Nutanix Network Microsegmentation Demo
This quick video shows how the Nutanix Microsegmentation feature can be used to secure an application. The application used in this demo is a standard “LEMP” stack i.e. Linux, Nginx, MySQL and PHP. Each application is broken into a tier, plus one additional tier for the Windows clients whose access we are controlling.
The complexity of creating and managing smaller (VM to VM) zones or enclaves of security has long be the reason for not implementing granular VM or application level network security. With the microsegmentation feature Nutanix not only allows policy and enforcement around very granular network communication policy, we introduce the concept of categories which greatly simplifies the policy definition and ongoing management. Network policies are not restricted to only using network endpoint identifiers, like IP address. Policy writers need only define the policy containers (e.g. production, dev/test, DMZ) and set rules around the allowed or denied communication between those containers. VMs are easily added and removed from those categories and will automatically inherit the correct policy. To further simplify the policy generation task, comprehensive visualization is provided so that even applications where the “correct” communication is unknown can be observed to ensure correct rule creation. Micro-segmentation is included in AOS 5.5 as a technology preview so that all customers can try the feature and provide feedback.