Overview of AHV Security Features

Questions and Answers

What is Traffic Mirroring primarily used for?

Optimizing virtual machines

Load balancing traffic

Security analysis and gain visibility (correct)

Increasing bandwidth

Traffic Mirroring can only mirror outbound traffic.

False

What is one requirement for the Span destination in Traffic Mirroring?

VM on the same host

Nutanix environments support _____ modes for link aggregation.

3

Match the modes of link aggregation to their characteristics:

Active-active = Recommended for easy setup at scale Active-active - MAC = Aggregating bandwidth across multiple links Active-active - Backup = Single active uplink limitation Active-active - LAG/LACP = Switch-independent mode

What is AHV primarily focused on?

Running applications without complexity

AHV is a hybrid virtualization platform that accommodates only public clouds.

False

What is the primary design focus of AHV?

To efficiently run demanding applications.

AHV is secured through ______ and ready for what's next.

automation

Match the following features of AHV with their descriptions:

Hardened by default = Secured through automation Efficient performance = Runs demanding applications seamlessly Hybrid virtualization = Supports multiple cloud environments Foundation = Built on a data center's opinionated design

Which type of clouds does AHV support?

Hybrid clouds including data center and edge sites

AHV is designed to add complexity to application management.

False

What type of solution does AHV provide?

Full-stack hybrid solution.

What is the primary responsibility of the Acropolis Dynamic Scheduler (ADS)?

Monitoring and optimizing infrastructure

The Acropolis Dynamic Scheduler only operates during VM migrations.

False

What does ADS do when it detects a hotspot on a host?

It works to resolve that hotspot by optimizing resource allocation.

ADS provides initial ______ placement for virtual machines.

VM

Match the ADS features with their corresponding descriptions:

Initial VM placement = Choosing AHV host for a VM Hotspot mitigation = Resolving high CPU usage on hosts High Availability guarantees = Ensuring VMs can recover from host failure Dynamic GPU management = Supporting specific vGPU profiles

Which of the following does ADS NOT address?

Creating backup copies of data

ADS creates remediation plans based on the cost of movement.

True

What does the term 'hotspot' refer to in the context of ADS?

A host with high CPU and storage usage.

ADS includes features for background policy enforcement such as ______ and Anti-Affinity.

Affinity

What is the threshold CPU usage that signals a hotspot according to the example provided?

85%

What primary advantage does Nutanix Move offer for VM migrations?

Automation of most migration processes

Nutanix Move allows for almost any application refactoring before migration.

False

Name two platforms supported by Nutanix Move for VM migration.

VMware ESXi, Microsoft Hyper-V

Nutanix Move ensures that businesses experience __________ during migration.

minimal disruption

Match the following features of Nutanix Move with their descriptions:

1-Click Migration = Simplifies the migration process with one click Pre-seed Data = Transfers data ahead of time to minimize downtime Risk-free Migration = Allows rolling back if necessary Wide Compatibility = Supports various virtualization platforms

Which statement best describes the operational flexibility of Nutanix Move?

It supports cloud migrations to and from AWS and Azure.

Nutanix Move removes data from origin datastores during migration.

False

What does Nutanix Move enable teams to pre-test before the migration cutover?

Workload

Nutanix Move allows for migration cuts over via __________ or APIs.

UI

What is a key benefit of performing VM migrations with Nutanix Move?

It minimizes downtime and operational disruptions.

Which cloud services can VMware ESXi target?

Nutanix Cloud Clusters on AWS

Nutanix Move is the most complex method for migrating to AHV.

False

What does AHV stand for in the context of virtualization?

Acropolis Hypervisor

VMware ESXi can target Nutanix Cloud Clusters (NC2) on _______.

AWS

Match each virtualization technology with its correct target.

VMware ESXi = Nutanix Cloud Clusters on AWS Microsoft Hyper-V = AHV AWS EC2 = NC2 on Azure Nutanix AHV = Microsoft Azure Cloud

Which of the following is a target for Nutanix AHV?

VMware ESXi on Nutanix

Nutanix AOS can be run on VMware ESXi and later migrated to AHV.

True

What simplifies the migration process to AHV according to the content?

Nutanix Move

Nutanix Move allows for the _______ of VMs for replication and failover.

logical grouping

Which of the following best describes the purpose of Nutanix Move?

To simplify migration to AHV

What does ACI stand for?

Application Centric Infrastructure

Cisco ACI supports integration with Nutanix Prism Central since release 6.0(3).

True

What is the function of the APIC in Cisco ACI?

To manage and configure the network by generating necessary configurations for switches.

The automated creation of VLAN networks in Prism Central can be triggered by creating _____ in ACI.

End Point Groups

Match the following network components with their roles:

APIC = Centralized controller for ACI ACI = Application Centric Infrastructure VLAN = Virtual Local Area Network End Point Group = Group of endpoints sharing similar policies

What is the primary benefit of using Nutanix Move for VM migrations?

It simplifies and enhances the efficiency of the migration process.

Nutanix Move can operate without a target cluster during VM migration.

False

What is the function of Nutanix Move in the context of VM migrations?

To facilitate the migration of VMs with logical grouping for replication and failover.

An application-based method may offer a data __________ method that is best used rather than copying the VM.

replication

Match the tools used for migrating from ESXi to AHV with their purpose:

Nutanix Move = Simplest method for VM migration Active Directory servers = Typical usage of data replication Shared storage = Allows direct movement to AOS and AHV VM groups = Logical grouping for migration

What must be present for Nutanix Move to function effectively?

A target cluster for landing VMs.

Moving directly to Nutanix AOS and AHV is only possible if you have existing Nutanix infrastructure.

False

What major scenarios typically utilize data replication methods?

Active directory servers and certain database scenarios.

Nutanix Move can group VMs logically for __________ and failover.

replication

Which method is considered the simplest for migrating virtual machines?

Nutanix Move

Which cloud service can VMware ESXi target?

Nutanix Cloud Clusters (NC2) on AWS

Nutanix Move requires a significant amount of downtime during migration.

False

What is the primary benefit of using Nutanix Move?

It simplifies and streamlines the VM migration process, allowing for batch migrations.

VMware ESXi can later migrate to ______ when users are ready.

AHV

Match the following virtualization technologies with their respective targets:

VMware ESXi = Nutanix Cloud Clusters (NC2) on AWS Microsoft Hyper-V = AHV AWS EC2 = NC2 on AWS Nutanix AHV = AWS EC2

Which targets are associated with Microsoft Azure Cloud?

AHV, VMware ESXi on Nutanix, Nutanix Cloud Clusters (NC2) on Azure

Nutanix AHV primarily targets only hybrid cloud environments.

False

What is the common starting point for customers wanting to run AHV?

Running VMware ESXi as a first step before migrating to AHV.

Which of the following interfaces is used for public CVM traffic?

eth0

Users can manage AHV bonds solely using the command line.

False

What does the balance-tcp load-balancing algorithm do in AHV?

It configures an LACP-enabled bridge with a pair of uplinks.

Traffic Mirroring enables you to mirror traffic from the interfaces of the AHV hosts to the virtual NIC (vNIC) of guest ______.

VMs

Match the following AHV configuration options with their descriptions:

eth0 = Public CVM traffic interface eth1 = Internal storage interface vSwitch = Maps to an OVS bridge MTU = Maximum Transmission Unit size

What is indicated when a hotspot is detected on a host?

High CPU usage

Each virtual switch created in AHV can have multiple uplinks.

True

What additional interfaces can be added for advanced CVM configuration?

Replication, iSCSI, and DR interfaces.

A single virtual switch is usually present in most clusters and defaults to ______.

vs0

What purpose does LLDP information serve in AHV uplink configuration?

To select the appropriate uplinks

What type of traffic can be mirrored using Traffic Mirroring?

Bidirectional traffic

Traffic Mirroring can only mirror traffic from VM vNICs.

False

What is one use case for mirrored traffic?

Security analysis

With link aggregation, Nutanix environments support _____ modes.

three

Match the link aggregation modes with their characteristics:

Active-Active = Aggregating bandwidth across multiple links Active-Backup = One active uplink at a time Active-Active - MAC = Switch-independent mode for easy setup Active-Active - LAG/LACP = Load balancing based on per-vswitch

What is a requirement for the Span destination in Traffic Mirroring?

It must be a VM on the same host

Traffic Mirroring is used primarily for improving application performance.

False

How many SPAN sessions are allowed per host?

Two

Active-Active is typically the _____ configuration for AHV.

default

What is a downside of using the Active-Active link aggregation mode?

Limited to one active uplink

Study Notes

Overview of AHV

• AHV (Acropolis Hypervisor) is designed for security, automation, and future-readiness by default.
• It is optimized for running applications effortlessly without added complexity.
• Supports hybrid cloud environments, integrating with various public and private infrastructures.

Key Features of AHV

• Acropolis Dynamic Scheduler (ADS): Monitors and optimizes infrastructure, managing VM migrations, ensuring resource availability, and enforcing administrative policies.
• Initial VM Placement: Determines the best host for a new VM and defragments clusters to optimize resource allocation.
• High Availability Guarantees: Ensures VMs are recoverable in case of host failures by relocating VMs to maintain availability.
• Hotspot Mitigation: Detects and resolves CPU and storage hotspots across hosts dynamically.
• Dynamic GPU Management: Allocates specific GPU resources to VMs based on demand.
• Cost-Based Remediation: Plans VM movements considering operational costs.

Nutanix Move

• A tool for seamless cross-hypervisor VM migration, allowing minimal downtime and risk.
• Automates migration processes, reducing manual steps and potential errors.
• Compatible with various virtualization platforms: VMware ESXi, Microsoft Hyper-V, and Nutanix AHV.
• Supports flexible source infrastructures and provides 1-click migrations without the need for application changes.
• Enables pre-seeding of data and testing prior to cutover to minimize operational disruptions.

Migration Support

• Supports VM migrations from multiple platforms to AHV and Nutanix Cloud, including AWS and Azure.
• Provides pathways to migrate from ESXi to AHV, ensuring smooth transitions as business needs evolve.

Traffic Mirroring

• Enables mirroring of inbound, outbound, or bidirectional traffic from selected source ports to destination ports for enhanced security analysis.
• Facilitates packet troubleshooting and compliance needs through effective traffic visibility.

Link Aggregation

• Supports three configurations for load-balancing and link aggregation in Nutanix environments: Active-Active MAC, Active-Backup, and Active-Active LAG/LACP.
• Recommended settings include simplicity and optimal performance configuration based on needs.
• Active-Active configurations allow bandwidth aggregation across multiple links while maintaining ease of setup and minimal requirements for upstream switches.

VMware ESXi and Nutanix Integration

• VMware ESXi can target Nutanix Cloud Clusters (NC2) on both AWS and Microsoft Azure.
• VMware ESXi on Nutanix can also target Nutanix AHV.

Microsoft Hyper-V

• Targets include Nutanix AHV, VMware ESXi on Nutanix, and NC2 on AWS.

AWS EC2

• Supports integration with Nutanix AHV, VMware ESXi on Nutanix, and NC2 on AWS.

Microsoft Azure Cloud

• Integrates with Nutanix AHV, VMware ESXi on Nutanix, and NC2 on Azure.

Nutanix AHV

• Targets include Nutanix AHV, AWS EC2, Microsoft Azure Cloud, and NC2 on AWS/Azure.

NC2 (Nutanix Cloud Clusters)

• Supports deployment on AWS and Azure, targeting Nutanix AHV and NC2 on Azure.

Migration Strategies

• Common strategy includes starting with VMware ESXi and later migrating to AHV.
• Migration to Nutanix AOS can either start with ESXi and later transition to AHV, using tools like Nutanix Move for convenience.

Nutanix Move Tool

• Simplifies and optimizes migration with minimal downtime.
• Allows logical grouping of VMs for replication, supporting both individual and batch migrations.

Application-Based Migration

• Offers flexibility for transferring complex applications, recommended for database scenarios and servers like Active Directory.

Direct Migration from ESXi to AHV

• Nutanix Move can facilitate direct transfer to Nutanix AOS and AHV without needing Nutanix infrastructure.

Networking Configurations

• CVM Network Requirements: Standard configurations involve using eth0 for public traffic and eth1 for internal storage. Advanced setup permits additional interfaces for replication or disaster recovery.

AHV Bridge and Uplink Configuration

• Virtual switches can be managed via Prism or command line, allowing configuration of load-balancing algorithms and network segmentation.
• Typically, one virtual switch suffices for clusters, but additional switches can be created for specific needs.

Traffic Mirroring

• Enables replication of network traffic from AHV host interfaces to VM vNICs for security and analysis.
• Supports inbound, outbound, and bidirectional traffic mirroring to enhance troubleshooting and compliance.

AHV Host Link Aggregation

• Supports multiple link aggregation modes, enabling optimal configuration for cluster performance.
• Active-Active mode aggregates bandwidth across links, while Backup mode offers reliability by using multiple links with failover.

Cisco ACI Integration

• ACI (Application Centric Infrastructure) from Cisco integrates with Nutanix, automating the creation of VLAN networks based on End Point Groups.
• APIC (Application Policy Infrastructure Controller) manages infrastructure configuration, aligning architectural needs with physical networking components.

Summary Points

• Integration with Cisco ACI enhances Nutanix's networking capabilities, ensuring dynamic and scalable configurations for cloud environments.
• Future updates to ACI will continue to improve operational efficiency and simplify network management within Nutanix systems.

Description

This quiz explores the security features of AHV, focusing on its hardened default settings and automation processes. Navigate through the different security layers to understand how AHV is prepared for future challenges. Test your knowledge on the critical components that ensure security within the stack.