“Holistic” Security for your Data Center Stack

By Amit Jain
| min

Drones introduce a host of new security concerns that governments aren’t readily prepared for! Remember this visual, whereby the White House perimeter security was breached.

Similarly, the threat landscape in Data Center is evolving rapidly that it is becoming increasingly challenging to maintain IT security. Look at the “Balloon Race” for Data breaches visualization to gauge the extent and nature of some recent attacks! Rise of Hacktivism, State sponsored espionage, Advanced persistent threats (APT), De-perimeterization are some major contributing factors that warrant the change from traditional, isolated approach to IT security.

“IT Security is the immune system in the body of IT”
– Kevin Pietersma, IT Security Architect, Univ. of Toronto

That’s why security is the core component and driver in our vision of making the DC infrastructure simple and invisible. Our robust Acropolis architecture provides built-in security, while at the same time exposing APIs and allowing integration to leverage the broader ecosystem of security partners – a “holistic” approach that can secure your Data Center stack:

Built-in Host Security

This is what sets us apart as security is embedded into the DNA of the Acropolis architecture! The Acropolis software and Acropolis Hypervisor (AHV) is hardened by default, utilizes the principle of least privilege, and delivers a true defense-in-depth model to the customers.

At Nutanix, we follow a comprehensive Security Development Lifecycle (SecDL), which incorporates security into every step of the Nutanix software development process so that the security is built in, not bolted on! Hyperconverged infrastructure from a single vendor, coded with security in mind, is faster and easier to update and patch, significantly reducing zero-day vulnerabilities.

Another unique aspect is our own custom, comprehensive Security Technical Implementation Guide (STIG), written in machine-readable format that allows easy consumption by automated assessment tools and significantly shortens the accreditation process (the DIACAP/DIARMF process was reduced from the typical 9-12 months to less than an hour).

Moreover, we have built the Security Configuration Management Automation and leverage the SaltStack framework so that your production systems can Self-Heal from any deviation and are always in compliance. Features like two factor authentication (2FA) and cluster lockdown further enhance the security posture. The cluster-wide setting can forward all logs to a central host. For more info, refer the Security brief or the Tech Note.

End-point Security

As virtualization is becoming mission-critical for servers and desktops (VDI), more so in private cloud settings, your IT teams must support increasingly large number of end points and protect those from being exposed to any virus or malware.

Our partner solutions, like MOVE from Intel McAfee Security and Deep Security fromTrendMicro preserve performance and consolidation ratios, while providing comprehensive agentless security built specifically to maximize protection. In addition, these solutions provide intrusion prevention and web application security for extra protection against malicious attacks.

Micro-Segmentation / Firewall

Increasingly, the traffic patterns in the cloud-ready data centers have changed from the traditional north-south to a lot more inter-VM, east-west pattern. These internal flows create protection gaps inside your data center as those are not intercepted by the typical perimeter security solutions. Two things matter – visibility and enforcement!

Our alliance partners like vArmour and Illumio create an intelligent fabric that micro-segments every application in the data center by wrapping protection around every workload and as well as deliver fine-grained visibility and control in dynamic cloud environments. These solutions can be installed in minutes on top of Nutanix, and mirror the distributed, scale-out architecture that makes Nutanix unique. Integration with Palo Alto Networks provides you with network security capabilities.


Let’s face it, your data is the life of your business. If it became lost, stolen or compromised, it would directly impact the business.

We provide data at rest encryption using FIPS 140-2 validated self-encrypting drives (2-min video on configuration) to ensure that your sensitive data is protected at its core without impacting performance. Our technology Partners – VormetricSafenetand IBM – offer centralized enterprise key and policy management servers which enable compliance and ensure tracking control. For stronger protection, solutions like Vormetric Transparent Encryption work seamlessly within guest OS instances running on various hypervisors on Nutanix XCP, encrypting data at the file system level, and providing access controls to encrypted data. This helps your IT security teams meet stringent standards like HIPAA, PCI DSS and SOX.

In nutshell, Acropolis architecture offers holistic security and so, together with certifications and compliance, we meet even the most stringent security standards! And that’s why Nutanix infrastructure is selected for delivering IT services to the Pentagon!

[Techy Tidbit: John McAfee, the inventor of “Anti-virus” software, is apparently one of “the most interesting man” and is running for the office of POTUS in the 2016 election. John believes – “Hackers see hacking me as a badge of honor” and so it’s interesting that for his own security he has other people buy his computer equipment for him, uses pseudonyms for setting up computers and logging in, and changes his IP address several times a day]