The .NEXT User Conference in VIenna was the setting for several exciting product announcements to further the vision of the Nutanix Enterprise Cloud Platform.
The ambition of the Nutanix Enterprise Cloud Platform is bringing cloud-like operational simplicity to enterprise datacenters. If the enterprise datacenter behaves and operates like a public cloud, then application demands will drive private cloud vs public cloud (aka “buy vs rent”) decisions, instead of vendor-driven requirements that are imposed on enterprise IT users. Delivering on this was less about stitching together different disparate solutions and making them work. It was about reimagining how infrastructure should look and behave based on applications needs and changes. The first step was to converge compute and storage, which we accomplished five years ago (now commonly called Hyperconvergence). The next step was to reimagine virtualization and datacenter management, and continue the push to simplify the full data plane and control plane. The result was Nutanix AHV virtualization and the plethora of enhancements incorporated into Nutanix Prism – our native management solution.
We are now embarking on the next step in this journey – collapsing networking within the same cloud stack. As we talk to customers during EBCs and Customer advisory councils, the #1 ask we get has always been about how Nutanix will help simplify common networking operations related to security and isolation.
Nutanix is intending to address three primary networking challenges:
- Visualizing the network design and network health in an application-centric manner
- Securing the network from internal threats – without adding complexity
- Orchestrating the network to automatically adapt to dynamic application needs
While these are not the only challenges IT administrators have with respect to networking, nor will we stop with just solving for this, these challenges are some of the most visceral ones that slow down datacenter operations.
Visualizing Network To Instantly Triage Issues
When different virtual machines communicate, traffic from the VM typically flows through the virtual switch down to the physical NIC, and then to the top of rack switch before it goes to another VM residing on a different server. Every time a VM is added, deleted or modified, the right VLANs should be configured on the physical switch, as well as for the host so that the VMs can communicate with each other. Oftentimes VLAN misconfigurations or port failures can be the primary reasons why applications are down, or have connectivity issues. Isolating and fixing these issues can drain precious IT time because users do not get a complete view of how applications are connected to the underlying infrastructure.
Network virtualization attempts to solve exactly this. It will provide an at-a-glance view of the networking entities upon which applications rely, as well as their relationships with each other. Here are a few things to know about Nutanix Network Visualization:
- Natively integrated into Nutanix Prism, and will be available through a simple, non-disruptive software upgrade
- Can filter network views by application, user, virtual machines, VLANs or hosts
- Isolate VLAN misconfigurations, ports failures, packet drops and other common networking issues
- Monitor summary of switch port stats to monitor packet flow and performance
Mean time to restore from failures is an important metric that most enterprises track. Network Visualization along with all the other natively integrated monitoring solutions in Prism is designed to bring this down significantly.
Networking Visualization will be available in the 5.0 release.
Securing Applications Through Native Microsegmentation
Securing networks and data is an ever-important challenge. With the exploding growth of smaller modular applications that are not tied to a specific hardware or datacenter, the concept of network perimeter is fast disappearing. Workloads can be spun-up anywhere and moved at any point which can quickly result in lateral spread of threats, so inspecting and securing just the perimeter is necessary, but insufficient. IT organizations need consistent security enforcement everywhere in the datacenter through centrally automated policies. Additionally, these policies should be application-centric, and fully decoupled from the network.
A subsequent Acropolis release will include a native Micrososegmentation service to secure applications from attacks that originate from within the datacenter. Once released, Acropolis Microsegmentation Services (AMS) will allow Nutanix to secure east-west communications within the datacenter through policies that are simple to deploy and manage. Here are a few things to know about AMS:
- AMS will deliver stateful distributed firewall capabilities that protect every single VM within the Nutanix cluster
- AMS will deliver a simple and intuitive policy model bringing microsegmentation to even non-networking IT managers through the 1-click simplicity in Nutanix Prism
- AMS will do L3/L4 inspection, automatically translating the user-specified higher level policies into granular rules programmed directly in the OVS flow tables
Orchestrating Networking and Security Services
While native security is important, there are other networking and security services that exist in the datacenter that applications rely on such as ADCs, perimeter firewalls, physical ToR switches and more. Every time applications are deployed, network services will have to be inserted in the dataflow, or existing services will have to be updated to be aware of the new applications. These actions are typically manual and involve multiple steps.
To simplify this, Acropolis will natively support Service Insertion and Service Chaining. This will enable IT administrators to insert networking and security services when they deploy applications and orchestrate them in a specific sequence. As an example, IT can set policies to forward all database queries from Web to go through a firewall service before hitting the DB tier. This sequencing will be defined and automated from within Nutanix Prism, giving IT administrators centralized control and visibility beyond just the virtual machines.
Acropolis will also include WebHook APIs that will enable networking solutions to understand changes in the application environment. When VMs are deployed or updated, notifications will be sent containing information about the VMs, including networking properties such as IP address, MAC address, VLAN ID, or even VM metadata (e.g. VM name, tags) As an example, top of rack switches can subscribe to these notifications and update networking policies related to these virtual machines.
There are a few things to be aware of with these capabilities:
- Service chains will be deployed cluster-wide with a single-click. Each service chain can have multiple networking, security or mirroring/monitoring services
- Users will be able to selectively redirect specific flows to a service chain for selective processing
- Security partners such as vArmour can integrate work with the service chaining capability
- Physical switch partners such as Arista, Mellanox and Plexxi can integrate with the networking APIs
Networking APIs will be available in the 5.0 release. Support for Service Insertion and Service Chaining will be available in a subsequent release.
The “Platform” in the Enterprise Cloud Platform
In addition to the new features and capabilities, what is important is the evolution of the Nutanix platform. We realize that Nutanix is not the only solution deployed in an enterprise datacenter and that there are a wide range of infrastructure services, applications and hardware that Nutanix needs to work with. These individual “parts” that customers deal with should add up to a larger “whole”. Companies such as Microsoft, Amazon (with AWS), Salesforce and more have not only built successful products, but more importantly, built great platforms. Open and extensible API-driven infrastructure, orchestration of first and third-party services are all important aspects of a being a platform. Nutanix will continue to work with our eco-system of over 75 Elevate technology alliances to extend the services and applications that are integrated with the Nutanix platform.
With these announcements, we are furthering our vision of delivering an Enterprise Cloud Platform through a full-stack cloud service that will include compute, storage, virtualization, networking and end-to-end datacenter management and operations. Innovation is often not about doing something that no one has done before. It is more about how it is done. Acropolis Microsegmentation Services (AMS), Service Insertion and Service Chaining aren’t necessarily new to the industry, nor will we stop with just this. What will be new is how we will simplify consumption of these services without complexity and without many moving parts – just like the public cloud.
Nutanix continues to tackle IT complexity, and deliver it to end users with one-click simplicity. That is exactly what we will do to networking – by melding web-scale engineering with consumer-grade design.
Connect with Nutanix
We will get into more details about each of these technologies over the next several weeks. In the meantime, we invite you to start the conversation on how Nutanix Enterprise Cloud Platform can work for your IT environment. Send us a note at email@example.com or follow us on Twitter @nutanix.
This blog includes express and implied forward-looking statements, including but not limited to statements concerning our business plans and objectives, product features and technology that are under development or in process and capabilities of such product features and technology, our plans to introduce product features, including microsegmentation, in a future release, product performance, competitive position, industry environment, and potential market opportunities. These forward-looking statements are not historical facts, and instead are based on our current expectations, estimates, opinions and beliefs. The accuracy of such forward-looking statements depends upon future events, and involves risks, uncertainties and other factors beyond our control that may cause these statements to be inaccurate and cause our actual results, performance or achievements to differ materially and adversely from those anticipated or implied by such statements, including, among others: failure to develop, or unexpected difficulties or delays in developing, new product features or technology on a timely or cost-effective basis; delays in or lack of customer or market acceptance of our new product features or technology; the introduction, or acceleration of adoption of, competing solutions, including public cloud infrastructure; a shift in industry or competitive dynamics or customer demand; and other risks detailed in our registration statement on Form S-1, as amended, filed with the Securities and Exchange Commission. These forward-looking statements speak only as of the date of this presentation and, except as required by law, we assume no obligation to update forward-looking statements to reflect actual results or subsequent events or circumstances. Any future product or roadmap information is intended to outline general product directions, and is not a commitment, promise or legal obligation for Nutanix to deliver any material, code, or functionality. This information should not be used when making a purchasing decision. Further, note that Nutanix has made no determination as to if separate fees will be charged for any future product enhancements or functionality which may ultimately be made available. Nutanix may, in its own discretion, choose to charge separate fees for the delivery of any product enhancements or functionality which are ultimately made available.