Protected Paths Overview
A protected path is a path in the element store (file/object system) that is protected by snapshots and/or replication to one or more remote peers.
Protected paths are used by the following data protection features:
Async replication, where data is captured by snapshots on a schedule of points in time and replicated to other clusters
Global access, where a data path is shared with one or more remote clusters such that the data is accessible to clients of the remote cluster at a target path.
Local backup, where data is captured by snapshots on a schedule of points in time and stored locally.
Backup to S3, where data is captured by snapshots on a schedule of points in time and replicated via S3 to an AWS bucket.
For full configuration instructions for async replication, local backup and backup to S3, see the relevant feature section, linked above.
A protected path can have one or more destinations. In replication and backup features, each destination has a replication stream takes snapshots of the data on a schedule controlled by a protection policy. Each protection policy determines how long snapshots are stored and retained locally and if they are replicated to a remote peer and on what schedule.
Important
Limitations:
Data cannot be moved into or out of a path that is protected by either async replication or S3 replication. This applies to moving files or directories from a protected path to a non-protected path, from a non-protected path to a protected path or from one protected path to another protected path.
No more than one replicating protected path can be configured per directory.
Protected paths with async replication or backup to S3 cannot be nested.
A protected path cannot have a file under it that has a hard link outside of the protected path.
It is not allowed to create a protected path on a subdirectory under a path that exposes an S3 bucket.
Caution
If you create a protected path to replicate data to a peer that you already replicated data to earlier by means of another protected path that was deleted earlier, the initial sync is performed again. In other words, the re-creation of a protected path triggers a new transfer of all data under the path to the peer.
Creating a Protected Path via the VAST Web UI
In the left navigation menu, select Data Protection and then Protected Paths.
On the Protected Paths tab, click Create Protected Path.
In the Add Protected Path dialog, click Add Source and complete the fields:
Tenant
Select the tenant under which the source path resides.
Name
Enter a name for the protected path.
Path
The path you want to replicate. A snapshot of this directory will be taken periodically according to the protection policy.
Note
If you specify '/' (the root directory), this includes data written via S3.
To specify a path to a specific S3 bucket with name bucket, enter /bucket.
Click Save.
Click Add a Peer VIA Replication Or Global Access.
In the Create Destination dialog, complete the fields: select Replication from the Capability dropdown and complete these fields:
Capability
Select the type of destination:
Replication. For async replication, local backup with snapshots, or for replication to an S3 bucket.
Global Access. For global access.
Protection policy
If you selected Replication for Capability, select a protection policy from the dropdown or select the option to create a new one, configure the new one in the dialog provided and save it.
Warning
After adding a destination to a protected path, it is not possible to change which policy is associated with the destination. All changes to a destination's snapshot schedule, replication schedule, and snapshot expiration must be done by modifying the protection policy. Those modifications affect all destinations that use the same protection policy. To work around this limitation, use one protection policy per destination.
Cluster
If you Capability is set to Replication, and the selected protection policy has a peer configured, this field is filled automatically with the cluster specified as the peer in the protection policy. If the protection policy has no peer configured, the destination will be local for storing snapshots on the cluster.
If Capability is set to Global Access, select a remote cluster where you want to configure a destination path. The remote cluster must be configured already as a replication peer.
Remote tenant
This field is applicable only if there is a remote peer set in the Cluster field and it has more than one tenant. If it appears, select a tenant on the remote peer from the dropdown. The remote path will be created on the selected tenant.
Path
This field is applicable only if there is a remote peer set in the Cluster field. Specify the directory on the remote peer cluster where the data should be replicated. This must be a directory that does not yet exist on the remote peer.
Tip
You cannot use "/" as remote path because that always exists already. Therefore if you would like to replicate all data under the root directory, you will need to replicate this to a subdirectory. e.g. path on peer = "mirror/"
Click Create.
The protected path is created and listed in the Protected Paths tab.
Viewing Protected Paths
In the left navigation menu, select Data Protection and then Protected Paths.
The following information is displayed for each protected path:
Field | Description |
|---|---|
ID | The ID of the protected path. |
Name | The name of the protected path. |
Role | For async replication, the role of the local peer in the protected path, which can be:
|
State | Possible values:
|
Health | An indication of whether the state is OK or not:
|
Path | The local data path that is being protected. |
Tenant | The local tenant to which the local data path belongs. |
Path on peer | For async replication and global access only. The directory on the peer where the protected data is replicated or made globally accessible. If the protected path has multiple destinations, each destination has a different path on peer. |
Remote Tenant | For async replication and global access only. The tenant on the replication peer to which the path on peer belongs. (There is more than one if the protected path has multiple destinations.) |
Replication Peer | If there is a replication peer configured on the cluster, this field displays the cluster name of the replication peer. (There is more than one if the protected path has multiple destinations. ) |
Protection Policy | The protection policy which governs the protected path's schedule, snapshot retention and replication peer if applicable. |
Last Point Creation Time | The time of the last completion of a restore point on the replication peer or replication S3 peer, if applicable. |
BW | The speed of the connection with a replication peer or replication S3 peer, if applicable. |
Aggregated Usage | An estimate of the amount of usable capacity that could be reclaimed by deleting all snapshots on the protected path. This estimation takes into account any nested protected paths that hold common data, because data held by another protected path's snapshots would not be removed even if all snapshots on the protected path were removed. |
Next Point progress | The progress towards creating the next restore point on the destination peer(s). |
Next Point Physical Size | The physical size on disk of the delta to be transferred in the next restore point. |
Next Point Logical Size | The logical size on disk of the delta to be transferred in the next restore point. |
ETA | Applicable during a failover event, this is the estimated time remaining until the local peer completes a change of replication role with respect to the protected path. For example, if the local peer is changing from destination role to source role for the protected path, this is the estimated time until that role change is complete. |
Files Counted | The number of files at the protected path on the local peer. |
Progress | Applicable during a failover event, this is the percentage progress of a change of replication role for the local peer with respect to the protected path. For example, if the local peer is changing from destination role to source role for the protected path, this is the percentage progress so far for that role change. |
Modifying a Protected Path via VAST Web UI
To modify the configuration of a protected path, right-click the protected path and select Edit. Make your changes and then click Update.
Note
You cannot change the protection policy for a destination.
Activating and Deactivating (Starting and Pausing) Protected Paths
Deactivating a protected path pauses replication for the path. Activating the protected path resumes replication.
Note
Deactivating a protected path that is using an indestructible protection policy requires unlocking the indestructibility mechanism on the cluster.
Right-click the protected path you want to activate or deactivate, and select Activate or Deactivate as needed.
Removing a Protected Path via VAST Web UI
Removing a protected path prevents the ability to resume it. After removing a protected path, if you create a new protected path using the same policy, that new protected path triggers a new initial sync, copying over all of the VAST Cluster's data to the S3 replication peer (if a peer is specified in the policy).
Tip
If you only want to pause replication and you may want to resume later, don't remove the protected path; instead deactivate the protected path.
Removing a protected path does not delete snapshots or restore points that were already backed up to an async or S3 replication peer.
To remove a protected path:
Right-click the protected path and select Remove.
Click Yes to confirm the removal.
Managing Protected Paths via VAST CLI
To manage protection paths via the VAST CLI, use the following commands.
Task | Command |
|---|---|
Display protected paths | |
Display details of a specific protected path | |
Create a protected path | |
Modify, activate (start) or deactivate (pause) a protected path | |
Add a destination to a protected path | |
Remove a destination from a protected path | |
Delete a protected path |