Enhancements in 5.4.0

Install & Upgrade

Added an ability to skip failed CNodes during a VAST Cluster Install procedure. The skipped CNodes can later be added through cluster expansion.
By default, CNodes can be skipped only when the number of failed CNode does not exceed 25% of the total number of CNodes in the cluster. Otherwise, installation cannot be completed.
The skipping threshold can be adjusted in VAST Cluster Install. If necessary, you can also disable the feature.
ORION-232534: Added support for specifying zero-padded IPv6 addresses during cluster deployment. With this enhancement, both 2001:db8:e:14:0:0:0:ff and 2001:db8:e:14::ff formats are supported.
ORION-237652: Added an ability to specify the NTP server hostname when supplying NTP parameters in VAST Cluster Install.

Cluster Expansion

ORION-216963: Added a checkpoint mechanism for the cluster expansion procedure. Checkpointing splits the procedure into a series of discrete steps. If one of the steps fails, the process can be resumed from the failed step, without the need to rerun the steps that have already completed.

Networking

ORION-237376: Added a validation to prevent users from adding VAST reserved IPs (e.g. IPs that are already in use by the cluster, such as the VMS IP) to a virtual IP pool.
ORION-242967: Enhanced the cluster networking configuration script (configure_network.py) to support configuring CNode Port Affinity for Supermicro Gen5 CNodes and HPE Genoa CNodes.
ORION-203793: Added indication of the port type (internal, external, management) when listing NICs.

Multi-Tenancy

ORION-173326: Increased the maximum allowed number of tenants per cluster from 4096 to 10240.
ORION-276035: Increased the maximum allowed number of roles per tenant from 1000 to 4500.
ORION-211489: Added an ability to set a tenant-wide limit on the number of views that can be created for the tenant. If left unlimited (which is the default), the number of views will only be capped by the maximum amount of views supported by the VAST cluster.
To set the limit for a tenant:
- In VAST Web UI, use the new Max Number of Views pane in advanced tenant settings (Element Store -> Tenants -> choose to create or edit a tenant -> Advanced Protocol Settings tab).
- In VAST CLI, use the --max-views option on the tenant create or tenant modify command.

Encryption of Data At Rest

EKM-based encryption can be enabled not only during cluster deployment, but also afterwards, when the cluster is already up and running.
In VAST Web UI, the Data Management and KMIP tabs in cluster settings (Settings -> Cluster) has been redesigned to let you select the required encryption type and configure third-party EKM servers on a running cluster.
In VAST CLI, you can manage EKM servers and certificates using the new cluster add-ekm and cluster set-certificates commands.
Note
Tenants created before enabling EKM on the cluster, will be assigned an Internal encryption group, which means no EKM will be used for such tenants.

Quotas

Increased the maximum allowed number of nested quotas from 3 to 16.

Quality of Service (QoS)

ORION-243368: Added support for prioritization of workloads based on the QoS policy prioritization flag in scenarios where the policy also have burst and/or total limits defined.

SMB

ORION-196158: Added support for the SMB2_CREATE_APP_INSTANCE_ID create context for directories. Prior to this change, it was supported for files only.

S3

ORION-208315: Added support for checksum validation of PUT requests using the Content-MD5 header. Prior to this change, the header was ignored.
Note
Lifecycle rules are not supported.

Block

The view list command of VAST CLI offers two new output filters, --is-default-subsystem and --is-not-default-subsystem, that let you show or hide block views set as default subsystems.
The volume list command of VAST CLI has been enhanced to provide various output filters and display options.

Event Publishing

ORION-253455: Added an ability to specify a value of -1 for the topic retention period. Setting -1 means no retention occurs.
The new --kafka option on the VAST CLI view show command displays Kafka protocol settings in effect for the view.

VAST Database

Added support for over-the-wire compression of query results. The compression can be enabled for a Trino session by using the compression session parameter set to zstd. By default, compression is disabled.
Added support for TZ (timestamps) and UUID data types.
Added an ability to modify properties of an existing table in VAST CLI using the new table modify command.

Data Protection

Replication is no longer limited to a maximum of two destination peers when VAST Catalog is enabled, as long as all of the clusters involved run VAST Cluster 5.4 or later.
It is no longer required to manually disable VAST Catalog before performing operations that require a reset to existing snapshots, such as replication failover, disconnection/reconnection of one of the replication peers, switching of the peer roles, or deletion of a protected path.
ORION-281740: Added an ability to configure the cluster so that replicated identity or bucket policies are automatically enabled on the replication destination peer. By default, the replicated policies are kept disabled, and manual action is required to enable them. If you want to alter this behavior so that the replicated policies are enabled automatically, contact VAST Support.
ORION-95871: Added an ability to configure the cluster to allow or prohibit deletion of an empty directory for which one or more snapshots exist. By default, deletion of such a directory is not allowed. If you want to alter the default behavior and allow deletion of such directories on your cluster, contact VAST Support.

Authentication & Authorization

Added an ability to optionally set a password for a VAST local user account.
The cluster or tenant admin generates a temporary password which the user must enter on their first login to the VMS. Upon logging in, the user is prompted to set a permanent password.
The user password must meet the requirements set in VMS settings (in VAST Web UI: Settings -> VMS -> Password).
The following user controls have been added for this purpose:
- In VAST Web UI, the User Password pane in local user settings (User Management -> Local users -> choose to create or edit a user)
- In VAST CLI, the --password option on the user create and user modify commands.
ORION-283592: VAST Cluster can be configured to ignore duplicate entries that might exist for a user or group in the same LDAP domain. If, for example, two users share the same UID, one of these user entries will be ignored, thus ensuring consistent outcome of access checks for that UID. To enable this behavior on your VAST cluster, contact VAST Support.

VMS

ORION-236019: Updated VAST Prometheus metrics to add a metric that indicates the total number of all open NFS connections (including NFS3, NFS4, RQUOTA, MOUNT, NLM, NSM and NFSACL), as well as a separate metric that indicates the number of open NFSv3 connections.

VAST Web UI

ORION-193527: Made updates to display the BMC firmware version in the Infrastructure -> EBoxes page. Prior to this change, this information was available in the CNodes/DNodes pages only.
ORION-239519: Enhanced the inspection pane in the User Management page (User Management -> Local Users -> select a user and click > to open the right-side pane) to add an indication of whether the S3 access key is local or replicated.

VAST CLI

Some VAST CLI listing commands, such as viewpolicy list or cluster list-locks, feature a new option, --vertical, that formats the output so that the items and their properties are listed one below another, for example:

vcli: admin> viewpolicy list --vertical
+------------------------------------------------+----------------------+
| ID                                             | 9                    |
| Name                                           | bgio-mercury:default |
| Cluster                                        | vast-bnm             |
| <other properties>                             |                      |
+------------------------------------------------+----------------------+
+------------------------------------------------+----------------------+
| ID                                             | 5                    |
| Name                                           | my_policy            |
| Cluster                                        | vast-bnm             |
| <other properties>                             |                      |
+------------------------------------------------+----------------------+

The cluster list-locks command has a new required parameter that specifies the path for which to list locks: --file-path. It also features a new pagination direction option, --direction.
Added commands to restart a CNode or a DNode: cnode powercycle and dnode powercycle.
The certificate create and certificate modify commands feature new options, --ca-certificate and --cert-type, that you can use to upload a CA certificate and indicate whether the certificate is intended for webhooks or for Kafka connections.
The dns create and dns modify commands offer a --port option for you to set the DNS service port.

Platform & Control

Added support for having both EBoxes and CNodes in the same VAST cluster.
The Infrastructure -> CNodes page in VAST Web UI has been updated to include a new Position column to help differentiate between a node that is part of an EBox and a regular CNode. CNodes that are part of an EBox are listed as Virtual.
Lifted the following limitation on conversion to write buffer RAID:
- No cluster expansion operation is in progress (for example, DBox expansion, migration, or replacement activities)
VAST Cluster 5.4 lifts the limitation on enabling the DBox HA feature on new installations, which was in effect for releases 5.1, 5.2 and 5.3.