Nutanix Cloud Infrastructure 7.5: Integrated Security is a Key Part of a Distributed Sovereign Cloud

As organizations increasingly adopt sovereign cloud strategies to meet their data residency, compliance, and operational autonomy requirements, security becomes the cornerstone of trust. With the release of Nutanix Cloud Infrastructure (NCI) 7.5, Nutanix is doubling down on integrated security for customers building distributed sovereign cloud environments. This release introduces powerful enhancements across Platform Security and the Flow Network Security (FNS) solution, ensuring that security is not an afterthought, but a foundational design principle.

Let’s explore how the new features part of NCI 7.5 are helping customers build secure and resilient sovereign cloud environments.

Platform Security

Time synchronization is critical for distributed systems, especially in regulated industries. NCI 7.5 introduces support for Authenticated NTP configuration in AOS clusters.

• Benefits: Protects against spoofing and time-based exploits. Helps customers meet regulatory requirements in sectors like finance, defense, and healthcare.

• How it works: Authenticated NTP can be configured for CVMs using Prism Central cluster profiles, enabling consistent and policy-driven deployment across environments.

This feature enhances the integrity of time-sensitive operations and audit trails, key for sovereign cloud operations.

Customers using vTPM (virtual Trusted Platform Module) in AHV can now integrate with external KMIP-based Key Management Systems (KMS).

• Benefits: vTPM keys can now be managed by third-party KMS solutions, enabling consistent key lifecycle management and helping align with internal security policies.

This enhancement provides flexibility and control for customers with strict encryption and key management requirements.

For customers running workloads on Nutanix Cloud Clusters (NC2) in Azure, NCI 7.5 introduces support for Microsoft Azure Key Vault as a key management option for encrypted AOS clusters.

• Benefits: Deployment flexibility to use the Nutanix Native Key Manager or Azure Key Vault based on security requirements.

This feature supports hybrid and multi-cloud key management strategies, aligning with sovereign cloud principles of customer-controlled encryption.

Prior to NCI 7.5, backing up the Prism Central multi-cluster manager and the Nutanix Key Manager required separate workflows. Now, customers can backup both in a single, unified process.

• Benefits: Simplifies disaster recovery and encryption keys are preserved alongside configuration data.

• Resilience and Recovery: Manages the risk of key loss and optimizing for recovery in the event of a failure.

This enhancement streamlines operations and strengthens the resilience of sovereign cloud deployments.

Flow Network Security (FNS)

The new Flow Container Network Interface (CNI) plugin brings Nutanix Flow to Kubernetes.

• Key capabilities:
  

  • Unified VPC-based networking for VMs and containers in overlays and VLANs.

  • Enables pod-to-VM and cross-VPC communication.

  • Integration with Flow Network Security (FNS) and Nutanix Kubernetes Platform (NKP).

• Benefits:
  

  • Simplified hybrid networking.

  • Consistent policy enforcement across workloads.

  • Swift deployment and reduced operational complexity.

This is a major step forward in enabling secure, hybrid cloud-native applications within sovereign environments.

NCI 7.5 expands Service Insertion with virtual TAP mode for traffic monitoring, allowing service VNFs to receive mirrored traffic out-of-band with redirection from Flow Network Security policies.

• Key use cases:
  

  • Deep packet inspection.

  • Network analytics and monitoring.

  • Threat detection and forensics.

• Security benefit: Enables scalable, non-intrusive traffic visibility without impacting performance or introducing bottlenecks.
  

This feature empowers customers to integrate advanced security analytics from trusted Nutanix Ready partners into their sovereign cloud environments.

Customers can now remove intra-tier rules, allowing inbound and outbound rules to take precedence.

• Why it matters: Reduces rule complexity and improves policy precision.

• Use case: Environments with overlapping security policies for inbound and outbound rules that should not impact intra-tier traffic enforcement.

Customers can now define exception groups to exclude IP addresses within entity definitions.

• How it works: Include a broad range of IPs or subnets, then exclude specific addresses, all within a single rule.

• Benefit: Reduces the number of rules and simplifies policy management.

These enhancements make it easier to define precise, scalable, and maintainable security policies—critical for sovereign cloud governance.

With Flow Network Security 5.3.0, NCI 7.5 enhances cross-site policy replication using the Entity Sync framework for VLAN and VPC subnets.

• Capabilities:
  

  • Supports up to 1000 synced security policies.

  • Enables consistent policy enforcement across Prism Central instances.

  • Supports Cross Cluster Live Migration (CCLM) and Multi-PC Disaster Recovery (DR).

• Security benefit: Designed so there is no compromise in security posture during VM migrations or failovers between clusters.
  

This feature is essential for distributed sovereign cloud environments that span multiple regions or data centers.

Security as a Foundation for Sovereignty

With NCI 7.5, Nutanix is delivering on the promise of integrated, policy-driven security for distributed sovereign cloud environments. From hardened platform access to unified container and VM networking, and from advanced traffic visibility to scalable policy replication, this release empowers customers to build secure and resilient cloud infrastructure.

As distributed sovereign cloud adoption accelerates, Nutanix continues to lead with innovation that puts security, control, and simplicity at the core of the cloud operating model.

For more information on NCI 7.5 and key features, please visit these supporting blogs:

• NCI 7.5 What's New: Foundation for a Distributed Sovereign Cloud
• 7.5 Global Management enhancements
• 7.5 AHV enhancements
• 7.5 Disaster Recovery enhancements
• 7.5 Dark Sites and Sovereignty enhancements
• Nutanix Cloud Clusters on Google Cloud
• Nutanix Government Cloud Clusters (GC2) for AWS GovCloud
• Nutanix Cloud Clusters (NC2) solution on OVHcloud
• Nutanix Cloud Clusters for Azure Additions
• Nutanix Data Services for Kubernetes 2.0 Advancing DR for Kubernetes

 _{©2025 Nutanix, Inc. All rights reserved. Nutanix, the Nutanix logo and all Nutanix product and service names mentioned are registered trademarks or trademarks of Nutanix, Inc. in the United States and other countries. Kubernetes is a registered trademark of The Linux Foundation in the United States and other countries. All other brand names mentioned are for identification purposes only and may be the trademarks of their respective holder(s).}