2. VAST Management Service (VMS)

  • Updated on Jan 28, 2026
  • 2 minute(s) read
Prev Next

The VAST Management Service (VMS) provides a unified interface for monitoring and managing the VAST cluster. Cloud Service Providers (CSPs) can use VMS to configure storage, monitor capacity and performance, and administer all tenants. At the same time, VMS supports delegated access, allowing individual tenants to securely access a scoped view of their environment, enabling them to manage users, monitor consumption, and view performance within their assigned view.

VMS Network Configurations

The VMS can be deployed on:

  • The management network is typically used by CSP administrators for cluster-wide operations.

  • The data network allows integration with tenant workloads, such as Kubernetes clusters.

The VMS VIP is bound to a secure services interface. A separate DNS VIP is also available to resolve internal VAST service endpoints. This allows both management and data-plane access as needed by the deployment model.

Tenants connect using a scoped login URL:

https://<vms-vip>/#/login/<tenant-name>

Access is controlled via:

  • Tenant roles and permissions

  • Client source IP restrictions

This design ensures strong administrative isolation while maintaining a single VMS instance.

Note: VMS access can be filtered at the IP level through Settings → VMS → Client Source Address, where CSPs can define individual IPs, IP ranges, or subnets. If left blank, access is permitted to all clients.

The image displays the "Client Source Address" configuration page in VMS, allowing users to specify valid IP addresses or ranges that can connect to VMS services. Users must input these as single IPs (e1.1.3.4), ranges (1.2.3-4 - 1.9.36), or or CIDR (11.0.0/24) formats, and separate multiple entries with commas. This screen is part of the VMS settings menu within the Bonzo-02 Online application release, version 5.x.

VMS sceenshot ofClient source address

Enabling VMS Access on the Data Network

By default, the VAST Management Service (VMS) is bound to the management network, which may not be reachable by tenant workloads. To support scenarios where tenants require access to the VMS—either via the UI or REST API—the VMS must also be made accessible through the data network.

Starting in VAST version 5.3.1, VAST provides a CLI-based method to expose the VMS on both the management and data networks. This is accomplished by assigning a data-facing VIP using the vms modify command in vcli. The VIP is bound to a network interface on the CNode and is reachable by tenant environments using the scoped login URL format:

https://<data-vms-vip>/#/login/<tenant-name>

Example: Enable VMS on the Data Network

vms modify --mgmt-data-vip 172.31.228.60 --mgmt-data-netmask 255.255.254.0 --mgmt-data-interface bond0

This command makes the VMS accessible on the data network using the specified VIP and subnet mask.

Note

The assigned VIP will appear on the specified interface (bond0) when running.

ip -br a

References:

Related articles