Archives for December 2014

Dec
16

Nutanix On Security – It’s A Lifestyle Choice

Security has always been top of mind at Nutanix. NOS 4.1 has a ton of new security security features but it’s not like one day we decided we said are going to get good at this “Security” thing. Nutanix made great strides early on to tighten the ship to provide the most secure platform for it’s customers. NOS 2.6 -> NOS 3.0 the core operating system moved from Unbuntu to CentOS. The upgrade process was a rolling upgrade with no downtime which is kind of a marvel in it’s self.

Moving all pieces of Dev/Development to CentOS had lots of benefits but Simon Mijolovic explains the top drivers of the initiative.

1. Ubuntu is not 100% RHEL binary compatible. That’s very important when you are dealing with the time, cost, and complexity of FIPS validation. With CentOS we can easily make FIPS assertions, and as long as we didn’t change any code of the crypto APIs/library, we had a plan that didn’t require major investment.

2. Ubuntu was designed as a desktop OS, but CentOS was designed as a server architecture. While Ubuntu has made strides to transition to a server architecture, it’s still missing some core security features that come natively with CentOS that make it enterprise ready.

3. RHEL binary compatibility and their security focus is well known to our customer base – comfort factor with ways to protect the architecture vs uphill battle of arguing our choice.

4. Third party support is troublesome to our customer base and partners. Customers can buy a support contract for CentOS directly from RedHat.

There are a lot of reasons why the choices was made – the reasons above were at the top of the list.

The other point to make is that saying your platform is secured and or trusted is not a good thing, it would put us in the crazy camp. Nothing is 100% secure, and you can’t 100% trust anything. Our approach makes no claims to a level of “secured” or “trusted”. It just claims we harden our design at every level to a detail that is disgusting but automated. Saying your system is 100% secure is wishing evil things upon you like the Sands Casino attack.

Security is a lot like dieting, you need to make the lifestyle choice for the long term or you end up on yo-yo diets and you’ll never really get anywhere.

Secure platforms - For how long?

Secure platforms – For how long?

Stay safe and harden up those abs 🙂

Other articles

Nutanix Security Tech Note

Secure by Default

Dec
16

#NutaniXmas Book Giveaway

Give away will happen Friday. Use the hashtage #NutaniXmas

Dec
04

#POSH – Is the VSS Service Running for Application Consistent Snapshots? #Nutanix

In order to get application consistent snapshots to work the Volume Shadow Copy service needs to be running on the virtual machine. The following script checks all Nutanix VM’s that are trying to use application consistent snapshots for VSS. If your virtual machine can’t run VSS or you don’t need it like Linux, swap over to use Nutanix crash consistent snapshots.

Make sure you download the powershell cmdlets from the Prism UI.

Make sure you download the powershell cmdlets from the Prism UI first.

#Connect to the Nutanix cluster of your choice, try to use the external address.

Connect-NutanixCluster -AcceptInvalidSSLCerts -server External_cluster_ip -UserName admin
#load Nutanix CMDlets, make sure your local version matches the cluster version
Add-PSSnapin NutanixCmdletsPSSnapin

#Get a list of all Consistency Groups
$pdvss = Get-NTNXProtectionDomainConsistencyGroup

#array of all the appConsitentVMs
$appConsitentVM = @()

Foreach ($vssVM in $pdvss)
{
if ($vssVM.appConsistentSnapshots)
{
$appConsitentVM += $vssVM.consistencyGroupName
}
}

get-service -name VSS -computername $appConsitentVM | format-table -property MachineName, Status, Name, DisplayName -auto

Dec
04

POSH: VSS Writer Check for Application Consistent Snapshots on Nutanix – #SQL #Exchange

Enabling of application consistent snapshot in Nutanix results in leveraging VMware tools. VMware tools acts as the requestor to talk to the guest virtual machine’s VSS writers. Application-consistent snapshots quiesce all IO, completes all open transaction and flushes caches so everything is consistent. The Volume Shadow Copy Service will freeze write IO while the native Nutanix snapshot takes place so all data and metadata is written in a consistent mater. Once the Nutanix snapshot takes place, the Volume Shadow Copy Service will the thaw the system and queued writes will occur.

To make sure the VSS writers are not having any problems, you can use the following script — VSS_Writer_Check_Nutanix —-.

The function that actually checks the virtual machine comes from Microsoft, <link>.

The Nutanix bits are listed below. The script finds all of the consistency groups that have VSS enabled. It assumes that all consistency groups are using the default machine name for the consistency group.


#Get a list of all Consistency Groups
$pdvss = Get-NTNXProtectionDomainConsistencyGroup

#array of all the appConsitentVMs
$appConsitentVM = @()

Foreach ($vssVM in $pdvss)
{

if ($vssVM.appConsistentSnapshots)

{ #Get a list of all the VM's that are using VSS
$appConsitentVM += $vssVM.consistencyGroupName

}

}

Dec
03

Web-scale Data Protection

The key to success for Nutanix is the ability to scale. Nutanix is not bound to the same limitations from dual controller architecture or federations that might be relying on special hardware like NVRAM or customer ASICS to assist with performance. In regards to snapshots and disaster recovery, the ability to scale metadata becomes a key part of delivering performance while ensuring availability and reliability. Each Nutanix node is responsible for a subset of the overall platform’s metadata. This eliminates the traditional bottlenecks by allowing metadata to be served and manipulated by all nodes in the cluster with pure software. <- Check out how metadata scales ->

Since each node has its own virtual storage controller and access to local metadata, replication can scale along with the needs of the cluster. Every node helps to participant in replication to reduce hot spots throughout the cluster.

scable-replication-nutanix

As of Nutanix Operating System 4.0 every node can replicate 4 files up to an aggregate of 100 MB/s at anyone time. This means in a 4 node configuration, the cluster could replicate 400 MB/s or 3.2 Gb/s. As you continue to grow the cluster the virtual storage controllers will keep replication traffic distributed. In many to 1 deployment for example in remote branch offices you can have peace of mind that main Datacenter will not become the bottleneck as the overall solution grows. Making sure the main site is scalable and reliable also eases administration instead of having multiple replication targets to maintain, monitor and manage.

Dec
03

Veeam EndPoint Backup – Because The Cloud Doesn’t Exist In Blackfoot

cloudblackfoot

Though I work for one of the fastest growing companies in tech my home Internet connection is as slow as molasses in January. Using Cloud backup options is real pain in my back side. At Nutanix we use a variety of collaboration tools and file servers:

* Google Drive
* SharePoint
* Box
* Microsoft DFS on Nutanix

But the problem remains, getting files to point A to point B if I want to make sure I always have a copy of the file. It’s most painful when I am trying to save Viso files. I do work around the situation and live inside of my virtual desktop when working on large files and reference architecture but when travelling it’s still nice to have them near by.

For the reasons mentioned above and just for good IT hygiene I am happy to see Veeam enter the desktop backup market. I installed Veeam EndPoint on my laptop and noticed it shares the same backup model as their flagship product. One large backup file and then incrementals till the cows come home. I just reused an SSD from my old tower PC and converted it using a USB 3.0 external dock\case.

Since I use my laptop for running virtual machines it was great to see that Veeam will throttle the backup depending on what is going on the laptop. Below are some pictures from my install.

Dec
02

Next Community Podcast Episode is Live

In among the Internet of things adding another podcast can be like throwing a stone in the ocean and hoping to have a lasting affect. I think the Next Community podcast has a good fighting chance with the people involved, excluding myself. John Troyer’s reputation speaks for himself and definitely has helped shape and mold the foundation of the podcast. In certain aspects the podcast might have been another couple weeks out if John didn’t provide some guidance with his knowledge that was gained from when the VMware Communities Podcast was at ground zero.

Angelo Luciani might be the most genuine all around nice guy that I’ve had the pleasure to meet. I still remember when I was an SE and I was in Toronto and went to meet Angelo and Eric Wright for supper. Angelo was just looking for ways to improve his local VMUG and interested in seeing how he could help. me. It also didn’t hurt that Angelo grabbed the bill. Angelo is organizing guests and setting the agenda, probably also has the dreaded task of show notes.

Laura Whalen has an impressive track record with Citrix and building out communities. She has lots of irons in the fire so hope she is able to make most of the shows. Laura will be tag teaming the weekly news and events with Angelo. If you’re a guest on the show, No talking about The Walking Dead with her!

With all that being said it’s really not about us, It’s about the guests. The first episode is with Stu Miniman and like always has some great insights about our up and down crazy industry. Week 2 has Joep Piscaer lined up too.

The podcast will appear on iTunes shortly. Just awaiting on getting confirmation from the people over at Apple. Catch the action today at http://nutanix.com/nextpodcast

DL