nutanix-cloud-infrastructure-100-product-overview-00lVByMi.pdf

Full Transcript

Nutanix Cloud Infrastructure - 100 - Product
Overview

Nutanix Cloud Infrastructure (NCI) is a distributed infrastructure platform for
enterprise IT applications. NCI software, the foundation for our Nutanix Cloud
Platform offering, combines compute, storage, and networking resources from a
cluster of servers into a single logical pool with integrated resiliency, security,
performance, and simplified administration.

In this lesson, you will learn about the value of hyperconverged infrastructure, what
the NCI platform is and its components, and how NCI can solve the infrastructure
challenges that customers face.

IN TR ODUCTION AN D OVER VIEW

Market Opportunity

HCI History and Overview

NCI Platform

N CI COMPON EN TS
 AOS Storage

AHV Virtualization

Prism Management

Data Protection and Disaster Recovery

Container Support

Virtual Networking

Security and Network Security

Nutanix Cloud Clusters

SUMMAR Y AN D R ESOUR CES

Resources

Assessment

Feedback
Lesson 1 of 14

Market Opportunity

Leadership Position
Since the inception of the Integrated Systems Magic Quadrant with Gartner, Nutanix
has played a dominant role in this marketplace. The HCI market continues to grow,
and Nutanix is the leading provider in completeness of vision, ability to execute, and
revenue.
Hyperconverged infrastructure has matured and continues to grow. Gartner states
that, as of July 2022, hyperconverged infrastructure has reached the “Plateau of
Productivity” within their Hype Cycle. This is good news for Nutanix Cloud
Infrastructure (NCI), as it means the very core of the software is now mainstream and
adoption starts to accelerate. It also means that the criteria for assessing HCI
providers viability are more clearly defined and the technology's broad market
applicability and relevance are clearly paying off for customers.
With NCI, organizations can efficiently deploy and manage data and applications
across datacenter, edge, and cloud environments without the complexity or cost of
traditional infrastructure. Now IT can spend less time and money on infrastructure

management and give users the ability to easily manage their own workloads.
Lesson 2 of 14

HCI History and Overview

Leader in HCI
Founded in 2009 by a team who democratized technologies that Amazon,
Facebook, and Google used in their own datacenters, Nutanix pioneered the
creation of hyperconverged solutions and dramatically simplified IT infrastructure,
reduced costs, and improved manageability.

The early idea of Nutanix was to bring web-scale
engineering -- distributed systems running on
commodity servers -- to the masses.

A Brief History of Nutanix - Dheeraj Pandey

Legacy Inf rastructure
Legacy infrastructure—with separate storage, storage networks, and servers—is not
well suited to meet the growing demands of enterprise applications or the fast pace
of modern business. The silos created by traditional infrastructure have become a
barrier to change and progress, adding complexity to every step, from ordering to
deployment to management.

New business initiatives require buy-in from multiple teams, and IT needs must be

predicted 3-5 years in advance. As most IT teams know, this involves a substantial
amount of guesswork and is almost impossible to get right. In addition, vendor lock-
in and increasing licensing costs are stretching budgets to the breaking point.

Enterprise IT teams today are looking for ways to deliver on-premises IT services with

the speed and operational efficiency of public cloud services such as Amazon Web
Services (AWS), Microsoft Azure, and Google Cloud. Taking cues from web giants,
hyperconverged infrastructure (HCI) combines common datacenter server hardware
using locally attached storage devices (spinning disk or flash) with intelligent

software to eliminate common pain points associated with legacy infrastructure.
 Hyperconverged Inf rastructure
Hyperconverged infrastructure combines common datacenter hardware using
locally attached storage resources with intelligent software to create flexible
building blocks that replace legacy infrastructure consisting of separate servers,
storage networks, and storage arrays.

Hardware nodes in an HCI environment include both compute and storage together. These

hardware nodes connect together into a cluster of servers.

AOS (Acropolis Operating System) is part of the Nutanix Cloud Platform and abstracts clusters

of nodes into pools of compute and storage that a virtualized platform (AHV, ESXi) can

consume. AOS builds into the software-defined platform all of the capabilities of resiliency,
availability, and scalability that higher-end enterprise solutions offers. This allows the use of

commercial, off-the-shelf (COTS) commodity servers to serve as the hardware foundation for

most data center applications, including high performance mission critical apps.

Most HCI solutions consist of two fundamental components: a data plane and a
management plane. The Nutanix Cloud Infrastructure (NCI) and Nutanix Cloud
Manager (NCM) are responsible for data plane and management duties within the
Nutanix Cloud Platform solution. NCI distributed data plane provides a platform for
either VMs or container-based applications that runs across a cluster of nodes

delivering enterprise storage and virtualization services.

3-Tier versus NCI in the Datacenter

Moving from a traditional 3-tier architecture to a hyperconverged infrastructure can

result in significant cost savings and efficiency improvements in a data center. Some
key areas where savings and benefits are typically realized:

Reduced Hardware Costs: HCI integrates compute, storage,
and networking into a single system, reducing the need for
separate, specialized hardware components

Reduced Power and Cooling Costs: With fewer physical
components, HCI systems typically consume less power and
generate less heat, leading to lower energy costs

Space Savings: Consolidation of infrastructure reduces the
physical footprint in the data center, potentially saving on real
estate costs

Simplified Management: HCI systems leverage integrated
management tools, reducing the complexity and cost
associated with managing separate compute, storage, and
networking resources

Integrated Backup and Disaster Recovery: Include built-in
data protection features, reducing the need for separate backup
and disaster recovery solutions

Improved Utilization: HCI improves resource utilization by
dynamically allocating resources as needed, reducing the need
for overprovisioning

High Availability and Fault Tolerance: Includes advanced
features for high availability and fault tolerance, minimizing
downtime and associated costs
Lesson 3 of 14

NCI Platform

Nutanix delivers a comprehensive hybrid cloud platform that bridges the wide gap
between traditional infrastructure and public cloud services. The solution delivers
turnkey infrastructure that integrates servers, storage, and virtualization along with
end-to-end systems management and operations management capabilities. This
allows enterprises to deploy infrastructure in minutes and shift the focus to

applications that power the business.

Click on each card to see how NCI can help customers deploy a hybrid multicloud

strategy.
Up to 40% TCO Savings
Over 3-tier Architecture

Up to 60% Faster
Over Refactoring
 Up to 53% Savings
Over Cloud Native

Features and Benefits
Freedom of choice is foundational to the Nutanix product line and vision.
Enterprises live or die by their applications, and thus the underlying infrastructure
must be robust, resilient, and powerful enough to run the full gamut of workloads,
and run them well.

Click on each "plus" sign in the graphic below to learn more about customer choices
on NCI.







 

Hypervisor Choice

Nutanix supports all of the leading hypervisors, including virtualization
solutions from VMware, Microsoft, and the native Nutanix hypervisor, AHV. No matter which hypervisor
you choose, NCI makes management and operations a breeze, with seamless one-click upgrades and
automated VM management.
 

Platform Choice

Nutanix software runs on the best hardware available from the most trusted manufacturers.
Customers can choose branded Nutanix appliances or OEM appliances from Dell, HPE, Lenovo, Fujitsu,
and Cisco.
 

Cloud Choices

Business now takes place in a hybrid and multicloud world. With this reality in mind, Nutanix designs
its products and services to transcend the boundaries of on-prem and cloud. Enterprises benefit when
they are
free to choose the best cloud for their apps and business needs. Using Nutanix Cloud Clusters (NC2),
customers can seamlessly move between on-prem and cloud environments.
 

Financing Choice

NCI can be deployed on several consumption-based IT models with our trusted OEM hardware
partners

Key features in NCI include

Enterprise-grade Data Services deliver the enterprise features

you leverage in your traditional SAN environment,
including high performance, data
reduction, data protection, storage level
snapshots, resilience, and much more.
The distributed software architecture enables
advanced new features like rapid self-healing,
simple and predictable scalability, and data
locality.
Consolidated Storage Services unify storage across block, file,

and objects, simplifying management and control
of enterprise data no matter where it
is consumed or resides — across applications,
storage, and geographies

Data Protection and Disaster Recovery offer natively

integrated data protection and continuous
availability at the VM level with a range of
options available to meet recovery point
objectives (RPO) and recovery time
objectives (RTO) for different applications

Integrated Security delivers a true defense-in-depth model

using the principle of least privilege and custom
security baseline that exceeds the
requirements of the U.S. Department of Defense

Virtualization supports multiple industry standard hypervisor

solutions, allowing customers to choose the ideal
solution for their environment, whether on-
prem or in the cloud, or both. It includes full
support for VMware vSphere and Microsoft
Hyper-V in addition to the Nutanix hypervisor -
AHV, which provides a comprehensive set of
capabilities with the most stringent
security requirements included.

Virtual Networking supports application security, traffic

visibility, service insertion, overlay networking, and
network automation with partner solutions.
 Security features include microsegmentation to
secure virtual machines (VM), allowing
admins to easily manage network isolation and
enforce granular VM and application
level network policy.

Management and Analytics are streamlined through a unified

control plane combining multiple aspects of HCI
management into a single pane of glass that lets
IT admins manage infrastructure and
virtualization, access operational insights, and
fix problems, all with just a few clicks. Admins
can manage Nutanix environments end-to-end
through NCM and Prism.

Watch this short video to highlight some of the features of NCI.
 How It Works | Nutanix

Let's now step through each of the components of NCI, reviewing the key features
and benefits in each offering.
Lesson 4 of 14

AOS Storage

AOS Storage by Nutanix is a software-defined storage solution designed to deliver
high performance, scalability, and resilience for enterprise applications. It is a core
component of Nutanix's HCI platform.

AOS is the base operating system, the so-called data plane that encapsulates the run
time of storage, compute, security, and network. AOS is installed as a Controller
Virtual Machine (CVM) atop a hypervisor and creates and manages everything in a

Nutanix cluster.

AOS Storage pools the flash and hard disk drive storage across the cluster and
presents it as a storage pool that can span multiple Nutanix nodes and expand with
the cluster. It is also responsible for managing and storing data at a granular level. It
utilizes the Nutanix Extent Store, which manages data in small units called extents,
 typically 1 MB in size. This granularity allows for efficient storage utilization and
optimized data placement.

Built into AOS storage are many enterprise grade that can be broken down into four
categories:

Performance

Resiliency

Scalability

Storage Optimization

Performance
Applications on AOS Storage, even the most demanding applications, can run with
consistent and predictable performance due to these foundational features.

DA T A L OCA L IT Y IN T E L L IG E N T T IE RIN G H IG H T H ROU G H PU T

Data locality ensure high performance. When data is written by an application, one copy is
stored locally to that application so that it can be retrieved without needing to access the
network. This ensures the lowest possible latency and prevents the network from becoming
congested.

If the VM is moved from one node to another using either vMotion, live migration, or due to an
HA event, the migrated VM data is analyzed and moved if necessary to ensure data locality.
 DA T A L OCA L IT Y IN T E L L IG E N T T IE RIN G H IG H T H ROU G H PU T

Intelligent Tiering provides automatic performance optimization on systems with multiple
storage tiers (NVMe, SSD, HDD).

The storage environment continually monitors data access and automatically optimizes data
placement on either SSD or HDD tiers, resulting in optimal performance without the need for
manual intervention.

Data that is accessed frequently (hot data) is moved to the fastest tier and data that is not
accessed as frequently (cold data) is moved to the HDD tier.
 DA T A L OCA L IT Y IN T E L L IG E N T T IE RIN G H IG H T H ROU G H PU T

The latest memory class storage technologies, like NVMe, deliver high throughput and fast
response times compared to traditional SATA or SAS technology
 Resiliency
Data is protected and kept available with advanced distributed consistency
algorithms that protect against everything from bit rot to hardware failures to entire

site failures. Here are some resiliency features in AOS Storage.

G RA N U L A R A N D E FFICIE N T
A U T OM A T IC SE L F- H E A L IN G T U N A B L E RE DU N DA N CY
SN A PSH OT S

Metadata-based local snapshots with virtual machine and application-level consistency
recover data instantly to meet a wide range of RPO and RTO requirements.

Data protection features include local snapshots and self-service restore for minor incidents,
and Async, NearSync, and Sync replication for major incidents.
G RA N U L A R A N D E FFICIE N T
A U T OM A T IC SE L F- H E A L IN G T U N A B L E RE DU N DA N CY
SN A PSH OT S

AOS Storage is designed to automatically self-heal in the event of SSD, HDD, NVMe device, or
node failures. It can fully recover the management stack without requiring any user
intervention or causing delays.

AOS continuously monitors the health of hardware components (such as disks, nodes, network
interfaces) and software services. It uses built-in health checks to detect failures promptly.
When a failure is detected, AOS automatically triggers data rebuilds from surviving replicas.
This ensures that the system can continue to provide data availability and integrity without
manual intervention.
G RA N U L A R A N D E FFICIE N T
A U T OM A T IC SE L F- H E A L IN G T U N A B L E RE DU N DA N CY
SN A PSH OT S

AOS Storage absorbs incoming writes onto fast, low latency storage like SSDs or NVMe. Data is
then written to back-end storage resources asynchronously. This process ensures data exists in
at least two independent locations in the cluster.

AOS uses replication factors for data redundancy and availability in the case of failures. When
you enable replication factor 2, the cluster maintains two copies of data for each storage
container with replication factor 2 enabled. When you enable replication factor 3, the cluster
maintains three copies of the data.

By default, AOS Storage provides disk awareness and node awareness. Data replicas are
placed such that two copies are never on the same disk or node. AOS Storage can also provide
block awareness (a block is a multi-node enclosure) and rack awareness. These options ensure
that data copies are not placed on the same block or the same rack, respectively, for protection
against power failures, cooling problems, etc.
 Scalability
Storage can be sized precisely for your needs and expanded quickly and easily as
needs grow. Storage policies are applied logically on a per-workload basis, instead
of being tied to hardware. Here are some scalability features in AOS Storage

E A SY SCA L E - OU T IN DE PE N DE N T LY SCA L E FA ST PROVISION IN G

AOS Storage allows organizations to start with the infrastructure they need today, and
effortlessly scale out as application and business needs evolve.

The platform supports linear scalability, allowing organizations to easily add more nodes to
increase storage capacity and performance. This helps in managing growing data needs
without significant architectural changes.
 E A SY SCA L E - OU T IN DE PE N DE N T LY SCA L E FA ST PROVISION IN G

To scale compute and storage, the most common approach for nodes within a cluster is to
deploy a node that has more compute than storage, or a node that has more storage than
compute. When necessary, customers may want to independently scale storage or compute
resources which may helps to fine tune requirements for applications with different needs and
hypervisors.

The Nutanix cluster uses the resources (CPUs and memory) of a compute-only (CO) node
exclusively for computing purposes. A compute-only (CO) node allows you to seamlessly and
efficiently expand the computing capacity (CPU and memory) of your cluster. This can be
useful for workloads that may not require a lot of storage, such as VDI.

A storage-only (SO) node allows you to seamlessly expand the storage capacity in your cluster.
A storage-only node always runs the AHV hypervisor. Therefore, if you want to scale up only the
storage capacity in your cluster, you do not need to purchase additional hypervisor licenses. By
using storage-only nodes, you can significantly scale the storage capacity of a cluster
independent of compute.
 E A SY SCA L E - OU T IN DE PE N DE N T LY SCA L E FA ST PROVISION IN G

Storage policies are easily created and attached to VMs allowing instantaneous access to
dynamic storage pools as capacity is added.

Storage policies let you manage the storage attributes like replication factor, encryption,
compression, and QoS of entities like Virtual Machines (VMs) and Volume Groups (VGs).
A single storage policy can manage the attributes of several entities that are associated with
various categories.
 Storage Optimizations
AOS Storage incorporates a wide range of data efficiency technologies that work in
concert to make the most efficient use of the available storage capacity in a Nutanix

cluster. Here are some data efficiency features in AOS Storage.

COM PRE SSION DE DU PL ICA T ION E RA SU RE CODIN G

Compression saves physical storage space and improves I/O bandwidth and memory usage—
which can have a positive impact on overall system performance. There are two types of data
compression integral to AOS Storage:

1. Inline compression. Enabled by default, sequential streams of data or large I/Os are
compressed as they are written to the Extent Store.

2. Post-process compression. Data is initially written in an uncompressed state. A
background process periodically compresses data cluster-wide, eliminating any impact
on write latency.
 COM PRE SSION DE DU PL ICA T ION E RA SU RE CODIN G

There are two types of deduplication – performance tier and post process map reduce. The
performance tier deduplication removes the duplicate data inline with the content cache to
reduce the footprint of the applications working set. The post-process deduplication reduces
repetitive data in the capacity tier to increase the effective storage capacity of a cluster.

The Elastic Deduplication Engine is the software-based feature that deduplicates data in the
extent store. After AOS Storage marks the duplicate chunks for deduplication, the Curator
MapReduce framework removes those chunks.
 COM PRE SSION DE DU PL ICA T ION E RA SU RE CODIN G

AOS Storage uses an innovative erasure coding technology that increases usable capacity
significantly without affecting resilience. Instead of keeping one or two duplicate copies of
data, it encodes a strip of data blocks on different nodes and calculates parity.

In the event of a disk or node failure, parity is used to calculate any missing data blocks. The
number of data and parity blocks in a strip is configured based on the number of failures you
want the system to be able to withstand.
Lesson 5 of 14

AHV Virtualization

Enterprise Grade
As the default option for Nutanix HCI, the native Nutanix hypervisor, AHV, represents
a unique approach to virtualization that offers the powerful virtualization
capabilities needed to deploy and manage enterprise applications. AHV is our

virtualization platform built on the KVM open source hypervisor and completely
integrated into our full Nutanix stack. Nutanix contributes regularly to open source
projects which allows us to explore unique areas of innovation that are not possible
when dependent on other virtualization platforms.

It uses the best from open-source software, and Nutanix has spent the last 10 years
making AHV enterprise ready with features like built-in software-defined
networking, built-in security, high availability, and dynamic scheduling. AHV keeps
up with and optimizes the latest hardware advances like vGPU/GPU passthrough for
high performance AI workloads. and AHV Turbo, which is an I/O enhancement built
to take advantage of next generation, ultra-low latency storage devices like NVMe.

AHV supports most of the popular guest OS platforms and continually expand our
ecosystems with over 750+ solutions validated to work on AHV.
 While Nutanix AOS supports VMware ESXi and even Microsoft’s Hyper-V, which
certainly have the potential to offer a robust and capable solution, AHV is the
superior option for those looking to simplify or have specific needs, budget or

operational constraints. AHV is included with NCI (no additional licensing costs) and
completely integrated into our full Nutanix stack. Since NCI supports multiple
virtualization solutions side by side from the same NCP platform, it prevents vendor
lock-in and provides choice for future workloads.

VM management on AHV focuses on creation, updates, deletion, data protection,
and monitoring of VMs and their resources. Managing VMs and workloads is made
simple with Prism. From on-premises multi-clusters to the single cluster at the edge
to the public cloud, Prism Central provides the infrastructure management,
monitoring and health, all from a single view.

Key AHV Features
Let's discuss some of the key AHV features available today

VM High Availability

The HA capabilities of AHV is designed to ensure that virtual machines (VMs) remain available
and operational even in the event of hardware or software failures within the Nutanix cluster.
When a host (node) fails, VMs running on that host are automatically restarted on other
healthy nodes within the cluster. This minimizes downtime and ensures business continuity.

Fast VM Migrations

Nutanix AHV provides more efficient and faster VM migrations than ever with micro stunning,
while on-demand Cross Cluster Live Migration (CCLM) enables smooth VM transfers across
AHV clusters to ensure uninterrupted service and reliability.
AHV also supports cross-hypervisor migrations. Nutanix simplifies the process of migrating
existing VMs between an ESXi cluster and an AHV cluster using built-in data
protection capabilities. You can snapshot VMs on the source ESXi cluster and replicate them to
the AHV cluster, where you can restore them and bring them online as AHV VMs.

Acropolis Dynamic Scheduling (ADS)

Acropolis Dynamic Scheduling (ADS) proactively monitors your cluster for any compute and
storage contentions or hotspots over a period of time. If ADS detects a problem, it creates a
migration plan that eliminates hotspots in the cluster by migrating VMs from one host to
another. It offers intelligent initial VM placement and adjusts workloads across the cluster for
peak performance and streamlined efficiency.

Intelligent VM Placement

AHV offers intelligent VM placement and adjusts workloads across the cluster for peak
performance and streamlined efficiency. With Automatic Cluster Selection in AOS 6.8, we can
also intelligently initially place workloads across clusters.

Comprehensive Security

Nutanix AHV ensures a fortified virtualization space with one-click STIG applications,
automated compliance and self-healing mechanisms. It also delivers data encryption,
network microsegmentation and consistent security patches for comprehensive protection.
Software-defined Networking

Nutanix AHV networking simplifies network management with software-defined networking
solutions and microsegmentation, ensuring secure, efficient traffic in virtual and cloud
infrastructures.
Lesson 6 of 14

Prism Management

Nutanix Prism is the single pane of glass for Nutanix clusters and provides an easy
way to manage Nutanix environments end-to-end. It combines multiple
management aspects into a single consumer-grade product that lets IT admins
manage infrastructure and virtualization, access operational insights, and fix
problems, all with a few clicks.

Just as NCI creates a data plane that spans the entire cluster for performance and
resiliency, Nutanix Prism creates the same resiliency for management and
operational intelligence. It is comprised of two components: Prism Element at the
cluster level and Prism Central for multi-cluster management and analytics.
A Prism Central instance can consist of either a single VM or a set of three VMs for a
highly resilient deployment. A single instance can manage hundreds of clusters and
can be deployed either on-premises or in the public cloud using NC2. Multiple

Prism Central domains can be consolidated into a Nutanix Central console providing
global visibility across multiple cloud deployments.

Prism manages the entire stack from the storage and compute infrastructure all the
way up to virtual machines (VMs). The Prism Central console is used to manage
clusters, whereas single nodes can be managed by both Prism Central and Prism

Element consoles. In addition to the device-friendly HTML5 Prism interfaces, all
management capabilities are exposed through comprehensive APIs, PowerShell,
and the command line interface (CLI) to facilitate integration and automation.

Prism Capabilities
 Prism provides a complete range of management capabilities, that can be broken
down into three functionalities:

IN FRA ST RU CT U RE CL OU D M A N A G E R
PL A T FORM A DM IN IST RA T ION
M A NA G E M E NT FU N CT ION A L IT IE S

Prism Infrastructure enables the configuration and management of cluster components
including:

Hardware component dashboards with drill-down options to view details on clusters,
hosts, disks, and GPUs across registered clusters

Configuration and dashboards for managing VMs, VM templates, storage, and volume
groups across registered clusters

Configuration and dashboards for managing networking elements like subnets, VPCs,
VPN, and security policies across registered clusters

Configuration and dashboards for managing data protection including protection
policies and recovery plans

Activity monitors for events, tasks, and audits
 IN FRA ST RU CT U RE CL OU D M A N A G E R
PL A T FORM A DM IN IST RA T ION
M A NA G E M E NT FU N CT ION A L IT IE S

The Admin Center in Prism enables administrators to perform many platform-specific tasks
including

Perform inventory and software updates as part of Life Cycle Management (LCM)
functionality

Discover and deploy Nutanix apps such as NCM Self-Service, Files, Move, NDB, and more

Enable a Marketplace to manage Nutanix apps and preferred partner apps

Define and implement IT Projects based upon field requirements

Manage Nutanix application licensing

Define users, roles and authentication for Identify and Access Management (IAM)

Manage security functionality
 IN FRA ST RU CT U RE CL OU D M A N A G E R
PL A T FORM A DM IN IST RA T ION
M A NA G E M E NT FU N CT ION A L IT IE S

Prism provides access to NCM functionality of Intelligent Operations and Self-Service. Cost
Governance and Security Central are SaaS services that can connect to Prism.

Intelligent Operations which provides full stack visibility (from compute to storage)
across your environments. The AI-powered engine within NCM provides continuously
predictive monitoring and can detect inefficiencies and generate actionable signals. ML-
based analysis enables self-tuning or rightsizing applications based upon workload
demands.

Self-Service which enables building and using the cloud, and provides direct and
efficient delivery of services to those outside of IT, but with the appropriate guardrails
needed for optimal resource utilization, resiliency, and security. The one-click marketplace
gives developers and other infrastructure users with the ease and convenience of quickly
accessing the resources.

Cost Governance which covers both on-premises and public cloud environments. For
on-premises, there is a unique TCO model that allows the breakdown of spending as well
as future forecasting. For public cloud deployments, you can see cloud spend across all
cloud environments.

Security Central which provides multicloud security with continuous security compliance
monitoring, risk monitoring and planning, and custom audits to see what your risk
posture is. Using the ML-based engine, NCM can detect things like user behavior
anomalies and network threats, and can automate responses or provide alerts.

Demonstration
Sometimes it's easier to watch a demonstration that showcases features as opposed
to reading about capabilities. Let's hear from Laura Jordana (Director, Technical
Marketing, NCM) as she reviews key features of Prism.
New Prism Central Experience in PC.2023.1 | Tech Bytes | …
Lesson 7 of 14

Data Protection and Disaster Recovery

NCI has a natively integrated Business Continuity and Disaster Recovery (BCDR)
solution that combines disaster recovery (DR) and data protection (DP) under one
umbrella. Nutanix BCDR gets your applications up and running with minimal
downtime and data loss. It also helps customers avoid disruption by providing
failover and failback for compute and storage with a range of recovery point

objective (RPO) choices.

As you can see, we have BOTH elements of BCDR shown: DR and integrated backup.
Each of these solutions are zero-touch, meaning, once configured, no manual
intervention is required to ensure data protection is occurring. The only thing left for
customers to do is click once within Prism to failover in the event of a disaster. This is
very different from traditional disaster recovery and data protection solutions, where
orchestrating a response to a disaster is arduous, requiring lots of manual

intervention.

Comprehensive Backup with Partner
Ecosystem
Backup refers to the process of creating a copy of data to recover from data loss or
corruption. Nutanix works closely with our partner ecosystem to provide a
comprehensive backup solution based on customers’ needs.

A widely recognized best practice in the industry, the 3-2-1 rule for backups calls for
maintaining three copies of data stored in two different locations while the third
copy is stored offsite. This safeguards data integrity by providing tiered backups in
the event of compromise to the primary data source. In certain types of disasters, like

ransomware attacks, having an off-site copy of the data is the only effective way to
recover. New regulations like DORA (Digital Operational Resilience Act) creates a
regulatory framework that all EU-based firms need to make sure they can withstand,
respond to, and recover from all types of disruptions and threats. Having a strong

backup plan can help to align with those new regulations.

By partnering with leading data protection vendors, Nutanix ensures you can drop a
reliable backup solution into your operations quickly and easily. Having a breadth of
partners enables you to choose the best software for your organization and
eliminates the time and expense of configuring stand-alone secondary storage

solutions.

Disaster Recovery
Nutanix provides asynchronous, near-synchronous, and synchronous replication

options to support different recovery SLAs as part of a complete business continuity
plan. For each application, customers will define a Recovery Time Object (RTO) and
Recovery Point Objective (RPO). Both objectives are time-based: RTO is the time
allowed to restore normal operations when an IT failure occurs, and RPO is the
maximum amount of data you are willing to lose, e.g. one hour's worth of data.

Snapshots and backups can protect from certain types of events or failures, but only
replication can help to meet RTO/RPO objectives in the minutes or even seconds of
loss.

Nutanix disaster recovery and replication capabilities are built on snapshot
technology. VM snapshots can be asynchronously replicated or backed up to another
datacenter based on a user-defined schedule.

Asynchronous Replication
Nutanix asynchronous replication makes it possible to create an affordable DR
solution where the RPO is 60 minutes or greater. Replication topologies are flexible
and bi-directional, enabling one-to-one, one-to-many, and many-to-many
deployments. During replication, data is compressed and replicated at the sub-
block level for maximum efficiency and lower WAN bandwidth consumption.
In this example, the primary site has two different application sets that have different
replication needs. Applications in Protection Domain 1 will be replicated to the
Secondary Site B, but applications in Protection Domain 2 are replicated to two sites

for added protection. Site A also runs applications and uses Protection Domain 3 to
replicate to the Secondary Site B as well.

Near-Synchronous Replication with NearSync
Nutanix NearSync builds on the asynchronous replication capabilities just described
to create a solution that can achieve an RPO lower than traditional asynchronous
replication and very fast RTO. RPO for this solution is targeted between 1 minutes
and 15 minutes.

Nutanix uses the lightweight snapshots (LWS) feature to handle a high rate of
snapshots without affecting the running application. LWS tracks changes with
markers instead of creating new vDisks for every snapshot. With markers, you don't
need to maintain metadata or collapse long snapshot chains; however, when you
enable NearSync, LWS handles all changes in SSD. To accommodate this trade-off,
Nutanix reserves a percentage of SSD space for LWS when you enable it.

When you configure a snapshot frequency of 15 minutes or less, NearSync is
automatically enabled.

Metro Availability
For critical applications requiring zero RPO and near-zero RTO, Nutanix provides
Metro Availability. Synchronous replication ensures continuous data availability
across separate sites in a Metro Availability installation. During a disaster or planned
maintenance, VMs can fail over from a primary site to a secondary site, guaranteeing

nearly 100 percent uptime for applications.

Metro Availability can be set up bi-directionally between two sites connected over an
IP-based metro area network. The only network requirement is a round-trip latency
of less than five milliseconds, driven by guest OS requirements for acknowledging

storage writes. Data is written synchronously to both sites, so it is always available to
applications in the event a site fails or needs maintenance. You can non-disruptively
migrate VMs between sites for planned maintenance events or other needs.
DR Orchestration
The complexity of data protection—with multiple solutions, devices, and interfaces—
is a huge problem. Prism can be used to manage all Nutanix data protection and DR
functionality.

Nutanix protection policies and recovery plans are available in Prism Central for AHV
and ESXi to orchestrate operations around migrations and unplanned failures. A

protection policy automates the creation and replication of snapshots across all the
clusters managed by Prism Central. When you configure a protection policy to
create local snapshots, you just specify the RPO, retention policy, and the entities you
want to protect. If you want to automate snapshot replication to a remote location,
you can also specify the remote location.

A recovery plan orchestrates restoring protected VMs at a backup location, whether
that location is on-premises or in the cloud. Recovery plans can either recover all
specified VMs at once, or will execute a runbook functionality to recover applications
gracefully and in the required order.
Lesson 8 of 14

Container Support

In addition to virtualization, NCI includes an integrated Kubernetes control plane to
simplify the deployment and management of cloud native workloads deployed in
containers. Nutanix Kubernetes Service (NKE) is fully integrated into AHV, enabling
your organization to run cloud native workloads alongside your virtualized
enterprise applications. NKE also includes an integrated CSI driver, providing

applications deployed in containers with direct access to AOS storage for persistent
data.

In addition, NCI is an excellent platform for providing compute and persistent data
services giving customers a choice of developer environments including Rancher,

RedHat OpenShift, Amazon EKS-A, and more at the edge, core, and cloud.

Nutanix Kubernetes Platform
At the.NEXT Conference in May 2024, Nutanix announced Nutanix Kubernetes

Platform (NKP) to simplify management of container-based modern applications
using Kubernetes. NKP enables customers to innovate faster with a complete, CNCF-
compliant cloud native stack that gives Platform Engineering teams a consistent
operating model for securely managing Kubernetes clusters across on-premises,

hybrid, and multicloud environments. This can help customers deploy more cloud
native and containerized applications that can ultimately run anywhere.

NKP targets a new class of Kubernetes Platform Engineering teams to bring
enterprise resilience, day-2 operations, and compliance to modern applications at
scale. For example, customers can manage clusters running containers on Nutanix
on-premises and clusters running in the public cloud with one single pane of glass,
cutting down on complexity and operating costs. It also enables organizations to

manage clusters running in non-Nutanix environments, including popular public
cloud Kubernetes services, as well as both connected and air-gapped environments.
This helps customers innovate faster by removing the hurdles in adopting cloud
native architectures for their applications.

“One of the biggest challenges organizations face with cloud native applications is
deploying, securing and managing the rapidly expanding fleets of Kubernetes
clusters being deployed on premises and in public clouds and NKP simplifies this,”
said Tobi Knaup, GM Cloud Native at Nutanix. “This work directly supports our vision,

along with Project Beacon, to enable customers to run modern applications and
their data anywhere.”

NKP will replace NKE in the coming months.

Nutanix Data Services for Kubernetes
Nutanix Data Services for Kubernetes (NDK) expands the rich data services provided
by AOS Core to stateful containerized applications running on the Kubernetes
framework. It allows data protection and management services including
asynchronous replication and disaster recovery to be configured seamlessly using

self-service tools. It also provides for IT infrastructure monitoring and control using
integration with Prism Central.

NDK works with both NKE and NKP platforms.
Lesson 9 of 14

Virtual Networking

Flow Virtual Networking from Nutanix delivers security, automation, and software-
defined networking (SDN) that simplifies the creation and configuration of virtual
networks without time-consuming manual configurations of physical networks,
routing, or IP address assignment.

The VPC or Virtual Private Cloud is the basic unit of Flow Virtual Networking. Each
VPC is an isolated network namespace with complete control over your networking
environment, including IP address range, subnets, routing, and gateways. A VPC
can expand to include any cluster managed by the same Prism Central, but
generally a VPC should exist only within a single AHV cluster, or within clusters in the

same availability zone.
Core services like DHCP, NAT, routing, and security policies are all configurable from the from

the Prism Central console. Manage policy-driven access controls to allow or deny

communication between subnets.

From there, you can create and manage network access policy or enhance security by

inserting advanced security functions provided by Nutanix partners into the VPC

environment. FVN can redirect traffic between subnets to a virtual appliance for additional

processing or inspection.

Prism also allows for self-service network creation, enabling and allowing users to create their

own networks within the parameters you define.
VPCs allow you to logically isolate virtual networks without changing underlying
physical networks. Isolation using VPCs ensures workloads and VMs can be quickly
and logically separated for testing, development, compliance, and security. It also

easily enables multi-tenant capabilities, ensure strict compliance with multiple,
segmented networks managed within the same cluster without additional
complicated networking.

VPC networking enables configurations and details to span private or public clouds

without complex changes. Quickly connect VPCs on your local, DR, and public
cloud-based Nutanix deployments. Using NAT and VPN Services, link your Nutanix
VPCs to your other private and virtual public cloud networks. And easily stretch
Layer 2 traffic across different VPCs for disaster recovery, partial failover, active/active
sites, or bridging to a physical network.
Use Cases
Virtual networking has many use cases:

Full Site Failure

Re-IP
Failover / DR
Move network

VPC Stretch

Cloud Burst - Recommend
new subnet or L2 stretch
Migration - requires re-IP or
Workload Placement
L2 stretch
Multi-cluster - automatic
cluster selection
 One or more VPCs per
tenant
Multi-tenancy Map VPCs to VRF -
helpful for service
providers
Lesson 10 of 14

Security and Network Security

Secure by Default
NCP is hardened by default, leveraging features from NCI, then managed through
NCM. Nutanix utilizes the principle of least privilege and delivers a true defense-in-
depth model with turn-key security policies and controls across features like two-

factor authentication and data-at-rest encryption. At the Nutanix core, a security
development lifecycle is used across every feature and integrated into product
development to help meet the most stringent security requirements.

Nutanix helps achieve deeper alignment to critical frameworks and standards like

the zero-trust security model or the CISA Cybersecurity Framework to improve cyber
resilience and is certified across a broad set of evaluation programs to ensure
compliance with the strictest standards. Its custom security baseline exceeds the
requirements of the U.S. Department of Defense.

Here are some security features built into NCI:
Data-at-rest Encryption

Data-at-rest encryption is delivered through self-encrypting drives (SED) that are factory-
installed in Nutanix hardware. This provides strong data protection by encrypting user and
application data for FIPS 140-2 Level 2 compliance. For SED drives, key management servers
are accessed via an interface using the industry standard Key Management Interface Protocol
(KMIP) instead of storing the keys in the cluster.

Two-factor Authentication

Nutanix solutions support SAML integration and optional two-factor authentication for system
administrators in environments requiring additional layers of security. When implemented,
administrator logins require a combination of a client certificate and username and password.

Secure Access

Nutanix also offers a higher security configuration option called Cluster Lockdown, which
restricts access to a Nutanix cluster in security-conscious environments such as government
and healthcare datacenters. Cluster lockdown not only disables interactive shell logins
automatically but can also enable more restrictive access based on cryptographic keys.

Security Development Lifecycle

Nutanix uses a unique, well-defined Security Development Lifecycle (SecDL) to incorporate
security into every step of the software development process, from design and development
to testing and hardening. Threat modeling is used to assess and mitigate customer risk from
code changes. SecDL testing is fully automated during development, and all security-related
code modifications are timed during minor releases to minimize risk.
Secure Configuration Baseline

Nutanix provides a security baseline based on the US DISA STIG format in both human
readable format and in eXtensible Configuration Checklist Description Format (XCCDF), which
allows automated assessment tools, such as Host Based
Security System (HBSS), to read it. This provides detailed information on how to assess a
Nutanix system to determine compliance with the baseline requirement, cutting down
accreditation time from 9-12 months to a matter of minutes.

Flow Network Security
Flow Network Security provides application security, visibility, service insertion, and
network automation with partner solutions. Security includes east/west firewalls, or
microsegmentation, allowing admins to easily manage network isolation and
granular VM and application-level network policy. The extensive visibility makes it
easier to see the complex interactions of modern applications, while also improving

troubleshooting and simplifying policy creation and maintenance.

Flow Network Security (FNS) quickly creates virtual firewalls between VMs and
applications called microsegmentation managed centrally through Prism. Since
FNS is application-centric, you can secure applications, prevent data loss, and

support compliance goals.
Microsegmentation moves security from the perimeter to VM or application granular
controls that limit data center communication to what is minimally required for
applications to operate. Moderns application have many components interacting

with each other (east / west traffic) - it is operationally infeasible to secure them using
a traditional perimeter firewall. In a microsegmented environment, malware spread
is greatly reduced if not completely blocked. Service insertion and network
automation help extend and enhance networking function through partner or API

integrations with capabilities like deep packet inspection and threat intelligence.

Security Central
Security Central helps to extend Flow Network Security by helping to plan and
deliver microsegmentation. It provides multicloud security with continuous security
compliance monitoring, risk monitoring and planning, and custom audits to see
what your risk posture is.

Optimization
Security Central uses Machine Learning (ML) algorithms to learn about the users,
entities, and network logs. Based on this information, Security Central builds a
baseline profile of regular activities. Any activity deviating from the baseline profile
gets classified as an anomaly. It constantly looks for anomalies in counts, patterns,
place, and time of day. When anomalies are detected, they can be responded to
automatically or alert notifications can be sent to administrators for action.

Click on each "plus sign" in the Dashboard to read more about each widget.

 

 

 

Security Overview

The Security Overview provides a quick snapshot of the overall security posture, by region or cloud or
cluster. It shows open issues and color-coded open issues in the last week.
 

Regulatory Compliance

Compliance governance at your fingertips, by compliance policy and risk assessment It shows your
compliance score for supported regulatory standards.
 

Network and Microsegmentation

Get the pulse of your network traffic with Network and Microsegmentation. It monitors new traffic
flows, the network traffic that was blocked, and a graph of traffic activity over the past period.
 

VM Security Status

Provides a snapshot of VM security status, including those VMs that are unprotected (without a security
policy).
 

Recent Findings

This shows the recently opened issues (last 24 hours) for selected policies, sorted by severity and issue
count.

The Security Central Investigate feature enables you to run queries on network logs
and inventory attributes using Common Query Language (CQL), which is similar to
SQL. You can use Investigate to retrieve resource information to identify any
configuration errors, unprotected traffic flows, and detect policy violations that
expose your resources to risk and non-compliance to industry benchmarks.

Investigate allows you to identify possible security risks in the environment so that
remediation actions can be taken.

Compliance
The Security Central platform is highly trusted and undergoes strict security
vigilance. Compliance can also be validated against regulatory policies, with out-
the-box policies for HIPAA, PCI, CIS benchmarking for public cloud, NIST, GDPR, and
more, along with Nutanix prescribed security best practices. Visit Nutanix Trust to
view Security Central compliance certifications.

Security Central generates reports to track security compliance across all your cloud
accounts or scopes at both aggregate and granular levels, and can report on specific
compliance standards like PCI-DSS or HIPAA. Reports can be generated at
scheduled times and emailed out automatically to key stakeholders.
Lesson 11 of 14

Nutanix Cloud Clusters

Nutanix Cloud Clusters (NC2) is a hybrid multicloud platform with natively
integrated networking between private and public clouds. It allows seamless
application migration and license portability across all environments and enables
customers to run the full Nutanix software stack anywhere—in private or public
clouds.

NC2 is an extension to the Nutanix Cloud Infrastructure (NCI) platform. It leverages
capabilities within NCI, including AOS, Prism, Flow Virtual Networking, AHV, and

Nutanix Disaster Recovery. Other products, like Nutanix Cloud Manager (NCM), can
greatly enhance the hybrid multicloud experience using features like Cost
Governance, Self-Service, Intelligent Operations, and Security Central for security
and compliance. Customers running Nutanix Unified Storage (NUS) and Nutanix
Database Service (NDB) can provide data storage and database services across both
public and private clouds, simplifying application mobility.

Nutanix designed its software to give customers running workloads on cloud

computing providers like Amazon Web Services (AWS) and Microsoft Azure, the
same experience they expect from on-premises Nutanix clusters. This is
accomplished by running the full NCP platform stack on both on-premises and
public cloud. By using the same NCI platform, NC2 extends the ease of use of the

Nutanix software stack to the public cloud and greatly reduces the operational
complexity of extending, bursting, or migrating your applications and data between
clouds. Because all cloud platforms run Nutanix AOS and AHV with the same CLI, UI,
and APIs, existing IT processes and third-party integrations continue to work

regardless of where they run.

A management console, the NC2 console, is available via MyNutanix manages
hybrid multicloud lifecycle operations in AWS and Azure, and provides provisioning
and scaling of Nutanix clusters on bare metal nodes.

NC2 on AWS
NC2 on AWS installs the complete Nutanix hyperconverged infrastructure (HCI)
stack directly on an Amazon Elastic Compute Cloud (EC2) bare-metal instance.
Nutanix provisions the full bare-metal host for your use, and the bare-metal hosts

are not shared by multiple customers. Using bare metal, and installing the Nutanix
stack on top, allows leveraging AWS networking components to connect to the
network and VMs don't require any additional configuration to access AWS services
or other EC2 instances. This greatly simplifies the administration and management
of the platform.

There are a variety bare metal configurations to choose from, with the ability to
create large 28-node clusters. Descriptions of the AWS bare metal configurations
can be found on the Nutanix Hardware Platform Spec Sheet website.
NC2 on Azure
NC2 on Azure installs the complete Nutanix hyperconverged infrastructure (HCI)
stack directly on bare-metal instances in a dedicated infrastructure within Azure.
This solution offering was a joint engineering effort with Microsoft and Nutanix, and
Microsoft spins up this platform in regions around the world, ready for customers to
consume. NC2 on Azure works with certain bare-metal instances in specific regions.

There are 2 bare metal configurations to choose from, with the ability to create large
28-node clusters. Descriptions of the Azure bare metal configurations can be found
on the Nutanix Hardware Platform Spec Sheet website.
Lesson 12 of 14

Resources

Additional resources for NCI can be found here:

NCI Spot Page
Intranet site for all questions and content on NCI

SPOT

Nutanix Cloud Infrastructure
NCI page on the nutanix.com site

NUTANIX.COM

Definitive Guide to Hyperconverged Infrastructure
A comprehensive document on the features and value of HCI

EBOOK

Definitive Guide to Nutanix AOS Storage
A thorough discussion on the capabilities of AOS Storage

EBOOK
Definitive Guide to Data Protection and Disaster Recovery
A comprehensive review of Nutanix data protection and disaster recovery solutions

EBOOK
Lesson 13 of 14

Assessment
Question

01/13

What are some benefits of adopting hyperconverged infrastructure in a data
center? (pick 3)

Reduced hardware costs

Increased power consumption

Simplified management

Improved resource utilization
Question

02/13

Which of the following are key features of Nutanix Cloud Infrastructure (NCI)?
(pick 3)

Vendor lock-in

Support for multiple hypervisors

Platform choice for hardware

Seamless movement between on-premises and cloud
environments
Question

03/13

What is the primary benefit of data locality in AOS Storage?

It reduces network congestion

It enhances data compression

It improves data encryption

It increases storage capacity
Question

04/13

What are the key resiliency features of AOS Storage? (pick 3)

Automatic self-healing

Independent scaling

Tunable redundancy

Granular and efficient snapshots
Question

05/13

What storage optimization techniques are used in AOS Storage? (pick 3)

Erasure coding

Compression

Deduplication

Data locality
Question

06/13

Which features are part of AHV's key capabilities? (pick 3)

VM High Availability

Software-defined Networking

Fast VM Live Migrations

Manual VM Scheduling
Question

07/13

What does Acropolis Dynamic Scheduling (ADS) do in AHV?

Manages network traffic

Handles user authentication

Encrypts data in transit

Optimizes VM placement
Question

08/13

What are the deployment options for a Prism Central instance?

Two VMs or four VMs

Three VMs or six VMs

Single VM or five VMs

Single VM or three VMs
Question

09/13

What is the primary advantage of Nutanix asynchronous replication?

It achieves RPO lower than 1 minute

It allows for flexible replication topologies

It requires less than 5ms round-trip latency

It enables zero RPO and near-zero RTO
Question

10/13

What capabilities does Flow Network Security provide for application security?
(pick 3)

Microsegmentation

Application-level network policy

East-west firewalls

Physical network reconfiguration
Question

11/13

What is a primary function of Flow Virtual Networking?

It only works with non-Nutanix clusters

It provides physical network configurations

It simplifies virtual network creation

It requires manual IP address assignment
Question

12/13

What is the main function of Flow Network Security's microsegmentation?

To manage physical networks

To create virtual firewalls

To reduce network costs

To increase network speed
Question

13/13

What are the key features of NC2 that enable a consistent experience across on-

premises and public cloud environments? (pick 2)

Using the same CLI, UI, and APIs

Providing different management interfaces for each cloud

Utilizing cloud-specific hypervisors

Running the full NCP platform stack
Lesson 14 of 14

Feedback

We greatly appreciate any comments or feedback that you can provide which will
help us to improve the learning experience for the Sales community. Please click on
the following link to provide feedback to our team.

Update URL

Feedback for Learning Academy on this course