Configuring Your Cloud Account for VAST Polaris

  • Published on Mar 19, 2026
  • 2 minute(s) read
Prev Next

Configuring GCP for VAST Polaris

The following sections describe how to configure your GCP account to host VAST on Cloud clusters.

Prerequisites

  • A GCP account with a GCP project, into which the Vast on Cloud cluster will be deployed.

Configuring Your GCP Project for VAST Polaris Clusters

Configure the following in your GCP project, from the GCP Console.

Enable Google Cloud APIs

Enable these Google APIs:

  • Compute API In Compute/VM Instances

  • Secret Manager API, in Security/Secret Manager API

Optionally, these APIs are recommended:

  • Artifact Registry API

  • Compute Engine API

  • Network Management API

  • Service Networking API

  • Network Security API

  • Cloud Monitoring API

  • Cloud Logging API

Set up Private Networking

In the VPC Networks page, configure Private Services Access to your VPC by Allocating IP Ranges for Services and Creating Private Connections to Service.

Set up NAT per Region

In Network Services/Cloud NAT, create a Cloud NAT Gateway with these details, for each region that has a VoC cluster:

  • Region: the region containing the cluster

  • Router: Create New Router

  • Network Tier Service: Premium

Configure Firewall Rules

In Network Security/Firewall, configure firewall policies as follows.

  • Create a firewall rule for cluster traffic with these details:

    • Direction: ingress

    • Action on match: allow

    • Target tags: add voc-internal (this tag is used by the VoC cluster)

    • Source tags:add voc-internal

    • Protocols and ports:

      TCP

      22, 80, 111, 389, 443, 445, 636, 2049, 3128, 3268, 3269, 4000, 4001, 4100, 4101, 4200, 4201, 4420, 4520, 5000, 5200, 5201, 5551, 6000, 6001, 6126, 7000, 7001, 7100, 7101, 8000, 9090, 9092, 9093, 20048, 20106, 20107, 20108, 49001, 49002

      UDP

      4005, 4105, 4205, 5205-5240, 6005, 7005, 7105

      ICMP

      enabled

    Leave all other rule settings as the defaults.

Quotas and Policy Constraints

Your GCP project should have these quotas:

  • Quota for Local SSD, This is set per region, and must allow for at least 36TB for local SSDs per ENode,

    Note

    Increasing the default quota to a sufficient level for a VAST cluster deployment can take some time, and is not done instantly using the GCP Console UI.

  • Quota for z3, Allocate sufficient instances for your cluster needs. A single ENode requires 88 CPUs.

  • Quota for Static Routes per VPC Network. This is set per VPC network, This should allow for any IPs you use to connect to the cluster.

  • Quota for static routes per peering group. This is set per peering group (for all peered projects). Peered groups contain VPCs within the a common project, that can be connected. These connections require static routes. The quota should allow for all the connection routes between VPCs in the peering group.

To avoid problems when creating the cluster in GCP, organizational level policy constraints should not conflict with cluster requirements. For example, policies that restrict creation of z3 VMs.

Related articles
  • VAST on Cloud for GCP
    VAST Cluster > Version 5.4 > VAST Cluster 5.4 Administrator's Guide > The VAST DataSpace > VAST on Cloud Overview
  • VAST on Cloud for GCP
    VAST Cluster > Version 5.3 > VAST Cluster 5.3 Administrator's Guide > The VAST DataSpace > VAST on Cloud Overview
  • VAST on Cloud for GCP
    VAST Cluster > Version 5.2 > VAST Cluster 5.2 Administrator's Guide > Cloud Provisioning for Special Workloads