VAST Data Storage
Bridge integrates with VAST Data storage systems through a Kubernetes-based storage controller that communicates with the VAST management API. Bridge automates tenant onboarding, network isolation, quota enforcement, and both parallel filesystem and S3 object storage provisioning on VAST.
Integration Architecture
The Bridge VAST storage controller is a Kubernetes controller that interfaces with the VAST storage management system over the VAST REST API. Bridge uses a single UI flow for all storage vendors — the underlying vendor-specific API calls are handled transparently by the controller.
Bridge Storage Controller (K8s)
│
▼ REST API (HTTPS)
VAST Management Node
│
▼
VAST Storage Cluster (C-Nodes, Data-Nodes)
The controller communicates with VAST over the management network. Data plane traffic between compute nodes and storage is carried on the tenant's isolated storage network (converged fabric, separate VRF per tenant).
Tenant Onboarding Sequence
When a tenant is created in Bridge, the VAST controller executes the following API operations on the VAST system:
| Step | VAST API Operation | Purpose |
|---|---|---|
| 1 | Create VIP Pool | Allocate IP addresses for the tenant's storage data path on VAST C-Nodes |
| 2 | Create Tenant | Register the tenant entity in VAST, scoped to the tenant's storage subnet |
| 3 | Create View Policy | Define NFS access rules (protocols, permissions, client access restrictions) |
| 4 | Create View | Create the NFS export path under the tenant's root directory |
| 5 | Create Quota | Apply storage capacity limits per tenant |
Each VIP Pool is bound to the tenant's storage subnet CIDR, ensuring that VAST only routes data plane traffic from the correct tenant network.
Storage Types
Parallel Filesystem (NFS over RoCE / InfiniBand)
Bridge creates NFS views on VAST for tenants requiring high-throughput parallel filesystem access. The tenant's compute nodes mount these NFS exports over the isolated storage network. Throughput is limited by the storage network fabric (typically RoCE or InfiniBand RDMA for lowest latency).
Storage allocation flow:
- Tenant requests a storage share from the Bridge UI, specifying size and target compute nodes.
- Bridge VAST controller creates or updates the tenant's NFS view and quota on VAST.
- Bridge mounts the NFS export on the tenant's compute nodes over the tenant storage VRF.
S3 Object Storage
Bridge VAST controller supports S3 bucket provisioning on VAST for object storage workloads. S3 storage is accessed over the in-band network with external connectivity — suited for transferring models and datasets in and out of the data center.
S3 provisioning flow:
- Bridge creates a View Policy with S3 protocol enabled on VAST.
- Bridge creates an S3-enabled View and provisions an S3 endpoint.
- Bridge returns S3 credentials (access key, secret key) to the tenant.
Storage Network Isolation
Bridge creates a dedicated per-tenant storage network segment for each VAST tenant:
- On Spectrum (Ethernet) fabrics: a per-tenant storage VRF with L3 EVPN overlay is created on the switch fabric, with VxLAN extending to the VAST cluster.
- On InfiniBand fabrics: a per-tenant PKey is created and associated with the tenant's storage compute nodes.
The VAST VIP Pool for each tenant is scoped to the tenant's storage subnet CIDR, so VAST enforces data path isolation at the storage appliance level as well as at the network fabric level.
Quota Management
Bridge enforces per-tenant storage quotas on VAST using the VAST Quota API. Quotas are created at tenant onboarding and can be updated from the Bridge admin dashboard. Quota enforcement is performed by the VAST storage system — tenants that exceed their quota receive an error on write.
Storage Lifecycle
| Event | Bridge Action |
|---|---|
| Tenant created | VIP Pool, Tenant, View Policy, View, and Quota created on VAST |
| Storage share requested by tenant | NFS view updated, share mounted on compute nodes |
| Storage share deallocated | Share unmounted from compute nodes, data securely deleted |
| Tenant deleted | Tenant, Views, and VIP Pool removed from VAST; storage quota reclaimed |
Related Pages
- Storage Overview — Supported storage systems and multi-tenancy model
- Networking Overview — Storage network isolation on switch fabric