Nasdaq Selects Nutanix AHV with Built-in Virtualization for Rapidly Growing Splunk Environment
Needed higher performance, more agility, and the ability to accelerate storage deployments for Splunk deployment.
- Nutanix Enterprise Cloud Platform on NX-8000 series and Dell XC series systems
- Nutanix AHV
- Nutanix Prism
- Decreased time to provision new storage and computing resources from weeks to hours, increasing speed to market for new services
- Achieved a 2x improvement in query performance time
- Improved index performance by 2x for handling events and 3x in responsiveness (latency)
- Achieved 2-3x improvement in search performance
- Reduced server footprint by 40%
- Obtained 25% lower TCO versus the traditional model
Jake Yang is the senior director of global systems and storage at Nasdaq. He and his team of 35 IT professionals are responsible for managing Nasdaq’s Linux, UNIX, and Windows OS platforms, and all of its storage infrastructure. Nasdaq had been relying on a typical multi-tier server and storage platform, with a large number of Dell servers and several proprietary systems. The environment had been virtualized using a mix of VMware vSphere, Microsoft Hyper-V, and the KVM open source hypervisor. A combination of Fibre Channel and dedicated Ethernet networks was used for all tier-1 and tier-2 storage, with network-attached storage for various other workloads.
“Our IT challenges have always centered on agility, performance, and cost,” reported Yang. “We needed the ability to scale service to our internal customers in a more efficient and faster manner. With our traditional SAN environment, provisioning storage was a multi-step process. There were a lot of background tasks that had to be completed, including carving out LUNs, configuring the storage network fabric, and setting up I/O multipathing.”
Most of the steps were transparent to Nasdaq’s end-user teams—they just knew that it took a very long time for the storage to be provisioned. Deploying a new storage controller into the datacenter was usually a multi-week effort, and that didn’t even include the time it took for Nasdaq’s internal procurement processes.
“Nutanix AHV is one of the most solid infrastructure and virtualization technologies I have seen. It provides all of the performance and backend infrastructure management we need, and it’s very cost effective compared to the other virtualized infrastructure solutions.”
– Jake Yang, Senior Director of Global Systems and Storage, Nasdaq
Outgrowing the Splunk Environment
Nasdaq started using Splunk Enterprise as its central logging standard last year. Yang and his team are now providing the infrastructure that services Splunk to several of Nasdaq’s internal operations and security teams. “Splunk will eventually be replacing our legacy central logging servers,” said Yang. “All of the assets in our datacenter that are capable of producing logs will be ingested into Splunk. The reason for this is two-fold. The first is the ease of management and the ability to take advantage of Splunk’s searching capability and analytics to identify operational issues.
The second and most important factor driving the move to Splunk is its security advantages. Our security team is the biggest user of Splunk. With the ability to correlate information across all of our network systems and application logs, it enables our analysts to quickly take action if they detect any security issues or events.”
Nasdaq started out with a relatively small Splunk deployment, running on commodity hardware and local storage. But when they looked at projected capacity growth and the increasing demand for the Splunk environment from Nasdaq’s internal teams, they knew it was time to virtualize the deployment and upgrade the underlying infrastructure platform.
Looking for a New it Infrastructure
“Our current infrastructure environment wasn’t built for scalability or performance,” noted Yang. “We considered the possibility of just upgrading the traditional server and SAN storage platforms, but we quickly realized that we couldn’t solve our requirements for scale and performance with that approach. After reviewing several of the newer storage options on the market, we felt that a hyperconverged infrastructure would be the choice for our use case.”
In addition to looking at hyperconverged systems, Yang also considered several all-flash options. “The all-flash solution provided high performance, but it was complex and difficult to manage. If we had chosen that system, we would still be supporting traditional storage fabric infrastructure. The all-flash performance may have been good enough for Splunk, but it didn’t provide the simplicity, agility, and scalability that we needed.”
Running a POC on Nutanix
In order to prove Nutanix claims, Nasdaq decided to run a two-month PoC for Nutanix Enterprise Cloud Platform NX-8000 series and Dell XC Series systems. “Our test results we very impressive,” Yang reported. “We were extremely happy with the performance gains we received. All types of queries ran at least twotimes faster on Nutanix versus our traditional systems. From an operational perspective, we really liked the deployment agility—how quickly and easily Nutanix scales. By moving to a Nutanix-based solution, we have improved our service delivery for compute, memory, and storage.”
Three of Nasdaq’s end user teams were asked to provide input on the storage platform decision. “Our IT infrastructure team (which is my team that manages all of our hardware systems and OS), our security team (the biggest user of Splunk, with very high data retention and performance requirements), and our tools team that manages the actual Splunk deployment, all weighed in on the decision,” noted Yang. “There was unanimous agreement among all three groups that Nutanix Enterprise Cloud Platform was the best solution for our needs.”
Virtualizing Splunk on Nutanix
Prior to Nutanix, Nasdaq’s Splunk environment had been running on physical hardware. “We wanted to virtualize Splunk, but our existing technology wasn’t scalable or fast enough,” Yang explained. “We went from a five physical node platform with Splunk, to a three-node PoC on Nutanix. Our new systems are outperforming our previous platform, even with just three nodes. We are now increasing that environment from three to ten nodes of Nutanix, knowing it will far outperform our non-virtual production platform.”
Deploying With the Acropolis Hypervisor
“AHV is one of the main distinguishing factors for Nutanix, when compared to other hyperconverged platforms,” Yang said. “We trust AHV because it is based on the proven KVM hypervisor technology and has been hardened to meet our stringent security needs. Before Nutanix, centrally managing our open source KVM environment was a challenge.”
Yang has been pleased with the management simplicity of the Nutanix hypervisor. “Nutanix systems come pre-installed with AHV and integrated enterprise-class management capabilities—there is no additional software to install and manage. The out-of-the-box experience is fantastic, and AHV has all of the features we need,” Yang said. “It gives us failover capabilities, resource management, and the ability to easily obtain great performance metrics—without all of the expensive licensing for additional software. Nutanix AHV is one of the most solid infrastructure and virtualization technologies I have seen. It provides all of the performance and backend infrastructure management we need, and it’s very cost-effective compared to the other hypervisors.”
A Brighter Future With Hybrid Clouds
Nasdaq’s IT team is now investigating the use of the cloud to augment its backup capabilities. “We need to find a better way to archive our logs,” noted Yang. “Today, we have backups for our central log servers. However, once we completely migrate everything over to Splunk, we will need a new way to back up our data. We do conduct ‘whole space’ backups on a nightly basis, but individual restores are not scalable or fast enough. Nutanix Cloud Connect is one of the options we are considering for that environment, since it will enable us to back up our data to Amazon Web Services, Microsoft Azure, or, in the future, to any other third-party cloud services.”
The Bottom Line: Increased Security and Simplicity
“Nutanix Enterprise Cloud Platform’s effortless scalability has allowed us to expand our Splunk implementation—which ultimately increases our ability to centrally monitor our security posture,” Yang explained. “It enables our security and operation teams to respond faster, with comprehensive visibility into any vulnerabilities or incidents. Moving beyond Splunk, we are now testing our other virtualization workloads and a wide range of upcoming mission-critical projects, including our enterprise logging management, virtual desktops, and interactive applications.”