Enhancements in 5.2.0

Starting with VAST Cluster 5.2, if the cluster deployment process stops for any reason, you can resume it from where it had stopped without the need to repeat the entire process. To do so, use the cluster resume-deploy VAST CLI command.

ORION-192408: Added an ability to control whether VAST Cluster performs BMC upgrade as part of cluster create and cluster upgrade procedures. From now on, VMS upgrades BMC and all relevant components (FPGA, BIOS and so on) only if the user has set the BMC upgrade flag.

The following user controls have been added for this purpose:

ORION-182349, ORION-181984, ORION-176325: Added an ability to define a rack for each discovered CBox or DBox during VAST Easy Install and cluster expansion procedures, and also to assign CBoxes and DBoxes to racks after cluster installation. Rack information helps track physical node location and easily identify the equipment during maintenance and troubleshooting operations.

ORION-181992: The General Settings tab of the VAST Easy Install wizard now features a field named Big Catalog Virtual IP Pool where you can define a virtual IP pool to be used for VAST Catalog.

ORION-176325: Added an ability to assign CBoxes and DBoxes to racks after cluster installation.

To do so, choose Infrastructure -> Racks and click the Add New button. In the Add Rack dialog that opens, use the Assign Boxes to Rack tab to add boxes to the rack.

ORION-162804: VAST Cluster now supports automatic firmware upgrade for HPE Ice Lake CNodes.

ORION-164049: Added an ability to delete a downloaded upgrade build:

Added an ability to override the default percentage of DPUs to upgrade in parallel. To do so, use the --dpus-batch-size-percentage option on the cluster upgrade command.

ORION-131011: The DBox and CBox Expansion wizard of VAST Web UI now features a B2B IPMI toggle that indicates whether the B2B IPMI configuration is to be deployed during cluster expansion.

ORION-179623: The DBox Migration wizard in VAST Web UI now shows the number of selected DNodes following the name of each DBox listed in the DBox name/DNode name field.

ORION-158670: Increased the maximum number of virtual IP addresses per pool from 512 to 2048.

ORION-165441: A virtual IP pool can now contain both IPv4 and IPv6 addresses. Prior to this change, either IPv4 or IPv6 were allowed.

ORION-173128: You can now use FQDNs to specify a host when defining a host-based access rule in a view policy (Element Store -> View Policies -> choose to create or edit a view policy -> go to the Host-Based Access tab).

ORION-195263, ORION-194742: Increased the maximum number of allowed client IP ranges per tenant up to 10000. Each range can have up to 65535 IPs.

ORION-178951: Provided an ability to update (PATCH) the list of client IP ranges configured for a tenant to allow or disallow access to tenant’s data from these IPs. The following user controls have been added for this purpose:

ORION-158742: For QoS policies that are defined on a view, added an ability to set a single QoS limit that caps the total amount of read, write and metadata operations, as an alternative to setting one limit for reads and one more limit for writes.

The following user controls have been added for this purpose:

Extended NFSv4.2 support to include all functionality that VAST Cluster provides for NFSv4.1.

In VAST Web UI, the toggle that was used to enable NFSv4.2 support for a tenant (Enable NFSv4.2) has been replaced with a toggle that enables support of the NFSv4.2 Security Labels functionality (Enable NFSv4.2 security labels). To access it, go to Element Store -> Tenants -> choose to create or edit a tenant -> go to the Advanced tab.

Lifted the limitation on the number of concurrent NFSv4.1 open handles per CNode, as well as the limitation on the number of lock state IDs per open handle.

ORION-188872: Added an ability to make SMB signing mandatory for the clients accessing the cluster. When this feature is enabled, SMB requests with a missing or invalid signature are not accepted.

The following user controls have been added for this capability:

ORION-175831: Added an ability to disable SMB leases (client cache) per lease type: read leases, write leases, handle leases.

You can disable SMB leases in view policy settings. The following user controls have been added for this feature:

ORION-183627: VAST Cluster no longer includes listing of snapshots (the .snapshot directory) in a response to an SMB QUERY_DIRECTORY request. If you want to revert to the old behavior where the .snapshot listing was included, contact VAST Support.

ORION-194792, ORION-184226, ORION-180193: Added the following user controls to let you turn on or off S3 Signature V2 authentication:

The VAST's S3 Superuser permission is deprecated. This option is only available for users for which is was set prior to upgrade to version 5.2. In other cases, use identity policies instead.

Options used to manage S3 Object Locking in VAST Web UI have been moved to the new WORM/S3 Object Lock tab of view settings (Element Store -> Views -> choose to create or edit a view).

The --enable-s3-block-v2-authentication and --disable-s3-block-v2-authentication options on the cluster modify command have been deprecated. Use the new --disable-s3-v2-authentication and  --enable-s3-v2-authentication options instead.

Added support for Attribute-Based Access Control (ABAC) of operations performed using the S3 protocol.

ORION-167553: Changed the behavior to ignore character case when matching ABAC tags assigned to views to ABAC attribute values assigned to users. ABAC tags are now case-insensitive. For example, tags AB and ab are considered the same value. Prior to this change, VAST Cluster was taking the case into account; tags like AB and ab were considered different values, resulting in permission deny error for the user.

ORION-166268: Updated ABAC validations to allow a user with ABAC attributes that provide read/write access to an ABAC-tagged view, to list files and directories on the view when the associated view policy sets All Squash for the host.

VAST Web UI provides a new toggle to enable ABE for a view: Enable access (Element Store -> Views -> choose to create or edit a view -> go to Access-Based Enumeration (ABE) tab). The new toggle replaces the previous control where you had to select SMB from a dropdown in order to enable ABE.

Added support for NFSv4.1 in WORM-enabled views.

In this release, you can designate NFSv4.1-enabled views as Write Once Read Many (WORM). This adds to the existing support of WORM for S3 bucket, SMB, and NFSv3 views. All the features of WORM-enabled views are supported for NFSv4.1, including Governance and Compliance options, Legal Hold, and configurable retention periods.

ORION-181267: Decreased the minimum allowed time between VAST Catalog snapshots from 15 minutes to 1 minute.

The VAST Connector for Spark now supports Apache Spark 3.5.1.

ORION-173717: The VAST Connector for Trino now supports Trino 443.

ORION-168087: Added an ability to prevent duplicate imports to VAST Database. If the duplicate check capability is enabled, an attempt to import a file that was previously imported will fail (even if the file was changed since it was imported).

For new installations, the duplicate check capability is enabled by default. After an upgrade to version 5.2, the duplicate check capability is by default disabled.

Increased the maximum number of VAST Database table projections that can be created from 16 to 64.

ORION-175298: Added indication of initial synchronization progress when viewing projections in VAST Web UI (DataBase -> VAST DB -> navigate to a table for which projections exist).

ORION-183382: Added a new analytics report for VAST Database, VAST DB Requests, that shows the number of requests per request type (query data, import, insert, update, and delete).

ORION-183351: Renamed VAST Database-related analytics reports as follows:

Added support for asynchronous replication of VAST databases.

ORION-186947: Added an ability to run S3 replication between a default tenant and a non-default tenant. Prior to this change, a default tenant was expected to replicate to a default tenant only.

ORION-173998: Starting with version 5.2, VAST Cluster provides replication capabilities for non-default tenants with S3-enabled views, as follows:

The new  protectedpath modify-member command of VAST CLI lets you change the capability of a particular replication stream; for example, switch it from asynchronous replication to synchronous.  

The protectedpath create and protectedpath modify VAST CLI commands provide the --sync-disconnect-time option to set disconnection timeout for synchronous replication.

The protectedpath add-stream VAST CLI command features the following new options used to set up synchronous replication:  --sync-disconnect-time , --sync-interval, --lease-expiry-time.

ORION-179909: Added support of Global Access for directories exposed to SMB (in addition to existing support for NFSv3).

SMB clients can now mount views of protected paths on remote clusters that have been shared by Global Access from a source cluster.  On this mount, they can perform read and write operations on the data from the source cluster.

ORION-176559: When creating a managed application on a group of CNodes, VMS now provides an indication of how many CNodes have already completed the application creation task by logging a message for each CNode processed. These messages are also displayed in the Activities page in VAST Web UI.

ORION-179777: Added the ability to determine domains from which VAST Cluster queries POSIX attributes when creating a LDAP provider. Prior to this change, you could select the POSIX attribute source only when modifying a LDAP provider.

ORION-143830: The following Multi-Forest Authentication limitation no longer applies:

If a trusted domain becomes unavailable and then recovers, SMB clients can use it to connect to the VAST cluster only after a period of time, but not immediately upon domain recovery.

The Auto discovery option in LDAP and Active Directory settings of VAST Web UI (User Management -> LDAP or Active Directory-> choose to edit a provider) has been removed. Active Directory Domain auto-discovery is enabled by default. If needed, you can disable or re-enable this functionality using VAST CLI.

The Enable trusted domains on other forests option has been removed from LDAP provider settings in VAST Web UI (User Management -> LDAP). It is still available in Active Directory settings (User Management -> Active Directory -> choose to create or edit a provider -> go to Advanced tab).

Added an ability to set up periodic change of the cluster's machine account password. The following user controls have been added for this purpose:

Added an ability to build advanced filters for LDAP and Active Directory user queries. To do so, use the following controls:

Options available when creating or editing a LDAP and/or Active Directory provider in VAST Web UI (User Management -> LDAP or Active Directory-> choose to create or edit a provider) have been shuffled as follows:

You can now set the TTL value for the VAST DNS service using the --ttl option on the dns create and dns modify commands of VAST CLI.

ORION-190269: Added indication of the tenant to view, user and quota-related metrics exported using VAST Prometheus Exporter.

ORION-185487: Added metrics related to use of flash write buffers:

ORION-179490: Provided event definitions to enable the cluster to generate alarms in case the cluster runs low on its storage resources, based on user-supplied thresholds. The new event definitions use the RaidMetrics,stripe_available_percent property to track the percentage of cluster’s available stripes (data segments that can be written to the cluster).

In addition, there are now threshold-type event definitions to monitor the percentage of used handles (Capacity,used_handles_percent) and percentage of used metadata resources (Capacity,metadata_resources_percent).

ORION-176774: Added an alert to be raised when the cluster encounters high latency for a very short period of time.

ORION-173731: Added an ability to learn date and time when the current S3 access keys have been created for a user, as follows:

ORION-126792: Made CNode CPU metrics visible for admin users in VAST Cluster analytics (Analytics -> Analytics -> search for CPU under Predefined Analytics).

ORION-84203: Added routines to automatically perform VMS failover in case the management port goes down.

Provided an ability to supply existing S3 access and secret keys for a user. To do so, in the Update User dialog (User Management -> Users -> choose to update a user) choose the new option Provide secret and access keys and enter the keys in the respective fields.

Provided a set of VAST CLI certificate <action> commands to view and manage cluster certificates. Certificate management options on the cluster create command (--webhook-certificate, --webhook-private-key, --webhook-ca-certificate) are now deprecated.

ORION-175347: Added an ability to query by username and login name when generating an access key for a user in VAST CLI. The following options have been added to the user --generate-key command:

The cluster list-locks command now features the --direction option that lets you set  up pagination when listing locks.

The cluster release-locks command now features options to filter locks by lock type (--lock-type), the type of unlock operation to perform (--unlock-type), and unlock operation ID (--unlock-id).

ORION-194645: The Add Rack dialog (Infrastructure -> Racks -> choose to add a rack) has been enhanced to include new capabilities:

In addition, the right-click menu for a CBox or a DBox listed in the CBoxes or DBoxes page now provides options to assign the box to a rack or move it to a different rack.

ORION-171379: CERES DNodes come with VAST OS based on Rocky Linux 8.6.

Added support for 200GbE NVIDIA switches (SN4600, SN3700).

ORION-135498: When you choose to disable an SCM drive through VMS, the cluster phases out the drive before deactivating it. Phasing out ensures that at each point in time during the disable process, there always exist two copies of each SCM section, providing for safer cluster operation. During phase-out, the drive state is shown as PHASING_OUT. Once phase-out is complete, the state changes to INACTIVE.

The phase-out functionality cannot be used for clusters with a single CERES DBox.

Added an ability to enable support of failure domains on a cluster by using the new --failure-domains-support option on the cluster create command.

The new ssd toggle-led and nvram toggle-led commands let you toggle the device's LED on or off.

ORION-193584, ORION-198006, ORION-193414: Updated the set of variables that can be used when you define a webhook for VAST Cluster alerts (Alarms & Events -> Event Definitions -> choose to create or edit an event definition -> Action tab -> Events pane).

ORION-187606: Added an ability to configure the cluster to send call home bundles to a user-supplied S3 service. To do so, specify the service’s IP address and port using either of the following:

ORION-162566: Added indication of the cluster name to syslog messages written by VAST Cluster.

Provided a set of VAST CLI webhook <action> commands to view and manage webhooks. The webhook-related options on the eventdefinition modify and eventdefinitionconfig modify commands are now deprecated (--webhook-url, --webhook-method, --webhook-data, --webhook-params, --webhook method).