Professional Documents
Culture Documents
Architectures
Powered by Nutanix
May 2020
Table of Contents
1 Cloud Landscape............................................................................................................ 1
1.1 Cloud Options ........................................................................................................... 1
1.1.1 Public Cloud ................................................................................................... 1
1.1.2 Private Cloud .................................................................................................. 1
1.1.3 Private Hosted Cloud ....................................................................................... 1
1.1.4 Hybrid Cloud .................................................................................................. 1
1.2 Why Hybrid Cloud ..................................................................................................... 2
1
4.4.1 Three Tier Applications .................................................................................. 16
4.4.2 Cloud Native ................................................................................................ 17
4.4.3 Data Protection ............................................................................................. 18
4.4.4 Disaster Recovery ......................................................................................... 19
4.4.5 Archival Data Services ................................................................................... 20
4.4.6 Security ....................................................................................................... 21
4.4.7 Infrastructure & Application Deployment Automation ......................................... 22
2
1 Cloud Landscape
Cloud computing has changed the way applications are being delivered in enterprise world. It has far
reaching impact on the businesses and has re-defined application development and operational models
for many enterprises. Cloud brings with it the benefits like agility, scalability, responsiveness and cost
effectiveness. Traditionally, the applications are deployed on specialized data centers managed by IT
staff of companies. Though self-managed data centers provide a complete control over the operational
aspect, it also carries the additional liabilities like dedicated team to monitor and remediate issues, up
front capital expenditure on the hardware, year on year budget for upgrades and de-
commissioning/refreshing older hardware etc. Cloud computing offers solution to these challenges
that exists with traditional data centers. It provides freedom from owning and managing the data
centers so that businesses can focus on delivering values to the customers with their applications.
There are multiple cloud options available depending on business requirements. The following section
provides more details on different approaches to cloud and best option to select from.
1
This cloud offers best of the features and advantages from both public and private cloud at the same
time providing required flexibility. We will go in more detail how hybrid cloud can be the best option
for most of the business requirements.
Figure 1
Over two-thirds (85%) of the enterprises polled in the study are leveraging hybrid cloud as a part of
cloud infrastructure. Enterprise will typically have the mix of the workloads as shown above hosted
either in public or private cloud. Hybrid cloud offers this flexibility where application workload can be
seamlessly deployed as well as dynamically moved between public and private cloud. Administrators
typically manage the cloud infrastructure from single pane of window as hybrid cloud abstracts the
underlying public and private cloud details.
Let’s see few of the important decision points for the enterprises that is driving hybrid cloud adoption.
With the advent of strict data regulation like General Data Protection Regulation (GDPR) it has become
more important to manage data is such way so as not to impact the business. Consumer as well
business critical data needs to be managed with a robust data management strategy that involves
tighter control over access, authorization and location. Hybrid cloud provides better data management
options so that the regulatory sensitive data can be located on-premises and rest on public cloud.
Also, for the hardware optimized workload it is always better to run it on a customized hardware on-
premises than on commodity hardware in public cloud. But for public facing workload like website or
mobile application, hosting in public cloud offers the greater advantage than private cloud. The high
availability and scalability that applications can achieve in public cloud is challenging to achieve in
private cloud. In summary, hybrid cloud offers best of the both public and private cloud.
In the next section, we will explore different hybrid cloud architectures.
2
2 Hybrid Cloud Design
As discussed in previous section, enterprises take first step toward cloud journey with data center
modernization. As a part of data center modernization, virtualization of application workload is the
always a starting point. Majority of the businesses have already adopted virtualized platforms like
VMware ESXi, Microsoft Hyper-V and the open source KVM Hypervisor. Hence in the context of data
modernization, it is primarily moving from traditional IT practices to modern strategies like continuous
integration/deployment, dynamic capacity management, centralized monitoring, automation and
service orchestration. Also, the modern data center is capable of handling not just virtualized workload
for traditional application but also modern application workload like containers and microservices.
The next step after data center modernization is having a strategy for moving the relevant workload
from on-premises to public cloud. The workload that is already transformed to either virtual machines
or containers can be easily deployed on public or on-premises. Hybrid cloud design involves identifying
the workloads and related data that can be moved between on-premises or public cloud. The next
section describes typical application deployment decision matrix that can be followed as a part of
hybrid cloud design.
Long term backup Cloud Cloud provides optimal cost per GB of data
data
Short term backup On-Premises Business continuity takes priority over cost hence
data data should be located close to applications
Real time sensor On-Premises Local application offers the best latency required
analytics for streaming sensor data
Long term analytics Cloud Cloud offers periodic high compute and storage
required for analytics with cost benefit
Identity and Access Cloud and On- Common authentication and authorization for on-
Management (IAM) Premises premises and cloud applications requires directory
services to be present on both location
Load balancer Cloud Global routing techniques like DNS and highly
available load balancer provide better service
delivery
3
2.2 Hybrid Cloud Architectures
Hybrid cloud is architected using key services like identity access management for authentication and
authorization. It also needs to have a development and testing methodology that spans on-premises
and public cloud. Application deployment strategies ensures continuous integration and delivery with
minimal downtime. Deployed applications are ensured to have high availability for business continuity
by using backup and disaster recovery. Application deployed on-premises or public cloud are
continuously monitored for functional and performance parameters. In overall hybrid cloud
architecture, storage is foundational component, selecting optimal storage type and location has
impact on overall application performance. Finally, networking and application security builds a strong
foundation for overall hybrid architectural components. Following section will describe the different
hybrid cloud architectures and best practices in more details.
Figure 2
4
Following is a hybrid cloud architecture where credentials are not synchronized to cloud, but the
authentication request is passed to on-premises directory.
Figure 3
5
Figure 4
6
2.2.4.3 Canary Release
Canary release allows to deploy new application instances and route a part of traffic to it. This is
typically achieved by configuring load balancer. Over a period, functional and performance parameters
are monitored. In case of acceptable parameters, more old application instances are replaced with
new version and traffic is increased to new versions until all the old application versions are replaced.
Figure 5
7
cost tradeoff while selecting the desired RPO and RTO. Lower the RPO/RTO requirement, more is the
cost. Hence it is important to select the right RPO/RTO as per the business needs.
Following is a typical architecture for disaster recovery using on-premises private cloud as primary
site and public cloud as secondary site.
Figure 6
8
▪ Centralized log repository and support for streaming logs
▪ Log analysis and insights
▪ Ability to monitor functional, performance and SLA metrics
▪ Configurable alert based on high and low threshold
▪ Actionable recommendation for critical alerts
▪ Integration with knowledge base for quick issue resolution
9
Type Recommendation Rationale
Operating system Volume Storage Block devices formatted with optimized file system
offers the best performance
Shared data and File Storage Distributed file storage provide access to multiple
configuration virtual machines with file shares
Archival data Object Storage Object storage can scale to petabyte size and provide
REST API for data upload and download. Also, support
versioning for data recovery
Disk Cache Volume Storage Hot data that is frequently accessed is stored close to
virtual machine on block device for better performance
2.2.13 Security
Hybrid cloud adopts defense in depth strategy that spans multiple level in the infrastructure. It
basically encompasses identity, information and infrastructure and it is implemented in uniform way
to on-premises and cloud.
Identity security management consist of a common way of authentication user and providing access
as per the authorization. It is typically provided by identity and access management system in hybrid
cloud. The widely adopted architecture is to have primary directory service on-premises and
synchronize the user credentials to cloud directory service. In some regulated environment, the
credentials are not synchronized to cloud, but cloud users are authenticated by having a passthrough
to on-premises directory service.
Information security is mainly related to protecting data in transit and at rest. Data is protected in
transit by using end to end encryption like SSL or HTTPS protocol. At rest, data is secured using
encryption techniques like Advanced Encryption Standard (AES). The cryptographic keys used for
encryption are protected using Key Management Service (KMS)
Infrastructure security involves securing network, compute and storage. Network level traffic is
restricted by using techniques like microsegmentation that creates secured zones and isolate the
workload. Network security can also use advanced feature like firewall and Access Control List (ACL)
to define ingress and egress rules. Compute access is typically restricted with asymmetric key based
logins and operating system level security is ensured by up to date security patches.
10
Layer 4 load balancer routes the requests based on transport layer protocol like TCP, UDP and IP. In
case of Layer 7 load balancer, requests are routed based on application layer protocol like HTTP. Layer
4 load balancer routing uses standard algorithms like round robin, weighted routing, least connection
or least latency etc. Whereas Layer 7 load balancer is capable more advanced routing not only based
on standard routing algorithm but also based on packet content. It is to be noted that Layer 7 load
balancer can be CPU intensive as compared to Layer 4, however it offers the most flexibility.
Following is a decision matrix for Layer 4 versus Layer 7 load balancer.
Uniform load Layer 4 Routing algorithms like round robin offers the best
distribution performance
Advanced Logging Layer 7 Selective packet content can be saved as log stream
Low CPU overhead Layer 4 Layer 4 does not process packet content
2.2.15 Firewall
In hybrid cloud, strong firewall infrastructure is important foundation for network security. Firewall
typically offer protection and isolation for outbound and inbound network traffic. Most of the private
as well as public cloud supports firewall natively. It can be configured for following network security
aspects.
▪ Open specific inbound ports for application delivery to limit the area of attack
▪ Open outbound ports for service to service communication
▪ Allow traffic from specific IP addresses to enable access from authorized network machines
Firewall typically supports the configuration in terms of rules with priorities attached so that the rules
are evaluated as per defined priorities. By default, firewall denies all ingress and egress traffic following
principle of least privilege and administrator must allow specific traffic by defining appropriate firewall
rules.
Firewall in hybrid cloud is tightly coupled with underlying virtual network technology.
Basic firewall covered earlier provides the protection at network level for ingress and egress traffic in
hybrid cloud. Application level firewalls like Web Application Firewall (WAF) provide advanced
networking security features. It is capable of inspecting HTTP content and prevent attacks like SQL
injection, cross site scripting etc. Web Application Firewall can be deployed as a hardware appliance
or software component.
This section covered hybrid cloud design and different reference architectures. In the next section, we
will cover current trends in hybrid cloud.
11
3 Hybrid Cloud Trends
The key trends in hybrid cloud adoption are in the area of business agility, developer productivity,
rapid release cycles, resiliency, performance and cost optimization.
Business agility is achieved with adapting to the market expectations in shortest time. Hybrid cloud
with its flexible application deployment model that is either on-premises or in cloud, enables enterprise
deliver services in flexible way. Data protection laws, regional regulations, compliances and privacy
are some of the non-technical requirements that can have an adverse impact on businesses. Hybrid
cloud infrastructure is well equipped to address these challenges.
Developer productivity is driven by the technical choice that the team must design and implement a
solution. Hybrid cloud offers wide variety of workload and data management options for optimal and
faster service delivery. Performance optimization can be achieved with on-premises applications with
low latency infrastructure.
Rapid release cycles is achieved by industry standard DevOps practices that works seamlessly with
on-premises and public cloud. With continuous integration and deployment practices, incremental
feature can be released to market in non-disruptive way. Adoption of modern practices like
infrastructure as code, domain driven design, cloud native and micro-services is on the rise.
Resiliency enables high availability of business functions even in the case of technical or natural
challenges. Data replication and periodic backups from on-premises to public cloud is key to business
continuity. Backup and disaster recovery are far more popular use case of hybrid cloud that offers
best value for money. Application delivery to various geographical region with the help of global load
balancing ensures requests are routed to the best possible data center.
Performance optimization is the key attribute of hybrid cloud. Not all workloads have the same
characteristics when it comes to performance. Some workloads like real time analytics are best
performed on on-premises data center whereas multimedia content distribution is effectively achieved
with public cloud. Hybrid cloud allows the flexibility of deploying the workload either on on-premises
or on public cloud based on performance requirement.
Cost optimization is best controlled with hybrid cloud as it provides the flexibility of distributing the
workload based on performance, functional and resource requirements. Resource consumption,
running time and cost incurred are key attributes to decide the best place to run the workload.
Business are performing exhaustive cost benefit analysis for substantial cost saving with hybrid cloud.
In the next section, we will cover Nutanix hybrid cloud platform and different solutions available to
implement the architectures discussed in previous sections.
12
4 Nutanix Private and Hybrid Cloud for
Applications
Nutanix is hyperconverged platform that provides scale-out compute and storage. The core principle
of hyperconverged platform is to enable user to select the optimal virtualized solution, provide simple
but intelligent software stack for building the scalable infrastructure and offer an intuitive graphical
user interface for managing infrastructure components. The above benefits are achieved by using
software defined paradigm that leverages cluster of non-proprietary hardware. The hardware choices
include direct from Nutanix, OEM or third party. Each hardware node in cluster runs hypervisor of
choice (Microsoft Hyper-V, VMware ESXi or Nutanix AHV Hypervisor, and builds a complete scalable
and distributed fabric. Apart from on-premises hardware, Nutanix also supports integration with all
major public cloud vendor like AWS (currently in early access).
In the next section, we will discuss details of Nutanix architecture for Hyperconverged infrastructure.
Figure 7
The key component of the architecture is the core platform that provides services for running
workloads (virtual machines or containers) and managing distributed storage.
The core platform features are extended with platform services like object storage, volume storage,
file storage, backup and container orchestration. Platform services also includes Database as a Service
(DBaaS) and Desktop as a Service (DaaS). We will discuss the above services in more detail in
subsequent sections.
Management and operations tools provide a single pane of window for infrastructure monitoring,
resource management and operation insights.
13
4.1.1 Nutanix Distributed Storage Fabric
Nutanix hyperconverged platform is powered by Acropolis Distributed Storage Fabric (ADSF). It
provides a highly available and fault tolerant distribute storage with industry standard interface
NFS/CIFS and iSCSI. This distributed storage also supports enterprise feature like deduplication,
compression, snapshots.
The data is protected using replication across the nodes and controlled by replication factor.
Replication factor defines the number of copies available in the cluster. Distributed storage fabric also
supports Availability Domains to make sure data is distributed in such way so that it is always available
in case of failure at disk, node or rack level. Nutanix platform utilizes different storage optimization
techniques like erasure coding, compression and deduplication that ensures efficient use of available
storage.
Networking is a key element in distributed storage systems. Distributed storage fabric network is built
on 10Gbit ethernet. Storage I/O are handled by underlying hypervisor on private network. As the data
is located close to virtual machine the storage I/O is always contained in the node. The traffic that
goes on the external 10Gbit ethernet is typically replication data and VM-to-VM communication.
14
4.2.3 Hosted/Managed Cloud
Hosted cloud is an infrastructure where hardware is located and managed by third party. It provides
benefit over private cloud as the operational aspects including security is managed by vendor. The
businesses only pay for the hardware and services consumed. It also saves cost on hardware purchase
as it is owned by vendor. Nutanix offers a complete ecosystem to build hosted or managed cloud that
can be offered to many enterprises or internal departments in organization. Hosted cloud, in many
ways like private cloud as described in previous section in terms of tools and technologies used from
Nutanix.
Public Cloud Capacity bursting Resource demand from development and production
(Cluster on AWS) can be easily satisfied with reduced lead time
15
4.3 Nutanix Cloud Platform Necessities
Nutanix tools have been categorized as per customer current infrastructure level and desired
transformation.
For customers having tradition three tier deployment and looking for a datacenter modernization or
Private cloud, the Nutanix products that are the best suited that includes:
▪ Acropolis Operating System (AOS)
▪ Nutanix AHV Hypervisor
▪ Prism
▪ Flow
▪ Files
▪ Calm
Customers who are at the high end of transformation and planning for a hybrid cloud deployment can
design the infrastructure using their broader HCI based functionality. These Nutanix Enterprise tools
include:
▪ Prism Pro
▪ Objects
▪ Volumes
▪ Karbon
▪ Era
Next section will discuss typical use of above tools in hybrid cloud scenarios with industry standard
practices and real-life customer use cases.
16
Figure 8
Application delivery is managed by Domain Name Service (DNS) and external application load
balancer. DNS ensures that the traffic is routed to geographically closest private cloud and application
load balancer routes the client requests to one of the front-end virtual machines. The workload for
application server is also balanced with one more internal load balancer for high availability.
Database servers are configured in master slave mode where write request are routed to master and
read requests are forwarded to slave. Nutanix Era is used as database as service platform that provides
database provisioning and life cycle management. It also provides advanced features like database
cloning, backup and restore. It is ideal for migrating databases like Oracle, SQL server, Postgres and
MariaDB from traditional deployment to service as a model in hybrid cloud.
Nutanix Calm is used to provide application automation and life cycle management like provisioning,
scaling, clean-up. The application provisioning is defined with blueprints that can be published as
reusable components. Blueprints are like cookbook or recipe for regularly used application
infrastructures. Nutanix Calm also integrates with Jenkins for continuous integration and continuous
deployment pipeline.
Nutanix Prism helps to monitor the infrastructure for alerts and warnings at infrastructure and
application level.
17
Figure 9
Cloud native application leverages containers technology for application workload. In the above
architecture, web server and application server are implemented with containers instead of virtual
machines.
Nutanix Karbon is Kubernetes cluster management solution that provides cluster provisioning,
operations and life cycle management. With Nutanix Karbon, we can deploy production-ready multi-
master kubernetes cluster in automated way. It has full support for native integration with Nutanix
Volumes and Files for persistent storage. It plays a key role in application transformation where legacy
virtual machine-based applications are packaged as docker containers and deployed in Nutanix hybrid
cloud platform.
Here Nutanix Calm is used to deploy microservice application containers for web server, application
server and databases. It also supports features like scaling the application containers, upgrading and
roll back containers. The storage for database tier is provided by Nutanix volume driver for kubernetes.
18
Figure 10
Nutanix cloud also supports third party backup application integration like CommVault, Backup Exec
and Veeam for end-to-end backup requirements.
19
Figure 11
20
Following is a typical architecture for archival data storage using Nutanix cloud platform.
Figure 12
4.4.6 Security
Datacenter security is an important consideration while designing a robust and secure architecture.
Nutanix Flow is the necessary tool to implement security at virtual machine level. It is software defined
networking available in Nutanix cloud platform that provides microsegmentation, a distributed firewall,
in-depth visualization and service chaining. It relies on workload-centric protection than network-
centric approach. In microsegmentation feature, traffic between virtual machine is scrutinized for
security policy violation at application level. It also enables detailed visibility in virtual network for
better understanding the traffic flow in an environment.
Typical networking workflows can be automated with Nutanix Flow API. It provides notifications for
virtual machine life cycle event, based on that networking configurations like load balancing, firewall
rules and provisioning of VALN can be automated.
Following is an architecture to demonstrate how security can be applied to a three-tier application.
Let’s say we have a development and production deployment. Typically, traffic between these
deployments is blocked for security reasons. This can be easily achieved using a Nutanix Flow security
policy. Also, within production deployment, we can configure security policies to allow traffic between
correct tiers. Every virtual machine is assigned categories and security policies are applied as per the
categories. In the below example, we have 3 categories environment, application type and application
tier that are applied to virtual machines. Based on application type and application tiers policy rules
are defined to allow or disallow traffic. Like the traffic is allowed from web virtual machine to
application virtual machine but disallowed to database virtual machine.
21
Figure 13
Nutanix Flow also supports other advanced networking features like service chaining and quarantine.
With service chaining, you can route a traffic through a specific service like intrusion detection. And
quarantine is used to quickly isolate a virtual machine so that it’s inbound and outbound traffic are
blocked instantly.
22
Figure 14
23
5 Next Steps
5.1 Application Catalogue
Nutanix can help enterprises to help migrate the traditional workload to modern datacenter. With
diverse toolsets available in Nutanix cloud platform, businesses can move their virtualized workload
to scalable platform. The platform can help consolidate storage silos to distributed storage fabric
provided by Nutanix cloud platform achieving the cost and performance benefits. To make the
transition easier and time efficient, we provide various application catalogue to start with. Application
catalog covers the common infrastructure architectures that are available to be deployed with end to
end automation.
Nutanix Calm, the application orchestration and lifecycle management tool, provides blueprints for
application deployment for many enterprise applications. With application catalog and blueprints, it is
straightforward job to spin new infrastructure in faster way. Following are the popular blueprints
available for application deployment. Enterprises can create a customized blueprint to suit a specific
business requirement.
Example of applications that can be deployed on Nutanix
Application Description
Active Directory Directory service from Microsoft for Windows domain networks
24
About Nutanix
Nutanix makes infrastructure invisible, elevating IT to focus on the
applications and services that power their business. The Nutanix Enterprise
Cloud OS leverages web-scale engineering and consumer-grade design to
natively converge compute, virtualization, and storage into a resilient,
software-defined solution with rich machine intelligence. The result is
predictable performance, cloud-like infrastructure consumption, robust
security, and seamless application mobility for a broad range of enterprise
applications. Learn more at www.nutanix.com or follow us on Twitter
@nutanix.