Creating Tenants

Creating a Tenant using the VAST Web UI

From the left navigation menu, select Element Store and then Tenants.
Click Create Tenant.

In the General tab, complete the fields:

Tenant name

Enter a name for the tenant.

Domain

The domain for the tenant. If this is provided, it is used to log in to VMS by the tenant.

The login URL for the tenant admin is shown as a preview. It is of the form https://<VMS IP>/<Domain>

Note
The domain name is case-insensitive.

In the Providers And User Access tab select external authorization providers for the tenant, from Active Directory, LDAP and NIS providers that have been configured for the cluster . For each selected provider type, select the specific provider from the list.
Note
Providers configured on the cluster are subject to combination restrictions per tenant, as described in Supported Combinations of Providers and Access Protocols.
In the User Access Management tab, select the Source IP Address for Tenant Admin to VMS:
- Allow all IPs to access. Allow Tenant Admins to connect to their tenant on the Cluster from any IP address.
- Define specific IPs. If selected, enter IP addresses, and click Add to Table, to specify addresses for Tenant Admins to connect to their tenant on the Cluster.
To add additional tenant admin users to the tenant, complete this procedure to create a new tenant. Then, follow the steps in Adding Managers to add manager (admin) users, and select user type Tenant Admin there.
In the IP Addresses for Client Data Access tab, configure ranges of IP addresses for tenant users to use to connect to the tenant for data access. Enter Start IP and End IP addresses, and then click Add to Table, to add ranges of IP addresses. Repeat for additional ranges.

In the Advanced Protocol Settings tab, set the following for NFS:

Enable Secured labels (NFSv4.2)

Enable the use of security labels for NFSv4.2

Enable Trash folder

Enables the trash folder on NFS with a specific GID (this allows members of the group to move files to the trash folder)

If enabled, enter a value for the Trash folder GID.

Set the following for SMB:

Use native authentication

When enabled, VAST Cluster authorizes client access by using user and group information supplied via Kerberos or NTLM authentication, rather than by querying that user in Active Directory. For more information, see Authentication for SMB Access. By default, this option is disabled.Authentication for SMB Access

Note
After you disable use of Kerberos/NTLM Authentication to authorize users from non-trusting domains, users that previously had access, would still have access although the feature is now disabled.

Require SMB Signing

When enabled, SMB signing is mandatory for the clients accessing the cluster. SMB requests with a missing or invalid signature are not accepted.

Default share-level ACL

Optionally set the default 'Everyone' Group share-level permission for the tenant. This default permission affects all views associated with the tenant where share-level ACL is disabled.

For more information about share-level ACLs , see Share-Level ACLs.Share-Level ACLs

Possible values:

Full control (Default). Includes Change permission and permission to change file owners and Windows ACLs.
Read. Permission for Read operations only.
Change. Includes Read permission and permission to change files, create files, create directories, and to delete files and directories.
Note
Change permission does not include permission to modify file attributes or ACLs.

In the Tenant Limitation tab, optionally set capacity and performance limits for the tenant.
- Under Capacity Rules:
  - Toggle the Enable capacity rules option on to set limits on the tenant storage capacity. Enter the soft and hard limits as follows:
    Under Add soft limit and/or Add hard limit, enter the maximum allowed used capacity for the tenant and select the unit of measure for it.
    In the Number of files and directories field, specify the maximum allowed number of files and directories for the tenant.
    In the Grace period field, enter a period of time after which the hard limits are enforced.
- Under Performance Rules:
  Notice
  Performance rules are supported starting with VAST Cluster 5.3.2.
  - Toggle the Enable performance rules option on to set limits on the tenant bandwidth. Enter the limits as follows:
    Under Static Limits, specify the static limits.
    Tip
    For an explanation of different types of limits, see QoS Overview.
    For each of the limits , '0' means no limit is set.
    Select an appropriate unit of measurement in the Units field.
    To restrict the bandwidth, fill in the fields following the BW column:
    Max. The maximum allowed bandwidth.
    Burst. The maximum burst bandwidth that can be provided while there are accumulated bandwidth credits.
    Credit. The maximum amount of bandwidth credits that can be accumulated.
    To restrict the amount of IOPS, fill in the fields following the IOPS column:
    Max. The maximum allowed IOPS.
    Burst. The maximum burst IOPS that can be provided while there are accumulated IOPS credits.
    Credit. The maximum amount of IOPS credits that can be accumulated.
Click Create. The tenant is created and appears in the list of tenants in the Tenants page.

Creating a Tenant via VAST CLI

To create a tenant from the VAST CLI, run the tenant create command.