What is my first impression of using Nutanix’s HCI and Hypervisor (AHV)? Short answer – very easy to use, even for a first time user, and intuitive design with well thought-out integrations with other Nutanix products; love the one-click feature/service enablement. For long answer and interesting observations, read on.
One of the first things I like to do, regardless of the role, when starting at a new company is get hands-on with the products. I like to understand how customers use the products and to get a feel for the usability and how self-explanatory or intuitive completing tasks/actions are.
So, after joining Nutanix recently, I was curious about how difficult it would be as an end user who’s never used Nutanix HCI to start deploying and managing workloads. With Nutanix continuously being a leader in Gartner’s Magic Quadrant for Hyper-converged Infrastructure, most Enterprises and tech folks working in the field are already somewhat familiar with the Nutanix HCI platform which converges compute, virtualization, storage, networking, security, and infrastructure management at scale. I was especially curious about Nutanix’s hypervisor – AHV. As some of you may already know from my tweets on Twitter and short blurbs on LinkedIN, I did a quick first-time user deployment of a few workloads on Nutanix HCI with AHV as a kind of experiment and thought I would share my broader experience here.
The Nutanix HCI platform is considered hypervisor agnostic. Nutanix provides its own hypervisor, AHV, included at no extra charge. If desired, customers also have the option to use another vendor’s hypervisor. In this blog post I demonstrate by leveraging the included Nutanix AHV hypervisor.
Below, I access the Prism Central GUI login screen.
Prism Central Login
Once logged in, I access the Prism Central GUI where I can see my deployed Nutanix cluster and many other useful statistics. It’s important to note here, every Nutanix cluster has Prism Element deployed by default for management of the cluster. Prism Element is a distributed application that runs within the Nutanix Controller VM (CVM) which exists on each host. The CVM is core to the software defined storage and Nutanix platform. In short and simplified terms, the CVM is what runs the Nutanix Acropolis Operating System (AOS) and provides the pooling of local storage from all nodes in the cluster. There’s plenty of information, documents, and blogs on CVM and AOS out there for those looking for a deeper dive.
Prism Central is a separate VM and is used for visibility and management across all clusters; from Prism Central, it’s also possible to open Prism Element on each cluster. Both Prism Element and Prism Central GUIs are developed in HTML 5. I was impressed from my first experience deploying workloads and enabling/using different functionality; the interface was fast and responsive, and I did not run into any issues.
Prism Central GUI
As you can see below, clicking the three lines menu icon on the upper left corner expands the menu. Seemed intuitive to click on Virtual Infrastructure as a starting point. From here you can upload images, deploy VMs, configure networking, etc.
Prism Central - Virtual Infrastructure
For me, one of the tell-tale signs of a good product interface/GUI and usability is if the interface is intuitive enough for a user to start using and completing tasks without having to reference documentation. Using this standard and the fact that I was able to deploy workloads and start using some of the more advanced functionality like Microsegmentation with Nutanix Flow, I would say that the usability test passed with flying colors.
Below, you can see I uploaded a Ubuntu Server image to use for when deploying my VMs.
Prism Central - Uploading Images
Although the default storage container can be used, I deployed a storage container for deploying my specific workloads. Here I did go to deploy the VM first and saw I can select a storage container to deploy to. I then proceeded to deploy a storage container to use for my specific VMs as shown below. Coming from mostly a networking and security background and not being a storage expert, I still found it fairly easy to understand and navigate.
You can think of a storage container as a subset of available storage within a defined storage pool. Storage efficiency features (Ex: compression, deduplication, erasure coding) can be enabled and configured per storage container. A nice feature here is the ‘?’ after every feature explaining precisely and clearly what the feature does and any respective requirements.
Prism Element - Creating Storage Container
In my test environment of three nodes, I kept things pretty simple and created the below storage container shown in the filtered view.
Prism Central - Storage Containers List
Next, I confirmed the subnet I wanted to use for my VMs. Here, I simply navigated to ‘Virtual Infrastructure->VMs->Subnets‘ in Prism Central. Below is the configuration of the network that was created. Again, as this is a test environment, I kept things pretty simple and leveraged the native VLAN for all my workloads. What I really liked here is the easy to understand configuration and built-in IP Address Management.
Prism Central - Created Network
Below, you can see the created Test network. To create a new network, you simply click the Create Network link on the top right.
Prism Central - Network List
Next, to deploy workloads, I simply navigated to ‘Virtual Infrastructure->VMs‘ in Prism Central. Below, you can see I created Web, App, and DB VMs. Here, you can simply click the Create VM button, put in your desired VM configurations like # of vCPUs, # of vCPU cores, amount of memory, storage container to use and disk size, network to use, and VM host affinity settings.
Prism Central - VM List
Launching a VM console is dead simple. You can just click a VM and click the Launch Console button at the top as shown below.
Prism Central - 'Web' VM Summary
Below, you can see from the Web VM I can communicate to both my App and DB VMs.
Prism Central - 'Web' VM Console
What I found most appealing about Nutanix HCI from the management perspective is how integrated and easy to enable all the additional components/features are. Everything is pretty much ‘one-click‘ enable! Nice. Below, you can see how easily I can enable Nutanix Calm for application Orchestration and Automation, Nutanix Karbon for Kubernetes management, and Nutanix Objects for a S3-compatible object store.
Prism Central - Easy 'One-Click' Enablement for Nutanix Calm, Karbon, and Objects
From below screenshot, you can see the tight integration for enabling/connecting advanced services like Nutanix Leap for Disaster Recovery, Xi Cloud Services for a number of Nutanix cloud-based solutions, and Microsegmenation for advance security using Nutanix Flow.
Below, as an example of how easy it is to enable and start using additional components/services, I enable and leverage Nutanix Flow for Microsegmentation in my environment. It really is just one-click enablement; no manually downloading or installing binaries and reading unnecessarily complex install documentation! Just select, click the button, and you’re ready to go in seconds.
Prism Central - Leverage Microsegmentation by Easy 'One-Click' Enablement for Nutanix Flow
You can see below, with the click of a button, I’ve enabled Nutanix Flow for Microsegmentation. Microsegmentation is basically advanced distributed security where security policies are managed centrally and pushed down to the VM vNIC level; this allows for the ability to isolate workloads and segment the network in a way which is not possible with traditional perimeter-centric security appliances/firewalls. Because of how the security policies are implemented, Nutanix Flow is L2/L3 infrastructure agnostic.
Prism Central - Enabled Nutanix Flow for Microsegmentation
To leverage Nutanix Flow for Microsegmentation, you use Categories. You’ll realize this when you go to create a security policy. Categories are used to group workloads together that have a specific context. You can think of it as using tags to give context to objects like VMs; it’s somewhat similar to the tagging concept in AWS. The important thing here is that the Flow security policies will be based off of Categories which have more meaningful workload context rather than IP addresses used in traditional security solutions.
Prism Central - Accessing Nutanix Categories
Below you can see I created a category called Workload-Type with possible values of Web, App, and DB.
Prism Central - Categories List
Next, I go back to my VM list, select my respective VMs, and apply the respective Category for Web, App, and DB VMs.
Prism Central - Managing 'Categories' for my 'Web' VM
Below, you can see I have selected the Workload-Type Category with value of Web for my Web VM.
Prism Central - Assigning Category 'Workload-Type' with value of 'Web' for my 'Web' VM
If you have a lot of VMs deployed, you can easily use the filtering capability by clicking the Filter button on the top right and filtering based on a specific Category.
Prism Central - Filtering on Categories
Below, you can see I filtered the list so only VMs with the Category of Workload-Type with value Web are shown.
Prism Central - VM List View Filtered on Category 'Workload-Type' with value of 'Web'
Next, I navigate to ‘Policies->Security Policies‘ to create my Flow microsegmentation rules.
Prism Central - Accessing Nutanix Flow Security Policies
Below, I select which type of policy I want to create; here, I’m creating an Isolation Policy to prevent the Web VMs from communicating directly to the DB VMs.
Prism Central - Creating a Flow Isolation Policy
Within the policy, you can see I set the source as Category Workload-Type with value Web and the destination as Category Workload-Type with value DB. Here, I also enable the Policy Hit Logs which will allow me to see how many flows get blocked by the policy. Again, hovering over the ‘?‘ next to Policy Hit Logs explains what the feature does. This feature logs any hits on the policy to the configured syslog server. I don’t show it below, but the syslog server settings is where you would expect – just click the gear icon on the top and provide the IP address for the syslog server; make sure to select Flow as a data source.
First, I just click Save and Monitor as I initially only want to monitor traffic hitting the policy.
n Policy to Block Communication from 'Web' VM to 'DB' VM
Below, you can see the Web-to-DB security policy I created has a status of Monitoring.
Prism Central - 'Web-to-DB' Flow Security Policy Set to 'Monitoring'
If you click the name of the policy, you can see a visualization of the isolated categories as shown below.
Prism Central - Flow Visualization of the Isolated Categories
Since I have the policy set to Monitoring, from the Web VM (10.48.29.20) you can see that I can still communicate with the App VM (10.48.29.26) and the DB VM (10.48.29.27).
Prism Central - 'Web' VM Console - Web VM Can Communicate to both 'App' and 'DB' VMs
You can change the policy from Monitoring to Apply in the prior visualization screen or from the security policy creation screen as shown below.
Prism Central - Applying the 'Web-to-DB' Flow Security Policy
Below, I confirm I want to apply the policy.
Prism Central - Confirming to Apply the 'Web-to-DB' Flow Security Policy
You can see the status of the security policy has now changed to Applied.
Prism Central - 'Web-to-DB' Flow Security Policy with Status of 'Applied'
Now, as expected, from the Web VM (10.48.29.20), I can still communicate with the App VM (10.48.29.26) but not with the DB VM (10.48.29.27).
Prism Central - 'Web' VM Console - 'Web' VM Can Communicate with the 'App' VM but not the 'DB' VM
I didn’t get into the details here due to keeping the length of this post to a reasonable size, but in regards to one-click, Nutanix also has an impressive upgrade process dubbed – One-Click Upgrade. Similar to everything you’ve seen in this post, from a single console you can upgrade not only the AOS but also the hypervisor, firmware, and different tools.
It’s always fun coming in with a clean slate with no prior hands-on knowledge and using the product as a first time customer would. So far, I’ve been very impressed and love the intuitive design and one-click for everything approach. Stay tuned – more exciting Nutanix posts to come!
My blogs on HumairAhmed.com
Follow me on Twitter: @Humair_Ahmed
Twitter
LinkedIn
Youtube
RSS