ManualsPro VAST VAST Data Platform Built for Deep Learning User Guide

VAST Data Platform Built for Deep Learning User Guide

July 5, 2024
VAST

VAST Data Platform Built for Deep Learning

Specifications

  • Data Encryption : FIPS 140-3 validated ciphers
  • Key Management: External key management
  • Access Control : RBAC, ABAC, ACLs, SELinux labeling
  • Authentication: Integration with Active Directory, LDAP, NIS
  • Data Protection: Encryption at rest, certificate-based authentication
  • Audit: Comprehensive logging of data access events

Introduction

The VAST Data Platform provides a comprehensive suite of security capabilities to protect data confidentiality and enable secure multi-tenancy for unstructured data workloads. It integrates advanced access controls, encryption, auditing, and secure software development practices to meet stringent security and compliance requirements.

At its core, the platform leverages Multi-Category Security (MCS) from Security-Enhanced Linux (SELinux) to assign categories to files containing sensitive unstructured data like documents, images, and videos. Only authorized
users and processes associated with those categories can access the data, preventing unauthorized access. This is complemented by secure tenancy features that create isolated logical or physical environments for different groups, with granular controls over resource allocation, networking, and access permissions.

The platform implements robust authentication and authorization mechanisms, including integration with Active Directory, LDAP, NIS, local user management, role-based access control (RBAC), and attribute-based access control (ABAC). It supports single sign-on (SSO), protocol access control lists (ACLs), and SELinux labeling for files and directories accessed via NFS, SMB, and S3 protocols.

Data protection is strengthened through encryption of data at rest using FIPS 140-3 validated ciphers, external key management, certificate-based authentication, and crypto erase capabilities. Comprehensive auditing logs all data access events, which can be stored in the platform’s database for analysis.

The platform’s secure software supply chain incorporates the NIST Secure Software Development Framework, software composition analysis, automated security testing, vulnerability scanning, and strict access controls throughout the development lifecycle. By combining advanced MCS, secure tenancy, encryption, access controls, auditing, and secure development practices, the VAST Data Platform delivers a robust security solution tailored for AI/ML and enterprise workloads on unstructured data.

VAST-Data-Platform-Built-for-Deep-Learning-FIG-1 Data Encryption and Key Management
The VAST Data Platform employs AES-XTS-256 encryption for data at rest and TLS 1.3 for data in transit. It supports external key management solutions like Thales CipherTrust and Fornetix VaultCore.

  • NIST Control: SC-12 (Cryptographic Key Establishment and Management), SC-13 (Cryptographic Protection)
  • Admin Guide Reference: Section: “Data Encryption” [p. 128]

This feature ensures that data is encrypted both at rest and in transit, protecting it from unauthorized access and ensuring compliance with cryptographic standards. The use of external key management further enhances security by centralizing and securing key management processes.

Access Control and Authorization
Feature: The platform integrates Role-Based Access Control (RBAC) and Attribute-Based Access Control (ABAC) to provide dynamic and granular access control.

  • NIST Control: AC-2 (Account Management), AC-3 (Access Enforcement), AC-5 (Separation of Duties), AC-6 (Least Privilege)
  • Admin Guide Reference: Section: “Attribute-Based Access Control (ABAC)” [p. 269]

RBAC and ABAC ensure that access to resources is granted based on user roles and attributes, enforcing the principle of least privilege and ensuring that users only have access to the resources necessary for their roles. This minimizes the risk of unauthorized access and potential data breaches.

Audit and Accountability

  • Feature: Comprehensive auditing capabilities including protocol and admin audit logs.
  • NIST Control: AU-2 (Audit Events), AU-3 (Content of Audit Records), AU-6 (Audit Review, Analysis, and Reporting)
  • Admin Guide Reference: Section: Protocol Auditing [p. 243]

The auditing features provide detailed logs of all access and administrative actions, ensuring that all activities can be tracked and reviewed. This is crucial for detecting and responding to unauthorized access attempts and ensuring compliance with regulatory requirements.

The VAST Cluster Architecture

Scale Capacity Independently From Performance

VAST-Data-Platform-Built-for-Deep-Learning-FIG-2

Data Flow and Segmentation

  • Feature: VLAN tagging and binding, network segmentation, and control over protocol access.
  • NIST Control: SC-7 (Boundary Protection), SC-8 (Transmission Confidentiality and Integrity)
  • Admin Guide Reference: Section: “Tagging Virtual IP Pools with VLANs” [p. 147]

By segmenting the network and controlling data flow through VLAN tagging and binding, the platform ensures that data is isolated and protected from unauthorized access. This segmentation helps in maintaining the confidentiality and integrity of data as it moves across the network.

Data Sharing and Replication

Feature: Global Access allows you to make a subset of a cluster’s namespace read and write accessible to clients of other clusters. This enables secure data sharing while maintaining control over access.

  • NIST Control: AC-4 (Information Flow Enforcement), SC-7 (Boundary Protection)
  • Admin Guide Reference: Section: “Global Access” [p. 413]

This feature provides granular access control down to the directory level, configurable lease expiration times for access, and auditing of access events, ensuring secure and controlled data sharing between clusters.

Asynchronous Replication

  • Feature: Asynchronous replication allows replicating a subset of a cluster’s data to a remote peer cluster for disaster recovery or data distribution purposes.
  • NIST Control: CP-9 (Information System Backup), SC-8 (Transmission Confidentiality and Integrity)
  • Admin Guide Reference: Section: “VAST Asynchronous Replication” [p. 381]

This feature ensures secure encrypted replication over WAN, granular replication at the directory level, read-only access at the replication target, and monitoring of replication status, providing robust data protection and disaster recovery capabilities.

Backup to S3

Feature: You can back up data from a VAST cluster to an S3-compliant object store, enabling sharing access to that data.

  • NIST Control: CP-9 (Information System Backup), MP-5 (Media Transport Protection)
  • Admin Guide Reference: Section: “Backup to S3” [p. 376]

This feature ensures secure transfer to external S3 targets, granular backup at the directory level, data immutability at the S3 target, and monitoring of backup status, providing secure and reliable data backup and sharing capabilities.

Global Snapshot Clones

  • Feature : Create read/write clones of snapshots from a remote peer cluster, enabling shared access to point-in-time data copies.
  • NIST Control: CP-9 (Information System Backup), SC-8 (Transmission Confidentiality and Integrity)
  • Admin Guide Reference: Section: “Global and Local Snapshot Clones” [p. 425]

This feature provides secure encrypted transfer, granular cloning at the snapshot level, background syncing of changes, and auditing of access events, ensuring secure and controlled data sharing and recovery.

Zero Trust Architecture (ZTA) Implementation

  • Feature: Automated data labeling, anomaly detection, and indestructible snapshots.
  • NIST Control: CA-7 (Continuous Monitoring), SI-4 (Information System Monitoring)
  • Admin Guide Reference: Section : “Zero Trust Data Pillar” [p. 269]

These features support continuous monitoring and anomaly detection, which are key components of a Zero Trust Architecture. Automated data labeling ensures that data is appropriately classified and protected, while indestructible snapshots provide a reliable means of data recovery and integrity verification.

Conclusion

The VAST Data Platform stands at the forefront of the industry by integrating advanced security features and compliance measures aligned with NIST Zero Trust Architecture (ZTA) principles. By implementing robust data encryption, access control, auditing, and data flow segmentation, the platform ensures comprehensive protection of unstructured data workloads. These features not only meet but exceed the stringent requirements set forth by NIST, positioning VAST Data as a leader in secure data management solutions.

The platform’s adherence to Zero Trust principles is evident through its meticulous implementation of continuous monitoring, automated data labeling, and anomaly detection. These capabilities ensure that data is consistently protected and that any potential threats are swiftly identified and mitigated. The use of Multi-Category Security (MCS) from Security-Enhanced Linux (SELinux) to assign categories to files containing sensitive data further exemplifies VAST Data’s commitment to Zero Trust principles, ensuring that only authorized users and processes can access critical information.

As the first in the industry to offer such a comprehensive suite of security features tailored for AI/ML and enterprise workloads on unstructured data, VAST Data is setting a new standard for data protection. By leveraging these advanced capabilities, organizations can confidently manage and secure their data, meeting stringent regulatory requirements and safeguarding against evolving cyber threats. The VAST Data Platform not only leads the industry in innovation but also provides a robust foundation for implementing a Zero Trust Architecture, ensuring that data remains secure in an increasingly complex digital landscape.

For more information on the VAST Data Platform and how it can help you solve your application problems, reach out to us at hello@vastdata.com.
©2024 VAST Data, Inc. All rights reserved. All trademarks belong to their respective owners.

FAQ

  • What is Zero Trust Architecture (ZTA)?
    • Zero Trust Architecture is a security model based on the principle of maintaining strict access controls and not trusting any entity by default, whether inside or outside the network perimeter.
  • How does the VAST Data Platform enhance data security?
    • The VAST Data Platform provides advanced security capabilities such as encryption at rest, robust access controls, comprehensive auditing, and integration with secure authentication mechanisms to protect data confidentiality and integrity.

Read User Manual Online (PDF format)

Loading......

Download This Manual (PDF format)

Download this manual  >>

VAST User Manuals

vast BROADBAND Mobility for iOS App User Guide
vast BROADBAND
VAST Data Platform Software User Guide
VAST
VAST Data Platform Built for Deep Learning User Guide
VAST
VAST Data Platform for Research Universities Instructions
VAST
VAST S3 Storage Data Platform User Guide
VAST

Related Manuals

TOYOTA 2023 ALTIS GRS Panoramic View Monitor Owner’s Manual
Toyota
Milesight UC51x Series LoRaWAN Solenoid Valve Controller User Guide
Milesight
unilevel UNG6631 Multi Line Green Beam Laser User Manual
unilevel
ponycam 1512P HD Body Camera with Electronic Image Stabilization User Guide
ponycam
dahua Pro Series 2 x 4MP Multi-Sensor Network Dome Camera Instructions
Dahua
Altronix AL642ULADA NAC Power Extender Installation Guide
Altronix
WELOV H300 Ultrasonic Cool Mist Humidifier User Manual
WELOV
ProtoArc EM11 Bluetooth Vertical Ergo Mouse User Manual
ProtoArc
Fengma Toys 2016278 Remote Control Deformation Car Transforming Robot Instruction Manual
Fengma Toys
THORLABS MX40G Fiber Optic Calibrated Electrical to Optical Converters User Guide
THORLABS
Lorelli SPRINTER Scooter Instruction Manual
lorelli
IKEA MITTZON Foldable Table With Castors Instructions
Ikea
TRIO LIGHTING 241670132 Kerala Instruction Manual
TRIO LIGHTING
GRANDSTREAM DP755 Cordless VoIP Base Station Installation Guide
GRANDSTREAM
Qolsys IQ-Panel-4 SECURITY & SMARTHOME User Guide
Qolsys
BLAUPUNKT 2.0CH Blu-Ray Playe Instruction Manual
Blaupunkt
LECO 47 20490 103 Hanging Parasol With Cross Base Instruction Manual
LECO
schleich 42572 Mobile Chicken Coop Instructions
Schleich
DynaLink Portable Bluetooth Speaker D2038 User Manual
DynaLink
WiMo UB-20MX Ultra Beam Dynamic Antenna Systems Instruction Manual
WiMo
FISHER PAYKEL RDV3-304-N 30 Inch Self Cleaning Dual Fuel Range User Guide
Fisher & Paykel
PHILIPS CLKE EvoKit Click 2×4 Owner’s Manual
Philips
w-tec IN 22068 Dalehunter 10 Inch Electric Scooter User Manual
w-tec
ROTHENBERGER 1300006044 ROCAM mini HD Charger Battery Instruction Manual
Rothenberger
RYOBI CCG-1801 18V ONE+Cordless Caulking Gun (Bare Tool) User Manual
RYOBI
OCTO KS-100 Kalkwasser Reactor Instruction Manual
OCTO
ALLEGRO APM81911 Evaluation Board Module User Guide
ALLEGRO
STAMINA Folding Exercise Bike Owner’s Manual
Stamina
VEVOR LI2V-30 Electric Cooktop Induction Stove Top User Manual
VEVOR
JBL BAR 300 Compact 260 W Soundbar User Manual
JBL
Contact Us   Privacy Policy   7.656ms