Deploy and User guide 3 med

Questions and Answers

What is the purpose of modifying default UVM security groups?

• To create capacity for heterogeneous clusters
• To enhance traffic control policies (correct)
• To optimize cost analysis
• To enable automatic scaling of resources

Which feature should be configured to protect NC2 clusters?

• Disaster Recovery
• Cluster Protect (correct)
• Cost Analytics
• Network Security Groups

What must be considered when analyzing cloud consumption in NC2?

• Cost Analytics (correct)
• Disaster Recovery configuration
• Security group modifications
• User role management

Which functionality does Cluster Protect provide?

Protection for NC2 clusters (B)

What is one of the requirements for creating a heterogeneous cluster?

Update cluster capacity (C)

What is essential for preserving IP addresses during a subnet failover?

Disaster Recovery configuration (A)

Which documentation is recommended for understanding NC2's integration with other Nutanix products?

Nutanix Validated Design (B)

What must the S3 bucket used for data backup be in terms of accessibility?

Not publicly accessible (C)

What happens to data once the cluster is resumed?

It is hydrated back onto hosts and kept in the S3 bucket (A)

Which AWS service is used to forward DNS requests to a custom DNS server?

Route 53 (D)

Which AWS components are charged by AWS?

NAT Gateway (A), Load Balancer (C)

What is the default DNS server used by an NC2 cluster for resolving the FQDN of EC2 and S3 endpoints?

AWS DNS server from the VPC (A)

How many Elastic Network Interfaces (ENIs) can be associated with a single host?

14 (B)

What additional resources are needed if you intend to use the Cluster Protect feature?

Two more S3 buckets (B)

What resource identification method is mentioned for AWS resources?

Resource tagging (B)

What happens if the IP addresses on an Elastic Network Interface are exhausted?

Another ENI will be added to the host. (A)

What is charged by AWS in relation to network connectivity options?

Data traffic for VPN and Direct Connect (D)

When is a Load Balancer deployed in a new VPC?

When Prism access is set to public (C)

Which of the following statements about the Internet Gateway is true?

It incurs charges for data traffic. (B)

What is the characteristic of NAT Gateway deployment?

It is deployed only when creating a new VPC. (A)

What is the maximum number of usable IPs for each Elastic Network Interface?

49 (C)

What determines whether a Load Balancer must be deployed?

Whether the Prism access is public. (D)

What is the primary purpose of gateway endpoints in AWS?

To connect to AWS Services privately from your VPC (A)

What is the size of the AHV EBS volume in the NC2 cluster?

100 GB (A)

How is storage required during cluster creation in NC2 managed?

250 GB is allocated per node for configurations (D)

What happens to EBS volumes upon hibernating a cluster?

Snapshots of the EBS volumes are taken (C)

What type of S3 bucket is created at the time of cluster creation?

An empty bucket that activates upon hibernation (A)

What are the two types of EBS volumes attached to each node in the NC2 cluster?

AHV EBS and CVM EBS (B)

What must be done to increase data storage capacity on i3.metal and similar instances?

Attach additional EBS volumes (B)

Which of the following statements is true regarding interface endpoints?

They come with hourly usage and data processing charges (C)

What was added to the document on December 12, 2024?

Information on the minimum number of EBS volumes that can be attached to instances (A)

Which region was added support for on November 28, 2024?

Asia Pacific (Malaysia) (C)

What updates were made on October 23, 2024?

Support for AOS 6.8 and later for running Microsoft Windows Server (C)

Which topic was added on December 5, 2024?

Blockstore Support with SPDK (A)

What improvement was made regarding disaster recovery on October 17, 2024?

Synchronous replication support (C)

What change was outlined in the revision dated November 14, 2024?

Updating Cluster Protect S3 bucket object lock requirements (A)

What was included in the updates on September 30, 2024?

A checklist for deploying NC2 on AWS (D)

Which feature was introduced for Prism Central on November 27, 2024?

Health alert notification updates (A)

What must you have to run the CloudFormation script for NC2 on AWS?

IAMFullAccess (A)

Which IAM role is used by the NC2 console to access the AWS account through APIs?

Nutanix-Clusters-High-Nc2-Cluster-Role-Prod (B)

Which AWS service is necessary for deploying the Nutanix Cloud Clusters?

AWS CloudFormation (D)

Which components must be set up after creating a cluster in AWS?

Network and Security Infrastructure (D)

What does the CloudFormation stack created by NC2 provide information on?

Nutanix-Clusters-High-Nc2-Cloud-Stack-Prod (D)

Prior knowledge of which of the following is recommended for managing significant deployments on AWS?

AWS EC2 and VPC (A)

What role is assigned to each of the bare-metal instances in NC2 on AWS?

Nutanix-Clusters-High-Nc2-Orchestrator-Role-Prod (B)

Flashcards

Minimum EBS Volumes

The minimum number of EBS volumes that can be attached to instances in a cloud cluster.

Prism Central Port Requirements

The ports and endpoints required for Prism Central, a management tool for cloud clusters.

Blockstore Support with SPDK

A storage technology used to improve performance and efficiency when using block storage in a cloud cluster.

Excluding Clusters From VPC Gateway Node Election

A technique for preventing a cluster from being selected as the gateway node in a Virtual Private Cloud (VPC) environment.

MST DR with Zero Compute Deployment

A method for replicating data between cloud clusters using zero compute instances, minimizing resource usage during disaster recovery.

Supported Regions and Bare-metal Instances

A list of regions and instance types supported for running bare-metal instances in a cloud cluster.

Creating S3 Buckets for Cluster Protect

The process of creating S3 buckets for storing data backups with Cluster Protect, emphasizing object lock requirements.

Running Windows on NC2 on AWS

Requirements for running Microsoft Windows Server on an NC2 on AWS cluster.

What is Nutanix Cloud Clusters (NC2)?

Nutanix Cloud Clusters is a platform that allows users to deploy and manage Nutanix clusters on Amazon Web Services (AWS).

What's the first step before working with NC2 on AWS?

Before getting started with NC2, users must register for the service through the My Nutanix portal.

What AWS services are involved in NC2?

NC2 leverages AWS EC2, VPC, and CloudFormation services, requiring prior knowledge of these services and familiarity with the AWS framework is recommended.

What permission is needed to create IAM roles for NC2 on AWS?

The "IAMFullAccess" permission is required to create IAM roles for NC2 on AWS.

What is needed to run the NC2 CloudFormation stack?

The "AWSCloudFormationFullAccess" permission is needed to run the CloudFormation stack that creates IAM roles for NC2.

What are the two IAM roles created by NC2?

Two IAM roles are created for NC2 on AWS: "Nutanix-Clusters-High-Nc2-Cluster-Role-Prod" and "Nutanix-Clusters-High-Nc2-Orchestrator-Role-Prod".

What does the "Nutanix-Clusters-High-Nc2-Cluster-Role-Prod" IAM role do?

The "Nutanix-Clusters-High-Nc2-Cluster-Role-Prod" allows the NC2 console to access the AWS account using APIs.

What does the "Nutanix-Clusters-High-Nc2-Orchestrator-Role-Prod" IAM role do?

The "Nutanix-Clusters-High-Nc2-Orchestrator-Role-Prod" role is assigned to each bare-metal instance within the NC2 deployment.

AWS Private Endpoints

A service allowing you to connect to AWS services privately within your Virtual Private Cloud (VPC) without going through the public internet.

AHV EBS

A type of storage volume attached to each node in an Nutanix Cloud Clusters (NC2) cluster. It is used as the boot volume for the Acropolis Hypervisor (AHV).

CVM EBS

A type of storage volume attached to each node in an Nutanix Cloud Clusters (NC2) cluster. It is used as the boot volume for the Cloud Virtual Machine (CVM).

Elastic Block Store (EBS)

Encrypted storage volumes provided by Amazon Web Services (AWS). They are used for persistent storage in various AWS services, including EC2 instances and EBS volumes.

EBS Snapshots

A feature offered by Nutanix Cloud Clusters (NC2) that allows you to take snapshots of all EBS volumes on the cluster's hosts. This feature is used when hibernating the cluster.

Amazon Simple Storage Service (S3)

A cloud object storage service offered by Amazon Web Services (AWS). It is often used for storing backups, logs, and other data.

Hibernate Feature

A feature in Nutanix Cloud Clusters (NC2) that saves data from the cluster to an S3 bucket. It is used when you need to hibernate the cluster and reclaim resources.

Additional EBS Volumes

A type of storage volume that can be attached to bare-metal instances, such as i3.metal, i3en.metal, and i4i.metal, to increase the storage capacity of each host.

Data Hydration

When a Nutanix cluster resumes after a disruption, data is restored to the hosts from both the S3 backup and the local storage.

Cluster Protect S3 Buckets

To protect Nutanix clusters with Cluster Protect, you need two separate S3 buckets in addition to the primary bucket used for backups.

NC2 Network Connectivity Options

When deploying Nutanix Cloud Clusters (NC2) on AWS, network connectivity between on-premises and AWS can be achieved through VPN, Direct Connect, or Transit Gateway.

NC2 DNS Service

AWS DNS is the default DNS service used by NC2 clusters for VMs. You can configure AHV to use your own DNS server.

Route 53 for Custom DNS

Route 53 is an AWS service that allows you to forward DNS requests to your own DNS server.

NC2 AWS Network Charges

AWS charges for network traffic used by NC2, including VPN, Direct Connect, and Transit Gateway.

AWS Tags for NC2

Tags are used to identify and manage resources in AWS. You can use tags to organize and track your NC2 resources.

AWS DNS for NC2

The AWS component used for resolving FQDNs of EC2 and S3 endpoints in NC2.

Bare Metal Instances

Dedicated physical servers offered by Amazon Web Services (AWS) providing a bare-metal environment for hosting virtual machines.

Elastic Network Interfaces (ENIs)

A virtual network interface used to connect virtual machines (UVMs) to the AWS network. Each ENI can have multiple IP addresses, allowing for flexible network configurations.

Load Balancer

Used to distribute incoming traffic across multiple instances, allowing for high availability. Deployed when deploying in a new Virtual Private Cloud (VPC) and when Prism access from the internet is set to public.

NAT Gateway

A network service that enables instances within a private subnet to connect to the internet without having public IP addresses. Deployed only when deploying in a new VPC.

Internet Gateway

A gateway that enables instances within a VPC to communicate with the internet. Deployed only when deploying in a new VPC.

What are the Mandatory AWS Components installed when deploying NC2 on AWS?

These are the services that are installed on the dedicated Amazon EC2 hosts when deploying a Nutanix Cloud Cluster (NC2) on AWS.

Which Components are charged by AWS?

You are charged by AWS for using bare-metal instances and NAT gateways when deploying your NC2 cluster.

Which components are not charged by AWS?

The following components are not charged by AWS: ENIs and internet gateways. You are charged for data traffic through these services.

What is Nutanix Validated Design?

Nutanix Validated Design is a reference document that showcases a typical implementation of NC2 in a customer environment.

How do AWS Security Groups work in NC2?

AWS Security Groups control network traffic in and out of your NC2 instances using rules. These rules specify inbound and outbound traffic allowed based on ports, protocols, and IP source/destinations.

How can I change the size and capacity of my NC2 cluster?

You can manage your NC2 cluster's size and capacity by adding or removing nodes. This helps adapt your cluster to meet changing workload demands.

What is Cluster Protect used for?

Cluster Protect allows you to configure and manage backups and recovery for your NC2 cluster. This feature helps protect your valuable data in case of failures or disasters.

How can I manage user permissions and roles in NC2?

NC2 User Management allows you to add users, assign roles, and manage permissions within your NC2 environment. This controls who has access to different functionalities and data.

What are the limitations of using NC2 in different AWS regions?

NC2 on AWS can be deployed in specific regions, and each region supports certain bare-metal instances. Ensure compatibility and check limitations before deployment.

How does Disaster Recovery work in NC2?

Disaster Recovery helps you protect your NC2 cluster from outages by replicating data and resources to a secondary site. This ensures smooth operations even if your primary site goes down.

How can I analyze my cloud spending for NC2?

Cost Analytics helps you monitor and analyze your cloud spending on your NC2 instances. This gives you insights into your usage patterns and allows cost optimization opportunities.

Study Notes

Nutanix Cloud Clusters (NC2) on AWS Deployment and User Guide

• This document provides instructions for deploying NC2 on AWS.
• It covers how to set up Nutanix resources for NC2 deployment, subscribe to NC2 payment plans, manage UVM networks, create Nutanix clusters, and other related tasks on AWS.
• The document is intended for AWS users responsible for NC2 deployment and configuration.
• Readers need familiarity with AWS concepts (EC2 instances, networking, security, storage) and Nutanix products (Prism Element, Prism Central, NCM).

Contents

• The document is organized into sections for easy navigation.
• A table (Table 1) outlines the document's structure, mapping specific topics to relevant sections.

Nutanix Cloud Clusters (NC2) Overview

• NC2 is a hybrid multicloud platform that extends Nutanix capabilities to public clouds like AWS.
• It simplifies managing applications and data migration between on-premises and cloud environments.
• NC2 uses the same CLI, GUI, and APIs for both on-premises and cloud environments.
• NC2 resources (bare-metal hosts) are deployed within your AWS account.

Use Cases

• Disaster Recovery on AWS: Create redundant backup and replication of on-premises workloads in AWS.
• Capacity Bursting for Dev/Test: Increase developer productivity by using NC2 on AWS when on-premises capacity is insufficient.
• Modernize applications with AWS: Migrate existing workloads to AWS quickly and easily.

NC2 Planning Guidance

• Costs for deploying NC2 include AWS EC2 bare-metal instances, and NC2 cluster costs.
• Determine sizing and capacity of your NC2 infrastructure using the Nutanix Sizing tool.

NC2 on AWS Deployment Models

• Single Availability Zone Deployment: Ideal for ephemeral workloads needing high performance, retaining same on-premises automation for backups.
• Multiple Availability Zone Deployment: Suitable for high availability requirements and resilience between Availability Zones.
• Multicluster Deployment: Create a disaster recovery target by utilizing existing on-premises clusters.

AWS Components Installed

• NC2 on AWS deployment includes various mandatory AWS components (e.g., EC2 Hosts, ENIs, Load Balancer).
• There are also optional configurations, such as VPN, Direct Connect, and Transit Gateway.

NC2 Architecture

• The NC2 stack runs on AHV hypervisor, which in turn runs on bare-metal EC2 instances.
• Bare-metal instances use NVMe SSD local storage.
• Data is spread across nodes in the cluster for high availability.

Network Security using AWS Security Groups

• Use security groups to control inbound and outbound traffic.
• NC2 uses default security groups (Internal Management, User Management, and UVM security group).
• You have the option to create custom security groups to customize security.

Cluster Management

• Perform cluster tasks (add/remove nodes, capacity updates, and many other maintenance/management tasks)
• Detailed information, including how to upgrade or replace nodes manually is included here.

Getting Started With NC2

• Requirements for NC2 deployment include configuring an AWS account, and setting up specific IAM roles in your AWS account using a CloudFormation script.
• Review of supported regions and bare-metal instance types.

NC2 Instance Tenancy Types

• Default Tenancy: EC2 instances can migrate between hosts (for example, when using Hibernate/Resume).
• Dedicated Host: EC2 instances are hosted on a dedicated host and will not migrate to another host (for example, in case of node failure or in case of re-deploy).

NC2 on AWS Deployment Workflow

• A detailed step-by-step procedure for NC2 deployment on AWS, specifying various tasks.
• This section guides you through creating VPC, Subnets, Internet Gateways, NAT Gateway, Route Tables, VPN, and DNS setup.

Creating a Cluster

• Detailed step-by-step procedure for the whole cluster creation, specifying the necessary details in each step.

Managing Support Authorization

• NC2 support specialists have limited access to your cluster entities to look into any issues.
• You can allow specific permissions, grant full access, or prevent access entirely to these users.

NC2 API Key Management

• Instructions for creating API keys for use with NC2 APIs.
• Shows how to generate JWT tokens for authenticating API calls.

Cost Analytics

• Provides insight into your NC2 spending in AWS.
• Using Cost Governance to gain visibility and control cloud usage.

File Analytics

• Installation and configuration of Nutanix Files and File Analytics on NC2 clusters in AWS.
• File Analytics VM setup on your Prism Element.
• Accessing File Analytics VM from inside and outside VPC.

Disaster Recovery

• Options for asynchronous, NearSync, or synchronous replication between NC2 clusters.
• Configuration details on how to handle recovery from a failure (e.g., a single AZ or multiple correlated failures), or failover, or other disaster scenarios.
• Instructions for using Multicloud Snapshot Technology (MST) for disaster recovery.

Third-Party Backup Solutions

• Nutanix recommendations on using third-party backup products (HYCU, and Veeam) that are compatible with AHV.

System Maintenance

• Provides instructions for health checks using the Nutanix Cluster Check tool and how to monitor your certificates for expiration in AWS.

Release Notes

• Summary of changes and enhancements available for the current NC2 on AWS release.
• Summary of known issues and workarounds.