Blog

Simplifying Hybrid Multicloud Networking with Nutanix

By Dwayne Lessner, Principal Technical Marketing Engineer, Nutanix

March 22, 2023 | min

 

In October 2022, Nutanix launched the Nutanix Cloud Clusters™ (NC2) solution for the Microsoft Azure® cloud. Designed to operate on a new Microsoft BareMetal-as-a-Service (BMaaS), the solution provides customers with a consistent experience for provisioning and managing Nutanix clusters in Azure.

NC2 places the complete Nutanix® hyperconverged infrastructure (HCI) stack directly on the Microsoft BMaaS instance which runs a Nutanix Controller VM (CVM) and the Nutanix AHV® hypervisor just like any on-premises Nutanix deployment, using the Azure Virtual Network (VNet) to connect to the network.

AHV runs an efficient embedded distributed network controller that integrates user VM networking with the Prism Element™ cluster manager. The Prism Central™ multi-cluster manager then works with AHV and NC2 to use the Nutanix Flow Virtual Networking™ solution to create an overlay that provides granular control. Flow Virtual Networking enables connectivity to all Azure services and enables workloads running on the clusters to send and receive north- and south-bound traffic.

The Nutanix AOS™ operating system is designed to withstand hardware failures and software glitches to help ensure that application availability and performance are never compromised. Combining features like native rack awareness with the Azure bare-metal service allows the Nutanix software to operate in a dynamic cloud environment yet still provide the resilience, performance and infrastructure-level features enterprise applications require.

NC2 on Azure gives on-premises workloads a home in the cloud, offering native access to available clouds, without requiring you to reconfigure your software. Your applications can get the same all-flash performance they have on-premises when they move to the cloud without having to change anything in the application for the cloud.

Flow Virtual Networking

NC2 uses Flow Virtual Networking in Azure to create a virtual network that simplifies administration and reduces networking constraints across cloud and on-premises. Flow Virtual Networking reduces cloud constraints by providing an abstraction layer and allows the network substrate (and its associated features and functionalities) to be consistent with the customer’s on-premises Nutanix deployments. You can create new virtual networks (called virtual private clouds or VPCs) in Nutanix with subnets in any address range, including those from the RFC1918 (private) address space, and define DHCP, Network Address Translation (NAT), routing, and security policies from the familiar Nutanix Prism Central interface.

The simplicity provided by Flow Virtual Networking can be seen in the way it allows you to handle subnets. Subnet delegation enables you to designate a specific subnet for an Azure Platform as a Service (PaaS) that you need to inject into your virtual network. NC2 needs a management subnet delegated to the Microsoft BareMetal as a Service in order to deploy Nutanix clusters, and every subnet used for user native VM networking also needs to be delegated to the same service. Because Azure VNets can have only one delegated subnet, networking configuration can quickly get out of hand with multiple VNets peered among each other to allow communication.

By allowing organizations to create over 500 subnets while only consuming a single Azure VNet, Flow Virtual Networking simplifies the solution considerably by reducing the number of VNets required to allow NC2 and Azure workloads to communicate.

Azure Network Design

Figure 5 Azure Network Design

Flow Virtual Networking Gateway

Prism Central provides the control plane for Flow Virtual Networking. The subnet for Prism Central is delegated to the Microsoft BareMetal/Azure Hosted Service so that you can use native Azure networking to distribute IP addresses for Prism Central. 

Once you deploy Prism Central, the Flow Virtual Networking gateway deploys into the same subnet Prism Central is using. The Flow Virtual Networking gateway allows the user VMs using the VPCs to communicate with native Azure services and have parity with native Azure VMs for elements such as:

  • User-defined routes: You can create custom or user-defined (static) routes in Azure to override Azure’s default system routes or to add additional routes to a subnet’s route table. In Azure, you create a route table, then associate the route table to zero or more virtual network subnets.
  • Load balancer deployment: You can balance services offered by user VMs with the Azure-native load balancer.
  • Network security groups: You can write stateful firewall policies.

The Flow Virtual Networking gateway VM controls VM traffic going north and south from the cluster. During deployment you can pick different sizes for the Flow Virtual Networking gateway VM based on how much bandwidth you need. The Flow Gateway VM is engineered to facilitate high availability. In the event out outage, the NC2 portal will simplify deploy another VM without human involvement. 

CVM replication between other CVMs and on-premises clusters doesn’t go through the Flow Virtual Networking gateway VM so you don’t have to size for that traffic.

User VMs that want to communicate with AHV, CVM, Prism Central, and Azure resources go through the external network card on the Flow Virtual Networking gateway VM, and NAT uses a native Azure address to ensure routing to all resources. User-defined routes in Azure also allow communication directly with Azure resources if you don’t want to use NAT. This method allows fresh installs to communicate with Azure right away and gives customers options for more advanced configurations.

Flow Virtual Networking and the networking automation Microsoft provided by securing the physical (underlay network) enables customers to deploy on-demand either into new or existing accounts. This solution flexibility allows for a variety of use cases while conforming to a customer’s current enterprise standards. 

Both Nutanix and Microsoft are only just getting started with NC2 on Azure. Be sure to check out the Nutanix TechBytes channel on Nutanix University for videos relating to this new service. These will include deployment and migration videos using the Nutanix Move™ tool to lift-and-shift workloads between non-Nutanix and Microsoft Azure-based environments.

© 2022 Nutanix, Inc. All rights reserved. Nutanix, the Nutanix logo and all Nutanix product, feature and service names mentioned herein are registered trademarks or trademarks of Nutanix, Inc. in the United States and other countries. Other brand names mentioned herein are for identification purposes only and may be the trademarks of their respective holder(s). This post may contain links to external websites that are not part of Nutanix.com. Nutanix does not control these sites and disclaims all responsibility for the content or accuracy of any external site. Our decision to link to an external site should not be considered an endorsement of any content on such a site. Certain information contained in this post may relate to or be based on studies, publications, surveys and other data obtained from third-party sources and our own internal estimates and research. While we believe these third-party studies, publications, surveys and other data are reliable as of the date of this post, they have not independently verified, and we make no representation as to the adequacy, fairness, accuracy, or completeness of any information obtained from third-party sources.

This post may contain express and implied forward-looking statements, which are not historical facts and are instead based on our current expectations, estimates and beliefs. The accuracy of such statements involves risks and uncertainties and depends upon future events, including those that may be beyond our control, and actual results may differ materially and adversely from those anticipated or implied by such statements. Any forward-looking statements included herein speak only as of the date hereof and, except as required by law, we assume no obligation to update or otherwise revise any of such forward-looking statements to reflect subsequent events or circumstances.