Dec
    16

    Nutanix On Security – It’s A Lifestyle Choice

    Security has always been top of mind at Nutanix. NOS 4.1 has a ton of new security security features but it’s not like one day we decided we said are going to get good at this “Security” thing. Nutanix made great strides early on to tighten the ship to provide the most secure platform for it’s customers. NOS 2.6 -> NOS 3.0 the core operating system moved from Unbuntu to CentOS. The upgrade process was a rolling upgrade with no downtime which is kind of a marvel in it’s self.

    Moving all pieces of Dev/Development to CentOS had lots of benefits but Simon Mijolovic explains the top drivers of the initiative.

    1. Ubuntu is not 100% RHEL binary compatible. That’s very important when you are dealing with the time, cost, and complexity of FIPS validation. With CentOS we can easily make FIPS assertions, and as long as we didn’t change any code of the crypto APIs/library, we had a plan that didn’t require major investment.

    2. Ubuntu was designed as a desktop OS, but CentOS was designed as a server architecture. While Ubuntu has made strides to transition to a server architecture, it’s still missing some core security features that come natively with CentOS that make it enterprise ready.

    3. RHEL binary compatibility and their security focus is well known to our customer base – comfort factor with ways to protect the architecture vs uphill battle of arguing our choice.

    4. Third party support is troublesome to our customer base and partners. Customers can buy a support contract for CentOS directly from RedHat.

    There are a lot of reasons why the choices was made – the reasons above were at the top of the list.

    The other point to make is that saying your platform is secured and or trusted is not a good thing, it would put us in the crazy camp. Nothing is 100% secure, and you can’t 100% trust anything. Our approach makes no claims to a level of “secured” or “trusted”. It just claims we harden our design at every level to a detail that is disgusting but automated. Saying your system is 100% secure is wishing evil things upon you like the Sands Casino attack.

    Security is a lot like dieting, you need to make the lifestyle choice for the long term or you end up on yo-yo diets and you’ll never really get anywhere.

    Secure platforms - For how long?

    Secure platforms – For how long?

    Stay safe and harden up those abs :-)

    Dec
    16

    #NutaniXmas Book Giveaway

    Give away will happen Friday. Use the hashtage #NutaniXmas

    Dec
    04

    #POSH – Is the VSS Service Running for Application Consistent Snapshots? #Nutanix

    In order to get application consistent snapshots to work the Volume Shadow Copy service needs to be running on the virtual machine. The following script checks all Nutanix VM’s that are trying to use application consistent snapshots for VSS. If your virtual machine can’t run VSS or you don’t need it like Linux, swap over to use Nutanix crash consistent snapshots.

    Make sure you download the powershell cmdlets from the Prism UI.

    Make sure you download the powershell cmdlets from the Prism UI first.

    #Connect to the Nutanix cluster of your choice, try to use the external address.

    Connect-NutanixCluster -AcceptInvalidSSLCerts -server External_cluster_ip -UserName admin
    #load Nutanix CMDlets, make sure your local version matches the cluster version
    Add-PSSnapin NutanixCmdletsPSSnapin

    #Get a list of all Consistency Groups
    $pdvss = Get-NTNXProtectionDomainConsistencyGroup

    #array of all the appConsitentVMs
    $appConsitentVM = @()

    Foreach ($vssVM in $pdvss)
    {
    if ($vssVM.appConsistentSnapshots)
    {
    $appConsitentVM += $vssVM.consistencyGroupName
    }
    }

    get-service -name VSS -computername $appConsitentVM | format-table -property MachineName, Status, Name, DisplayName -auto

    Dec
    04

    POSH: VSS Writer Check for Application Consistent Snapshots on Nutanix – #SQL #Exchange

    Enabling of application consistent snapshot in Nutanix results in leveraging VMware tools. VMware tools acts as the requestor to talk to the guest virtual machine’s VSS writers. Application-consistent snapshots quiesce all IO, completes all open transaction and flushes caches so everything is consistent. The Volume Shadow Copy Service will freeze write IO while the native Nutanix snapshot takes place so all data and metadata is written in a consistent mater. Once the Nutanix snapshot takes place, the Volume Shadow Copy Service will the thaw the system and queued writes will occur.

    To make sure the VSS writers are not having any problems, you can use the following script — VSS_Writer_Check_Nutanix —-.

    The function that actually checks the virtual machine comes from Microsoft, <link>.

    The Nutanix bits are listed below. The script finds all of the consistency groups that have VSS enabled. It assumes that all consistency groups are using the default machine name for the consistency group.


    #Get a list of all Consistency Groups
    $pdvss = Get-NTNXProtectionDomainConsistencyGroup

    #array of all the appConsitentVMs
    $appConsitentVM = @()

    Foreach ($vssVM in $pdvss)
    {

    if ($vssVM.appConsistentSnapshots)

    { #Get a list of all the VM's that are using VSS
    $appConsitentVM += $vssVM.consistencyGroupName

    }

    }

    Dec
    03

    Web-scale Data Protection

    The key to success for Nutanix is the ability to scale. Nutanix is not bound to the same limitations from dual controller architecture or federations that might be relying on special hardware like NVRAM or customer ASICS to assist with performance. In regards to snapshots and disaster recovery, the ability to scale metadata becomes a key part of delivering performance while ensuring availability and reliability. Each Nutanix node is responsible for a subset of the overall platform’s metadata. This eliminates the traditional bottlenecks by allowing metadata to be served and manipulated by all nodes in the cluster with pure software. <- Check out how metadata scales ->

    Since each node has its own virtual storage controller and access to local metadata, replication can scale along with the needs of the cluster. Every node helps to participant in replication to reduce hot spots throughout the cluster.

    scable-replication-nutanix

    As of Nutanix Operating System 4.0 every node can replicate 4 files up to an aggregate of 100 MB/s at anyone time. This means in a 4 node configuration, the cluster could replicate 400 MB/s or 3.2 Gb/s. As you continue to grow the cluster the virtual storage controllers will keep replication traffic distributed. In many to 1 deployment for example in remote branch offices you can have peace of mind that main Datacenter will not become the bottleneck as the overall solution grows. Making sure the main site is scalable and reliable also eases administration instead of having multiple replication targets to maintain, monitor and manage.

    Dec
    03

    Veeam EndPoint Backup – Because The Cloud Doesn’t Exist In Blackfoot

    cloudblackfoot

    Though I work for one of the fastest growing companies in tech my home Internet connection is as slow as molasses in January. Using Cloud backup options is real pain in my back side. At Nutanix we use a variety of collaboration tools and file servers:

    * Google Drive
    * SharePoint
    * Box
    * Microsoft DFS on Nutanix

    But the problem remains, getting files to point A to point B if I want to make sure I always have a copy of the file. It’s most painful when I am trying to save Viso files. I do work around the situation and live inside of my virtual desktop when working on large files and reference architecture but when travelling it’s still nice to have them near by.

    For the reasons mentioned above and just for good IT hygiene I am happy to see Veeam enter the desktop backup market. I installed Veeam EndPoint on my laptop and noticed it shares the same backup model as their flagship product. One large backup file and then incrementals till the cows come home. I just reused an SSD from my old tower PC and converted it using a USB 3.0 external dock\case.

    Since I use my laptop for running virtual machines it was great to see that Veeam will throttle the backup depending on what is going on the laptop. Below are some pictures from my install.

    Dec
    02

    Next Community Podcast Episode is Live

    In among the Internet of things adding another podcast can be like throwing a stone in the ocean and hoping to have a lasting affect. I think the Next Community podcast has a good fighting chance with the people involved, excluding myself. John Troyer’s reputation speaks for himself and definitely has helped shape and mold the foundation of the podcast. In certain aspects the podcast might have been another couple weeks out if John didn’t provide some guidance with his knowledge that was gained from when the VMware Communities Podcast was at ground zero.

    Angelo Luciani might be the most genuine all around nice guy that I’ve had the pleasure to meet. I still remember when I was an SE and I was in Toronto and went to meet Angelo and Eric Wright for supper. Angelo was just looking for ways to improve his local VMUG and interested in seeing how he could help. me. It also didn’t hurt that Angelo grabbed the bill. Angelo is organizing guests and setting the agenda, probably also has the dreaded task of show notes.

    Laura Whalen has an impressive track record with Citrix and building out communities. She has lots of irons in the fire so hope she is able to make most of the shows. Laura will be tag teaming the weekly news and events with Angelo. If you’re a guest on the show, No talking about The Walking Dead with her!

    With all that being said it’s really not about us, It’s about the guests. The first episode is with Stu Miniman and like always has some great insights about our up and down crazy industry. Week 2 has Joep Piscaer lined up too.

    The podcast will appear on iTunes shortly. Just awaiting on getting confirmation from the people over at Apple. Catch the action today at http://nutanix.com/nextpodcast

    DL

    Nov
    27

    Thankful for No CLI for Drive Replacment

    Like most things in life, things are not always as easy as they seem. NOS 4.0.2 is as simple as the below picture.

    ssd_remove_nx3050

    Remove from the disk from the UI, stick the new drive in, done. The new drive will get added back into the storage pool automatically (if there is only one storage pool, which is the default)

    Nov
    26

    Web-Scale 101 eBook

    Web-Scale 101 eBook is packed with information on converged infrastructure, web-scale tech, quiz questions, and benefits of using web-scale properties inside of your data center. A great visual resource to learn about Cassandra, Hadoop, Paxos and ZooKeeper and how they can help your virtual environment. I must say there is a really good quote at the end of the book too :-)

    Go get your copy today by clicking on the book below.

    book

    Nov
    25

    EUC TIP: Have a slow logon times? via Fermin Echegaray – Nutanix Support

    This post is courtesy of Fermin Echegaray, a Golbal Support Engineer at Nutanix. This goes to show why Nutanix has one of the highest customer satisfaction ratings in the industry. If it’s running on Nutanix, we are going to help.

    Some time ago ​I found this very nifty tool while working with a customer; it is helpful in determining if GPOs are causing a slow logon time.
    http://www.sysprosoft.com/policyreporter.shtml

    It needs to be installed on one of the VMs and it should assist you with setting up verbose policy for the logging, but if it fails to do so, these are the manual directions:

    Define a value at the registry like this:

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
    Entry: UserEnvDebugLevel
    Type: REG_DWORD
    Value data: 30002 (Hexadecimal)

    To make sure you have current log data, do the following:
    Go to %systemRoot%\Debug\UserMode and delete or rename the current Userenv.log; Log off and log back on to reproduce the problem. A new Userenv.log will be produced.

    I found once with this tool that this customer’s IE Branding policy took 14 seconds to complete, disabling it obviously accelerated the logon time.