Nutanix STIGs are based on common National Institute of Standards and Technology (NIST) standards that can be applied to multiple baseline requirements, e.g., for the DoD and PCI-DSS. Nutanix DISA STIG Compliance for RHEL 7 and Nutanix AHV document provides a complete set of RHEL 7 STIG rules configured on NTNX CVM as published by…
Default AHV Network Configuration After Foundation is complete, by default: CVM attached to bridge br0 and virbr0 All physical NICs inside bond br0-up Active/Backup bond mode More information about Bond Options can be found here. Best Practice Configuration Single OVS bridge – br0 1 Gbps ports removed from br0 Default bond mode (Active/Backup) manage_ovs —bridge_name…
Default untagged VLAN for CVM and AHV host The setup shown here well for situations where the switch administrator can set the CVM and AHV VLAN to untagged. Tagged VLAN for CVM and AHV host If you do not want to send untagged traffic to the AHV host and CVM, or if security policy doesn’t…
3-Tier Network Architecture Core layer Considered the backbone of networks Largest, fastest, yet also most expensive routers Used to merge geographically separated networks Purpose: Move data across network at highest possible speed Aggregation (aka Distribution) layer Located between access and core layers Purpose: provide boundary definition by implementing access lists (filters) Defines policy for the…
Open vSwitch (OVS) Open vSwitch, or OVS, in short is an open source software switch. It is installed and run in the Linux kernel. It mimics a Layer 2 switch. In other words, it learns MAC addresses and maintains a MAC address table. It makes forwarding decisions based on these MAC addresses. It has virtual…
The network visualization page in Prism makes use of SNMP and LLDP to find info about the connected top of rack switch. SNMP is used to get switch information like the name, ports, and port statistics. LLDP is used by the AHV hosts to find out which Nutanix node is plugged into which switch port….
After completing the NCP, the NCAP was the next goal on my list. I began to prepare for this in a similar fashion to how I did with the NCP. The first step was of course, to download the Exam Blueprint. As with the NCP guide, a big credit again goes to Steven Poitras, and…
Windows VM Migration Prerequisites On the source hypervisor, power off all the VMs that you want to migrate. Ensure that the source VMs do not have any hypervisor snapshots associated with them. (Optional) Clone any VMs that you want to preserve. (Optional) Create a storage container on the AHV cluster. (For ESXi source environments) Windows…