AWS NC2 Security and Replication Quiz

Questions and Answers

Which TCP port is designated for UI access in Availability Zone 1 of the NC2 on AWS?

• 8080
• 2020
• 9440 (correct)
• 2009

What is required for data protection after redeploying a Nutanix cluster in Availability Zone 1?

• Incremental backup only
• Snapshot restoration
• Full replication (correct)
• No specific requirements

What action should be taken if Availability Zone 1 goes down?

• Create a new cluster in Availability Zone 1 immediately
• Transfer workloads to another cloud service
• Deactivate all VMs in both zones
• Activate protected VMs in Availability Zone 2 (correct)

Which inbound ports must be open for replication between an on-premises cluster and an NC2 cluster in AWS?

9440, 2020, 2009 (D)

What is the purpose of the security group settings in the context of NC2 on AWS?

To facilitate secure connections between clusters (C)

What is a primary use case for configuring a Nutanix Cloud Cluster (NC2) on AWS?

Providing a remote backup and data replication site for disaster recovery (B)

How does one interact with a Nutanix cluster running on NC2 on AWS?

Using the NC2 console for creation and management without changes in APIs or existing tools (D)

What aspect of EC2 does NC2 on AWS support for running clusters?

EC2 bare-metal instances, either default or dedicated host tenancy (C)

What is a significant benefit of using AWS for disaster recovery as per the NC2 configuration?

Utilization of AWS' geographical presence and elasticity (B)

Which hypervisor is supported for Nutanix clusters running in AWS?

AHV hypervisor (A)

How many EC2 bare-metal instances are required at minimum for NC2 on AWS?

Three (B)

What operational aspect does NC2 on AWS allow to increase developer productivity?

Provisioning additional capacity for Dev/Test workloads (A)

Which management plane does NC2 on AWS offer for workload operations?

A unified management plane across data center and NC2 on AWS (B)

What is the purpose of the TCP rule for port 22 in the inbound security group?

SSH access to the CVM (C)

Which port number is designated for UI access according to the inbound security group rules?

9440 (B)

What is a characteristic of the asynchronous replication mentioned in the content?

Has a Recovery Point Objective of one hour (D)

Which protocol is used for accessing the CVM over port 2009?

TCP (C)

Which component is not mentioned as being installed when deploying NC2 on AWS?

Data Warehouse (C)

What should be configured for public access when using a public network with Prism?

NAT Gateway and Load Balancer (B)

Which of the following ports is NOT associated with replication according to the inbound security group rules?

2222 (A)

What is the replication method supported by NC2 for recovery from a complete cluster failure?

Multiple replication types (B)

What is the minimum number of racks required to enable Strict Rack Awareness for RF2?

Three racks (C)

What command do you need to run to disable Strict Rack Awareness?

ncli cluster disable-strict-domain-awareness (A)

What happens if you host all your instances in a single Availability Zone (AZ) that experiences a failure?

All instances may become unavailable. (A)

What notification appears in the Nutanix Support portal if a cluster has been running in a single AZ without protection for more than 30 days?

Cluster is not protected. (C)

What are the supported types of replication by NC2?

Asynchronous, NearSync, and Synchronous (C)

Which of the following commands would you run to enable Strict Rack Awareness?

ncli cluster enable-strict-domain-awareness (D)

What is the primary function of AWS VPC endpoints?

To connect to AWS services privately from your VPC (B)

What should you do if you receive an alert in the Prism Element web console regarding lost rack awareness?

Contact Nutanix Support for assistance. (A)

Which of the following is NOT a consequence of not using protection in your production cluster within a single AZ?

Clustering capabilities are enhanced. (C)

What is the primary cost associated with using interface endpoints in AWS?

Hourly usage and data processing charges (A)

What is the total storage requirement for software, configs, and logs per host in the NC2 cluster?

250 GB (B)

Which of the following statements about the EBS volumes in the NC2 cluster is true?

Each node in the NC2 cluster has two encrypted EBS volumes (A)

What happens to EBS volumes when a cluster is hibernated?

Snapshots of the EBS volumes are taken (B)

When is an S3 bucket created in the context of an NC2 cluster?

At the time of cluster creation (A)

What is the size of the AHV EBS volume in the NC2 cluster?

100 GB (A)

How can you increase the data storage capacity of each host in the NC2 cluster?

By attaching additional EBS volumes to specific instance types (C)

What is the default state of Blockstore when a new NC2 cluster is installed using AOS version 7.0?

Enabled only for NVMe SSD storage devices (D)

What technology does AOS use to enhance performance with NVMe devices?

SPDK (D)

Which of the following is NOT a benefit of combining Blockstore with SPDK?

Increased cost efficiency (C)

What principle is emphasized to avoid bottlenecks in the AOS Storage architecture?

Linear scalability (D)

How does AOS facilitate direct access to storage devices within the AOS VMs?

Through userspace libraries (C)

In a Nutanix cluster, what is the role of the Controller Virtual Machine (CVM)?

Operates the hypervisor and storage access (B)

What types of volumes are attached to each cluster node in a Nutanix system?

Both are encrypted gp3 volumes (A)

Which feature is exclusive to new clusters running AOS version 7.0?

Blockstore support with SPDK (C)

Flashcards

NC2 High Availability

A Nutanix Cloud Cluster (NC2) on AWS is protected by deploying multiple clusters across different availability zones. When one zone fails, the protected VMs in another zone remain accessible.

Hybrid Deployment

Setting up replication between your on-premises Nutanix cluster and a Nutanix cluster running in AWS provides disaster recovery capabilities. If an availability zone fails, the on-premises cluster can act as a backup.

Multi-cluster Replication Ports

When creating a multi-cluster deployment, you need to configure specific inbound port settings on your Nutanix clusters. Open both directions of the ports specified in the configuration to enable replication.

NC2 on AWS - Port Ranges

The port range used for UI access in NC2 on AWS (availability zone 1) is 9440, while the port range used for replication is 2020 and 2009. This ensures secure communication and data transfer.

NC2 on AWS Security Groups

When setting up NC2 on AWS, you need to configure security groups for each availability zone. These groups define communication rules for the cluster. For example, the port range 9440 is assigned to UI access, while 2020 and 2009 are dedicated to replication.

What is NC2?

Nutanix Cloud Clusters on AWS (NC2). A service that provides on-premises workloads with access to AWS services without requiring reconfiguration.

How does NC2 work with AWS?

NC2 allows you to deploy and manage Nutanix clusters in a Virtual Private Cloud (VPC) within AWS, offering the same functionality and management tools as on-premises Nutanix clusters.

What type of EC2 instances are supported by NC2?

NC2 supports deployment on EC2 bare-metal instances, both with default and dedicated host tenancy, providing flexibility in resource allocation and security.

What hypervisor does NC2 use?

NC2 mandates the use of the AHV hypervisor for Nutanix clusters running within AWS, offering a consistent virtualization layer across the platform.

How does NC2 handle Prism Central?

NC2 enables you to utilize either a pre-existing on-premises Prism Central instance or to deploy a new Prism Central instance directly within the NC2 environment on AWS.

What is the main use case for NC2 in disaster recovery?

NC2 allows for the creation of a Nutanix Cloud Cluster on AWS as a remote backup site, enabling quick recovery of workloads in case of a disaster in the primary data center.

How does NC2 help with Dev/Test?

By utilizing NC2, you can provision extra capacity for Dev/Test workloads on demand, enhancing developer productivity without needing to reconfigure your software.

How does NC2 manage workloads across different locations ?

NC2 facilitates a unified management plane for controlling workloads across both on-premises Nutanix environments and NC2 environments on AWS.

AWS Security Groups

A network security feature in AWS that controls incoming traffic by defining rules based on source, destination, protocol, and port range.

Custom TCP Rule (Port 2222)

A type of custom TCP rule used for SSH access to a CVM (Compute Virtual Machine) in an on-premises subnet.

Custom TCP Rule (Port 9440)

A type of custom TCP rule used for accessing the Nutanix UI from an on-premises subnet.

Custom TCP Rule (Port 2020)

A type of custom TCP rule used for Nutanix replication between on-premises and AWS clusters.

Custom TCP Rule (Port 2009)

A type of custom TCP rule used for Nutanix replication between on-premises and AWS clusters.

SSH (Secure Shell) Protocol

The TCP protocol used for secure remote login, typically used for managing servers and accessing their resources.

On-premises CVM Subnet

A network component that enables communication between on-premises networks (your data center) and AWS (Amazon Web Services).

Cloud Clusters (NC2)

A component that enables communication between NC2 clusters in different availability zones for replication purposes.

What is NC2 on AWS?

AWS service offering that allows you to create and manage Nutanix Cloud Clusters (NC2) on AWS infrastructure.

What storage components are used by NC2 on AWS?

Each NC2 cluster on AWS has two EBS volumes attached by default for AHV and CVM: AHV EBS (100GB) and CVM EBS (150GB). These are encrypted gp3 volumes used for boot and operating system storage. Additionally, there are 250GB allocated per host for software, configurations, and logs.

Can you expand the storage capacity of NC2 on AWS?

NC2 on AWS supports attaching additional EBS volumes to bare-metal instances (i3.metal, i3en.metal, and i4i.metal) to increase the data storage capacity of each host.

What happens to storage when you hibernate an NC2 cluster?

When you hibernate an NC2 cluster on AWS, snapshots of the EBS volumes attached to each host are taken. These snapshots preserve the state of your cluster and can be used for restoration.

What is the role of S3 in an NC2 on AWS cluster?

An S3 bucket is created automatically when you create an NC2 cluster. This bucket is used to store data when you use the Hibernate feature.

What happens to the data when you hibernate an NC2 cluster?

When you use the Hibernate feature to back up your NC2 cluster, all the data from your cluster is copied into the designated S3 bucket.

How does NC2 on AWS connect to AWS services?

NC2 on AWS utilizes gateway endpoints to connect to AWS services privately, avoiding the public internet. This ensures secure and efficient communication within your VPC.

Is there a cost associated with NC2 on AWS?

You are only charged for the hourly usage and data processing charges for using interface endpoints. Gateway endpoints are free of charge.

What is Blockstore with SPDK?

A feature in Nutanix AOS 7.0 and above that enables direct access to NVMe storage devices, bypassing kernel level operations. It uses the Storage Performance Development Kit (SPDK) to achieve this.

How does Blockstore work?

Blockstore replaces the Linux kernel file system with user space libraries, giving AOS virtual machines direct access to storage devices.

What role does SPDK play in Blockstore?

SPDK provides zero-copy, direct parallel access to NVMe devices, unlocking their full potential.

What are the benefits of Blockstore with SPDK?

Blockstore, together with SPDK, provides ultralow latency, higher performance, and greater host CPU efficiency.

How does NC2 utilize storage hardware?

A Controller Virtual Machine (CVM) on an NC2 cluster has direct access to NVMe instance storage hardware.

How is storage configured on NC2 instances?

Nutanix clusters on AWS have two EBS volumes: one for AHV (100 GB) and one for CVM (150 GB) . You can add more storage to the bare-metal instances.

What makes up a Nutanix cluster on NC2?

The Nutanix cluster consists of multiple nodes, each with two EBS volumes, forming a distributed system with no SPOF, linear scaling, and concurrency principles.

How is NC2 architecture set up?

A Nutanix Cloud Cluster (NC2) runs on bare-metal instances with the AHV hypervisor, which manages the Controller Virtual Machine (CVM) with direct access to NVMe storage hardware.

Strict Rack Awareness

A feature that ensures Nutanix clusters on AWS are deployed across multiple racks for improved fault tolerance and high availability.

3 Racks for RF2

The minimum number of racks required for NC2 clusters with Replication Factor 2 (RF2).

5 Racks for RF3

The minimum number of racks required for NC2 clusters with Replication Factor 3 (RF3).

AWS Availability Zones

AWS Availability Zones are geographically separated locations within an AWS Region, designed to isolate failures and provide low-latency connectivity.

Single AZ Deployment Risks

Data loss can occur if all Nutanix instances are deployed in a single availability zone without protection.

Disaster Recovery with NC2

Nutanix Disaster Recovery helps protect data against AZ failures by replicating data to another location, either on-premises or another NC2 cluster in a different AZ.

Nutanix Support Notification (Single AZ)

Nutanix Support displays a notification if a cluster is running in a single AZ without protection for more than 30 days, highlighting potential data loss risks.

NC2 Replication Modes

NC2 supports various replication modes, including Asynchronous, NearSync, and Synchronous replication, providing different levels of data protection and consistency.

Study Notes

Nutanix Cloud Clusters (NC2) on AWS Deployment and User Guide

• This document guides users on deploying NC2 on AWS, subscribing, managing UVM networks, creating clusters, and more.
• Intended for users deploying and configuring NC2 on AWS. Familiarity with AWS concepts including EC2 instances, networking and security, and storage is required.
• The document includes a roadmap (Table 1) organizing the topics
• NC2 Overview (page 12): NC2 is a hybrid multicloud platform that extends the Nutanix software stack to public clouds like AWS.
• Use Cases (page 14): Disaster recovery, capacity bursting for Dev/Test, modernizing applications on AWS.
• AWS Infrastructure (page 15): NC2 on AWS runs on AWS EC2 bare-metal instances running the Nutanix AHV hypervisor. An ENI connects to the AWS network.
• NC2 Planning Guidance (page 16): Covers costs (AWS and Nutanix) for deploying NC2 infrastructure. Includes the ability to use Nutanix Sizer to plan.
• Deployment models (page 17): Single Availability Zone, Multiple Availability Zone, and Multi-cluster.
• AWS Components (page 20): Detailed description of mandatory AWS components installed for NC2 on AWS.
• For each model, examples and configurations are provided for a variety of scenarios, in addition to security considerations and required components to ensure a successful deployment.
• Specific topics like network security (page 169) and cluster management (page 180), along with detailed step-by-step procedures, are included for effective implementation.
• Provides comprehensive details regarding the deployment and maintenance of NC2 on AWS, including critical considerations such as security aspects, required configurations, and troubleshooting guides for the respective operations.
• Reference Documents (page 23): A table (3 and 4) listing supporting documents including Release Notes, Compatibility and interoperability Matrix, and manuals.
• Document Revision history (page 24): detailed log of changes made to the document in terms of date, and description of the changes.
• User Management (page 240): Information on user roles, adding or removing users and customizing authorisation.
• API Key Management (page 256): Procedures and instructions for API key usage, detailing different scopes for the NC2 API keys.
• Cost Analytics (page 259): Details on how to integrate cost analysis tools with NC2 deployments.
• File Analytics (page 261): File Analytics runs as a VM, can be reached by the File Analytics IP address if accessing from inside the VPC.
• Disaster Recovery (page 262): Three types of disaster recovery (NearSync, Asynchronous, and Synchronous) are supported, with specific configurations and scenarios in NC2 on AWS.
• Third-Party Backup Solutions (page 271): Information on using third-party backup products such as HYCU, Veeam in an NC2 environment.
• System Maintenance (page 272): Includes information on health checks, certificate monitoring, and software updates.
• Release Notes (page 276): Important information about recent changes, fixes, known issues, and compatibility data
• Copyright (page 277): Copyright information for the document.