Blog

Nutanix Flow Network Security Next-Generation is Now Available

The next generation of Flow Network Security microsegmentation is now available, evolving with a new architecture to scale, secure, and unify the security posture of all your workloads.

By Mike Barmonde, Nutanix Senior Product Marketing Manager, Network and Security

September 28, 2023 | min

Announced at .NEXT 2023, and available now, the Nutanix Flow Network Security™ (FNS) microsegmentation product line has released a next-generation architecture. The new Flow Network Security Next-Gen™ (FNS NG) product introduces an array of new capabilities critical for secure policy management and enterprise readiness, making microsegmentation even more seamless on the Nutanix Cloud Platform™ (NCP) infrastructure solution.

FNS NG is Next-Generation at Its Core

Backed by the latest  AOS™ 6.7 and Prism Central™ 2023.3 releases, FNS NG is anchored by the new Prism Central based network controller to support VLAN-backed (virtual local area networks)  networks or virtual private clouds (VPCs). Providing both network types will give customers a choice on how to leverage FNS NG in their unique environments, and will allow IT teams letting them use the network that best suits their purpose, securely. This version of FNS NG will support VLAN-backed networks. 

For customers wanting to use FNS NG, a cluster with AOS 6.7 and Prism Central 2023.3 is required. Current FNS customers on previous AOS and Prism Central versions should contact their Nutanix account team for information on upgrade options. 

Flow Network Security and Flow Network Security Next-Gen will have the same software release version, 4.0.X, leveraging a dual-stack approach for VLANs. Next Gen features will be available only when enabling the network controller and migrating to Flow Network Security Next-Gen, otherwise your current Flow Network Security installation will operate as before.

The Nutanix Cloud Platform includes solutions for basic microsegmentation policies, next-generation, and a dashboard for planning

The Nutanix Cloud Platform includes solutions for basic microsegmentation policies, next-generation, and a dashboard for planning.

Now, let’s dive into some features and benefits that Flow Network Security Next-Gen will bring to you.

Microsegmentation-at-Scale for All Workloads

VLAN-backed subnets on the Prism Central network controller

VLAN-backed networks are the most commonly used network type for Nutanix customers. FNS NG makes the most of this by providing support starting with network controller-enabled VLANs. As FNS NG evolves, you’ll have access to the same set of security features in VLAN or VPC-backed networks, creating scale across your workloads. 

FNS NG is anchored by the Prism Central network controller built to handle both VLAN and VPC backed networks.

FNS NG is anchored by the Prism Central network controller built to handle both VLAN and VPC backed networks.

Deliver Enhanced Security Postures and Policies 

A new policy model built to streamline operations

Flow Network Security Next-Gen (FNS NG) introduces an overall improved policy mode to ‘bring-your-own-category’ (BYOC) and assigns multiple security policies to a single VM (virtual machine). FNS NG uses a multi-cardinality approach toward implicit prioritization and evaluation of policies that are easier to understand and rank. This new approach creates an easy-to-read framework, making implementing microsegmentation easier than ever by ensuring the same security posture follows a workload anywhere. With FNS NG, you're free to assign any category (BYOC) you choose and don't have to use AppType or AppTier.

FNS NG  includes a ‘many-to-one’ policy model allowing VMs to be part of multiple security policies making security operations more seamless.

FNS NG  includes a ‘many-to-one’ policy model allowing VMs to be part of multiple security policies making security operations more seamless.

But that’s not all.

New, advanced policy life-cycle operations

Policy life cycles are now a snap including the abilities to draft, version, or clone, at will. We have further improved the lists and views to help you better understand your policies. This includes advanced filters, toggle views, enhanced searching capabilities, and an entity-focused visualization experience. Overall, the deployed policies are now more understandable and accountable, facilitating faster auditing, planning, and incident response for more effective security operations.

FNS NG’s advanced policy operations helps manage the life-cycle of a policy to enforce, clone, save, and monitor.

FNS NG’s advanced policy operations helps manage the life-cycle of a policy to enforce, clone, save, and monitor. 

Expanding Enterprise Security Readiness 

Deploy new role-based access controls

As Nutanix administrators go deeper in managing security and networking on NCP, the need to plan for microsegmentation projects or distribute roles relating to governing the environment must be available. FNS NG introduces new role-based access controls helping administrators provide viewing roles for Nutanix users. Helpdesk, security operations teams, and networking groups can quickly view FNS NG policies for auditing and alignment.

FNS NG introduces coarse grained role-based access controls for admin and viewer-only user types helping increase security operation awareness.

FNS NG introduces coarse grained role-based access controls for admin and viewer-only user types helping increase security operation awareness.

Unify Security and Networking Operations with FNS NG

Powerful AI and Planning for FNS NG with Security Central

Security Operations is a critical component of modern cybersecurity. The Nutanix Security Central™ solution provides SecOps insight for your applications and workloads on Nutanix Cloud Platform with deep integration into FNS NG. SaaS-based and built on AI, Security Central helps plan for an FNS NG implementation by recommending policies and grouping applications. Starting day one, Security Central will support the monitoring and planning of FNS NG, and for customers wanting to get started with Security Central, you can start your free, cloud service-based trial today

What’s Next?

Flow Network Security Next-Gen is a huge leap forward in helping further solidify your approach to strong defense-in-depth and a zero-trust mindset. From dynamic policies to scaling across your enterprise, building a strong cyber resilient strategy against advanced persistent threats becomes easier than ever with Nutanix. Get started today!

© 2023 Nutanix, Inc. All rights reserved. Nutanix, the Nutanix logo and all Nutanix product, feature and service names mentioned herein are registered trademarks or trademarks of Nutanix, Inc. in the United States and other countries. Other brand names mentioned herein are for identification purposes only and may be the trademarks of their respective holder(s). This post may contain links to external websites that are not part of Nutanix.com. Nutanix does not control these sites and disclaims all responsibility for the content or accuracy of any external site. Our decision to link to an external site should not be considered an endorsement of any content on such a site. Certain information contained in this post may relate to or be based on studies, publications, surveys and other data obtained from third-party sources and our own internal estimates and research. While we believe these third-party studies, publications, surveys and other data are reliable as of the date of this post, they have not independently verified, and we make no representation as to the adequacy, fairness, accuracy, or completeness of any information obtained from third-party sources.

This post may contain express and implied forward-looking statements, which are not historical facts and are instead based on our current expectations, estimates and beliefs. The accuracy of such statements involves risks and uncertainties and depends upon future events, including those that may be beyond our control, and actual results may differ materially and adversely from those anticipated or implied by such statements. Any forward-looking statements included herein speak only as of the date hereof and, except as required by law, we assume no obligation to update or otherwise revise any of such forward-looking statements to reflect subsequent events or circumstances