Engineered Differently
Zero-Touch Provisioning, Configuration Management and Software Updates at Massive Scale
By Jason Burns, Bhavik Desai and David Broome
At scale, routine IT operations quickly become complex. For organizations with many distributed sites that lack IT expertise—such as retail stores, distribution centers, bank branches, or other edge locations—manual tasks such as:
- Configuring infrastructure
- Installing and managing software
- Identifying and correcting configuration errors
- Updating software with the latest security patches
can become even more challenging. Zero-touch—the automation of IT provisioning, configuration, and management to eliminate the need for manual intervention—is the holy grail of distributed IT.
By combining our unique zero-touch framework (ZTF) with proven capabilities that Nutanix has been refining for years, Nutanix modernizes and simplifies provisioning and management, enabling you to deploy critical applications with minimal time and effort.
The ZTF is particularly well-suited for the distributed edge. For example, you could use these capabilities to configure servers and deploy applications across hundreds of edge retail sites. Once deployed, the software continues to run, identifying and correcting configuration drift and applying software patches as needed.
The video below demonstrates key elements of the solution:
How the Solution Works
The Nutanix zero-touch solution utilizes the following components:
- Unified control plane: Nutanix Central provides unified management for Nutanix environments deployed in datacenter, edge, and cloud. It has visibility of all Prism Central domains running in your Nutanix environment, providing complete visibility down to the VM level. (See blog 1 in this series for more on centralized management.)
- Server imaging: Foundation Central automates the process of installing, configuring, and deploying Nutanix hardware nodes to create or expand clusters.
- Lifecycle management: Nutanix Life Cycle Manager (LCM) provides intelligent infrastructure software and firmware upgrades with comprehensive dependency management and 1-click simplicity. Multi-cluster LCM extends the capabilities of LCM to let you perform multiple upgrades in parallel from a centralized dashboard.
- Orchestration: Our multicloud application management framework, NCM Self-Service, provides end-to-end automation of provisioning, scaling, and management of infrastructure and applications.
- Zero-Touch Framework: Automates end-to-end Nutanix deployment and configuration at scale, including Day 1 and Day 2 operations.
How Nutanix ZTF Works
Running as a single VM or container-based appliance, the ZTF reads your configuration file from a repository like Github and uses Nutanix v4 API calls to invoke the necessary Nutanix functionality to achieve the desired results. This API-based approach is one of the key elements of the solution’s speed and scale.
The ZTF config file can govern everything from bare metal to infrastructure to applications. A single configuration file can automate both infrastructure configuration and/or application deployment. The following sections separate discussion of infrastructure and application functions for clarity.
Zero-Touch Infrastructure Automation
Provisioning: For provisioning tasks such as deploying and configuring a group of new clusters, the ZTF calls Foundation Central to image (if needed) and configure the new servers.
Configuration drift: A major concern in any large distributed environment is configuration drift. Over time, well-meaning people may alter and misconfigure deployed systems. Once a configuration is deployed, the ZTF runs periodically and checks the CRUD (create, read, update, delete) events from Prism Central related to infrastructure. Any discrepancies are automatically reverted to the defined values from the configuration file.
Updates: It’s almost always a struggle for busy IT teams to keep up with software updates—even ones that are critical for security. With Nutanix ZTF, you specify an upgrade in the configuration file, and it will call LCM to drive the update to all the registered clusters specified in the file in the order specified.
Zero-Touch Application Automation
For application automation, the ZTF utilizes the application blueprint capabilities of Nutanix Cloud Manager (NCM) Self-Service. NCM Self-Service blueprints allow you to provision, configure, scale, upgrade, and delete applications. Blueprints define the architecture, provisioning, configuration, and lifecycle management of an application, including data protection tasks.
Deployment: For application deployment, the ZTF simply contacts NCM Self-Service to invoke the desired blueprint at each location.
Configuration drift: Blueprints maintain a desired state for applications, including VMs, containers, and configuration information such as CPU, memory, and software settings. Blueprints can detect deviations by comparing the current state of deployed resources against the blueprint’s defined configuration. You can define scripts (e.g., Python, PowerShell) within the blueprint to enforce the desired state, such as reapplying configurations, restarting services, or resizing resources.
Updates: You can define specific tasks within a blueprint for updates, such as patching software, upgrading versions, or modifying configurations, to provide consistent execution across all instances. Blueprints support rolling updates or blue-green deployments to apply changes with minimal downtime. They enable updates across multiple sites by leveraging NCM’s centralized control plane. Updates are pushed simultaneously or staggered based on policies, delivering consistency across distributed environments.
Nutanix Zero-Touch Benefits
The Nutanix zero-touch framework can enable you to provision and manage thousands of clusters and tens of thousands of nodes. Benefits include centralized management and consistent security controls everywhere, reducing the need for on-site expertise to manage distributed infrastructure and application deployments. The ZTF’s ability to automate provisioning and remediate configuration drift is designed to decrease operator errors. These capabilities, combined with automated security patching, can help decrease cyber risk.
One of the key advantages of this solution is its flexibility and simplicity. For example, a major US bank combines the the proven capabilities of Nutanix Database Service (NDB) with ZTF to do hundreds of database deployments every week to support development and production needs.
The ZTF simplifies high-scale infrastructure operations by taking advantage of proven capabilities that are included with every Nutanix subscription: Foundation, LCM, and Prism Central. For application-level tasks, you’ll need a separate NCM license to get access to NCM Self-Service. With Nutanix, you can use the same zero-touch toolset across any Nutanix environment—in the datacenter, at the edge, or in the public cloud.
By comparison, alternatives to the Nutanix approach may add operational complexity. For VMware edge deployments, as an example, you’ll need to decide between at least two options. VMware Edge Compute Stack (ECS) supports clusters up to 4 nodes, and management and orchestration are provided by VMware Edge Cloud Orchestrator (VECO). For larger edge sites, VCF Edge is needed. If you end up deploying both to meet varying edge needs, that adds to the complexity of management, with different tools depending on the site.
See why Wells Fargo turned to Nutanix NDB to support database operations at scale.
Technology that Makes a Difference
Nutanix offers a simple, flexible and secure approach to zero-touch infrastructure and application deployment at scale by building on the innovative capabilities of the Nutanix Cloud Platform.
- Blog 1 in this series goes deeper on the unified management capabilities and uniform experience that are essential to our zero-touch approach.
- Blog 2 describes how Nutanix builds in security at the platform, data, network, and application levels. These capabilities mean that you can execute zero-touch deployments without sacrificing the security of your business-critical applications or opening the door to cyber threats.
Future blogs in this series will explore the inherent resilience of the Nutanix architecture and streamlined AI deployment.
Have questions or insights? Feel free to reach out—we’d love to hear how your team is tackling hybrid multicloud complexity.
Explore the IDC study to see how Nutanix customers have cut costs and boosted efficiency. Or, discover how Nutanix can simplify and de-risk your migration with a free Test Drive. See firsthand how your workloads run on our platform and plan your move with less complexity and more confidence.
The zero-touch framework is currently available on GitHub, and will migrate to PyPI in the future.
©2025 Nutanix, Inc. All rights reserved. Nutanix, the Nutanix logo and all Nutanix product and service names mentioned are registered trademarks or trademarks of Nutanix, Inc. in the United States and other countries. Nutanix, Inc. is not affiliated with VMware by Broadcom or Broadcom. VMware and the VMware product names recited herein are registered or unregistered trademarks of Broadcom in the United States and/or other countries.