Introducing AOS 5.19: Increased Performance, Enhanced Security, and Automated Operations
By AOS Product Team
Secure Remote Work, Accelerate Workloads, and Enable Self-Driving Infrastructure with Nutanix HCI
We are excited to announce the launch of AOS 5.19 and the associated Prism Central release, PC 2020.11, bringing new capabilities to Nutanix hyperconverged infrastructure customers. AOS 5.19 delivers performance enhancements that build on the breakthroughs in AOS 5.18 and expands on built-in key management capabilities for keeping data encrypted and secure. AOS 5.19 also increases the portability of VMs running on the built-in hypervisor AHV, streamlines advanced management capabilities, and more.
Native KMS for ROBO Environments
We continue to simplify security by extending the promise of encryption everywhere to new environments. Nutanix already offers native FIPS 140-2 validated data-at-rest encryption and key management with the choice of external KMS support or native KMS. Read the Data at Rest guide for more information.
With this release, we have extended the native KMS to now support 1 and 2-node Remote & Branch Office (ROBO) sites, enabling a simple and cost effective secure edge solution. Native KMS now features a new option for a remote PC-based root-of-trust that enhances the protection for remote office locations. AOS 5.19 also introduces the ability to backup locally deployed KMS instances from multiple remote clusters to a central PC instance, making it easy to keep both your data and keys protected and secure.
AHV support for Microsoft’s VBS and Credential Guard
AOS 5.19 strengthens AHV’s secure compute capabilities to protect the integrity of user VMs, a journey we started earlier in the year with Secure Boot. AHV now supports Microsoft’s Virtualization Based Security (VBS) and Credential Guard.
VBS is a Microsoft Windows feature that creates an isolated region of memory protected against guest VM compromise. Credential Guard leverages VBS to protect Windows credentials from attacks such as Pass the Hash exploits, thus mitigating the risk of credential compromise and lateral movement. With 5.19, Credential Guard can be enabled on supported Windows desktops and server operating systems.
Identity Based Network Policy for VDI
The ability to leverage user identity to group and segment VDI desktops with microsegmentation from Nutanix Flow was added in 5.17. This allowed security policies to be dynamically mapped to a user and simplify the creation of policies that map to those specific user roles. For example, limiting contractors to specific applications or network segments based on the contractor Active Directory (AD) group. In the 5.19 release, the process has been streamlined to both simplify the Category to User Group mapping in AD and also to make the policy application even easier and more secure. We enhanced options to map desktop VMs to categories based on VM name string matching and added a default policy option for all desktops.
Adaptive Oplog optimization
Nutanix AOS leverages Oplog as a persistent write buffer for certain I/O operations to efficiently handle bursts of random writes. Oplog is a shared resource and allocation is done on a per-vDisk basis to ensure each vDisk has dedicated resources to accelerate random write performance. With AOS 5.19, Oplog can grow dynamically to a larger size than the current per-vDisk limit of 6GB. This performance optimization automatically kicks in when required and benefits clusters running workloads that use a smaller number of large vDisks, such as large databases. This enhancement can improve performance up to 20% for large database operations with heavy writes and large block sizes.
Oplog Improvements for Sequential Writes
In addition to the adaptive Oplog improvements, AOS 5.19 also optimizes which data is written to Oplog to maximize performance for both random and sequential workloads. Data written in large blocks or in sequential streams doesn’t benefit from buffering in Oplog like small random writes do, so AOS dynamically chooses which data is written to Oplog and which data skips it. AOS 5.19 enhances the algorithm to more effectively identify sequential write streams to skip Oplog, with the effect of greatly improving the performance of sustained sequential write workloads by as much as double.
Availability and Business Continuity
Nondisruptive Planned Failovers
Not all business continuity plans are for disasters. Being able to perform routine maintenance or upgrades without disruption of operations is an important part of any BCDR strategy. In 5.19, AHV now has simplified workflows to migrate applications live as part of a planned failover. Any VMs protected by synchronous replication and a recovery plan can be migrated to the destination cluster and made active via two new workflows. The first option allows the failover migration of all VMs that are part of a defined Recovery Plan in Prism Central. The second option allows you to select a single VM to be migrated.
Multisite Replication With Leap Disaster Recovery
Nutanix Leap brings a powerful set of functionality to the built-in Disaster Recovery capabilities in AOS. With policy-based management, DR runbooks, cloud DR, and more, Nutanix Leap enables your organization to maintain business continuity at scale. While AOS has supported multisite replication for years, AOS 5.19 brings this functionality to Leap for maximum control and flexibility with optimized protection. For many organizations, multisite replication is a strict requirement, so this new functionality will enable them to benefit from the powerful capabilities of Leap.
Multisite replication is a critical requirement for many IT organizations. For example, tight SLAs require some organizations to replicate between datacenters in relatively close proximity. In this case, a localized disaster might affect both datacenters simultaneously, disrupting services without the possibility of normal DR failover/recovery. With multisite replication capabilities now a part of Leap, data can also be replicated with a higher RPO to a third datacenter or to public cloud targets (such as Nutanix Clusters or Xi Leap DRaaS) and maintain service availability even in in the face of regional disasters.
Introducing Prism X-Pilot
Users of Prism’s IT Operation tiers (Pro and Ultimate) are already familiar with X-Play, enabling low code or no code automation of routine tasks. We are excited to release the next major milestone for Prism Central, PC 2020.11, in this journey. Now available in the Prism Ultimate tier: X-Pilot (pronounced “Cross Pilot”) alleviates IT teams’ operational overhead by providing intelligent autonomy. By defining rules for a system, IT admins can let Prism intelligently guide infrastructure metrics within defined KPIs to achieve a desired state.
Here’s how it works. An admin can choose an infrastructure metric, a range of optimal boundaries for that metric, and then defines a period of time for the KPI to be monitored. The admin will then define a set of actions the system can take, ensuring that the system always behaves in a predictable manner, and the maximum number of allowed autonomous corrections before manual intervention will be needed. Once these X-Pilot inputs are defined and enabled, Prism will intelligently tune infrastructure parameters and take action to ensure that the defined metrics stay within the predetermined boundaries.
Storage Overprovisioning Widget
Thin provisioning in AOS means that the storage system consumes capacity only when data is written. This prevents wasted storage resources and enables flexibility when provisioning workloads. This means that it’s possible to provision more storage than is actually available, leading to potential problems if not monitored properly. The storage overprovisioning widget in Prism helps administrators with capacity planning by providing at-a-glance insight about the storage overprovisioning ratio. With AOS 5.19, administrators can now set thresholds on this ratio to more confidently manage the potential risk from overprovisioning, generating alerts when the ratio limit is approaching and changing to color to indicate the proximity to the configured limit.
Nondisruptive vDisk Migration Across Storage Containers for AHV
Customers create and manage AOS storage containers for many reasons - logical organization, capacity management, or storage feature configuration. In 5.19 we are making it easier to migrate vDisks among different storage containers present on a cluster. This enables additional flexibility in being able to change the storage attributes of a VM’s disks by moving them to a differently configured container. For example, with this new workflow a VM’s vDisk can be moved to take advantage of deduplication, compression, and erasure coding by migrating it to a differently configured container without any downtime.
Simplified Cluster Network Management for AHV
With 5.19, the management of network uplinks and bonds is enhanced and centralized within Prism Central. This starts with the introduction of a cluster-wide logical virtual switch concept and adds new workflows that allow for easily managing the network bonds and physical uplinks on each host that encompass the new virtual switch construct. Being available via Prism Central means that operators benefit from comprehensive management and visibility of virtual networking across Nutanix clusters.
Nutanix leads the HCI market with the most advanced distributed-systems architecture, enabling organizations to simplify their IT environments while achieving higher performance, resiliency, security, and cost savings.
You can also experience consumer-grade simplicity right now with Nutanix Test Drive.
© 2020 Nutanix, Inc. All rights reserved. Nutanix, the Nutanix logo and all Nutanix product and service names mentioned herein are registered trademarks or trademarks of Nutanix, Inc. in the United States and other countries. All other brand names mentioned herein are for identification purposes only and may be the trademarks of their respective holder(s). This post may contain links to external websites that are not part of Nutanix.com. Nutanix does not control these sites and disclaims all responsibility for the content or accuracy of any external site. Our decision to link to an external site should not be considered an endorsement of any content on such a site. Certain information contained in this post may relate to or be based on studies, publications, surveys and other data obtained from third-party sources and our own internal estimates and research. While we believe these third-party studies, publications, surveys and other data are reliable as of the date of this post, they have not independently verified, and we make no representation as to the adequacy, fairness, accuracy, or completeness of any information obtained from third-party sources.
This post may contain express and implied forward-looking statements, which are not historical facts and are instead based on our current expectations, estimates and beliefs. The accuracy of such statements involves risks and uncertainties and depends upon future events, including those that may be beyond our control, and actual results may differ materially and adversely from those anticipated or implied by such statements. Any forward-looking statements included herein speak only as of the date hereof and, except as required by law, we assume no obligation to update or otherwise revise any of such forward-looking statements to reflect subsequent events or circumstances.