Overview
VAST Data's Support Bundles system provides a secure mechanism for collecting, transmitting, and storing diagnostic information from customer clusters. This system enables VAST Customer Success (CS) to efficiently troubleshoot issues while allowing customers to monitor the health status of their systems.
The platform provides a Call Home facility, which automatically sends periodic collections and can also be manually initiated to collect comprehensive diagnostics data for specific troubleshooting scenarios.
How Support Bundles Work
Data Collection
Automated Collection: The collection process runs on each cluster node, collecting logs, metrics, and diagnostic information according to predefined schedules.
Manual Collection: Customers can initiate manual support bundles to collect specific data sets for targeted troubleshooting.
Data Scope Control: Support bundles can be edited to include or exclude specific data types, providing customers with granular control over the information shared.
Upload and Transmission
Secure Upload Method: Support Bundles use the same secure upload mechanism as Uplink (Matar), utilizing signed URLs for enhanced security.
Uplink Integration: Automated hourly collections are processed through Uplink's secure upload mechanism, providing a subset of the full support bundle data.
Security Features
Configurable Protection: All sensitive information in text files can be obfuscated based on predefined patterns, including IP addresses, MAC addresses, and absolute file paths. Obfuscation works on text files only, ensuring binary files remain intact while protecting sensitive textual data.
Pattern-Based Detection: Obfuscation uses pattern matching to identify various types of sensitive data. Events, alarms, tasks, and IOdata can be obfuscated when reporting to Uplink, depending on the configuration settings.
Customer Control: Data obfuscation can be enabled/disabled via the GUI checkbox or vCLI flag, and customers can specify additional data types for obfuscation based on their specific compliance requirements.
Encryption and Storage
Data in Transit: All data transmission uses industry-standard encryption protocols to protect data during upload and transmission.
Data at Rest: Support bundle data is encrypted at rest using cloud storage encryption capabilities with secure key management services.
Cloud Storage Configuration
Storage Endpoints: Support bundles are stored in cloud storage buckets with endpoints configured to minimize latency and ensure optimal performance.
Regional Configuration: Storage endpoints are configured regionally to ensure that data remains within specified geographic boundaries when required for compliance purposes.
PII and Privacy Protection
No Intentional PII Collection: VAST Data does not intentionally collect personally identifiable information (PII) through the Support Bundles system. Given the nature of diagnostic and system information collected in support bundles, it is highly improbable that PII would be present in the data.
Protective Obfuscation: The data obfuscation system helps protect against accidental PII exposure by masking potentially sensitive information in text files.
Customer Awareness: Customers should review what data is included in their support bundles to ensure compliance with their privacy policies and applicable regulations.
Access Controls and Audit
Limited Access
Restricted Personnel: Access to support bundle data is restricted to a limited number of authorized VAST Customer Success and Systems Engineering personnel.
Multi-Factor Authentication: All VAST personnel accessing support bundle data must use multi-factor authentication with time-limited sessions that automatically expire.
Network Isolation: Support bundle data is stored in isolated network environments separate from other VAST systems.
Audit and Compliance
Comprehensive Logging: All storage activities are logged, providing a complete audit trail of data access and modifications. Every access to support bundle data is recorded, including who accessed the data, when, and for what purpose.
Access Reviews: Access permissions are regularly reviewed and updated to ensure continued compliance with security policies.
Customer Transparency: All support bundle activities are logged and can be provided to customers upon request. The system supports various compliance frameworks and can generate reports as needed.
Data Retention and Lifecycle
Retention Policy: Support bundle data is stored for at least 12 months, but can be deleted earlier upon customer request.
Secure Deletion: Data is securely deleted in accordance with the configured retention policy, ensuring that no residual data remains beyond the specified timeframe.
Data Residency: Support bundle data can be configured to remain within specific geographic regions for compliance requirements.
Getting More Help
If you have questions about Support Bundles security, need assistance with configuration, or want to review audit logs, open a Support Ticket or contact your VAST Data Support representative.
VAST Data is committed to ensuring the security and privacy of your support bundle data. Our comprehensive security measures, combined with customer control and transparency, provide a secure foundation for efficient troubleshooting and support while maintaining the highest standards of data protection.