Acropolis / AOS / Network / Nutanix / Prism Central

Security policies in Nutanix Flow

May 31, 2018
Shares

Nutanix Flow is Nutanix’s  Software Defined Networking (SDN) product filling a gap in its portfolio. One of the features is Microsegmentation based on flexible security rules. Read myblog post Enable Nutanix Flow  to learn more about the product.

Nutanix Flow policy – Isolation

Isolation policies (as policy names state itself) restrict two defined groups of VMs from communicating with each other.

Use case

  1. Isolate DEV environment from TEST or TEST from Pre-PROD or Pre-PROD from PROD.
  2. VDI deployments where you can separate different VDI pools by isolation policy.

On below example VMs from #CATEGORY01 are isolated from 3CATEGORY02 VMs. However, VM’s from #CATEGORY03 can communicate to VM’s from other categories without any restryctions.

Security policies – Isolation

Nutanix Flow policy – Application

Application security policy is defining inbound traffic sources and outbound destinations for single or multi-tiered application. Using application policy we can define what are outbound and inbound traffic ports that application can use to communicate between its components.

On below example:

  • Applications from #APP_DB and #APP_WEB can communicate to #APP_AD application over only Active Directory ports
  • Application #APP_WEB can communicate to #APP_DB over 1521 port only
  • Application #APP_WEB can communicate out to internet

Application fencing

Use case.

  • Multi tier applications:
    • database server
    • application server
    • webserver
  • communication between applications from different security zones

Nutanix Flow policy – Quarantine

Quarantine policy is a programmatic or manual restriction of network connections applicable to single VM or multiple applications.

Use case

  • Infected (by virus or malware) VDI desktop or desktop pool

In below example, on VM08 was applied qarantine policy to cut VM off the network. Virtual Machine keeps running (without any network connectivity) and it is available for inspection (via Remote console from Prism)

Quarantine Policy

Policy evaluation order

Incoming traffic is inspected in below order:

  • Quarantine – the most strict rule
  • Isolation
  • Application

The order showed on the picture below give administrator flexibility where rules can be used together like application, isolation, and quarantine.

Source: Nutanix: Nutanix Flow – policy evaluation order

 

0 0 votes
Article Rating

Related posts:

  1. How to create and apply security policy in Nutanix Flow – part 1
  2. How to create and apply security policy in Nutanix Flow – part 2
  3. Enable Nutanix Flow
  4. How to create and apply security policy in Nutanix Flow – part 3

Tags:

Artur Krzywdzinski

Artur is Consulting Architect at Nutanix. He has been using, designing and deploying VMware based solutions since 2005 and Microsoft since 2012. He specialize in designing and implementing private and hybrid cloud solution based on VMware and Microsoft software stacks, datacenter migrations and transformation, disaster avoidance. Artur holds VMware Certified Design Expert certification (VCDX #077).

You may also like...

Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments

Get diagrams for Free

0
Would love your thoughts, please comment.x
()
x

FOR FREE. Download Nutanix port diagrams

Join our mailing list to receive an email with instructions on how to download 19 port diagrams in MS Visio format.

NOTE: if you do not get an email within 1h, check your SPAM filters

You have Successfully Subscribed!

Pin It on Pinterest