VAST Data clusters are a high‑performance, scale‑out storage platform designed for modern data‑intensive workloads, including AI, analytics, and large‑scale unstructured data, and are commonly deployed alongside NVIDIA‑accelerated compute infrastructure for GPU‑driven AI and analytics pipelines. Built on a disaggregated, share‑everything architecture, VAST combines stateless compute with NVMe flash to deliver linear performance scaling, a global namespace, and operational simplicity. The platform provides consistent low latency, high throughput, and efficient data reduction, enabling organizations to consolidate AI pipelines, analytics, and file/object workloads within a single, resilient storage environment.
Securing VAST Data clusters is critical, as they often store sensitive and high‑value datasets such as AI training data and intellectual property. Strong security controls—including role‑based access, encryption of data at rest and in transit, immutable snapshots, and comprehensive auditing—are essential to protect data confidentiality, integrity, and availability.
StorageGuard helps organizations continuously assess and validate secure configuration settings across VAST environments, reducing security misconfiguration and compliance risk, and strengthening overall security posture. Any security breach or disruption could significantly impact business operations, regulatory compliance, and organizational trust.
|
Interested to learn more about StorageGuard secure configuration checks for VAST Data? |
Recommended configuration checks for VAST Data clusters:
| ID | System | Category | Configuration check |
| K10000000001 | VAST Data | Version & Build | Target Build (VMS) |
| K10000000002 | VAST Data | Certificates & TLS | Certificate Issuer |
| K10000000003 | VAST Data | Encryption & Key Management | Encryption Key Management Method |
| K10000000004 | VAST Data | Call Home & Remote Support | Call Home SSL Verification |
| K10000000005 | VAST Data | S3 / Object | S3 Anonymous Access |
| K10000000006 | VAST Data | Data Protection | Indestructible Protection Policy |
| K10000000007 | VAST Data | Data Protection | Indestructibility Mode |
| K10000000008 | VAST Data | Call Home & Remote Support | Cloud Call Home Service Status |
| K10000000009 | VAST Data | S3 / Object | Secure S3 Replication |
| K10000000010 | VAST Data | NFS | NFS Root Squash |
| K10000000011 | VAST Data | Access Control & Identity | Maximum API Tokens per User |
| K10000000012 | VAST Data | S3 / Object | Bucket Versioning Status |
| K10000000013 | VAST Data | NFS | NFS Export ACL Status |
| K10000000014 | VAST Data | NFS | NFS Versions Enabled (View) |
| K10000000015 | VAST Data | NFS | Tenant NFSv4.2 Status |
| K10000000016 | VAST Data | Access Control & Identity | Default Password |
| K10000000017 | VAST Data | Access Control & Identity | Non-Default (Unapproved) Local Users |
| K10000000018 | VAST Data | Replication & DR | Replication Link Encryption |
| K10000000019 | VAST Data | Password Policy | Account Lockout Threshold |
| K10000000020 | VAST Data | Access Control & Identity | LDAP Incorrect Role Mapping |
| K10000000021 | VAST Data | Access Control & Identity | Use of Secure AD |
| K10000000022 | VAST Data | Access Control & Identity | Use of Secure LDAP |
| K10000000023 | VAST Data | Password Policy | Maximum Password Age |
| K10000000024 | VAST Data | Access Control & Identity | ABAC Attribute Configuration |
| K10000000025 | VAST Data | DNS | Required DNS Servers |
| K10000000026 | VAST Data | Encryption & Key Management | Encryption Key Rotation |
| K10000000027 | VAST Data | NTP & Time Sync | NTP Server Redundancy |
| K10000000028 | VAST Data | Access Control & Identity | MOTD Message |
| K10000000029 | VAST Data | Access Control & Identity | Login Banner Message |
| K10000000030 | VAST Data | Certificates & TLS | Strong Cipher Suites Configured |
| K10000000031 | VAST Data | Access Control & Identity | NTLM Status |
| K10000000032 | VAST Data | Access Control & Identity | Assigned Realms and Permissions |
| K10000000033 | VAST Data | Access Control & Identity | Restricted View Policy |
| K10000000034 | VAST Data | Call Home & Remote Support | Remote Support via Proxy |
| K10000000035 | VAST Data | Call Home & Remote Support | Remote Support Configuration |
| K10000000036 | VAST Data | Email / SMTP | SMTP Server Configuration |
| K10000000037 | VAST Data | Certificates & TLS | TLS Level |
| K10000000038 | VAST Data | S3 / Object | Cross-Origin Resource Sharing (CORS) Status |
| K10000000039 | VAST Data | Email / SMTP | SMTP Security |
| K10000000040 | VAST Data | Audit & Compliance | Audit Log Retention — Log File |
| K10000000041 | VAST Data | Audit & Compliance | Audit Log Retention — Audit File |
| K10000000042 | VAST Data | Encryption & Key Management | Encrypted Paths for Sensitive Views |
| K10000000043 | VAST Data | Syslog & Centralized Logging | Syslog Communication Protocol |
| K10000000044 | VAST Data | Password Policy | Password History |
| K10000000045 | VAST Data | Password Policy | Minimum Password Uppercase/Lowercase/Special/Digits Characters |
| K10000000049 | VAST Data | Password Policy | Minimum Password Length |
| K10000000050 | VAST Data | DNS | DNS Server Configuration |
| K10000000051 | VAST Data | Syslog & Centralized Logging | Centralized Log Server Redundancy |
| K10000000052 | VAST Data | Access Control & Identity | Tenant Local User Authentication |
| K10000000053 | VAST Data | Session Policy | Idle Session Timeout |
| K10000000054 | VAST Data | Network Access | Client IP ACL (Clients with Access) |
| K10000000055 | VAST Data | Audit & Compliance | Event Types Enabled for Audit Logging — Logs |
| K10000000056 | VAST Data | Audit & Compliance | Event Types Enabled for Audit Logging — Protocol Audit |
| K10000000057 | VAST Data | NTP & Time Sync | NTP Server Configuration |
| K10000000058 | VAST Data | Access Control & Identity | Approved AD Domain |
| K10000000059 | VAST Data | Call Home & Remote Support | Remote Support Status |
| K10000000060 | VAST Data | Encryption & Key Management | Data At-Rest Encryption |
| K10000000061 | VAST Data | DNS | DNS Server Redundancy |
| K10000000062 | VAST Data | Encryption & Key Management | KMS Server Redundancy |
| K10000000063 | VAST Data | Encryption & Key Management | Local KMS Server Used |
| K10000000064 | VAST Data | Encryption & Key Management | KMS Server Configuration |
| K10000000065 | VAST Data | Encryption & Key Management | Approved KMS Server |
| K10000000066 | VAST Data | Access Control & Identity | Tenant Authentication Services |
| K10000000067 | VAST Data | Syslog & Centralized Logging | Centralized Log Server |
| K10000000068 | VAST Data | Version & Build | Target OS Version (VMS) |
| K10000000069 | VAST Data | Network Access | Tenant Client IP Restrictions |
| K10000000070 | VAST Data | Syslog & Centralized Logging | Approved Syslog Servers |
| K10000000071 | VAST Data | NTP & Time Sync | Required NTP Servers |
| K10000000072 | VAST Data | S3 / Object | Anonymous Access |
| K10000000073 | VAST Data | Email / SMTP | Approved SMTP Server |
| K10000000074 | VAST Data | Access Control & Identity | Unrestricted Cluster Privilege |
| K10000000075 | VAST Data | Email / SMTP | Approved SMTP User |
| K10000000076 | VAST Data | Syslog & Centralized Logging | Required Syslog Servers |
| K10000000077 | VAST Data | Certificates & TLS | TLS Enabled for VMS API |
| K10000000078 | VAST Data | Access Control | Disable unused services |
| K10000000079 | VAST Data | Access Control & Identity | MOTD / Banner Status |
| K10000000080 | VAST Data | DNS | Approved DNS Servers |
| K10000000081 | VAST Data | NTP & Time Sync | Approved NTP Servers |
| K10000000082 | VAST Data | Password Policy | Minimum Password Age |
| K10000000083 | VAST Data | Email / SMTP | Approved SMTP Recipients |
| And more. |
Comments
0 comments
Please sign in to leave a comment.