William Beckett

Nutanix AOS 5.6

A little over a month ago, Nutanix released a new version of its Acropolis Operating System (AOS) bringing the latest version to 5.6.

I thought I would wait until the dust had settled on this release a bit before I jumped into writing about it. I feel like a month is a good amount of time to let things settle down so let's jump on in to this release and see what's new!

Note: AOS 5.6 is a Short Term Supported (STS) Release that will be maintained till July 2018 and supported until Oct 2018. Before upgrading to this release, please refer to KB#5505 for an explanation, and how it differs from a Long Term Supported (LTS) Release.

AOS 5.6 brings a whole swag of new features that are sure to get people excited.
The most important features from my point of view are:

  • Microsegmentation - This feature is now part of Nutanix Flow (more on FLOW in another post). Prism Central now enables you to be able to create security policies which are then bound to categories. These policies will protect all traffic to and from a VM through a native stateful VM firewall which runs inside each AHV host. Security policies include the category of the VMs that are being protected, a traffic whitelist for inbound traffic (as well as a separate one for outbound traffic), and the protocol and prots that can be used in the inbound and outbound directions. This category driven approach is different to the traditional way of Microsegmentation and allows you to focus on the Applications you are trying to protect and not so much on the VM itself or the underlying network infrastructure.

    Another feature of Microsegmentation is the ablity to block communication between categories of VMs by configuring an isolation policy. Think of this as a type of quarantine where you can isolate a VM that might be subject to an attack, examine the VM for any issues, and then release it from quarantine once it has been given the all clear.

    Microsegmentation is supported only on AHV clusters running AOS 5.6 or later and AHV version 20170830.115 or later.

  • Load Balancing vDisks in a Volume Group - vDisks belonging to a Volume Group are distributed across the Controller VMs (CVMs) in a cluster which will spread the IO load across multiple CVMs. This will allow IO-intensive VMs to utilise the compute resources of multiple CVMs which will help to prevent bottlencks and improve performance.

  • Scale Out Prism Central - In the past, Prism Central was limited to a single VM. It is now possible to expand a Prism Central instance to three VMs to increase the capacity and resiliency of Prism Central. This feature is supported on AHV & ESXi cluster only.

Other additional improvements that were included in AOS 5.6:

  • RHEL 7 STIG alignment within the Controller Virtual Machine (CVM)
  • Nutanix API v3
  • SNMP Trap for Resolved Alerts
  • Single Nutanix Node now supports up to 80 TB storage using 10×8 TB disks
  • Categories Support in Prism Central
  • Managing Prism Central VMs
  • Guest VM-initiated Power Operations
  • Deprecation of TLS 1.1, TLS 1.0, SSLv3 and any non-Ephemeral Cipher Suites
  • Erasure-Coding (EC-X) in-place overwrite
  • Two-node Clusters

AOS 5.6 was quite a large release with a heap of improvements. Now that the dust has settled it might be a good time to give is a spin. Please note that if you do not require any of the above new features then the recommendation is that you stay on Long Term Releases as the Short Term Releases have a very small support window.