Managing Protected Paths

Protected Paths Overview

A protected path is a path in the element store (file/object system) that is protected by snapshots and/or replication to one or more remote peers.

Protected paths are used by the following data protection features:

Async replication, where data is captured by snapshots on a schedule of points in time and replicated to other clusters
Local backup, where data is captured by snapshots on a schedule of points in time and stored locally.
Backup to S3, where data is captured by snapshots on a schedule of points in time and replicated via S3 to an AWS bucket.

For full configuration instructions for async replication, local backup and backup to S3, see the relevant feature section, linked above.

A protected path can have one or more replication streams. Each replication stream takes snapshots of the data on a schedule controlled by a protection policy. Each protection policy determines if snapshots are stored and retained locally and/or replicated to a remote peer.

Important
Limitations:
Data cannot be moved into or out of a path that is protected by either async replication or S3 replication. This applies to moving files or directories from a protected path to a non-protected path, from a non-protected path to a protected path or from one protected path to another protected path.
No more than one replicating protected path can be configured per directory.
Protected paths with async replication or backup to S3 cannot be nested.
A protected path cannot have a file under it that has a hard link outside of the protected path.

Caution
If you create a protected path to replicate data to a peer that you already replicated data to earlier by means of another protected path that was deleted earlier, the initial sync is performed again. In other words, the re-creation of a protected path triggers a new transfer of all data under the path to the peer.

Creating a Protected Path via the VAST Web UI

In the left navigation menu, select Data Protection and then Protected Paths.
On the Protected Paths tab, click + Create Protected Path.

In the Add Protected Path dialog, complete the following fields:

Field	Description
Tenant	Select the tenant to which the path belongs. Note Paths on different tenants can share identical names.
Name	Enter a name for the protected path.
Local Path	The path to a directory in the Element Store. A snapshot of this directory will be taken periodically according to the protection policy. Note If you specify '/' (the root directory), this includes data written via S3. To specify a path to a specific S3 bucket with name bucket, enter /bucket.

Field

Description

Tenant

Select the tenant to which the path belongs.

Note
Paths on different tenants can share identical names.

Name

Enter a name for the protected path.

Local Path

The path to a directory in the Element Store. A snapshot of this directory will be taken periodically according to the protection policy.

Note
If you specify '/' (the root directory), this includes data written via S3.
To specify a path to a specific S3 bucket with name bucket, enter /bucket.

Under Add replication stream, in the Protection policy field, select a protection policy from the dropdown or select Add New Protection Policy to create a new one.
If you selected Add New Policy, the Add Protection Policy dialog opens. Follow the procedure described in Creating a Protection Policy via VAST Web UI to create the policy (start from step this step).
The policy defines a schedule for taking snapshots and/or backing up data to a specific replication peer or S3 replication peer.
Warning
After creating the replication stream, it is not possible to change which policy is associated with the stream. All changes to a stream's snapshot schedule, replication schedule, and snapshot expiration must be done by modifying the protection policy. Those modifications affect all streams that use the same protection policy. To work around this limitation, create a protection policy per stream.
If the protection policy that you selected is configured with a remote peer for async replication to another cluster, then the remote peer appears in the Remote peer field. Specify the following:
- In the Remote path field, the path on the remote peer to which you want the stream to replicate the data from the specified local path. The path you specify must be to a directory that does not yet exist on the remote peer.
- In the Remote tenant field, the tenant on the remote peer to which the remote path belongs. (This field does not appear if there is only one tenant on the remote peer.)
If the protection policy that you selected is a local backup policy with no remote peer, then no remote peer is filled and no remote path should be specified.
Click Create.
The protected path is created and listed in the Protected Paths tab.

Viewing Protected Paths

In the left navigation menu, select Data Protection and then Protected Paths.

The following information is displayed for each protected path:

Field	Description
ID	The ID of the protected path.
Name	The name of the protected path.
Role	For async replication, the role of the local peer in the protected path, which can be: Source. Snapshots are replicated from the local peer to the remote peer. The protected path on the local peer is writeable. Destination. Snapshots are replicated from the remote peer to the local peer. The replication path on the local peer is read only. Standalone. Replication between the peers is suspended and data on the local peer is writeable.
State	Possible values: Format. The protected path is being formatted and the initial sync has not yet begun. Initial Sync. The initial data sync is in progress. Active. The initial data is sync was completed in the past and the protected path is enabled. Suspended. The protected path was suspended. A protected path can be suspended in any of the following situations: When manually deactivated. Temporarily during graceful failover (async replication). If the connection between the peers is lost (async replication). Following ungraceful failover, when the protected path role is standalone and both peers are writeable (async replication).
Health	An indication of whether the state is OK or not: OK, if the State of the protected path is healthy. Error, if the State is not a healthy state.
Path	The local data path that is being protected.
Tenant	The local tenant to which the local data path belongs.
Path on peer	For async replication only. The directory on the peer where the protected data is replicated. If the protected path has multiple replication streams, each replication stream has a path on a different peer.
Remote Tenant	For async replication only. The tenant on the replication peer to which the path on peer belongs. (There is more than one if the protected path has multiple replication streams.)
Replication Peer	If there is an async replication peer configured on the cluster, this field displays the cluster name of the async replication peer. (There is more than one if the protected path has multiple replication streams. )
Protection Policy	The protection policy which governs the protected path's schedule, snapshot retention and replication peer if applicable.
Last Point Creation Time	The time of the last completion of a restore point on the replication peer or replication S3 peer, if applicable.
BW	The speed of the connection with a replication peer or replication S3 peer, if applicable.
Aggregated Usage	An estimate of the amount of usable capacity that could be reclaimed by deleting all snapshots on the protected path. This estimation takes into account any nested protected paths that hold common data, because data held by another protected path's snapshots would not be removed even if all snapshots on the protected path were removed.

Modifying a Protected Path via VAST Web UI

To modify the configuration of a protected path, open the Actions menu for the protected path and select Edit. Make your changes and then click Update.

Note
You cannot change the protection policy of a protected path.

Note
If the protected path has no replication streams, it remains a local protected path and it is not possible to add a replication stream.
If the protected path has a replication stream, you an add more replication streams to form a replication group. For information about adding a replication stream, see Adding Replication Streams to a Protected Path.

Activating and Deactivating (Starting and Pausing) Protected Paths

Deactivating a protected path pauses replication for the path. Activating the protected path resumes replication.

Note
Deactivating a protected path that is using an indestructible protection policy requires unlocking the indestructibility mechanism on the cluster.

Open the Actions column for the protected path you want to activate or deactivate, and select Activate or Deactivate as needed.

Removing a Protected Path via VAST Web UI

Removing a protected path prevents the ability to resume it. After removing a protected path, if you create a new protected path using the same policy, that new protected path triggers a new initial sync, copying over all of the VAST Cluster's data to the S3 replication peer (if a peer is specified in the policy).

Tip
If you only want to pause replication and you may want to resume later, don't remove the protected path; instead deactivate the protected path.

Removing a protected path does not delete snapshots or restore points that were already backed up to an async or S3 replication peer.

To remove a protected path:

Open the Actions menu for the protected path and select Remove.
Click Yes to confirm the removal.

Managing Protected Paths via VAST CLI

To manage protection paths via the VAST CLI, use the following commands.

Task	Command
Display protected paths	protectedpath list
Display details of a specific protected path	protectedpath show
Create a protected path	protectedpath create
Modify, activate (start) or deactivate (pause) a protected path	protectedpath modify
Delete a protected path	protectedpath delete