The Nutanix Guest Tools™ (NGT) package comes bundled with the Nutanix AOS™ software, and is a critical component for a number of advanced operations, especially where collaboration with Nutanix capabilities and the guest operating system is key. Features include enabling self-service for the VM’s own users to restore specific files from Prism Central™ snapshots, and changing the guest’s network configuration during disaster recovery failovers. These features have made NGT a critical component for customers to get the best interactions between the guest and infrastructure.
In the last couple of AOS releases, there have been two big changes to how NGT can be installed and how the communication between the VM and the infrastructure works, so let’s walk through these changes together and how you may be able to leverage them.
Improved Communication Method
Historically all communications between NGT in the VM and the CVM have been over SSL from the guest’s VM to the virtual IP of the CVM on port 2074. As connections to the CVM are over the network, this link is secured by SSL and authenticated by client SSL certificates. While this method of connecting between the VM and the CVM is strongly secured, it does still require direct access between the VM and CVM; so in some cases network segmentation or firewalls could prevent this linkage and need security exceptions to ensure continued functionality of NGT.
But now, when you are using AOS 6.6 and the Nutanix AHV® hypervisor, there’s a new, more direct communication method which uses services running on the AHV hosts themselves, avoiding the need for direct network communication from the VM to Prism Element. You can now even enable NGT on VMs that don’t have any network connectivity at all!
This improved communication method does depend on the VM being able to communicate with the AHV host on which it is running, which in turn requires a serial port to be presented to the virtual machine to facilitate this communication. New VMs set up on AOS 6.6 will get this additional hardware added by default, but existing VMs may need a reboot to automatically add the hardware for NGT to use.
Full details on the different communication types, pre-requisites, and how to check which communication type is being used can be found in the Prism Central Infrastructure Guide - but the key points are that with IP-less communication, the VM doesn’t need network access to the CVM, and firewalls or network segmentation can be used to enforce strong separation between the networks.
External Installation of NGT Guest Agent
As part of the drive towards making things simpler for you, we also re-evaluated the installation of NGT within a VM. Nutanix has always provided multiple methods for installing NGT, including a fully-automated solution in Prism Central to allow installation of NGT in batch across large numbers of VMs. This solution does have some requirements around being able to log in to the VM using either WinRM (for Windows) or SSH (for Linux) and while this approach is used by a large number of Nutanix customers, some organisations have policies that make enabling remote access to the VMs using WinRM or SSH difficult. We’ve therefore created a new way to install NGT in AOS 6.7 which can be used to install NGT asynchronously and remove the requirements to set up WinRM or SSH.
Now you can download the latest NGT installer from the Nutanix portal, which enables easy installation through any endpoint management system like Intune, Bigfix, or even a custom system using Ansible to push updates to your VMs. We’ve provided three installers; one for Windows, one for RPM-based distributions and one for DEB-based distributions. Along with providing these, we’ve substantially increased the list of supported guests to include Microsoft Windows® 11 OS, more versions of Ubuntu®, RHEL®, AlmaLinux™ OS, and Rocky Linux™ OS.
As NGT provides advanced functionality, such as self-service file recovery from snapshots, we still require selection and enablement of NGT functionality from Prism Central. This can follow the same flow as the Prism Central-based batch installation, without the requirement to enable WinRM or SSH in the VMs or to provide VM credentials.
More details on how to install NGT can be found in the Prism Central guide and the full list of VM types supported by NGT can be found on the compatibility and interoperability matrix section of the Nutanix portal, with the installers available from the downloads page.
We’ve also got some great things in the future for NGT. At the same time, we’d love to hear from you on what you’d like to see coming up, so please let us know how we can make NGT work better for you!
© 2023 Nutanix, Inc. All rights reserved. Nutanix, the Nutanix logo and all Nutanix product, feature and service names mentioned herein are registered trademarks or trademarks of Nutanix, Inc. in the United States and other countries. Other brand names mentioned herein are for identification purposes only and may be the trademarks of their respective holder(s). This post may contain links to external websites that are not part of Nutanix.com. Nutanix does not control these sites and disclaims all responsibility for the content or accuracy of any external site. Our decision to link to an external site should not be considered an endorsement of any content on such a site. Certain information contained in this post may relate to or be based on studies, publications, surveys and other data obtained from third-party sources and our own internal estimates and research. While we believe these third-party studies, publications, surveys and other data are reliable as of the date of this post, they have not independently verified, and we make no representation as to the adequacy, fairness, accuracy, or completeness of any information obtained from third-party sources.
This post may contain express and implied forward-looking statements, which are not historical facts and are instead based on our current expectations, estimates and beliefs. The accuracy of such statements involves risks and uncertainties and depends upon future events, including those that may be beyond our control, and actual results may differ materially and adversely from those anticipated or implied by such statements. Any forward-looking statements included herein speak only as of the date hereof and, except as required by law, we assume no obligation to update or otherwise revise any of such forward-looking statements to reflect subsequent events or circumstances.