nutanix

Acropolis Security

Defense in depth through a security-first approach

The Nutanix Enterprise Cloud Platform combines powerful features, including two-factor authentication and data at rest encryption, with a Security Development Lifecycle (SecDL) that is integrated into product development. Our custom security baseline exceeds the requirements of the U.S. Department of Defense.

Certifications

The Nutanix platform is certified across a broad set of certification and evaluation programs. It complies with the strictest international standards, including the SP800-53 guidelines, to assure governments worldwide that Nutanix products perform as expected and work with their existing technology.

AHV: A Virtualization Solution for the Enterprise Cloud

Hypervisor software licensing can be a significant portion of the IT infrastructure spend. Are you getting value from that spend? Nutanix AHV is an enterprise-ready hypervisor included at no additional cost with every Nutanix node.

Download White Paper

Platform

Nutanix uses a unique Security Development Lifecycle (SecDL) to incorporate security into every step of the software development process, from design and development to testing and hardening. The Nutanix solution is certified across a broad set of evaluation programs for government, financial services and healthcare to ensure compliance.

Security Development Lifecycle

SecDL Integration

Security is incorporated into every step of the product development lifecycle and covers the entire hyperconverged infrastructure stack, including storage, virtualization, and management.

Fully Automated Testing

SecDL testing is fully automated during development and all security-related code modifications are timed during minor releases to minimize risk.

Threat Modeling

Threat modeling is used to assess and mitigate customer risk from code changes.

System Level Security

Two-Factor Authentication

If implemented, logins require a combination of a client certificate and username/password. Administrators can use local accounts built into the Nutanix UI, or use Active Directory.

Cluster Lockdown

Administrators can restrict access to a Nutanix cluster in security-conscious environments, disabling interactive shell logins automatically and leveraging non-repudiated SSH keys.

Data at Rest Encryption (Hardware)

Nutanix encrypts user and application data to a level of FIPS 140-2 Level 2 compliance through factory-installed self-encrypting drives (SED), and meets HIPAA, PCI DSS and SOX standards.

Data at Rest Encryption (Software)

Nutanix encrypts user and application data to a level of FIPS 140-2 Level 2 compliance through the use of standard drives and software based encyrption, and meets HIPAA, PCI DSS and SOX standards.

Key Management

A key management server is used to authenticate Nutanix nodes for system-level security. The SEDs generate new encryption keys, which are uploaded to the key management server.

Power Failure Safeguards

In the event of a power cycle or host reboot, Nutanix software retrieves the keys from the key management server and uses them to unlock the drives.

Key Administration

Instantly reprogram security keys to meet site-specific policies, or use Crypto Erase to instantly erase all data on the drive while generating a new symmetric encryption key.

Industry Compatibility

Rather than storing keys on the nodes themselves, Nutanix software interfaces with third-party key management servers using the industry-standard Key Management Interface Protocol (KMIP).

Automation

Powerful automation and self-healing security models help maintain continuous security in enterprise cloud environments with efficiency and ease. Nutanix developed our own Security Technical Implementation Guide (STIG) to speed up the accreditation process for the Department of Defense Information Assurance Certification and Accreditation Process (DIACAP) and the Department of Defense Information Assurance Risk Management Framework (DIARMF).

Custom Security Technical Implementation Guide (STIG)

Custom STIGs enable secure installation and maintenance of Nutanix systems, and reduce accreditation time from months to minutes.

Fast Baseline Checks and Validation

The Nutanix STIGs are written in XCCDF format and support the SCAP standard for compatibility with automated assessment tools like HBSS, cutting down accreditation time.

Automatic Configuration Management

Security configuration management automation (SCMA) efficiently checks over 800 security entities in the Nutanix STIGs that cover both storage and built-in virtualization.

Self-Healing

Nutanix leverages SaltStack and SCMA to self-heal any deviation from the security baseline configuration of the OS and hypervisor to remain in compliance.

Ecosystem Support

In addition to built-in security, the highly extensible Nutanix Acropolis architecture exposes APIs that allow integration with a broad ecosystem of security partners. Verified joint solutions provide flexibility at every layer, including network, data, and end-point security, and deliver a committed support experience.

Network Security

Nutanix works with ecosystem partners to provide monitoring of inter-VM, east-west traffic patterns that typical north-south solutions do not capture. These internal flows create protection gaps inside the datacenter, since they are not intercepted by typical perimeter security solutions.

End-Point Security

Support an increasingly large number of virtual end points in the enterprise cloud, and protect them from being exposed to any virus or malware. Nutanix partner solutions:

  • Preserve performance and consolidation ratios
  • Provide comprehensive agentless security built specifically to maximize protection
  • Provide intrusion prevention and web application security for extra protection against malicious attacks

Data Security

Nutanix works with third-party KMIP-compatible enterprise key and policy management servers that enable consistent policy implementation and ensure compliance. Centralized key management makes it easier for administrators to account for encryption keys from Nutanix SEDs and disparate encryption solutions, and to generate detailed records for auditors and regulators.

Resources

See for Yourself

Get hands on with the hyperconverged infrastructure that powers the world’s most advanced datacenters. Sign up for a free test drive to gain immediate access to Nutanix in the cloud.

Learn More