Enhancements in 5.3.2

Install & Upgrade

Added an ability to manage a subset of VAST OS configurations in a new package named vast-utils, which is upgraded during NDUs. The vast-utils package includes cluster networking configurations and host-level services.
Starting with VAST Cluster 5.3.2, most VAST OS configuration updates will be delivered simply by upgrading the vast-utils package, effectively eliminating the need to perform a full VAST OS upgrade and a node reboot.
The currently installed version of vast-utils is displayed in the VAST-UTILS Version column for each node in the Infrastructure pages in VAST Web UI, as well as in the VAST Utils Version column of cnode list , cnode show, dnode list, dnode show command output in VAST CLI.
ORION-260525: Added an ability to specify the host name when entering EKM servers in VAST Cluster Install.

ORION-241294: For clusters with InfiniBand internal networking, updated the way VMS maintains OpenSM configuration parameters so that on the first start of the OpenSM service, the parameters are taken from the OpenSM configuration file (/etc/opensm/opensm.conf).
In addition, the opensm.conf will include two more parameters, max_wire_smps 96 and max_wire_smps2 96, which set the maximum number of SMPs that can be sent in parallel.

Added support for the following External Key Managers (EKM):
- Akeyless KMIP Server
- Entrust KeyControl

ORION-256797: Added metrics that help analyze QoS credits left per view. To display the metrics in VAST Analytics, create a new customized analytics report and include the metrics starting with the word 'Burst' for the View object.
ORION-253117: Made updates to automatically set a default value for credits when a maximum static limit is set.
If no credits are explicitly defined, setting a maximum static limit will cause the corresponding credits to accept a default value. The credit default value will be the maximum limit multiplied by 4. For example, if you set the maximum allowed read bandwidth to 500 and do not specify any value for the read bandwidth credit, the read bandwidth credit will automatically be set to 2000.
ORION-250317: The following limitation no longer apply:
In case of a CNode HA event, the cluster needs a few minutes to retrieve connections from the failed CNode. During this time, the user will be served at the user's S3 connection limit less the number of connections that were provided by the failed CNode.

ORION-240658: The enable-nfs-return-open-permissions setting of a view policy will now be honored with all security flavors. Prior to this change, the setting was ignored if the flavor was S3 Native.
When this setting is specified, the NFS server returns 777 permissions (access is allowed for everyone) for all files and directories when responding to client-side access checks. Otherwise, the server would return 700 permissions (access is allowed for the bucket owner only). The 777 permissions are needed for Windows NFS clients to be able to access S3 buckets where they are not the bucket owner.
For new installations, the enable-nfs-return-open-permissions setting is by default enabled for all security flavors. For upgraded clusters, the setting is honored with NFS security flavor only. If you want to alter the behavior for your cluster, contact VAST Support.

ORION-255694: Updated the default behavior when handling SMB compound requests beginning with a CREATE request when the starting CREATE request gets a STATUS_PENDING response.
Starting with VAST Cluster 5.3.2, by default the cluster will first respond with STATUS_PENDING only to the starting CREATE request (skipping the rest of the responses). After the entire compound is executed, responses to all requests in the compound will be sent. Prior to this change, the default behavior was to send STATUS_PENDING responses to all remaining requests in the compound.
ORION-246616: Enhanced SMB permission handling to avoid dropping SMB generic access rights (GENERIC_ALL, GENERIC_WRIRE, GENERIC_READ, GENERIC_EXECUTE) when converting SMB permissions to VAST permissions (which the cluster uses internally to perform access checks).
Prior to this change, these ACEs could be dropped when performing operations such as running a bulk permission update on a view controlled with SMB or Mixed Last Wins security flavor.
The new logic is by default disabled. To enable the enhancement on your cluster, contact VAST Support.
ORION-216508: Made enhancements to allow for SMB Continuous Availability support for directories.

ORION-272562: Changed the way a newly installed cluster handles S3 requests with unsupported headers. Starting with version 5.3.2, the cluster ignores the unsupported header and proceeds with the request. Prior to this change, the request failed.

ORION-253107: Added a validation to prevent configurations that result in creating a snapshot on a path used by a different snapshot.
ORION-241340: Added an ability to edit the destination peer in the duplicate protection policy being added using the Duplicate and Edit action in the Data Protection -> Protection Policies page in VAST Web UI.

ORION-263988: Starting with VAST Cluster 5.3.2, if you have user impersonation enabled for a view, access checks against the share-level ACLs on this view are performed for the original user (which sent the RPC). Prior to this change, access checks against share-level ACLs were performed for the impersonator (the user account used instead of the original user).

ORION-263129: VAST Prometheus Exporter provides new metrics that help detect latency in client socket reads.
ORION-258426: VAST Prometheus Exporter lets you export a metric that shows the amount of active NFS-over-RDMA connections.
ORION-213509: Added various metrics to VAST Prometheus Exporter that help analyze cluster's metadata usage.

ORION-245782: Updated the view settings dialog (Element Store -> Views -> choose to create or edit a view) so that the WORM tab is displayed when the S3 protocol is disabled for the cluster.

ORION-250363: Starting with VAST Cluster 5.3.2, requests to the VAST REST API /tenants/ endpoint that contain the vippool_ids parameter are ignored. To associate a virtual IP pool with a tenant, pass the tenant_id parameter to the /vippools endpoint.

ORION-247025: Updated high ambient temperature event definitions to lower the thresholds that trigger the alarm.
Rack-level resiliency enhancements:
- Added support of rack-level resiliency for EBoxes.
- The VAST CLI dbox add command supports the --rack-name and --rack-unit options that let you define rack and unit assignments for the DBox being added.
- DBox migration can be performed within the same failure domain, as long as there is enough space in the domain.
- Added indication of the rack's total and usable capacity in the Racks page in VAST Web UI (Infrastructure -> Racks ).
- You can turn on or off the rack LED from the VAST Web UI Racks page, as well as check the LED status.
ORION-266963: Added support for Solidigm SBFPF2BV153T drives in EBoxes.