Nutanix Acropolis Microsegmentation Services: Why is it important?

By Terry Hooper, Esteem's Pre-Sales Architect

During the recent Nutanix .NEXT 2016 Europe - Opening Keynote, it was announced that Nutanix forthcoming Acropolis 5.0 software release scheduled for January 2017 will include a number of new features, all of which will continue with the Nutanix 1-Click messaging and being;

1-Click Licensing - Applied from within Prism utilising Nutanix Support Connection

1-Click Upgrade - Options for cluster components have been moved into a Lifecycle Manager single-pane of glass for all software / firmware upgrades

1-Click Datacentre Automation - Network virtualisation, security and orchestration and an expanded set of APIs

However, one element of the 1-Click Datacentre Automation that looks to miss the initial release schedule in January 2017 is the native Microsegmentation service to secure applications from attacks that originate from within the datacentre. The Acropolis Microsegmentation Services (AMS) will allow Nutanix to secure network communications within the datacentre through policies that are simple to deploy (1-click simplicity) and manage using Nutanix Prism infrastructure management solution.

Note: Microsegmentation refers to the isolation of internal threats by controlling "east-west" network traffic between applications e.g. Web Server to Database Server network communication. "We're driving network Microsegmentation into the platform," says Prabu Rambadran, Director of Product Marketing at Nutanix.

So why is this so important?

The traditional approach to securing datacentres have concentrated on the implementation of strong perimeter defences, such as firewalls and network segmentation in order to isolate the external and internal threats, however this only focuses on controlling the "north-south" network communication and as such can be ineffective for handling new and evolving threats.

How does it help?

Microsegmentation adopts an approach that assumes threats can be anywhere and delivers the agility of network virtualisation which is the foundation of software-defined datacentres. It is estimated that "east-west" network traffic between applications inside the datacentre now accounts for as much as eighty per cent of all network traffic.

How does it work?

As detailed in the diagram, AMS will deliver a stateful (layer 3/4) distributed firewall with capabilities to protect all virtual machines (VMs) within a Nutanix cluster. This means that network communications between VMs hosted on a cluster can be classified as container-based applications or workloads with a common set of services from within the Nutanix Prism management UI, which again aligns to the Nutanix 1-Click messaging. Nutanix is also planning to allow third parties such as F5 or Citrix to integrate with the virtual networking layer using APIs.

What edition will it be included in?

It's envisaged that AMS will be included as part of the forthcoming Acropolis 5.x software releases during 2017, but the exact edition (Starter, Pro or Ultimate) is still undecided.

So, in summary, until Acropolis Microsegmentation Services (AMS) is part of the Acropolis 5.x software release we won't really know the true extent of the capabilities, or even how easy (1-Click) it is to implement and manage. That said, I'm expecting this to be released in 2017 and it will need around 12-18 months to develop into something that can be classified as 'enterprise ready'.

If you're not already deployed and using Nutanix, then have a look at the Nutanix Community Edition as this is a free version and allows you to evaluate your own hardware, AWS or Google Cloud Platform.


Share this article:

Get in touch

Get in touch with us by completing the form below and we'll get back to you shortly. Alternatively, you can e-mail us on contact@esteem.co.uk or call us on 01937 861 000.