Configuring VAST Event Broker

  • Updated on Jan 31, 2026
  • Published on Jan 27, 2026
  • 3 minute(s) read
Prev Next

Complete these steps to configure VAST Event Broker:

  • Create a virtual IP pool for VAST Event Broker.

  • Configure a user for VAST Event Broker.

  • Create a VAST Event Broker view.

  • (Optional) Set up authentication of users accessing the view.

  • (Optional) Set up authorization of users accessing the view.

Creating a Virtual IP Pool for VAST Event Broker

Create a virtual IP pool to be used to access the event topics using the Kafka protocol. The pool must have the PROTOCOLS roles assigned.

The pool must have enough virtual IPs so that there is at least one virtual IP per CNode.

If the VAST Event Broker view will be associated with a view policy that includes virtual IP pools, the pool specified as the Kafka pool must be one of the view policy pools.

Configuring a User for VAST Event Broker

Configure a user on the authentication provider attached to the tenant where VAST Event Broker will run so that the user has S3 bucket creation permissions and S3 access keys.

This user will be assigned as the bucket owner when creating a view for VAST Event Broker.

Creating a VAST Event Broker View

VAST Event Broker runs on a view that has Kafka protocol enabled.

Note

View nesting is not supported.

Follow the steps in Creating Views to create a VAST Event Broker view as follows:

  • Select the same Tenant as for the virtual IP pool created for VAST Event Broker.

  • Enter a Path to the location where event topics will be stored.

  • Enable the setting to Create directory for the view.

  • Specify a view Policy that enforces S3 Native security flavor.

  • Specify Kafka as the view's Protocol.

    Enabling the Kafka protocol automatically enables the S3 Bucket and Database protocols for the view.

    Adding the Kafka protocol to an existing view is not allowed.

  • Enter an S3 bucket name for the view.

  • Specify the user configured for VAST Event Broker as the Bucket owner (in the S3 tab in VAST Web UI).

  • Set the view to use the Virtual IP pool you created for VAST Event Broker (in the Kafka tab in VAST Web UI).

    Only one virtual IP pool can be associated with a VAST Event Broker view.

    Once the view has been created, the virtual IP pool cannot be replaced by another one (but it can be modified if needed).

When creating a VAST Event Broker view in VAST CLI using the view create command, specify --protocols KAFKA  to enable the Kafka protocol and --kafka-vip-pools <pool ID>  to set the virtual IP pool. For example, to create a VAST Event Broker view accessible via virtual IP pool 3:

view create --tenant-id 1 --path </dir> --create-dir --policy-id 2 --protocols KAFKA,DATABASE,S3 --bucket mybucket --bucket-owner myadmin --kafka-vip-pools 3

Configuring User Authentication for the VAST Event Broker View

(Optional) Configure authentication of users accessing the Kafka-enabled view.

Users accessing a Kafka-enabled view can be authenticated against the tenant's local provider using the PLAIN Simple Authentication and Security Layer (SASL) mechanism. SASL/PLAIN authentication is available on both encrypted (TLS) and non-encrypted connections.

To configure user authentication:

  • In VAST Web UI, specify the required authentication method in the Authentication Methods pane of the Kafka tab in view settings (Element Store -> Views -> choose to create or edit a view).

  • In VAST CLI, run the view create or view modify command with the corresponding option specified:

    • For encrypted connections: --enable-kafka-encrypted-conn, --kafka-encrypted-auth-mechanism, --disable-kafka-encrypted-conn

    • For non-encrypted connections: --enable-kafka-unencrypted-conn,  --kafka-unencrypted-auth-mechanism, --disable-kafka-unencrypted-conn

If you are going to use SASL/PLAIN authentication with TLS, ensure that the VAST cluster has been configured with a TLS certificate intended for use with Kafka-enabled views. To check or upload a Kafka TLS certificate and a key:

  • In VAST Web UI, choose Settings -> Certificates and in the Certificates for field, select Kafka.  

  • In VAST CLI, run the certificate create or certificate modify command with the --cert-type KAFKA option specified.

The following limitations apply:

  • Active Directory/LDAP is not supported. The user must be defined as a VAST local user.

  • Only one Kafka TLS certificate can be uploaded per VAST cluster.

Configuring User Authorization for the VAST Event Broker View

(Optional) Configure authorization of users accessing the Kafka-enabled view.

Only explicitly allowed operations can be performed.

  • Enable authorization for the Kafka view:

    • In VAST Web UI, toggle the Enable authorization option on in view settings (Element Store -> Views -> choose to create or edit a view -> Kafka tab -> Authentication Methods pane).

    • In VAST CLI, run the view create or view modify command with the --require-kafka-authorization or --cancel-kafka-authorization option specified.

  • Add Kafka-related actions to user identity policies.

Related articles