Manage an AFS cluster

Click the File Server tab to display the list of file servers. Select the target file server in the table. The Summary line (middle of screen) displays the file server set of relevant action links on the right. The possible actions are: Activate (if file server is deactivated) Protect+ Share Update Join Domain Leave Domain…

Read more...

Deploy AFS to an AOS cluster (including a File Server and File Shares)

Files Features Share-level, Directory-level, and File-level Access Control Lists (security descriptors) Support for Alternate Data Streams, Shared-mode Locks, and OpLock Quota Hard limit only enforceable once user is under limit again (if changing from Soft to Hard) Access-based Enumeration Hourly Snapshots (WPV) and latest 24-hour retention policy AHV and ESXi support Many-to-One Replication Hypervisor-Specific Support…

Read more...

Describe and manage Nutanix’s custom Security Technical Implementation Guides (STIGs)

Nutanix STIGs are based on common National Institute of Standards and Technology (NIST) standards that can be applied to multiple baseline requirements, e.g., for the DoD and PCI-DSS. Nutanix DISA STIG Compliance for RHEL 7 and Nutanix AHV document provides a complete set of RHEL 7 STIG rules configured on NTNX CVM as published by…

Read more...

Create and install SSH Keys for Cluster Lockdown

Cluster lockdown is the ability to disable password based CVM access and/or only allow key based access. Generate an RSA key pair from Linux $ ssh-keygen –t rsa –b 2048 Public key available at ~/.ssh/id_rsa.pub Private key available at ~/.ssh/id_rsa Generate an RSA key pair from Windows Use PuttyGen Select the type of key to…

Read more...

Describe and differentiate audit events and logs for local and AD/LDAP users

If you have enabled Active Directory authentication to manage roles or access in the Prism web console, the AD users might receive the Authentication Failed error message while logging on to the Prism web console. This article describes ways to troubleshoot such issues and to check what might be wrong in the environment, provided that…

Read more...

Describe and manage role mapping between Prism Element and Prism Central

Configuring Role Mapping on Prism Central will NOT let you log into Prism Element with Active Directory credentials. Configuring role mapping on Prism Central will allow you to launch Prism element from Prism Central; but it will NOT allow direct login. Configure Authentication Source When user authentication is enabled for a directory service, all authorized…

Read more...

Implement 2-factor authentication for an AOS cluster

You can enable two-factor authentication for users through a combination of a client certificate and/or username/password to address stringent security needs.

Read more...

Describe and differentiate Network Segmentation for CVM-CVM/CVM-Hypervisor/CVM-Intranet

Default untagged VLAN for CVM and AHV host The setup shown here well for situations where the switch administrator can set the CVM and AHV VLAN to untagged.  Tagged VLAN for CVM and AHV host If you do not want to send untagged traffic to the AHV host and CVM, or if security policy doesn’t…

Read more...