8. NFS Consideration for Multi-tenancy

VAST’s NFS services enable enterprise‑grade file storage for Cloud Service Providers, with strong multi‑tenant isolation, fine‑grained access controls, snapshots, policy controls, and extensive auditing, all while retaining simplicity and high performance for your workloads.

All NFS configuration — from view policy and export controls to snapshots and audits can be managed through:

VAST Management System (VMS): Web GUI (snapshot and instructions included inline)
vastpy-cli: for scripting and automation (Examples included at the end of this section)

VAST’s multi-tenant architecture lets you create isolated, per-tenant spaces within a shared storage platform. Each tenant maintains its own directory structure, credentials, and policy controls. This lets CSPs safely and efficiently manage large numbers of clients while honoring their unique data and networking requirements.

Tenants — Isolated administrative and data domains with separate credentials, quotas, and permissions.
VIP Pools — Virtual IPs used to serve NFS and SMB; can be dedicated per tenant or shared across multiple tenants.
Client IP Filters — Source-IP–based controls to restrict which clients can connect to a particular tenant’s resources.
VAST DNS and VMS — Provide per-tenant DNS resolution, API, role, and policy controls.

Multi‑Tenant Isolation & Access Control

VAST offers flexible mechanisms to enable secure multi‑tenancy with NFS:

VIP Pools + Client IP Filtering:

NFS export access is enforced by matching both the VIP Pool and the Client’s Source IP range against the tenant’s configuration. Access is blocked unless both match, adding a strong additional layer of control.

How to Configure/Setup VIP pools in VAST Web GUI:

Log in to VAST Web GUI with your Administrator credentials.
From the left-side panel, select Network Access > Virtual IP Pools.
Click on Virtual IP Pools.
Click Create Virtual IP Pool in the upper-right corner.

The interface shown is part of a network management tool, specifically for adding a Virtual IP Pool (VIP). The General tab includes fields such as Tenant name, Role, Gateway IPv4, and Subnet CIDR to configure the VIP settings before proceeding with resource selection or IP range list setup. — Adding a VIP pool

Views:

Each NFS export is presented through a view, which forms a logical boundary for both data and policy. File permissions, export settings, and snapshot schedules can be configured per view, retaining strong isolation between tenants.

How to Configure/Setup Views in VAST Web GUI:

Log in to VAST Web GUI with your Administrator credentials.
Select Element Store from the left-side panel.
Click on Views in the drop-down menu under Element Store.
Click Create View in the upper-right corner.
Follow the Add View dialog: Tenant, Path, Policy name, etc.

Note: NFS views can reuse the same name across different tenants (for example, each tenant may have a /projects), while retaining complete administrative separation.

The image displays a user interface for adding a new view configuration, where users can set up details such as tenant selection, path creation, and protocol choices to customize their view settings effectively. — Adding a View

Snapshots for NFS

VAST snapshots enable you to create point-in-time, read-only copies of your data for backup, recovery, or operational testing, directly from your NFS views.

Snapshots are thin and space-efficient; they do not duplicate data, but track only subsequent differences. Snapshots are global and consistent across your VAST cluster, ensuring a reliable view of your data at a moment in time. Each snapshot is accessible directly from your NFS export under a .snapshots directory.

How to Create Snapshots in VAST Web GUI:

Select Data Protection → Snapshots in the VAST Web GUI.
Click Create Snapshot.
- View: Choose the NFS view you want to snapshot.
- Name: Provide a snapshot name.
- (Optionally) Set retention policy if needed.
Confirm — the snapshot is created instantly and made visible under its respective .snapshots directory in the NFS view.

The screenshot displays the 'Create Snapshot' interface in VAST, allowing users to generate backups with options such as tenant selection, path specification, snapshot expiration time, and an indestructible toggle for retention guarantees. — Creating an NFS snapshot

File Name Restrictions & Policy Overrides (Colons)

VAST normally disallows colons (:) in filenames for cross‑platform compatibility.
If your NFS workloads are Linux‑exclusive and do not need this compatibility, you can enable colons through view policy settings:

How to Configure in VAST Web GUI:

Select File Services > Views.
Choose the view you wish to modify.
Click Edit View.
Expand Advanced settings.
Change Path Length Limit and Allowed Characters to enable colons in filenames.
Save your configuration.

The screenshot displays an advanced configuration window within a policy management interface, allowing users to adjust settings such as atime frequency and protocol limits for NFSv3 operations. — File Name Restrictions & Policy Overrides

Configuration Example with vastpy-cli

Get the Tenant ID

vastpy-cli get tenants fields=id,name
id |name          
---+--------------+
24 |company-y     
23 |company-x     
11 |syncrep       
25 |company-z     
.. |...

Add allowed IP ranges for Tenant company-z

vastpy-cli post vippools tenant_id=25 name=company-z-pool ip_ranges='[["10.11.0.10","10.11.0.13"]]' subnet_cidr=24

Show VIP pools with fields: id, name, Start and end IPs

vastpy-cli get vippools fields=id,name,start_ip,end_ip
id |name                |start_ip       |end_ip         
---+--------------------+---------------+---------------+
45 |company-z-pool      |10.11.0.10     |10.11.0.13     
.. |...                 |...            |...

Delete VIP Pool

vastpy-cli delete vippools/44

Create a VLAN-tagged VIP Pool for company-z

vastpy-cli post vippools \
  name=company-z-vlan-pool \
  vlan=120 \
  netmask=255.255.255.0 \
  gateway=10.120.0.1 \
  subnet_cidr=10.120.0.0/24 \
  interface_group_name=eth-group-a \
  ips=10.120.0.100-10.120.0.110 \
  status=ACTIVE \
  tenant_id=25