About VAST Uplink

  • Updated on Jan 30, 2026
  • Published on Jan 26, 2026
  • 7 minute(s) read
Prev Next

About VAST Uplink

VAST Uplink is a cloud-based SaaS that enables you to monitor all VAST clusters deployed by your organization anywhere in the world, from a single web page.      

The VAST Uplink cloud portal is enabled by request only, and is accessed through a unique subdomain for your organization. A VAST cluster reports to VAST Uplink only when such reporting is enabled in the VAST cluster's VMS.

Important

Starting with VAST Cluster 5.0, choosing a unique Uplink subdomain is required for the operation of the VAST Callhome service as well as for the Uplink cloud portal. Choosing an Uplink subdomain does not in itself enable the cloud portal, which you can choose to disable or enable independently of the Callhome service.

The VAST Uplink Cloud Portal

You can use VAST Uplink's cloud portal to:

  • Monitor performance history and capacity utilization.Monitoring Clusters

  • Visualize capacity utilization predictions.

  • Monitor cluster alarms and events.

  • Create new users and assign super user status if necessary.Managing Uplink Users

  • Access the VAST Data support dashboard, easily create support request tickets and view your support history.

VAST Uplink gives you a high-level view aggregated across all of your VAST Data clusters, providing the most useful real-time monitoring information at a glance, while also enabling you to access a more detailed view of the health, status, version levels, performance, and configuration of all clusters. You can view audit logs of various security-related processes in VAST Uplink. The portal also provides quick access to all alarms and tickets in parallel views.

Tip

To set up VAST Uplink usage for the first time, register an Uplink subdomain and then register each cluster that you want to monitor from Uplink.

Callhome

Starting with Uplink 5.0, the VAST Callhome reporting service is provided through VAST Uplink. You can register for Uplink without enabling the cloud portal, in order to enable Callhome,  or you can register for Uplink with the cloud portal enabled. As before, the customer-facing Uplink cloud portal is entirely opt-in. If the cloud portal is disabled, the data is accessible to VAST Support only, as is the case with the legacy Callhome reporting system. The data sent is largely the same as that sent by the legacy Callhome reporting, with additions or changes noted below.

Privacy and Security Considerations

When reporting to VAST Uplink is enabled on a VAST cluster, the cluster collects and sends data to Uplink.

What Data is Collected?

The following information is collected:

  • Information about VAST Cluster components and configuration settings. This consists of the VMS object data as serialized by the VMS REST API, such as CNodes, DNodes, SSDs, protection policies, and so on.

  • Cluster metrics (including those available in VAST Cluster analytics reports, as well as additional lower level metrics used by VAST Support to monitor the performance and correct behavior of Clusters).

  • Operating system and VAST process logs from the cluster nodes (Support Bundle information)

  • The VMS capacity estimation cache, including folder names.

  • Data flows and Top Actors collected by the cluster's VMS, including UIDs or usernames, host IPs, virtual IPs, and view names.

Note

Enabling obfuscation will remove all IPs, names, and other Customer identifiable data (CID) from all the above. CID within the reported data are replaced with generic identifiers (for example, 127.0.0.1 may be reported as `ip-1`). CID within REST API objects are encrypted using a unique encryption key (using libsodium) stored on the VMS. The encryption key does not leave the cluster.

Note

Enabling obfuscation may make it more difficult for support to identify and diagnose issues.

Note

The first three items in the list above are the same data that are already being sent by the legacy Callhome system. The last two are additional data used by the new Callhome infrastructure that improves VAST support, by allowing us to spot problems earlier using predictive analysis.

No data stored by customers on the cluster is ever sent to VAST.

How Data is Sent?

All reporting APIs are encrypted with TLS 1.3 and require the cluster’s valid access token for all requests.

  1. A cluster is registered with Uplink to a particular tenant using super user credentials (user credentials are not stored).

    During registration, the cluster acquires a cluster-specific access token.

  2. The cluster’s management CNode sends data to Uplink using the Uplink’s reporting REST API over HTTPS (https://api.cloud.vastdata.com:443), which requires the cluster access token. The API is presented via a GCP API gateway.

  3. The API gateway forwards the data to internal processes for storage.

  4. Log bundles are collected in /vast/bundles and are sent hourly to https://upload.cloud.vastdata.com:443 for storage in a VAST bucket using a single-use signed URL requested from the Uplink reporting API using the cluster’s access token.

  5. The Support Channel - if enabled the cluster periodically (every 10 minutes) checks the Uplink API server for a message instructing the cluster to collect and send an out-of-cycle log bundle. The bundle is sent via the usual Uplink Callhome mechanism (the destination nor method of sending are not configurable). This is used by VAST Support to collect logs immediately after an event before such data is lost. The Support Channel does not give VAST Support any access to the cluster.

Note

The log bundles sent to VAST remain in /vast/bundles until the next reporting cycle, allowing you to inspect the contents.

Tip

In contrast with the legacy Callhome reporting, security is improved by making use of expiring cluster access tokens which must be refreshed hourly for all reporting. In addition, whereas the legacy Callhome reported all VMS objects and metrics hourly, the new reporting mechanism reports Object changesets and Cluster metrics as they are collected, resulting in greatly improved response times for VAST Support, reduced impact on cluster performance, and a reduction in the amount of data sent.

Important

All communication between Uplink and VAST Cluster is one-way. All communication is initiated by the cluster. At no time may VAST personnel access a cluster without access being granted explicitly by the customer.

Where is Data Stored?

  • Information about VAST Cluster components and configuration settings is stored in Postgres.

  • Cluster metrics are stored in BigTable, BigQuery and Google Cloud Storage.

  • Capacity estimation and data flow data are stored in BigTable.

  • Log bundles and support bundles are stored in Google Cloud Storage.

All data is encrypted both in-flight (TLS 1.3) and at-rest (Using Google Cloud’s encryption-at-rest).

How Data is Accessed?

The data stores (Postgres, BigTable, BigQuery, Google Cloud Storage) are not directly accessible. Authenticated users access the data through  Uplink API servers which are connected to the data stores via a private network and provide read-only access. This includes VAST employees.

Note

If the Uplink Customer Portal is disabled, the reported data is only accessible to authenticated VAST Support users within VAST’s internal network.

  • Users authenticate to a particular tenant-scoped subdomain. The tenants and account management are handled by Google Identity Platform.

  • A mandatory multi-factor authentication (MFA) using TOTP one-time codes is enforced by the Uplink API server.

  • After successful authentication, a session token is returned which allows the Uplink UI to make tenant-scoped API calls to the Uplink API server.

    The Uplink API server provides a tenant-scoped read-only set of APIs ensuring there is no inappropriate access to the data.

Note

All session and access tokens expire after one hour and must be refreshed. For interactive user logins, the session token may be refreshed a maximum of 23 times before the user must re-authenticate. The refresh is done automatically unless the user logs out.

Tip

All access attempts (both successful and failed) and user actions are recorded in the Uplink’s audit log. This includes VAST Support.

Caution

After five unsuccessful login attempts an account becomes locked and must be unlocked by VAST Support.

How Do I Control Access to Data?

When you register for Uplink you can choose whether to enable the Uplink cloud portal, or to register for Uplink's Callhome reporting service without enabling the cloud portal. If you do enable the Uplink cloud portal, your Uplink subdomain is created with an initial super user account owned by you.

This account can grant or revoke access for additional users or super users by creating and managing Uplink user or super user accounts.

These actions can be performed without the intervention of VAST Support, providing you with direct control of access to your Uplink subdomain.

Tip

All access attempts (both successful and failed) and user actions are recorded in the Uplink’s audit log.

Note

The VAST Support users assigned to your account will, of course, also have access to this data.

Related articles
  • Overview of Uplink
    VAST Cluster > Version 5.1 > VAST Cluster 5.1 Administrator's Guide > Administrating VMS > Reporting to Uplink
  • Overview of Uplink
    VAST Cluster > Version 5.4 > VAST Cluster 5.4 Administrator's Guide > Administrating VMS > Reporting to Uplink
  • Overview of Uplink
    VAST Cluster > Version 5.2 > VAST Cluster 5.2 Administrator's Guide > Administrating VMS > Reporting to Uplink