Nutanix .NEXT 2018 is in full swing in NOLA, and I am here right in the middle of all the action (so forgive for any formatting issues, I will correct/improve them over time)!
Starting in 2009 Nutanix took convergence to the next level by eliminating SAN based architecture and reunited compute and storage resources together in a single distributed package. Today we know this as HCI or Hyper-Converged Infrastructure.
That was then…
Today, Nutanix continues the quest towards software defining the entire stack on their journey towards “The Enterprise Cloud”. We saw the next logical step in this last year at .NEXT when they announced they would be moving into the SDN (Software Defined Networking) space by adding native, built-in microsegmentation to the Acropolis Hypervisor. That piece of the vision went GA in v5.6 recently.
Introducing microsegmentation is definitely the most common use case that my customers embrace SDN technologies to take advantage of, so it makes sense for Nutanix to tackle that piece first. Microsegmentation on it’s own does not complete the picture though…
Enter, Nutanix Flow.
The announcement this week of Nutanix Flow expands on the native SDN functions build into the Nutanix platform today by adding powerful visualization and policy based networking capabilities such as service chain network functions (APM, Load Balancers, vFirewall), in addition to the already implemented microsegmenation feature. The solution is designed to be an intuitive and an easily scalable solution with no additional tools needed. Naturally this is all built around the 1-click simplicity design paradigm so many of you are familiar with today.
Similar to other SDN techniques, Nutanix is using internal firewalls inside of the VM’s to control east-west traffic while augmenting (not replacing) the external perimeter firewalls. They continue to focus on the key use cases just like they have done with other technologies in the past. This is not a drop in replacement for NSX, so if you need things like overlay, VPN, NAT, etc… then stay clear (for now). This is much more about the implementation, and management through an intuitive interface than it is the firewall itself. Firewalls on their own are quite boring… So what makes this special?
Flow is built into AHV and is designed around managing “Categories”. These Categories are defined as logical groups of VM’s or Applications. The administrator then maps security policies to the categories (not on the VM’s). The AHV host OVS enforces the rules, which are logically enforced at the VM (vNIC) level. As a cherry on top, we do not care about the underlying network at all. There are no requirements or restrictions around it!
Lastly, I can’t forget to mention Netsil (a recent acquisition) as when combining those capabilities with Flow we gain even deeper visibility into the infrastructure with network based application discovery, mapping, and performance monitoring. This piece is less about security, and more about assisting in root cause analysis. The initial target for release is set for the second half of 2018, with long term plans of integrating this outside of the Nutanix platform and gaining the same visibility across the public clouds!
Nutanix has finally added the final piece to the puzzle and completed what they consider to be the IaaS portion of their offering with comprehensive visibility, security, and automation at the network level in the form of Flow.
Next, its time to move higher up the stack to PaaS with Nutanix Era.
Cheers!
Russ
No Comments