The default AHV configuration includes an OVS bridge called br0 and a native Linux bridge called virbr0. The virbr0 Linux bridge carries management and storage communication between the CVM and AHV host. All other storage, host, and VM network traffic flows through the br0 OVS bridge. The AHV host, VMs, and physical interfaces use ports…
To avoid running any traffic on the 1 Gbps NICs there are two simple commands available which will remove all the 1 Gbps NICs from the bond. nutanix@cvm$ allssh manage_ovs –interfaces 10g update_uplinks Replace interfaces with one of the following values: A comma-separated list of the interfaces that you want to include in the bond….
Unsegmented Network In the default, unsegmented network in a Nutanix cluster, the Controller VM has two virtual network interfaces—eth0 and eth1. Interface eth0 is connected to the built-in external virtual switch, which is in turn connected to the external network through a bond or NIC team that contains the host’s physical uplinks. Interface eth1 is…
No backplane for internode communication All I/O’s handled by hypervisor on private network I/O is forwarded from hypervisor to CVM CVM replicates with other nodes with external IP over public 10GB network Read requests are served locally Typically, the only traffic on the 10G public is replication Occasionally CVM will forward requests in event CVM…
A virtual network can have an IPv4 configuration, but it is not required. A virtual network with an IPv4 configuration is a managed network; one without an IPv4 configuration is an unmanaged network. A VLAN can have at most one managed network defined. If a virtual network is managed, every NIC must be assigned an IPv4 address…
Nutanix supports SSL certificate-based authentication for console access. To install a self-signed or custom SSL certificate, do the following: Recommended Key Configurations Key Type Size/Curve Signature Algorithm RSA 2048 SHA256-with-RSAEncryption EC DSA 256 prime256v1 ecdsa-with-sha256 EC DSA 384 secp384r1 ecdsa-with-sha384 EC DSA 521 secp521r1 ecdsa-with-sha512
Prism currently supports integrations with the following authentication providers: Prism Element (PE) Local Active Directory LDAP Prism Central (PC) Local Active Directory LDAP SAML Authn (IDP)
The data-at-rest encryption feature is being released with NOS 4.1 and allow Nutanix customers to encrypt storage using strong encryption algorithm and only allow access to this data (decrypt) when presented with the correct credentials, and is compliant with regulatory requirements for data at rest encryption. Nutanix data-at-rest encryption leverages FIPS 140-2 Level-2 validated self-encrypting…