Security has always been top of mind at Nutanix. NOS 4.1 has a ton of new security security features but it’s not like one day we decided we said are going to get good at this “Security” thing. Nutanix made great strides early on to tighten the ship to provide the most secure platform for it’s customers. NOS 2.6 -> NOS 3.0 the core operating system moved from Unbuntu to CentOS. The upgrade process was a rolling upgrade with no downtime which is kind of a marvel in it’s self.
Moving all pieces of Dev/Development to CentOS had lots of benefits but Simon Mijolovic explains the top drivers of the initiative.
1. Ubuntu is not 100% RHEL binary compatible. That’s very important when you are dealing with the time, cost, and complexity of FIPS validation. With CentOS we can easily make FIPS assertions, and as long as we didn’t change any code of the crypto APIs/library, we had a plan that didn’t require major investment.
2. Ubuntu was designed as a desktop OS, but CentOS was designed as a server architecture. While Ubuntu has made strides to transition to a server architecture, it’s still missing some core security features that come natively with CentOS that make it enterprise ready.
3. RHEL binary compatibility and their security focus is well known to our customer base – comfort factor with ways to protect the architecture vs uphill battle of arguing our choice.
4. Third party support is troublesome to our customer base and partners. Customers can buy a support contract for CentOS directly from RedHat.
There are a lot of reasons why the choices was made – the reasons above were at the top of the list.
The other point to make is that saying your platform is secured and or trusted is not a good thing, it would put us in the crazy camp. Nothing is 100% secure, and you can’t 100% trust anything. Our approach makes no claims to a level of “secured” or “trusted”. It just claims we harden our design at every level to a detail that is disgusting but automated. Saying your system is 100% secure is wishing evil things upon you like the Sands Casino attack.
Security is a lot like dieting, you need to make the lifestyle choice for the long term or you end up on yo-yo diets and you’ll never really get anywhere.
Stay safe and harden up those abs 🙂