Run any application at any scale with a turnkey hyperconverged infrastructure solution
A powerful scale-out data fabric for server, storage, virtualization and networking
Nutanix Acropolis combines feature-rich software-defined storage with built-in virtualization in a turnkey hyperconverged infrastructure solution that can be deployed out-of-the-box in 60 minutes or less. Eliminate the need for standalone SAN or NAS-based storage, reduce the complexity of legacy virtualization management and lower virtualization costs by up to 80%.
- Integrated management of physical and virtual infrastructure
- End-to-end operations
- Any workload at any scale
- Unfettered application mobility
- Up to 80% lower virtualization costs
Nutanix Acropolis is the industry’s leading turnkey infrastructure platform that delivers enterprise-class storage, compute and virtualization services for any application. Acropolis offers IT professionals uncompromising flexibility of where to run their applications, providing a path to freely choose the best virtualization technology for their organization – whether it is traditional hypervisors, emerging hypervisors or containers.
For the first time, infrastructure decisions can be made entirely based on the performance, economics, scalability and resiliency requirements of the application, while allowing workloads to move seamlessly without penalty.
Nutanix Acropolis is comprised of three foundational components:
- Distributed Storage Fabric Enterprise data storage delivered as an on-demand service by employing a highly distributed software architecture. Nutanix eliminates the need for traditional SAN and NAS solutions, and delivers a rich set of VM-centric software-defined services, including snapshots, clones, high availability, disaster recovery, deduplication, compression, erasure coding storage optimization and more.
- App Mobility Fabric A newly-designed open environment capable of delivering intelligent VM placement, VM migration, and VM conversion across hypervisors and clouds, as well as cross-hypervisor high availability and integrated disaster recovery. Acropolis supports all virtualized applications, and will provide a seamless path to containers and hybrid cloud computing.
- Acropolis Hypervisor While the Distributed Storage Fabric fully supports traditional hypervisors such as VMware® ESXi and Microsoft® Hyper-V, Acropolis also includes a native hypervisor based on the proven Linux KVM hypervisor. With enhanced security, self-healing capabilities based on SaltStack and enterprise-grade VM management, Acropolis Hypervisor delivers the best overall user experience at the lowest TCO and will be the first hypervisor to plug into the App Mobility Fabric.
How Is Acropolis Different From Traditional Approaches to Virtualization?
The converged storage and virtualization stack eliminates the bloat of legacy standalone hypervisors and makes virtualization invisible. The Acropolis Hypervisor is purpose-built to run on intelligent storage that understands virtualization and provides data services such as snapshots, clones, provisioning, operations and data protection at VM granularity. As a result, the hypervisor can be made leaner and focus on delivering secure virtual computing.
A large community of technology leaders recognize the need to drive down datacenter cost and complexity. Nutanix and its ecosystem partners have completed extensive testing to ensure that applications and guest operating systems run on Nutanix Acropolis with high performance and no change to VMs.
Acropolis is available in several editions to fit your datacenter needs.
|Core set of software functionality||Rich data services, resilience and management features||The full suite of Nutanix software capabilities to tackle complex infrastructure challenges|
|Ideal For||Small-scale deployments with a limited set of workloads||Running multiple applications or large-scale single workload deployments||Multi-site deployments and advanced security requirements|
|VM-centric Snapshots & Clones|
|Inline Performance Deduplication|
|Online Cluster Grow/Shrink|
|Acropolis Container Services|
|Acropolis Block Services|
|Acropolis File Services||Standalone license available||Standalone license available|
|Erasure Coding (EC-X)|
|VM Flash Mode|
|Data Path Redundancy|
|Tunable Redundancy Factor||2||2 or 3||2 or 3|
|Async Replication & Disaster Recovery|
|Application Consistent Snapshots|
|Self Service Restore|
|Multiple Site DR (many to many)|
|Sync Replication & Disaster Recovery|
|Management & Analytics|
|One-click Upgrades (Nutanix OS & Hypervisor)|
|Built-In Virtualization (Nutanix AHV)|
|Intelligent VM Placement|
|VM Automated Resource Scheduling|
|VM Affinity Rules|
|Virtual Network Configuration|
|VM High Availability|
|Open Stack Drivers|
|Cross Hypervisor DR|
|Self Service Portal|
An open platform for virtualization and application mobility
Nutanix Acropolis hyperconverged infrastructure includes a native hypervisor and powerful open runtime environment that delivers invisible virtualization capabilities for a post-SAN world. With Acropolis, virtualization is a feature of the infrastructure stack rather than a standalone product that needs to be bought, deployed and managed separately.
Built on proven open-source technology and hardened for the enterprise, Acropolis delivers a leaner infrastructure stack with no hypervisor bloat or shelfware, and up to 80% lower virtualization costs.
Nutanix Acropolis includes enterprise-class virtualization capabilities built into the hyperconverged infrastructure stack on all Nutanix appliances, with no additional software components to install and manage. Common tasks such as deploying, cloning and protecting VMs are managed centrally through Nutanix Prism, rather than utilizing disparate products and policies in a piecemeal strategy.
Virtual Machine Management
- VM Operations Create, delete, update, power, pause/resume, snapshot, clone VMs, access via remote console.
- Image Management Convert and upload disk / ISO images to a Nutanix cluster.
- Intelligent Placement Determine initial placement of virtual machines based on CPU and memory availability.
- Live Migration Migrate VMs across hosts in a Nutanix cluster with zero downtime.
- Cross-Hypervisor Migration Migrate VMs between virtual environments running different hypervisors easily.
- Automated High Availability Automatically restart VMs on healthy nodes in case of a node failure.
- Converged Backup and Disaster Recovery Create on-cluster local snapshots and/or replicate to remote cluster for backup and DR.
- Analytics Monitor and report key metrics for both VMs and the infrastructure (hypervisor, physical nodes).
- Host Profiles Standardize configuration of hosts within a cluster based on user-provided information, including network configuration, credentials, NTP settings and more.
- Storage Configuration Automatically configure storage on all hypervisor nodes when creating a Nutanix cluster.
- Virtual Networking Setup and configure layer-2 VLAN backed virtual networks that span a cluster. Use optional in-built IP management to dynamically assign static IP addresses to VMs.
- Rolling Upgrades Non-disruptively upgrade NOS, hypervisor and firmware in a Nutanix cluster.
- Host Maintenance Mode Put hosts into maintenance mode for planned upgrades and host removals.
- Scaling Easily add and remove nodes and configure the hypervisor in minutes.
The Acropolis App Mobility Fabric (AMF) is a collection of powerful technologies that allows applications and data to move freely between runtime environments, giving IT professionals the freedom to choose the best environment to run enterprise applications. AMF includes a broad range of capabilities for migrating between different environments, including from non-Nutanix infrastructure to Nutanix systems, between Nutanix systems supporting different hypervisors, and from Nutanix to public clouds.
Non-Nutanix to Nutanix
- Sizer Tool Select the right Nutanix system and deployment configuration to meet the needs of each workload.
- Foundation Tool Automatically install the hypervisor of your choice on a Nutanix cluster.
Between Nutanix Systems
- Cross-Hypervisor Disaster Recovery Rapidly recover from a site failure by failing over VMs from one site to another location running a completely different hypervisor.
- Cross-Hypervisor Backup Perform automatic backups of VM-level data from one Nutanix system to another running a different hypervisor.
- One-Click Hypervisor Conversion Switch the hypervisor running on a Nutanix system from VMware vSphere to AHV in minutes with minimal disruption and risk.
- High Availability Automatically restart virtual machines on healthy nodes in case of a node failure in a Nutanix cluster.
Nutanix to Public Cloud
- Cloud Backup With Cloud Connect Use built-in hybrid cloud technology for seamless data backup to public cloud services such as Amazon AWS and Microsoft Azure.
Nutanix Acropolis has support from a large community of technology leaders, all of whom recognize the need to drive down datacenter cost and complexity. Extensive testing by Nutanix and its ecosystem partners ensures that applications and guest operating systems run on Nutanix Acropolis with the Acropolis Hypervisor with high performance and no change to VMs.
Applications & Technology
Guest Operating Systems
Simplify networking operations
Nutanix provides a comprehensive set of services to visualize the network, automate common network operations and secure the network through native services and partner integration.
Nutanix Enterprise Cloud gives IT teams an application-centric visualization of the physical and virtual network topology, providing at-a-glance insight into server, virtualization and storage resources.
- VM Level View Visually understand how individual virtual machines (VMs) are connected to the network infrastructure to better identify and triage network issues.
- Deep Analytics Get detailed health and performance statistics of the network environment to better monitor application SLAs.
Applications running on Nutanix can be protected from internal security threats with advanced microsegmentation services. These services are available from multiple Nutanix Elevate Technology partners, and will soon be offered natively via Acropolis Microsegmentation Services (AMS).
Acropolis includes open APIs that enable network devices and services such as top-of-rack switches, application delivery controllers and firewalls to automatically adapt based on application lifecycle events.
Software-defined storage services for every use case
The Nutanix Enterprise Cloud Platform delivers a set of software-defined storage services to support virtualized applications, non-virtualized applications, unstructured file data, and containerized applications. These services can be turned on and off based on application needs, enabling cloud-like consumption within an enterprise datacenter. IT organizations can consolidate all their workloads on the Nutanix platform and manage them centrally.
Acropolis provides enterprise-grade VM-centric storage for virtualized applications. Unlike traditional storage solutions that were built in a pre-virtualization era, operations in Acropolis are optimized to work at a granularity of a single VM or vDisk. Additionally, complex storage operations such as LUN provisioning, zoning and masking are non-existent in Acropolis enabling deployment of highly available storage with just a few clicks.
- Deploy VM-centric Storage in Seconds No more storage complexity, no more LUN provisioning. Give the VM datastore a name, set data redundancy levels, enable capacity optimization policies and you are done.
- High Performance for all Workloads Choice and Flexibility Support for a wide range of hypervisors including Nutanix AHV, VMware vSphere and Microsoft Hyper-V with native hybrid-cloud connectivity to AWS and Microsoft Azure.
- Choice and Flexibility Support for a wide range of hypervisors including Nutanix AHV, VMware vSphere and Microsoft Hyper-V with native hybrid-cloud connectivity to AWS and Microsoft Azure.
Acropolis Block Services (ABS) is a native scale-out block storage solution that provides direct block-level access via the iSCSI protocol to the Nutanix Distributed Storage Fabric (DSF). It enables enterprise applications running on external servers to leverage the benefits of the hyperconverged Nutanix architecture.
- Protect Existing Investments Connect storage with database environments such as Oracle, SQL Server and SAP that are deployed on specialized physical servers for price/performance or on bare-metal x86 to minimize software licensing costs.
- Lower Costs Eliminate the need for traditional Fibre Channel SANs and other specialized products that drive costs higher and require specialized IT administrators to maintain.
- Deliver Performance Ideal for non-virtualized, high-performance database applications – if a single Nutanix CVM can deliver 100,000 IOPS, a four-node Nutanix cluster can deliver an aggregated throughput of 400,000 IOPS.
- Simplify Management The platform is simple, scalable, and enterprise-grade out of the box, and can easily be managed by IT generalists from within Prism.
- Leverage Hyperconverged Benefits ABS delivers all the benefits of a hyperconverged environment, including intelligent data reduction, advanced disaster recovery, backup to the public cloud, and tiering capabilities.
Acropolis File Services (AFS) is a native file storage solution for unstructured data. It provides a highly available and massively scalable data repository for a wide range of deployments and applications, including large-scale home directories and user profiles.
- Eliminate Complexity VM and file storage are on the same cluster, eliminating the complexity of deploying and managing a separate infrastructure stack for standalone NAS solutions.
- Scale on Demand AFS is a 100% software-based service that can be deployed in minutes and scaled on demand with a single click.
- Easily Grow Capacity Storage can be scaled independently of compute. A storage heavy or storage only Nutanix node can be added to the cluster, and additional file server VMs can be deployed instantaneously.
- Ensure Availability AFS makes sure data is available during software upgrades, hardware upgrades and unexpected failures with no bottlenecks or isolated points of failure. Protect and Recover Files Native snapshots and self-service recovery make recovery of files extremely easy.
- Leverage Flexible Deployment Options AFS can be deployed on stand-alone clusters purely meant for file serving or integrated where virtual machines and data live in the same cluster.
Acropolis Container Services (ACS) provides enterprise-class persistent storage for containers, plus the ability to easily deploy and manage containerized applications on the Nutanix enterprise cloud platform. ACS makes containers a viable reality for enterprise applications.
- Persistent, Resilient Storage Persistent container volumes provide resilient storage for containerized stateful applications such as databases and web caches.
- Simplified Container Management The Nutanix Docker machine driver allows developers to easily spin up Docker hosts on Nutanix clusters to build and run containerized stateful applications.
- Container Plus Virtualized Applications A common platform that supports both virtualized and containerized environments allows DevOps to pick the best technology for their needs without creating infrastructure silos.
- Acropolis DSF Benefits Persistent container volumes are backed by iSCSI block storage on the Acropolis Distributed Storage Fabric (DSF) with all the benefits of deduplication, compression, tiering and erasure coding.
- Distributed Storage Access Acropolis DSF’s distributed nature allows containers to access storage volumes from anywhere within the cluster, making the storage service highly resilient and enabling mobility across hosts.
- Docker Certified The Nutanix Container Volume Plug-in is Docker Certified and available for download from the Docker Store. Download Now >
Enterprise Storage Capabilities:
Nutanix web-scale solutions employ a variety of advanced mechanisms to drive the highest possible performance for a wide range of virtualized workloads. Powerful acceleration capabilities such as caching, automatic data tiering and data locality speed storage performance. Server-attached flash storage is used both as a high-performance read cache, as well as a persistent data tier in a Nutanix hyperconverged system. Download Datasheet
Intelligent Distributed Data Tiering
- Automatic Optimization Application and user data is automatically placed in the optimal storage tier – flash or HDD – to yield the fastest performance and optimize capacity in the cluster.
- Hot Data The most frequently accessed data (“hot” data) is placed in the SSD or cache tier for near instantaneous access by VMs.
- Cold Data As data becomes “cold,’”it is demoted into the higher capacity HDD tier for more efficient storage, so that SSD and cache capacity remains available for new “hot” data.
- Data Placement Management MapReduce technology manages data placement as a distributed, background process to ensure negligible impact to real-time performance.
- Localized Write I/O Data stays proximate to the VM and allows write I/O operations to be localized on that same node.
- Continuous Analysis Each Nutanix Controller VM (CVM) continually analyzes whether I/O requests are satisfied by storage resources local on that node, or from another node in the cluster.
- Transparent Migration If a VM migrates to another host for load balancing in an active migration scenario, hot data automatically follows the VM to maintain the highest performance.
- Intelligent Migration After a certain number of read requests made by a VM to a controller that resides on another node, Nutanix data localization moves the remote data to the local controller.
- Data Localization Management Data localization is managed as a MapReduce job to take full advantage of all cluster resources and not impact system performance.
Flexible Block Sizes
- Range of I/O Sizes End-to-end support for I/O sizes from 512 bytes up to 1 MB ensures optimal performance across a wide range of workloads and delivers application-tuned metadata efficiency.
- Variable Lengths Unlike traditional storage systems that break up incoming I/O requests into fixed 4KB chunks, Nutanix efficiently handles block sizes of variable length across the entire write path.
VM Flash Mode
- Keep Data in Vdisks For applications that require consistent, fast storage performance, data can be kept in vdisks in the cluster-wide SSD tier for highest performance regardless of data access.
- Mix Workloads VM Flash Mode provides the ability to mix IOPS-sensitive workloads with regular workloads in the same Nutanix cluster without creating resource silos.
- Granular Control Features can be enabled and controlled at VM or vdisk granularity, providing fine-grained control over storage performance in a hybrid cluster.
Nutanix incorporates a wide range of storage optimization technologies that work in concert to make efficient use of available capacity for any workload. Deduplication and compression technologies are intelligent and adaptive to workload characteristics, eliminating the need for manual configuration and fine-tuning. Erasure coding offers deterministic capacity savings regardless of workload characteristics.
- Performance Tier Deduplication Removes duplicate data in the content cache (SSD and memory) to reduce the footprint of an application’s working set, enabling more working data to be managed in the content cache for better performance.
- Capacity Tier Deduplication Global, post-process MapReduce deduplication reduces repetitive data in the capacity tier to increase the effective storage capacity of a cluster.
- Simplified Management Easily configured and managed at vdisk granularity for fine-grained control.
- Increase Capacity by up to 4x Data compression can be enabled as an inline capability as data is written to the system, or post-process as a series of MapReduce jobs after the data has been written, eliminating any impact on write path performance.
- Leverage All Resources Unlike traditional architectures where compression operations run on one or two CPUs, Nutanix compression runs on each node in the cluster to leverage all system compute and memory resources.
- Compress a Variety of Data Types Nutanix uses the Snappy compression algorithm to compress a variety of data types more efficiently, and includes the option to compress data at the sub-block level for greater simplicity.
Erasure Coding with Nutanix EC-X
- Resilience with Capacity Efficiency A mathematical function is applied around a data set to calculate parity blocks, which can then be used to recover data in the event of a failure.
- Optimized Performance Nutanix systems switch between data replication for hot data and erasure coding for cold data based on I/O frequency to optimize performance and storage.
- Nutanix EC-X This patent-pending algorithm distributes coding and rebuilds across the entire cluster to reduce vulnerability windows in the event of failures, and maintains data locality.
Improve performance with distributed caching of VM data for linked clones, redirect-on-write snapshots and writeable clones at the granularity of a single VM.
Snapshots & Clones
- Near Zero Performance Impact Redirect-on-write snapshots and writeable clones at the VM level increase efficiency, while differential forever snapshots impose lower capacity overheads on the system.
- Fine-grained Data Management Unlike systems that snapshot data at a volume or LUN level, Nutanix snapshots and clones are performed for individual VMs for fine-grained data management and protection.
- Easy Clone Creation Create clones (writeable snapshots) of a base image in seconds, leveraging integration with popular offload capabilities, including the VMware API for Array Integration (VAAI), Microsoft Offloaded Data Transfer (ODX) and SMI-s.
- Unique Nutanix Feature Shadow Clones are a unique Nutanix feature that significantly improves performance by caching virtual machine data across a Nutanix cluster.
- Ideal for Multi-reader Scenarios Gain performance where there are multiple VMs reading a single source of data, or in VDI deployments with linked clones (e.g., Citrix MCS Master VM or VMware View replica disks).
- vDisk Access Trend Monitoring If read I/O requests originate from more than two remote Controller VMs (CVMs) and the local CVM, the vDisk is marked as immutable and cached locally, so read operations are satisfied by direct-attached storage resources.
Data Protection & High Availability:
Enterprise-grade backups with single pane of glass management provide the ultimate simplicity in management, while seamless backups of data to public cloud services provide high availability.
- Built-in Hybrid Cloud Get seamless, low cost VM-centric backups of data to public cloud services such as AWS and Microsoft Azure without third-party software.
- WAN Optimized Data transfer to the public cloud is WAN optimized, reducing the storage footprint and networking bandwidth by over 75%.
- Simple Operations Backup to and recover from the cloud with just a few clicks – view VM snapshots stored in the cloud and easily choose specific snapshots to recover.
- Cloud Connect for AWS A live Nutanix cluster runs on EC2 instances using the Elastic Block Store for metadata and S3 storage for backups, with support for Amazon Virtual Private Cloud (VPC).
- Cloud Connect for Azure Nutanix software runs on Azure Compute and storage is from Azure Page Blob, with support for Azure Virtual Network (VNET).
Converged Local Backups
- Unlimited, Enterprise-grade Backups VM-centric snapshots and integrated workflows with single pane of glass management deliver RPO in minutes.
- Intelligent Disk-balancing In heterogeneous clusters, Nutanix disk-balancing ensures that the data stored on nodes is proportional to the node storage capacity, increasing the effective storage available for snapshots.
- Uncompromised Performance Nutanix Time Stream’s redirect-on-write algorithm, VM-centric snapshots and file-level recovery provide optimum operational efficiency.
- Simple Operations Create virtual copies of data and roll back state with a single click.
- Self-service File Recovery End users can recover independent files inside a VM without having to recover the entire VM and without administrator intervention.
- Near Unlimited Scalability Seamlessly add Nutanix hyperconverged appliances to existing clusters to support nearly unlimited retention of snapshots and fast recovery.
- Remote Backups Integrated workflows simplify remote backups and one-click recovery.
- Customized Scheduling VMs can be backed up or asynchronously replicated to another customer owned datacenter based on a user-defined schedule.
- WAN Optimized During replication, data is compressed and replicated at the sub-block level for maximum efficiency and lower WAN bandwidth consumption.
- Flexible Replication Topologies Replication topologies are flexible and bi-directional, enabling one-to-one, one-to-many and many-to-many (e.g., hub-and-spoke, full-mesh) deployments
Leverage integrated recovery and replication capabilities to meet the recovery time objectives (RTO) and recovery point objectives (RPO) of different applications. A simplified view of all local and remote snapshots allows administrators to restore state at VM granularity from a snapshot with a single click, or to failover to a secondary datacenter seamlessly.
- Continuous Availability Synchronous replication ensures continuous availability of data and business-critical applications during disasters and planned maintenance.
- One-click Failover Simple and intuitive management that can be set up with a few simple steps, and failover that can be initiated with a single click.
- Flexible Configuration Support Supports heterogeneous clusters, and asymmetric hardware setups and storage policies across sites with existing infrastructure.
- Bi-directional Replication Metro Availability can be set up bi-directionally between two sites connected over a metro area network with a round trip latency of less than five milliseconds.
- Non-disruptive Migrations Virtualization teams can non-disruptively migrate virtual machines between sites, providing continuous data protection with zero (RPO) and near zero (RTO).
The Nutanix platform is fault resistant, with no single point of failure and no bottlenecks. A shared-nothing architecture – where all data, metadata and services are distributed to all nodes within the cluster – is built to detect, isolate and recover from failures anywhere in the system for an always-on operation.
- Intelligent Data Placement Intelligent data placement across different physical domains (e.g., separate racks or power sources) protects against appliance and rack failures.
- Robust Protection Availability domains allow Nutanix clusters to survive the failure of multiple servers in a physical enclosure without loss to data or service, providing greater system-level resilience without increasing storage capacity.
- 100% Software-defined Flexibility Administrators can configure and manage availability domains at the storage container level in clusters with five or more nodes.
- User-defined Resilience Administrators can configure data redundancy based on application SLAs and the criticality of the data set, with a replication factor (RF) of two or three.
- Automatic Data Reconstruction If a node fails, data is automatically read from other nodes. If the node does not come back online, all data on the affected node is automatically reconstructed to ensure full redundancy and data protection.
- Synchronous Replication Data is written to a VM’s local node and is synchronously replicated to one or more other nodes in the cluster, ensuring that all data exists in at least two independent locations and remains highly available.
Data Path Redundancy
- High Availability During Controller VM Unavailability Multiple copies of data ensure 100% data availability in the event that a Nutanix Controller VM is unavailable due to failure or maintenance.
- Transparent Failover If the Nutanix Controller VM becomes unavailable, Nutanix auto-pathing automatically re-routes requests to a healthy Controller VM running on another node in the cluster.
- Fault-tolerant Architecture Every node in a Nutanix cluster has access to all replicas so that I/O requests can be serviced immediately by any node, providing N-way, fully fault-tolerant failover for all VMs in the cluster.
- Checks Detection and Repair of Silent Data Corruption The system scans data in the background and checks against checksums in the metadata store. If it detects an error, it will overwrite the bad data with the good copy.
- Automatic Integrity Checks On every read, a checksum is computed for the data being read and compared with the stored checksum. In the case of an inconsistency, the error is corrected.
- Automatic Isolation and Recovery If a drive fails, the system automatically runs a scan and replicates any data that is not redundant. During the failure and recovery process, both data and access to data are preserved.
Nutanix hyperconverged solutions integrate with popular offload capabilities, including VMware API for Array Integration (VAAI) and Microsoft Offloaded Data Transfer (ODX) to create clones in a matter of seconds with minimal overhead.
Support for vStorage API for Data Protection (VADP) and application-level consistent snapshots through Volume Shadow Services (VSS) provide full integration with third-party tools such as Symantec NetBackup, Veeam, Commvault and VMware SRM.
Integration with Commvault IntelliSnap delivers Commvault backup capabilities with enterprise grade storage features from Nutanix for a highly efficient backup solution.
The Nutanix Enterprise Cloud Platform combines powerful features, including two-factor authentication and data at rest encryption, with a Security Development Lifecycle (SecDL) that is integrated into product development. Our custom security baseline exceeds the requirements of the U.S. Department of Defense.
CertificationsThe Nutanix platform is certified across a broad set of certification and evaluation programs. It complies with the strictest international standards, including the SP800-53 guidelines, to assure governments worldwide that Nutanix products perform as expected and work with their existing technology.
Nutanix uses a unique Security Development Lifecycle (SecDL) to incorporate security into every step of the software development process, from design and development to testing and hardening. The Nutanix solution is certified across a broad set of evaluation programs for government, financial services and healthcare to ensure compliance.
Security Development Lifecycle
- SecDL Integration Security is incorporated into every step of the product development lifecycle and covers the entire hyperconverged infrastructure stack, including storage, virtualization, and management.
- Fully Automated Testing SecDL testing is fully automated during development and all security-related code modifications are timed during minor releases to minimize risk.
- Threat Modeling Threat modeling is used to assess and mitigate customer risk from code changes.
System Level Security
- Two-Factor Authentication If implemented, logins require a combination of a client certificate and username/password. Administrators can use local accounts built into the Nutanix UI, or use Active Directory.
- Cluster Lockdown Administrators can restrict access to a Nutanix cluster in security-conscious environments, disabling interactive shell logins automatically and leveraging non-repudiated SSH keys.
- Data at Rest Encryption Nutanix encrypts user and application data to a level of FIPS 140-2 Level 2 compliance through factory-installed self-encrypting drives (SED), and meet HIPAA, PCI DSS, and SOX standards.
- Key Management A key management server is used to authenticate Nutanix nodes for system-level security. The SEDs generate new encryption keys, which are uploaded to the key management server.
- Power Failure Safeguards In the event of a power cycle or host reboot, Nutanix software retrieves the keys from the key management server and uses them to unlock the drives.
- Key Administration Instantly reprogram security keys to meet site-specific policies, or use Crypto Erase to instantly erase all data on the drive while generating a new symmetric encryption key.
- Industry Compatibility Rather than storing keys on the nodes themselves, Nutanix software interfaces with third-party key management servers using the industry-standard Key Management Interface Protocol (KMIP).
Powerful automation and self-healing security models help maintain continuous security in enterprise cloud environments with efficiency and ease. Nutanix developed our own Security Technical Implementation Guide (STIG) to speed up the accreditation process for the Department of Defense Information Assurance Certification and Accreditation Process (DIACAP) and the Department of Defense Information Assurance Risk Management Framework (DIARMF).
- Custom Security Technical Implementation Guide (STIG) Custom STIGs enable secure installation and maintenance of Nutanix systems, and reduce accreditation time from months to minutes.
- Fast Baseline Checks and Validation The Nutanix STIGs are written in XCCDF format and support the SCAP standard for compatibility with automated assessment tools like HBSS, cutting down accreditation time.
- Automatic Configuration Management Security configuration management automation (SCMA) efficiently checks over 800 security entities in the Nutanix STIGs that cover both storage and built-in virtualization.
- Self-Healing Nutanix leverages SaltStack and SCMA to self-heal any deviation from the security baseline configuration of the OS and hypervisor to remain in compliance.
In addition to built-in security, the highly extensible Nutanix Acropolis architecture exposes APIs that allow integration with a broad ecosystem of security partners. Verified joint solutions provide flexibility at every layer, including network, data, and end-point security, and deliver a committed support experience.
Network Security Nutanix works with ecosystem partners to provide monitoring of inter-VM, east-west traffic patterns that typical north-south solutions do not capture. These internal flows create protection gaps inside the datacenter, since they are not intercepted by typical perimeter security solutions.
End-Point Security Support an increasingly large number of virtual end points in the enterprise cloud, and protect them from being exposed to any virus or malware. Nutanix partner solutions:
- Preserve performance and consolidation ratios
- Provide comprehensive agentless security built specifically to maximize protection
- Provide intrusion prevention and web application security for extra protection against malicious attacks
Data Security Nutanix works with third-party KMIP-compatible enterprise key and policy management servers that enable consistent policy implementation and ensure compliance. Centralized key management makes it easier for administrators to account for encryption keys from Nutanix SEDs and disparate encryption solutions, and to generate detailed records for auditors and regulators.
Download the Nutanix Acropolis Datasheet (.PDF)