Bridging Network and Security across Hybrid Multicloud by Integrating Cisco ACI VMM with Nutanix AHV Hypervisor

We are proud to collaborate with Cisco Systems, Inc. to deliver one cloud-ready platform that extends the broad benefits of Cisco Application Centric Infrastructure (ACI) to the Nutanix AHV hypervisor. Together, we deliver dramatic improvements in control, security, scalability, and ease of management to the integration point between networking and the hypervisor.

Cisco ACI Virtual Machine Manager (VMM) integration for the Nutanix AHV hypervisor enables greater visibility of virtualization workloads for network administrators – without sacrificing control or the server team’s ability to work quickly when responding to changing business needs.

Deconstructing the Silo: Cisco ACI and Nutanix AHV Hypervisor Integration

The Nutanix AHV hypervisor works with Cisco ACI to tear down networking and virtualization silos with a cohesive solution that works at the point of integration to deliver:

1. Two-way visibility that benefits networking and virtualization teams.
2. The ability for networking to retain full control over provisioning and configuration.
3. Overlapping protections for true defense-in-depth security.

This integration gives the network team a streamlined process that pushes changes to the server team with minimal friction. Nutanix AHV works with the Cisco Application Policy Interface Controller (APIC) to provide virtual and physical network automation and VM endpoint visibility within Cisco ACI.

How it Works

Cisco ACI provides a single source of truth for networks while allowing administrators to configure virtual switches and subnets for Nutanix clusters. This approach preserves the line of demarcation between network/security administrators and server/infrastructure administrators. All virtualization networks are created solely within ACI as follows:

1. Cisco ACI administrators create policy changes as normal in the ACI APIC.
2. New policies and ACI Endpoint Groups (EPGs) mapped to virtual networks automatically trigger new network creation on the AHV hypervisor and the creation of VLAN networks (subnets) in the Prism Central (PC) environment.

Changes are subsequently pushed into the Nutanix Prism management platform – our unified multicloud management solution – and then the  AHV virtual switch to maintain synchronicity with ACI’s state.

This integration can readily work with multiple Nutanix clusters. Each Nutanix AHV cluster requires an ACI VMM domain, but a given Prism Central instance can show across multiple VMM domains. ACI supports up to 10 VMM domains per fabric and EPGs can be associated with multiple VMM domains. For example, the same ACI fabric might support one Prism Central (A in the graphic below) with three Prism Element Clusters, X,Y and Z.

For a detailed look at integration architecture and associated terminology, please see the Cisco ACI and Nutanix AHV Integration guide here.

Transparency with Control

Cisco ACI VMM integration for Nutanix AHV promotes transparency without risking the security of role-based access or the efficiency afforded by ACI automation features. Network administrators can see which applications and VMs are running on which networks within Cisco ACI – including hosts, switches, subnets, and security policies – while maintaining  control over network provisioning.

This approach streamlines the interaction between virtualization and networking, effectively replacing static spreadsheets and service tickets with real-time visibility via a simple drop-down list of available networks for virtualization. Server teams can see new networks as they are created, making it easier to choose the right network for new app deployments and simplifying troubleshooting.

The combination of simpler deployments and greater visibility serves the needs of both teams, enabling greater responsiveness to business mandates while making it easy to report on the overall status and performance of the virtualization infrastructure. Integrated statistics displayed directly within APIC include:

• VM NIC stats (transmit packets and bytes, received packets and bytes)
• Host NIC stats (transmit packets and bytes, received packets and bytes)
• Host stats (CPU and memory usage)
• VM stats (CPU and memory usage)

Overlapping Defenses for Added Security

Nutanix AHV offers integrated Nutanix Flow Virtual Networking capabilities and Nutanix Flow Network Security microsegmentation for an added layer of protection in concert with Cisco ACI.

Most organizations are likely to approach network security as a function that exists mainly at the ACI layer, and contracts are a great place to enforce security between EPGs. Nutanix Flow Network Security offers the flexibility to enforce security within applications inside the same EPG without sacrificing the network team’s overall control.

Cisco ACI users can create EPGs and contracts, while ACI-Nutanix integration makes it easy for administrators to push the relevant policy subsets for intra-EPG isolation into Nutanix. ACI can map Attachable Entity Profiles (AEPs) and EPGs to corresponding Nutanix Flow Network Security AppType and AppTier categories.

Learn More About How Cisco-Nutanix Integrations Are Solving Complex Technology Management Challenges

Recent changes and uncertainty in the marketplace have only heightened the importance of the Cisco ACI VMM integration for Nutanix AHV. Customers looking for virtualization alternatives already rely on tight integration between the virtualization and network layers.

The Cisco ACI VMM integration with Nutanix AHV gives network and virtualization teams confidence that alternatives exist to satisfy the automation, visibility and security features they rely on.

 You can learn more about the Cisco ACI and Nutanix AHV integration in this video overview.

Cisco ACI + Nutanix AHV is just one example of the many integrations Nutanix is pursuing with Cisco. For more, take a look at the integration between Nutanix Prism Central and Cisco Intersight for foundation and Intersight Standalone Mode—and the Cisco-Validated Design reference architecture for virtualization and AI with Nutanix and Cisco, available later in May.

Next Up:

• If you’re in Barcelona next week, catch up with us at .NEXT
• If you happen to be in Las Vegas in June, catch us at Cisco Live from the 2nd to the 5th.

_{©2024 Nutanix, Inc. All rights reserved. Nutanix, the Nutanix logo and all Nutanix product and service names mentioned herein are registered trademarks or trademarks of Nutanix, Inc. in the United States and other countries. All other brand names mentioned herein are for identification purposes only and may be the trademarks of their respective holder(s). Certain information contained in this presentation may relate to, or be based on, studies, publications, surveys and other data obtained from third-party sources and our own internal estimates and research. While we believe these third-party studies, publications, surveys and other data are reliable as of the date of this paper, they have not independently verified unless specifically stated, and we make no representation as to the adequacy, fairness, accuracy, or completeness of any information obtained from third-party sources.}

_{This post may contain express and implied forward-looking statements, which are not historical facts and are instead based on our current expectations, estimates and beliefs. The accuracy of such statements involves risks and uncertainties and depends upon future events, including those that may be beyond our control, and actual results may differ materially and adversely from those anticipated or implied by such statements. Any forward-looking statements included herein speak only as of the date hereof and, except as required by law, we assume no obligation to update or otherwise revise any of such forward-looking statements to reflect subsequent events or circumstances.}