carloscastilla - Fotolia
Nutanix Flow fully integrates software-defined networking into the Nutanix virtualization platform. It does so by bringing network and policy management to virtual environments, making it possible to incorporate SDN services into a Nutanix hyper-converged infrastructure. With a focus on application delivery, Flow also simplifies network and policy management, providing the mechanisms necessary to control virtual machines independently of their physical environments.
Introducing Nutanix Flow
Nutanix Flow streamlines and automates common networking operations, such as implementing application security and modifying configuration settings. It applies security rules between applications and VMs to protect resources behind the firewall, while providing automated change management that's tied to the VM lifecycles.
With Flow, administrators have greater control over their applications and visibility into how they operate. Flow provides application-centric firewall policies specific to the VMs, while protecting against threats designed to spread laterally across systems, as well as threats that traditional security solutions can't easily detect.
Because Flow is integrated into the Nutanix platform, a hyper-converged infrastructure (HCI) system can incorporate always-on networking functionality without requiring additional software or management tools. According to Nutanix, Flow works with any network topology or architecture and can be expanded to work with third-party network inspection and policy solutions.
Nutanix Flow components
AHV is a license-free hypervisor designed to support enterprise-scale virtualization and multi-cloud environments. It serves as the data plane in the Flow network infrastructure, using Open vSwitch to process VM network traffic. Open vSwitch is an open source software switch implemented in the Linux kernel on the AHV host.
Nutanix Prism provides centralized management for virtualized data center environments. Administrators can use Prism in conjunction with AHV to carry out such tasks as cloning and securing VMs. Prism simplifies deployment and maintenance operations, including scaling and optimization. It serves as the control plane for the Flow network infrastructure, working with the registered Nutanix clusters to manage the data plane and carry out policy administration.
Because of its integration with AHV and Prism, Nutanix Flow works seamlessly with the entire Nutanix Enterprise Cloud platform. The platform combines Prism, Nutanix Acropolis and Nutanix Calm into a unified operating environment for managing infrastructure and applications in any cloud environment.
Acropolis software delivers data services to, and is the OS for, Nutanix HCI. Although hypervisor-agnostic, Acropolis includes AHV and is tightly integrated with the hypervisor to provide native virtualization capabilities. Calm adds application orchestration and lifecycle management to the Nutanix platform.
The Nutanix Flow architecture
To protect network resources, Flow incorporates microsegmentation, a process of segmenting virtual networks and applications to control communications between logical boundaries. With microsegmentation, administrators have granular control over all traffic in and out of VMs, helping to increase application security while simplifying policy management.
Nutanix Flow's microsegmentation is indifferent to how the underlying network is configured or built, enabling it to be implemented without changing the existing topology. Instead, Flow automatically discovers applications, which can then be categorized to support specific requirements.
Categories are an important concept in the Flow architecture. They provide administrators with a flexible tool for defining groups that logically tie VMs together based on designated classifications. Categories make it possible for administrators to create distributed firewalls that support application-centric policy management aimed at securing VM traffic.
Nutanix Prism includes a number of system categories for managing the Flow environment. For example, the AppType category defines a group of VMs that run the same application, and the AppTier category defines a group of VMs that serve the same function within an application. Administrators can also create custom categories, although Nutanix recommends keeping the design as simple as possible.
After defining their categories, administrators can use Prism to assign security policies to those categories, rather than directly to the VMs. In this way, the categories abstract the complexities of the virtualization platform, making it easier to implement and manage security. At the same time, the policies provide granular control over traffic sources and destinations, while directing network traffic and supporting application mobility.
Administrators can combine policies and policy types to build complete security for their applications. Nutanix Flow also provides the tools necessary to visualize communications between the VMs that support the applications, helping administrators better understand how to implement their policies across the entire infrastructure.
Nutanix Flow includes other features for enhancing its SDN services, such as API-based notifications that enable third-party network devices to observe VM lifecycle events. Nutanix plans to add more features and services in the future. More importantly, Flow brings the much-needed SDN component to HCI platforms based on AHV, which itself represents a significant milestone.