Why Government Cloud Clusters Matter: Complete Control Without Compromise

Government Cloud Clusters for Highly Regulated Industries

Today we are announcing Nutanix Government Cloud Clusters (GC2) for AWS GovCloud. Similar to Nutanix Cloud Clusters (NC2), GC2 is a Nutanix stack in the AWS GovCloud region that places control of all orchestration intelligence inside your AWS environment. Unlike NC2, GC2 does not have a SaaS control plane eliminating the need to share AWS credentials or maintain connectivity to SaaS endpoints. You will retain complete ownership of your credentials, avoid external dependencies, and operate your Nutanix clusters entirely within your own AWS VPC.

Architecture That Respects Security Boundaries

In the standard Nutanix Cloud Clusters (NC2) commercial model, customers provide AWS credentials directly to the NC2 console, which provisions infrastructure and deploys agents to the Nutanix Controller VMs that synchronize through outbound internet connectivity. Three agents work together: the host agent gathers telemetry on hardware health and performance, the clusters agent acts as a conduit for orchestration intents from the NC2 console, and the infrastructure gateway translates those intents into AWS API calls to provision AWS EC2 instances, configure networking, and manage cluster scaling.

Government agencies and defense contractors can't permit infrastructure credentials to leave controlled environments or allow continuous telemetry streams to external commercial platforms. The new infrastructure manager service assumes the role previously held by the NC2 console as the intent generator, while the infrastructure gateway continues as the execution engine. By colocating both services in your private environment, GC2 preserves all operational capabilities of NC2 while delivering a secure, autonomous experience designed for highly regulated industries.

The infrastructure manager uses a leader-based design to manage leadership across CVMs and to provide high availability and fault tolerance. Every CVM runs an infrastructure manager instance, but only one node (i.e., the leader node) actively processes user inputs and generates intents at any given time. If the leader node fails, the remaining nodes automatically elect a new leader and resume operations without manual intervention, guaranteeing continuous cluster management capabilities even during node failures.

Secure Deployment

Government Cloud Clusters (GC2) deploys seamlessly on Amazon Web Services (AWS) using CloudFormation templates that accommodate your existing network infrastructure. The following components are needed for deployment:

• Virtual private cloud (VPC) with Domain Name System (DNS) support.
• A private subnet for your cluster nodes.
• A private subnet for Prism Central.
• Access to S3.

The deployment consists of two parts with the first part being the installation. The installation involves setting up the artifacts needed to create the cluster. Customers will download a tarball from Nutanix.com that contains all of the needed components (AHV, AOS, AMIs, PC, RPMs) and place it in an S3 bucket. Customers will then run an installer CloudFormation template which extracts all of the files and converts them to the right format. The second part will create the cluster by running additional CloudFormation templates based on the needs of the customer. The deployment process will create AWS security groups to control access to the cluster and VPC endpoints for Elastic Compute Cloud (EC2) and Simple Storage Service (S3) services to maintain private connectivity.

The CloudFormation template deploys bare-metal EC2 instances that form your cluster and sets up critical AWS infrastructure, including security groups, IAM roles with appropriately scoped permissions, and launch templates for consistent instance configuration.

GC2 also inherits the security benefits of the Nutanix platform by leveraging the Security Configuration Management Automation (SCMA) framework to continuously inspect services for deviations from established security policies. For both Nutanix storage and AHV, Nutanix uses SCMA to check multiple security entities, including those defined in relevant STIGs (Security Technical Implementation Guides). The system automatically reports log inconsistencies and reverts them to the baseline. You can read more about SCMA here.

Operational Control That Scales

The infrastructure manager service gives you control over your cluster's lifecycle through CLI commands that handle expansion, contraction, and node maintenance. The service is crash-tolerant and resilient to node failures, automatically recovering from interruptions and continuing orchestration workflows autonomously in your environment.

Adding capacity is straightforward with the add-node command, where you specify the number of nodes to add and optionally choose a specific instance type to match workload requirements. When you need to reduce capacity, use the remove-node command to scale in by specifying either the number of nodes to remove or targeting specific node UUIDs for precise control. If you don't specify which nodes to remove, the infrastructure manager applies intelligent heuristics to make a safe selection automatically. 

Come learn more at the Nutanix booth #1761 at AWS re:invent to learn more, December 1-5, 2025 in Las Vegas, NV. GC2 is currently in EA and is set to release in December 2025. 

In addition, learn more on our Nutanix Government Cloud Clusters webpage at www.nutanix.com/products/government-cloud-clusters