sync creates the first restore point. Therefore, the restore point created on the start date is in fact the second restore point.

    • To set a period, select a time unit from the Period dropdown and enter the number of time units in the Every field.

      Note

      The minimum interval is 15 seconds.

  6. Leave the Keep local copy for field blank if you want to delete snapshots immediately after they are replicated to the on premises cluster.

    Alternatively, if you do want to retain backups on the VAST on Cloud cluster, you can set the Keep local copy for period. This is the amount of time for which local snapshots are retained on the local cluster. Select a time unit from the Period dropdown and enter the number of time units in the Keep local copy for field.

  7. Set the Keep remote copy for period. This is the amount of time restore points are retained on the on premises cluster.

    Select a time unit from the Period dropdown and enter the number of time units in the Keep remote copy for field.

  8. Click Create.

    The protection policy is created and listed in the Protection Policies tab.

  9. On the Protected Paths tab, click + Create Protected Path.

  10. In the Add Protected Path dialog, complete the fields:

    Field

    Description

    Name

    Enter a name for the protected path.

    Local Path

    Enter the path to the output directory. A snapshot of this directory will be taken periodically according to the protection policy.

    Add replication stream

    Protection policy

    From the dropdown, select the protection policy you created in step 8.

    Warning

    After creating a replication stream, it is not possible to change which policy is associated with the replication stream. All changes to a streams's snapshot schedule, replication schedule, and snapshot expiration must be done by modifying the protection policy. Those modifications affect all replication streams that use the same protection policy. To work around this limitation, create only one replication stream per protected path.

    (Remote peer)

    This field is filled automatically with the remote peer specified in the protection policy, which should be the on premises cluster.

    Remote path

    Specify a path on the remote peer where the data should be replicated. This must be a directory that does not yet exist on the remote peer.

    Remote tenant

    This field appears only if the remote peer has more than one tenant. If it appears, select a tenant on the remote peer from the dropdown. The remote path will be created on the selected tenant.

  11. Click Create.

    The protected path is created and listed in the Protected Paths tab. Replication will now run from the VAST on Cloud cluster to the on premises cluster on the schedule defined in the protection policy.

    Note

    If the remote peer is running an earlier version of VAST Cluster, no further replication streams may be added to the protected path. If the remote peer is running VAST Cluster 4.7, you can add additional replication streams to the protected path.

Related articles

Comments

0 comments

Article is closed for comments.