VoC GCP Reference Architecture

New
  • Published on May 18, 2026
  • 3 minute(s) read
Prev Next

Summary

This reference architecture outlines the deployment of VAST on Cloud (VoC) within Google Cloud Platform (GCP). It leverages VAST’s Disaggregated Shared-Everything (DASE) architecture to provide exabyte-scale, high-performance storage that functions identically to on-premises VAST clusters.

All VoC deployments are managed via the Polaris lifecycle platform. Success is dependent on fulfilling specific environmental prerequisites prior to deployment to ensure alignment with enterprise security and networking governance

1. System Architecture

The deployment utilizes a containerized approach running on top of GCP Compute Engine instances.

1.1 Deployment Type

The system type is selected during the deployment configuration in Polaris.

  • Single-Instance VoC: A lean, non-extensible solution providing the complete VAST feature set. It is designed for functional parity rather than high performance or scale.

    • Instance Type: z3-highmem-88 (88 vCPU, 704 GB RAM, 36 TB SSD)

    • Usable Capacity: ~25 TB

  • Full Clustered VoC: A scalable architecture designed for high-performance scale-up and scale-out.

    • Minimum Configuration: 8 x z3-highmem-88 instances (Data) + 1 x n2-standard-16 instance (VMS).

    • Base Performance Spec: 704 vCPUs, 5.6 TB RAM, ~210 TB Usable Capacity.

1.2 Core Components

  • CNodes (Compute Nodes): Stateless containers providing multi-protocol access (NFS, SMB, S3, NVMe/TCP).

  • DNodes (Data Nodes): Stateful containers managing the storage persistence layer and locally attached NVMe SSDs.

  • EBox Deployment Model: A co-located configuration running one CNode and two DNode containers per VM instance.

  • VMS (VAST Management System): A centralized container responsible for orchestration, licensing, and monitoring.

2. Infrastructure Specifications

Current standard deployments utilize the z3-highmem series, with a strategic transition toward z4-series instances to meet next-generation performance requirements.

Component

VMS Instance

Cluster Nodes

Instance Type

n2-highmem-16

z3-highmem-88-lssd

vCPU Count

16 vCPUs

88 vCPUs

RAM

High-memory variant

704 GiB RAM

Local Storage

9TB Local NVMe SSD

36TB+ Local NVMe SSD

Networking

Enhanced Networking

High-bandwidth (Tier_1)

3. Resilience and High Availability

VoC achieves high availability through failure domain distribution and advanced erasure coding.

  • Failure Domains: Nodes are distributed across at least 8 Failure Domains to eliminate single points of failure at the infrastructure level.

  • Data Protection: Employs a resilience model (typically 8+2) allowing the simultaneous failure of up to 2 VM instances without data loss.

  • Placement Policies: VAST utilizes GCP "Spread Placement" to ensure nodes are physically isolated across the underlying hardware.

4. Networking and VPC Architecture

The network design prioritizes low-latency access and adheres to Zero Trust governance patterns.

4.1 VPC Standards

VAST on Cloud requires a Custom Mode VPC. Auto-mode VPCs are prohibited to avoid CIDR overlaps with regional defaults (10.128.0.0/9).

  • Shared VPC: Fully supported, allowing VAST to consume subnets managed by a central Networking Host Project.

  • Subnet Scoping: Every VAST cluster requires a dedicated subnet (minimum /26, recommended /24).

4.2 VIP Management & Routing

VAST provides high-availability multi-protocol access via Virtual IPs (VIPs).

  • Static Route Injection: The system injects static /32 host routes via the GCP API, pointing to the active CNode.

  • CIDR Constraint: The VIP range must not overlap with any existing subnet CIDR in the VPC. Overlapping ranges will cause the Route API to fail.

4.3 Egress & Service Connectivity

Since VAST nodes reside in a private subnet without public IPs, external connectivity is managed via:

  • Private Google Access (PGA): Must be enabled on the subnet to allow access to Google APIs (Secret Manager, Cloud Storage).

  • Cloud NAT: Required to reach the VAST Polaris platform and Call Home telemetry services.

  • Hybrid Connectivity: Cloud Interconnect or VPN is required for Global Namespace synchronization between GCP and on-premises data centers.

5. Security & Firewall Governance

VAST uses Network Tags to strictly isolate traffic. Firewall rules should be scoped to these tags rather than broad IP ranges to maintain least-privilege access.

5.1 Required Access (Summary)

  • Management (Egress): Port 443 to *.vastdata.com and Google API endpoints.

  • Client Access (Ingress): Standard ports (NFS 2049, SMB 445, S3 443) open to trusted client CIDRs.

  • Internal Cluster Traffic: Ports in the 4000-7000 range must be permitted for internal node-to-node orchestration within the subnet.

6. Deployment Prerequisites (Admin Checklist)

  • [ ]gcp APIs: Enable Compute Engine, IAM, Cloud Functions, and Secret Manager APIs.

  • [ ] Quotas: Request Z3 vCPU and Local SSD quota increases (Allow 2-3 business days).

  • [ ] IAM: Provision a Service Account with the VASTCustomRole for Terraform execution.

  • [ ] Networking: Ensure Private Google Access is enabled and a non-overlapping VIP range is identified.

Related articles