VMS Settings

  • Updated on Jan 30, 2026
  • Published on Jan 27, 2026
  • 7 minute(s) read
Prev Next

About VMS Settings

VMS settings include:

Configuring VMS Session Timeouts

When a user logs in to the VMS GUI, two session tokens are issued: an access token and a refresh token.

The access token is a digitally encoded signature used to authenticate the user and authorize access. Access tokens are designed to have a minimal lifetime, to ensure minimum time for a user's identity to be exploited.

The refresh token must have a longer lifetime than the access token. It is used to request a new access token on behalf of the user before the access token expires, without bothering the user for login credentials. When the refresh token expires, the user is logged out.

You can set the lifetimes of the two types of session tokens. The default lifetimes are:

  • Access token: 1 hour

  • Refresh token: 1 day

Login Banner

You can add a custom login banner for VMS or to remove a custom login banner if already configured.

The login banner can contain any text you choose to specify. It appears on the login page of the VMS VAST Web UI and it appears after login in the command line of the VAST CLI. The banner is scrollable in the VAST Web UI and there is no limit on the length of text you can enter.

VAST Web UI Measurement Units

The units of measurement shown on the Dashboard and in the Analytics reports are base10 units by default. You can change them to base2 if you prefer.

Base10 units have the prefixes M, G, T, and so on, representing powers of 10. In base10, 1 TB refers to 1000 GB, which refers to 1000 MB, and so on.

If you switch to base2 units, the units become TiB, GiB, MiB, and so on, in which 1 TiB = 1024 GiB, 1 GiB = 1024 MiB, and so on.

VMS Preferred CNodes

VMS runs on one of the CNodes in the cluster. In the event that the CNode hosting VMS fails, VMS is moved to another CNode. In the event that the VMS CNode becoming unavailable, VMS moves to one of the VMS-preferred CNodes unless all VMS-preferred CNodes are offline. If all VMS-preferred CNodes are offline, VMS is started on a non VMS-preferred CNode and then moved to a VMS-preferred CNode when one is active and stable.

SSL Port

You can change the SSL port through which the VAST Web UI is accessible. By default, this is port 443. You can change it to be accessible through a different port, in which case it will no longer be accessible through the previously configured port.

See also Encrypting Connections to the VAST Web UI.Installing an SSL Certificate for VMS

Password Complexity Rules and Password Rotation Rules

Notice

These settings are introduced in VAST Cluster 5.1.2.

These settings enable you to control password complexity and reuse requirements for VMS managers.

Changing VMS Settings from the VAST Web UI

  1. From the left navigation menu, select Settings and then VMS.

  2. Change the settings according to preference:

    Display capacity in base10

    Disable to switch to base2. This affects the capacity metric dials on the bottom row of the Dashboard page, capacity graphs that you can view on the Analytics page, and other capacity tables such as the table of quotas shown in the Quotas tab on the Configuration page.

    Display performance in base10

    Disable to switch to base2. This affects the performance metric dials in the top row of the Dashboard page, and analytics graphs that you can view on the Analytics page.

    Show usable capacity

    If enabled, the Capacity card of the Dashboard shows usable capacity on the cluster. If disabled, the card shows raw physical capacity instead. Usable capacity differs from raw physical capacity due to two components: a fixed initial space reservation for background activities and the overhead of parity blocks introduced by each write for data protection. The usable capacity values are adjusted to reflect realistic usable capacity whereas the physical capacity values reflect raw physical capacity

    SSL Port

    The SSL port through which the VAST Web UI is accessible. By default, this is port 443. You can change it to be accessible through a different port, in which case it will no longer be accessible through the previously configured port.

    Access token lifetime (minutes)

    The lifetime for VMS access tokens in minutes.  See Configuring VMS Session Timeouts.

    The minimum value is 20 minutes.

    Refresh token lifetime (minutes)

    The lifetime for VMS refresh tokens in minutes.  See Configuring VMS Session Timeouts.

    The minimum value is 30 minutes.

    CNodes

    Specifies VMS-preferred CNodes.

    VMS runs on one of the CNodes in the cluster. In the event that the CNode hosting VMS fails, VMS is moved to another CNode. In the event that the VMS CNode becoming unavailable, VMS moves to one of the VMS-preferred CNodes unless all VMS-preferred CNodes are offline. If all VMS-preferred CNodes are offline, VMS is started on a non VMS-preferred CNode and then moved to a VMS-preferred CNode when one is active and stable.

    A VMS-preferred setting can also be enabled in VIP pools, in which case CNodes participating in that VIP pool belong to a VMS-preferred domain.

    Login banner

    This field enables you to add a custom login banner for VMS or to remove a custom login banner if already configured.

    The login banner can contain any text you choose to specify. It appears on the login page of the VMS VAST Web UI and it appears after login in the command line of the VAST CLI. The banner is scrollable in the VAST Web UI and there is no limit on the length of text you can enter.

    To add a custom login banner, enter the custom text of your choice.

    To remove a custom login banner, delete the text from the field.

    Password Complexity Rules

    Notice

    These settings are introduced in VAST Cluster 5.1.2.

    Minimum number of characters

    Sets a minimum required number of characters for VMS passwords.

    Default: 8

    Lowercase letters

    Enables a requirement that VMS manager passwords contain at least one lowercase character.

    Uppercase letters

    Enables a requirement that VMS manager passwords contain at least one uppercase character.

    Numbers

    Enables a requirement that VMS manager passwords contain at least one numeric character.

    Special characters (non-alphanumeric character)

    Enables a requirement that VMS manager passwords contain at least one non-alphanumeric character.  

    Password Rotation Rules

    Notice

    These settings are introduced in VAST Cluster 5.1.2.

    Prevent password changes within

    Enable this setting to prevent multiple password changes within a specified time frame. When you enable the setting with the slider, the default time frame is 24 hours. To modify, enter a number in the field provided and select hours, days or months from the dropdown.

    Password lockout

    Enable this setting to enforce password lockout after a specified number of failed attempts. When you enable the setting with the slider, the number is set by default to 10, which you can change in the field provided.

    Password expiration

    Enable this setting to expire VMS passwords after a specified time period. When you enable the setting with the slider, the expiration period is set to 180 days by default. To change the value, enter a number in the field provided and set the unit to Days or Months in the dropdown. The minimum password expiration time is one day.

    Prevent password reuse

    Enable this setting to prevent VMS manager users from reusing a specified number of previous passwords. When you enable this setting with the slider, the value is set by default to 8, which you can modify in the field provided.

  3. Click Save and then Yes to confirm your changes.

Changing VMS Settings from the VAST CLI

Managing the VMS Login banner from the VAST CLI

To set a custom login banner, use the vms modify command with the --login-banner parameter. For example:

vcli: admin> vms modify --login-banner 'You are logging into VMS'

Note

Multiple lines are not supported when specifying the banner text via the VAST CLI. However, there is no limit on the line length and the words wrap from one line to the next when displayed.

To remove a custom login banner, specify an empty string in single quotes:

vcli: admin> vms modify --login-banner ''

Changing the VAST Web UI SSL Port from the VAST CLI

To change the VAST Web UI SSL port from the VAST CLI, use the vms set_ssl_port command.

Changing Measurement Units, VMS Session Timeouts, and VMS-preferred CNodes from the VAST CLI

To change the measurement units, VMS session timeouts, and VMS-preferred CNodes from the VAST CLI, use the vms modify command.

For example, to set the access token lifetime to 2 hours and the refresh token lifetime to 12 hours:

vcli: admin> vms modify --access-token-lifetime 02:00:00 --refresh-token-lifetime 12:00:00
Related articles
  • VMS Settings
    VAST Cluster > Version 5.1 > VAST Cluster 5.1 Administrator's Guide > Administrating VMS > VMS Settings and Preferences
  • VMS Settings
    VAST Cluster > Version 5.4 > VAST Cluster 5.4 Administrator's Guide > Administrating VMS > VMS Settings and Preferences
  • VMS Settings
    VAST Cluster > Version 5.3 > VAST Cluster 5.3 Administrator's Guide > Administrating VMS > VMS Settings and Preferences