Private and Hybrid Cloud Reference

Architectures
Powered by Nutanix

May 2020
Table of Contents
1 Cloud Landscape............................................................................................................ 1
1.1 Cloud Options ........................................................................................................... 1
1.1.1 Public Cloud ................................................................................................... 1
1.1.2 Private Cloud .................................................................................................. 1
1.1.3 Private Hosted Cloud ....................................................................................... 1
1.1.4 Hybrid Cloud .................................................................................................. 1
1.2 Why Hybrid Cloud ..................................................................................................... 2

2 Hybrid Cloud Design ...................................................................................................... 3

2.1 Application Deployment Decisions ............................................................................... 3
2.2 Hybrid Cloud Architectures ......................................................................................... 4
2.2.1 Identity and Access Management ...................................................................... 4
2.2.2 Application Development ................................................................................. 5
2.2.3 Application Testing .......................................................................................... 6
2.2.4 Production Deployment .................................................................................... 6
2.2.5 Backup and Recovery ...................................................................................... 7
2.2.6 Disaster Recovery ........................................................................................... 7
2.2.7 Performance Monitoring ................................................................................... 8
2.2.8 Application Logs.............................................................................................. 8
2.2.9 File Storage.................................................................................................... 9
2.2.10 Object Storage ............................................................................................... 9
2.2.11 Volume Storage .............................................................................................. 9
2.2.12 Hybrid Cloud Storage Decision Matrix ................................................................ 9
2.2.13 Security ....................................................................................................... 10
2.2.14 Load Balancing ............................................................................................. 10
2.2.15 Firewall ........................................................................................................ 11

3 Hybrid Cloud Trends .................................................................................................... 12

4 Nutanix Private and Hybrid Cloud for Applications ...................................................... 13

4.1 Nutanix Architecture................................................................................................ 13
4.1.1 Nutanix Distributed Storage Fabric .................................................................. 14
4.1.2 Nutanix Prism ............................................................................................... 14
4.2 Nutanix Cloud Deployments ..................................................................................... 14
4.2.1 On-Premises Private Cloud ............................................................................. 14
4.2.2 Hybrid Cloud ................................................................................................ 14
4.2.3 Hosted/Managed Cloud .................................................................................. 15
4.2.4 Nutanix cloud deployment decision matrix ....................................................... 15
4.3 Nutanix Cloud Platform Necessities ........................................................................... 16
4.4 Deployment Strategies ............................................................................................ 16

1
 4.4.1 Three Tier Applications .................................................................................. 16
4.4.2 Cloud Native ................................................................................................ 17
4.4.3 Data Protection ............................................................................................. 18
4.4.4 Disaster Recovery ......................................................................................... 19
4.4.5 Archival Data Services ................................................................................... 20
4.4.6 Security ....................................................................................................... 21
4.4.7 Infrastructure & Application Deployment Automation ......................................... 22

5 Next Steps ................................................................................................................... 24

5.1 Application Catalogue .............................................................................................. 24
5.2 Hybrid Cloud Strategy ............................................................................................. 24

2
1 Cloud Landscape
Cloud computing has changed the way applications are being delivered in enterprise world. It has far
reaching impact on the businesses and has re-defined application development and operational models
for many enterprises. Cloud brings with it the benefits like agility, scalability, responsiveness and cost
effectiveness. Traditionally, the applications are deployed on specialized data centers managed by IT
staff of companies. Though self-managed data centers provide a complete control over the operational
aspect, it also carries the additional liabilities like dedicated team to monitor and remediate issues, up
front capital expenditure on the hardware, year on year budget for upgrades and de-
commissioning/refreshing older hardware etc. Cloud computing offers solution to these challenges
that exists with traditional data centers. It provides freedom from owning and managing the data
centers so that businesses can focus on delivering values to the customers with their applications.
There are multiple cloud options available depending on business requirements. The following section
provides more details on different approaches to cloud and best option to select from.

1.1 Cloud Options

This section describes the available cloud options namely public cloud, private cloud, private hosted
cloud and hybrid cloud.

1.1.1 Public Cloud

Public cloud is the infrastructure managed by companies like Amazon, Google, Microsoft, and others.
These services are available as self-service portals to provision hardware, software and various
services. The biggest advantage of public cloud is faster time to market as it allows applications to be
migrated with lift and shift methodology using virtual machines. It is also important to note the
challenges of public cloud as well specifically, data regulations, performance requirements,
unpredictable and potentially cost, dependency on specialized hardware and intellectual property are
few of the reasons that businesses still opt out of public cloud.

1.1.2 Private Cloud

Private cloud is the infrastructure entirely managed by enterprises also called as on-premises cloud.
The infrastructure is owned and managed by enterprises with dedicated staff. It provides the full
control over the cloud in terms of deployment, operations and cost. It has other advantages like data
locality, fine grained control over data at rest and in flight. For businesses where data management is
of paramount importance, private cloud provides perfect infrastructure. Private cloud also offers
maximum flexibility for hardware and software stacks as it can be highly customized for specific
business needs. Private Cloud requires an ongoing investment in hardware, software licenses, and
staff for managing the cloud infrastructure.

1.1.3 Private Hosted Cloud

Private hosted cloud is variation of private cloud where it is managed by third party vendors and can
be still located on-premises or in a third-party vendor’s datacenter. This cloud option helps to cut
down on dedicated staffing required for managing infrastructure as it is outsourced to different teams.
In some cases, the hardware can also be managed by third party vendor and the cloud services are
billed on monthly basis. This cloud model helps enterprise to cut down on capital expenditure while
optimizing operational costs.

1.1.4 Hybrid Cloud

Hybrid cloud is combination of public and private cloud. Critical and data sensitive workload is deployed
on private or on-premises infrastructure whereas public facing workload is delivered from public cloud.

1
This cloud offers best of the features and advantages from both public and private cloud at the same
time providing required flexibility. We will go in more detail how hybrid cloud can be the best option
for most of the business requirements.

1.2 Why Hybrid Cloud

Before we jump into hybrid cloud details let’s have a look at Enterprise Cloud Index 2019 report
created by Vanson Bourne and Nutanix.

Figure 1

Over two-thirds (85%) of the enterprises polled in the study are leveraging hybrid cloud as a part of
cloud infrastructure. Enterprise will typically have the mix of the workloads as shown above hosted
either in public or private cloud. Hybrid cloud offers this flexibility where application workload can be
seamlessly deployed as well as dynamically moved between public and private cloud. Administrators
typically manage the cloud infrastructure from single pane of window as hybrid cloud abstracts the
underlying public and private cloud details.
Let’s see few of the important decision points for the enterprises that is driving hybrid cloud adoption.
With the advent of strict data regulation like General Data Protection Regulation (GDPR) it has become
more important to manage data is such way so as not to impact the business. Consumer as well
business critical data needs to be managed with a robust data management strategy that involves
tighter control over access, authorization and location. Hybrid cloud provides better data management
options so that the regulatory sensitive data can be located on-premises and rest on public cloud.
Also, for the hardware optimized workload it is always better to run it on a customized hardware on-
premises than on commodity hardware in public cloud. But for public facing workload like website or
mobile application, hosting in public cloud offers the greater advantage than private cloud. The high
availability and scalability that applications can achieve in public cloud is challenging to achieve in
private cloud. In summary, hybrid cloud offers best of the both public and private cloud.
In the next section, we will explore different hybrid cloud architectures.

2
2 Hybrid Cloud Design
As discussed in previous section, enterprises take first step toward cloud journey with data center
modernization. As a part of data center modernization, virtualization of application workload is the
always a starting point. Majority of the businesses have already adopted virtualized platforms like
VMware ESXi, Microsoft Hyper-V and the open source KVM Hypervisor. Hence in the context of data
modernization, it is primarily moving from traditional IT practices to modern strategies like continuous
integration/deployment, dynamic capacity management, centralized monitoring, automation and
service orchestration. Also, the modern data center is capable of handling not just virtualized workload
for traditional application but also modern application workload like containers and microservices.
The next step after data center modernization is having a strategy for moving the relevant workload
from on-premises to public cloud. The workload that is already transformed to either virtual machines
or containers can be easily deployed on public or on-premises. Hybrid cloud design involves identifying
the workloads and related data that can be moved between on-premises or public cloud. The next
section describes typical application deployment decision matrix that can be followed as a part of
hybrid cloud design.

2.1 Application Deployment Decisions

It is critical to business to decide the application deployment strategy when working with hybrid cloud.
As discussed in the previous sections, there are two options where application can run, it’s either on-
premises or in cloud. There are multiple decision criteria to select the optimal location for the
application deployment.
Following is a typical decision matrix recommended for application deployment in hybrid cloud. Note,
this is a general advice and critical business requirements like company policies, regional regulation
may override the proposed application location.

Workload Type Recommendation Rationale

Intellectual Property On-Premises Functional requirement for business and critical to

sensitive or regulated region specific rules and regulations
data

Long term backup Cloud Cloud provides optimal cost per GB of data
data

Short term backup On-Premises Business continuity takes priority over cost hence
data data should be located close to applications

Real time sensor On-Premises Local application offers the best latency required
analytics for streaming sensor data

Long term analytics Cloud Cloud offers periodic high compute and storage
required for analytics with cost benefit

Identity and Access Cloud and On- Common authentication and authorization for on-
Management (IAM) Premises premises and cloud applications requires directory
services to be present on both location

Multimedia Cloud Content distribution network provides

geographical advantage with low latency and
caching for better performance

Load balancer Cloud Global routing techniques like DNS and highly
available load balancer provide better service
delivery

3
2.2 Hybrid Cloud Architectures
Hybrid cloud is architected using key services like identity access management for authentication and
authorization. It also needs to have a development and testing methodology that spans on-premises
and public cloud. Application deployment strategies ensures continuous integration and delivery with
minimal downtime. Deployed applications are ensured to have high availability for business continuity
by using backup and disaster recovery. Application deployed on-premises or public cloud are
continuously monitored for functional and performance parameters. In overall hybrid cloud
architecture, storage is foundational component, selecting optimal storage type and location has
impact on overall application performance. Finally, networking and application security builds a strong
foundation for overall hybrid architectural components. Following section will describe the different
hybrid cloud architectures and best practices in more details.

2.2.1 Identity and Access Management

Authentication and authorization are a critical part of business applications. It is required to have a
strong identity and access management system in place for users, IT team, services and applications.
With common identity management, it becomes a uniform process independent of the user or service
location, be it on-premises or cloud. Identity can be managed either as a service in cloud also known
as Identity as a Service (IDaaS) or it can be managed on-premises and synchronized to cloud. It
depends on the business requirement to select the best option.
Typically, enterprise migrating to hybrid cloud architecture already has an identity and access
management system on-premises hence it becomes intuitive to synchronize to cloud directory service.
In some cases, where regulatory requirements do not permit to synchronize credentials to cloud, the
authentication is performed on-premises using passthrough identity service.
Following is a hybrid cloud architecture for providing a common identity management for windows
workload using Microsoft Active Directory either on-premises or in cloud. It demonstrates the use of
synchronized directory.

Figure 2

4
Following is a hybrid cloud architecture where credentials are not synchronized to cloud, but the
authentication request is passed to on-premises directory.

Figure 3

2.2.2 Application Development

Developing applications for hybrid cloud has a different mindset compare to that on-premises
applications. It is important to have a uniform and consistent toolset and methodology for on-premises
and cloud applications. It’s typically related to continuous integration (CI) and continuous deployment
(CD) practices. Hybrid cloud development encourages architects and programmers to follow 12 factor
app development methodology (https://12factor.net/).
Automation is key aspect of hybrid cloud as it involves workflows for multiple software engineering
practices. Build, Release and Deploy of multiple services in seamless way requires an automation
strategy. Automation typically starts from codebase; the source is recommended to be maintained in
single code repository. A single source code can have multiple workflows for build, release and deploy.
Every code commit will trigger automated build and unit test cases. The successful release build is
then deployed either on staging area or production.
Hybrid cloud can have different continuous integration architecture based on business requirements
like number of builds triggered per day, build and test hardware, source code confidentiality,
regulatory requirements etc. Following is a reference architecture where master source code repository
is present on-premises, and developers perform code check-in to it. On-premises infrastructure also
has required build and test servers. The successful builds are stored on build artefact for deployment.
The architecture has an optional and extended infrastructure in public cloud. The addition build
workload can be offloaded to cloud in dynamic way. The public cloud has a replicated source code
repository that is periodically synchronized with on-premises repository. In case of increased
workload, new virtual machines are created for build and test process. These are dynamic resources
and can be scaled out or in as per input workload. In some use cases, user can also choose to have
complete build infrastructure in public cloud to save cost on premises hardware and to achieve the
required agility.

5
 Figure 4

2.2.3 Application Testing

Automated tests are integral part of continuous integration process. It starts with unit test case
automation that can be run independently without requiring any external interfaces. Unit test case
framework is selected based on programming language and test cases are written and committed to
code repository along with source code. Unit test cases are run as part of new code check-ins to ensure
code is not broken. In hybrid cloud, unit test cases can be run on local source code repository or in
cloud based on continuous integration configuration. The other types of test cases are functional and
regression that are run typically at the release time. Performance tests are performed to find the
bottlenecks in the code and optimize the resource utilization in production deployments. Hybrid cloud
allows specific type of tests to be run in cloud where the infrastructure is required on periodic basis to
save on cost.

2.2.4 Production Deployment

Hybrid cloud production environment includes different continuous deployment strategies. Following
are the important deployment scenarios for a typical business application.

2.2.4.1 Blue Green

In case of blue green deployment, new version of application is deployed, and traffic is cut over to
new deployment. The functional and performance parameters are observed over a period. If the
parameters are acceptable, traffic is kept routed to new version else it is routed back to old version.

2.2.4.2 Rolling Update

Rolling update deployment strategy updates the application instances in incremental way. The older
application version is replaced with newer ones and actively monitored based on functional
/performance parameters. In case of unacceptable parameters, application instances are rolled back
to previous version. Note, there is no specific rule for how the traffic is routed to new or old applications
and it is distributed equally.

6
2.2.4.3 Canary Release
Canary release allows to deploy new application instances and route a part of traffic to it. This is
typically achieved by configuring load balancer. Over a period, functional and performance parameters
are monitored. In case of acceptable parameters, more old application instances are replaced with
new version and traffic is increased to new versions until all the old application versions are replaced.

2.2.5 Backup and Recovery

Backup and recovery involve taking periodic data backup and optionally restoring in case of data
loss/corruption, analysis or audit purpose. Traditionally, the backup is taken in traditional data centers
infrastructure using traditional network storage using proprietary solution from different enterprise
storage vendors. It also requires specialized hardware, software and trained IT team to manage the
backup process as per business or regulatory guidelines. The cost impact of owning specialize backup
solutions and managing it is significantly high. Also, not all the data is needed immediately in all
scenarios. If the data is backed up for audit or regulatory purpose, it is typically required to be
retrieved in months or year. Hence for data of archival nature, it is best and cost effective to store in
a cloud designed for long term retention. Only hot business transactional data that has time value is
needed to be backup on-premises for faster retrieval. In the architecture below, the data is periodically
sent to public cloud and backed up as snapshots. If required, the data can be restored from any of
the available snapshots.
Following is a typical hybrid cloud architecture with proposed data locality based on retrieval time
requirements.

Figure 5

2.2.6 Disaster Recovery

Enterprise applications availability to the user in the wake of infrastructural failure or natural disaster
is key to business. Hybrid cloud enables businesses to leverage public cloud to achieve business
continuity in case of disaster. Public cloud provides infrastructure for spinning virtual machines in case
of any failure of the primary data center. There is no upfront infrastructure provisioned on public cloud
hence the cost impact is minimal. Additionally, cloud infrastructure automation tools help to create
and operate infrastructure without any specialized IT team. Disaster recovery has two important
metrics namely recovery point objective (RPO) and recovery time objective (RTO). There is always a

7
cost tradeoff while selecting the desired RPO and RTO. Lower the RPO/RTO requirement, more is the
cost. Hence it is important to select the right RPO/RTO as per the business needs.
Following is a typical architecture for disaster recovery using on-premises private cloud as primary
site and public cloud as secondary site.

Figure 6

2.2.7 Performance Monitoring

Performance monitoring is key to ensure high availability for the application or services in hybrid cloud.
Monitoring can be categorized at infrastructure level like CPU, memory, disk or network and at
application level. Application monitoring typically involves having a close watch on software
components like web server, application server and databases. Performance monitoring is normally
associated with dynamic scaling where resources are scaled out or in based on resource consumption.
Monitoring is enabled by installing an active agent on virtual machines that periodically sends
performance metric to centralized server. Centralized server displays the consolidated metric trends,
alert and recommendation on a graphical dashboard. Resource consumption also provides a good
insight on cost patter in hybrid cloud.
In application monitoring, there are different checks that monitors liveness and readiness of the
application. Liveness indicates that application is accessible to the client and readiness indicates that
it is ready to offer the intended service. Liveness and readiness are typically HTTP based checks that
runs a custom program for providing the required status. Also, monitoring agent can stream logs from
multiple applications to centralized server that in turn perform text analysis to identify any issue with
application functions and performance.

2.2.8 Application Logs

Hybrid architecture typically has distributed applications or services each having its own logs. Hence
it is important to have all the logs streamed at centralized location for monitoring and troubleshooting.
It typically has a central log store and shared log API. All the services use the shared log API to write
log to central location. Application Logs system also provides a dashboard to view, analyze and
download logs.
Key attributes of an application log and monitoring system is as follows.

8
▪ Centralized log repository and support for streaming logs
▪ Log analysis and insights
▪ Ability to monitor functional, performance and SLA metrics
▪ Configurable alert based on high and low threshold
▪ Actionable recommendation for critical alerts
▪ Integration with knowledge base for quick issue resolution

2.2.9 File Storage

Enterprise application requires a solid foundation for data storage. Typical kind of data for an
application could be files, folders, databases, virtual machine images and virtual disk files. It needs
an enterprise grade file system to store the various types of data and at the same time should be
reliable, scalable and highly performant.
In hybrid cloud use cases, data is segregated for either on-premises or in cloud. Hence it is required
to have a distributed file system that can be used on both locations. It also needs to support features
like NFS/SMB protocol compatibility so that the data can be accessed with industry standard tools and
API. Advanced features like file snapshots, backup and recovery, encryption at rest, compression,
deduplication have become de-facto norms for most of the enterprise applications. It is to be noted
that, file system is expected to be mounted on application host for data access. File storage is best
suitable for application that requires standard access to data with random read/write access to files.
File storage supports strong consistency and good for direct local access to data from application
running on virtual machine but are not efficient for data access over internet using HTTP protocol.

2.2.10 Object Storage

The data requirement has significantly exploded in last decade and data capacity in the scale of
terabyte or petabytes are now typical. This requirement is best handled by object storage that offers
scalable and highly available storage space for unstructured data.
For enterprise applications that need to store large amount of data has dynamic capacity requirement,
object storage is the best choice. Object storage is also used for backup and recovery purpose where
the data is regularly backed up and archived for future recovery. Object storage architecture are based
on eventual consistency model hence it is not suited for application that needs random read/write to
file content or expects data to be consistent after every write and before next read. The access to data
stored in object storage is typically provided by REST API.

2.2.11 Volume Storage

Volume are disk-based block storage used as primary store for virtual machine. In hybrid cloud,
volumes are typically attached to virtual machine with storage protocol like iSCSI. It provides the
ephemeral disk storage for operating system to boot from or persistent storage for data types like
databases, files and folders. Volumes are dedicated to one virtual machine at a time hence it cannot
be used as shared storage.

2.2.12 Hybrid Cloud Storage Decision Matrix

Following is a typical decision matrix for selecting the appropriate storage option in hybrid cloud.

9
 Type Recommendation Rationale

Operating system Volume Storage Block devices formatted with optimized file system
offers the best performance

Databases Volume Storage Volumes directly connected to database servers

operates optimally for read-write transactions. Also,
volumes can be replicated to provide multiple read
replicas.

Shared data and File Storage Distributed file storage provide access to multiple
configuration virtual machines with file shares

Archival data Object Storage Object storage can scale to petabyte size and provide
REST API for data upload and download. Also, support
versioning for data recovery

Disk Cache Volume Storage Hot data that is frequently accessed is stored close to
virtual machine on block device for better performance

Unstructured Object Storage Object storage provides geographical distribution of file

static data data with HTTP protocol and supports replication

2.2.13 Security
Hybrid cloud adopts defense in depth strategy that spans multiple level in the infrastructure. It
basically encompasses identity, information and infrastructure and it is implemented in uniform way
to on-premises and cloud.
Identity security management consist of a common way of authentication user and providing access
as per the authorization. It is typically provided by identity and access management system in hybrid
cloud. The widely adopted architecture is to have primary directory service on-premises and
synchronize the user credentials to cloud directory service. In some regulated environment, the
credentials are not synchronized to cloud, but cloud users are authenticated by having a passthrough
to on-premises directory service.
Information security is mainly related to protecting data in transit and at rest. Data is protected in
transit by using end to end encryption like SSL or HTTPS protocol. At rest, data is secured using
encryption techniques like Advanced Encryption Standard (AES). The cryptographic keys used for
encryption are protected using Key Management Service (KMS)
Infrastructure security involves securing network, compute and storage. Network level traffic is
restricted by using techniques like microsegmentation that creates secured zones and isolate the
workload. Network security can also use advanced feature like firewall and Access Control List (ACL)
to define ingress and egress rules. Compute access is typically restricted with asymmetric key based
logins and operating system level security is ensured by up to date security patches.

2.2.14 Load Balancing

Load balancer service allow client request to be routed to optimal service endpoint. These services
can be running in same geographical region or in different regions. Load balancing is critical service
in hybrid cloud as it ensures the high availability of service. Routing request is important as
applications might be distributed across on-premises and cloud. Load balancing can be implemented
with specialized hardware or can be a complete software-based solution. Hardware load balancer offers
optimized performance, but scaling can be challenging and costly. Software load balancer provide
dynamic capacity provisioning as per the workload and operate globally.
Load balancing can be implemented at network Layer 4 or Layer 7.

10
Layer 4 load balancer routes the requests based on transport layer protocol like TCP, UDP and IP. In
case of Layer 7 load balancer, requests are routed based on application layer protocol like HTTP. Layer
4 load balancer routing uses standard algorithms like round robin, weighted routing, least connection
or least latency etc. Whereas Layer 7 load balancer is capable more advanced routing not only based
on standard routing algorithm but also based on packet content. It is to be noted that Layer 7 load
balancer can be CPU intensive as compared to Layer 4, however it offers the most flexibility.
Following is a decision matrix for Layer 4 versus Layer 7 load balancer.

Requirement Recommendation Rationale

Uniform load Layer 4 Routing algorithms like round robin offers the best
distribution performance

SSL termination Layer 7 Layer 7 load balancer operates at HTTP layer

Session Affinity Layer 7 Cookie based session affinity can be supported as

packet content is processed

Advanced Logging Layer 7 Selective packet content can be saved as log stream

Low CPU overhead Layer 4 Layer 4 does not process packet content

Low latency Layer 4 Due to low processing latency is optimal

Microservice or Layer 7 Layer 7 is capable of URL based optimized routing

container workload for different backends

2.2.15 Firewall
In hybrid cloud, strong firewall infrastructure is important foundation for network security. Firewall
typically offer protection and isolation for outbound and inbound network traffic. Most of the private
as well as public cloud supports firewall natively. It can be configured for following network security
aspects.
▪ Open specific inbound ports for application delivery to limit the area of attack
▪ Open outbound ports for service to service communication
▪ Allow traffic from specific IP addresses to enable access from authorized network machines
Firewall typically supports the configuration in terms of rules with priorities attached so that the rules
are evaluated as per defined priorities. By default, firewall denies all ingress and egress traffic following
principle of least privilege and administrator must allow specific traffic by defining appropriate firewall
rules.
Firewall in hybrid cloud is tightly coupled with underlying virtual network technology.
Basic firewall covered earlier provides the protection at network level for ingress and egress traffic in
hybrid cloud. Application level firewalls like Web Application Firewall (WAF) provide advanced
networking security features. It is capable of inspecting HTTP content and prevent attacks like SQL
injection, cross site scripting etc. Web Application Firewall can be deployed as a hardware appliance
or software component.
This section covered hybrid cloud design and different reference architectures. In the next section, we
will cover current trends in hybrid cloud.

11
3 Hybrid Cloud Trends
The key trends in hybrid cloud adoption are in the area of business agility, developer productivity,
rapid release cycles, resiliency, performance and cost optimization.
Business agility is achieved with adapting to the market expectations in shortest time. Hybrid cloud
with its flexible application deployment model that is either on-premises or in cloud, enables enterprise
deliver services in flexible way. Data protection laws, regional regulations, compliances and privacy
are some of the non-technical requirements that can have an adverse impact on businesses. Hybrid
cloud infrastructure is well equipped to address these challenges.
Developer productivity is driven by the technical choice that the team must design and implement a
solution. Hybrid cloud offers wide variety of workload and data management options for optimal and
faster service delivery. Performance optimization can be achieved with on-premises applications with
low latency infrastructure.
Rapid release cycles is achieved by industry standard DevOps practices that works seamlessly with
on-premises and public cloud. With continuous integration and deployment practices, incremental
feature can be released to market in non-disruptive way. Adoption of modern practices like
infrastructure as code, domain driven design, cloud native and micro-services is on the rise.
Resiliency enables high availability of business functions even in the case of technical or natural
challenges. Data replication and periodic backups from on-premises to public cloud is key to business
continuity. Backup and disaster recovery are far more popular use case of hybrid cloud that offers
best value for money. Application delivery to various geographical region with the help of global load
balancing ensures requests are routed to the best possible data center.
Performance optimization is the key attribute of hybrid cloud. Not all workloads have the same
characteristics when it comes to performance. Some workloads like real time analytics are best
performed on on-premises data center whereas multimedia content distribution is effectively achieved
with public cloud. Hybrid cloud allows the flexibility of deploying the workload either on on-premises
or on public cloud based on performance requirement.
Cost optimization is best controlled with hybrid cloud as it provides the flexibility of distributing the
workload based on performance, functional and resource requirements. Resource consumption,
running time and cost incurred are key attributes to decide the best place to run the workload.
Business are performing exhaustive cost benefit analysis for substantial cost saving with hybrid cloud.
In the next section, we will cover Nutanix hybrid cloud platform and different solutions available to
implement the architectures discussed in previous sections.

12
4 Nutanix Private and Hybrid Cloud for
Applications
Nutanix is hyperconverged platform that provides scale-out compute and storage. The core principle
of hyperconverged platform is to enable user to select the optimal virtualized solution, provide simple
but intelligent software stack for building the scalable infrastructure and offer an intuitive graphical
user interface for managing infrastructure components. The above benefits are achieved by using
software defined paradigm that leverages cluster of non-proprietary hardware. The hardware choices
include direct from Nutanix, OEM or third party. Each hardware node in cluster runs hypervisor of
choice (Microsoft Hyper-V, VMware ESXi or Nutanix AHV Hypervisor, and builds a complete scalable
and distributed fabric. Apart from on-premises hardware, Nutanix also supports integration with all
major public cloud vendor like AWS (currently in early access).
In the next section, we will discuss details of Nutanix architecture for Hyperconverged infrastructure.

4.1 Nutanix Architecture

Following is a high-level architecture of the Nutanix platform.

Figure 7

The key component of the architecture is the core platform that provides services for running
workloads (virtual machines or containers) and managing distributed storage.
The core platform features are extended with platform services like object storage, volume storage,
file storage, backup and container orchestration. Platform services also includes Database as a Service
(DBaaS) and Desktop as a Service (DaaS). We will discuss the above services in more detail in
subsequent sections.
Management and operations tools provide a single pane of window for infrastructure monitoring,
resource management and operation insights.

13
4.1.1 Nutanix Distributed Storage Fabric
Nutanix hyperconverged platform is powered by Acropolis Distributed Storage Fabric (ADSF). It
provides a highly available and fault tolerant distribute storage with industry standard interface
NFS/CIFS and iSCSI. This distributed storage also supports enterprise feature like deduplication,
compression, snapshots.
The data is protected using replication across the nodes and controlled by replication factor.
Replication factor defines the number of copies available in the cluster. Distributed storage fabric also
supports Availability Domains to make sure data is distributed in such way so that it is always available
in case of failure at disk, node or rack level. Nutanix platform utilizes different storage optimization
techniques like erasure coding, compression and deduplication that ensures efficient use of available
storage.
Networking is a key element in distributed storage systems. Distributed storage fabric network is built
on 10Gbit ethernet. Storage I/O are handled by underlying hypervisor on private network. As the data
is located close to virtual machine the storage I/O is always contained in the node. The traffic that
goes on the external 10Gbit ethernet is typically replication data and VM-to-VM communication.

4.1.2 Nutanix Prism

Nutanix Prism is resource management platform that offers unified experience to manage and monitor
objects and services in Nutanix cluster. It is built with leading user interface technologies like HTML5,
REST and has a plug-in architecture. Nutanix Prism has two main components namely Prism Central
and Prism Element. Prism Central is responsible for managing multiple clusters whereas Prism Element
is used to manage a localized cluster. Nutanix Prism can be integrated with various identity providers
like Active Directory and Light Weight Directory Access (LDAP) protocol.
Nutanix Prism provides integrated management console for various Nutanix cloud functions like data
protection, disaster recovery, security, storage services and automation etc.

4.2 Nutanix Cloud Deployments

In this section, we will have a look at different deployment options for Nutanix cloud platform.

4.2.1 On-Premises Private Cloud

Nutanix Enterprise Cloud platform offers tools and technology to build private cloud on premises.
Nutanix core HCI provides the foundation toolset like operating system, hypervisor and management
console (Nutanix Prism). In addition to core toolset, additional tools provided are Nutanix Flow for
software defined networking including microsegmentation and service chaining, Nutanix Files for
distributed file services and analytics, and Nutanix Calm for application orchestration and lifecycle
management.

4.2.2 Hybrid Cloud

Nutanix hybrid cloud deployment includes all the toolsets described in on-premises private cloud
section as Nutanix Core as well as toolset from Enterprise cloud platform. The enterprise toolset
includes advanced storage option like Nutanix Objects for object storage, Nutanix Volumes for high
performance local storage and Nutanix Karbon for container orchestration. Database as a Service
(DBaaS) with Nutanix Era provides the enterprise storage for business applications with choice of
relational databases like SQL Server, Oracle, MySQL, MariaDB, and Postgres.
Nutanix also supports running Acropolis Operating system on bare metal instance in AWS public cloud.
It helps create a homogenous infrastructure for on-premises and public cloud that is easy to manage
and operate. This enables hybrid cloud in true sense as the same tools, technologies and processes
can be used seamlessly for on-premises and public cloud workloads.

14
4.2.3 Hosted/Managed Cloud
Hosted cloud is an infrastructure where hardware is located and managed by third party. It provides
benefit over private cloud as the operational aspects including security is managed by vendor. The
businesses only pay for the hardware and services consumed. It also saves cost on hardware purchase
as it is owned by vendor. Nutanix offers a complete ecosystem to build hosted or managed cloud that
can be offered to many enterprises or internal departments in organization. Hosted cloud, in many
ways like private cloud as described in previous section in terms of tools and technologies used from
Nutanix.

4.2.4 Nutanix cloud deployment decision matrix

Let’s have a look at different use cases and related Nutanix cloud deployment with associated benefits.

Deployment Use Cases Benefits

On-Premises Data center Scaling infrastructure as per the on-demand

Private Cloud modernization workload can be achieved.
Development and production workflow can be
automated for faster releases

Specialized hardware Workload that relies on customized hardware can

perform better on-premises

Hybrid Cloud Governance and It offers data management flexibility in terms of

regulatory geographical location.
requirement Complete control over data life cycle management
can be achieved with custom processes

Real time sensor Application having stringent network latency

analysis requirements can benefit from on-premises
deployment

Hosted/ Managed Disaster Recovery Business continuity is achieved with no hardware

Cloud commitment and IT staff overhead

Backups Workflows associated with backup and recovery can

be outsourced to third party vendors

Public Cloud Capacity bursting Resource demand from development and production
(Cluster on AWS) can be easily satisfied with reduced lead time

Global application Leveraging geographical presence of public cloud

delivery data centers as applications can be located close to
users

Data center Migrating secondary workload to public cloud

consolidation ensures cost benefits

15
4.3 Nutanix Cloud Platform Necessities
Nutanix tools have been categorized as per customer current infrastructure level and desired
transformation.
For customers having tradition three tier deployment and looking for a datacenter modernization or
Private cloud, the Nutanix products that are the best suited that includes:
▪ Acropolis Operating System (AOS)
▪ Nutanix AHV Hypervisor
▪ Prism
▪ Flow
▪ Files
▪ Calm
Customers who are at the high end of transformation and planning for a hybrid cloud deployment can
design the infrastructure using their broader HCI based functionality. These Nutanix Enterprise tools
include:
▪ Prism Pro
▪ Objects
▪ Volumes
▪ Karbon
▪ Era
Next section will discuss typical use of above tools in hybrid cloud scenarios with industry standard
practices and real-life customer use cases.

4.4 Deployment Strategies

In this section, we will have a look at the deployment strategy for various enterprise architectures
using Nutanix tools described in previous section.

4.4.1 Three Tier Applications

Three tier applications have still a major portion of deployments in the enterprises due to its
advantages like simplicity, performance, ease of deployment. A typical three tier application has
following layers:
▪ Presentation (Client)
▪ Application (Business)
▪ Database (Data)
Presentation layer has graphical interface elements like web pages that is delivered to client. In a
typical web application, this is handled by front end toolkits based on HTML protocol.
Application layer has business logic, also commonly known as backend in web application
development. Backend application is typically developed in high level languages like Java, Python, PHP
or JavaScript running on application server.
Database layer is implemented with relational databases like Postgres, MySQL or MS SQL.
Following is typical architecture of three tier application designed with Nutanix cloud platform.

16
 Figure 8

Application delivery is managed by Domain Name Service (DNS) and external application load
balancer. DNS ensures that the traffic is routed to geographically closest private cloud and application
load balancer routes the client requests to one of the front-end virtual machines. The workload for
application server is also balanced with one more internal load balancer for high availability.
Database servers are configured in master slave mode where write request are routed to master and
read requests are forwarded to slave. Nutanix Era is used as database as service platform that provides
database provisioning and life cycle management. It also provides advanced features like database
cloning, backup and restore. It is ideal for migrating databases like Oracle, SQL server, Postgres and
MariaDB from traditional deployment to service as a model in hybrid cloud.
Nutanix Calm is used to provide application automation and life cycle management like provisioning,
scaling, clean-up. The application provisioning is defined with blueprints that can be published as
reusable components. Blueprints are like cookbook or recipe for regularly used application
infrastructures. Nutanix Calm also integrates with Jenkins for continuous integration and continuous
deployment pipeline.
Nutanix Prism helps to monitor the infrastructure for alerts and warnings at infrastructure and
application level.

4.4.2 Cloud Native

Cloud native application follows the principle of immutable infrastructure with microservices. The
applications are designed as loosely coupled services independently deployable and scalable
components. Microservices are deployed as docker containers and orchestrated with kubernetes.
Following is a typical cloud native architecture using Nutanix cloud platform.

17
 Figure 9

Cloud native application leverages containers technology for application workload. In the above
architecture, web server and application server are implemented with containers instead of virtual
machines.
Nutanix Karbon is Kubernetes cluster management solution that provides cluster provisioning,
operations and life cycle management. With Nutanix Karbon, we can deploy production-ready multi-
master kubernetes cluster in automated way. It has full support for native integration with Nutanix
Volumes and Files for persistent storage. It plays a key role in application transformation where legacy
virtual machine-based applications are packaged as docker containers and deployed in Nutanix hybrid
cloud platform.
Here Nutanix Calm is used to deploy microservice application containers for web server, application
server and databases. It also supports features like scaling the application containers, upgrading and
roll back containers. The storage for database tier is provided by Nutanix volume driver for kubernetes.

4.4.3 Data Protection

Nutanix cloud platform provides disk-based backups with crash and application consistent snapshots.
Application consistent snapshot snapshots are achieved using Nutanix Volume Shadow Copy Service
(VSS) provider.
The resources to be protected are configured in protection domains for creating snapshots on periodic
basis. Also, resources that have crash-consistent requirement are configured in consistency group.
Apart from on-demand snapshot creation, schedule and retention policy automate the workflow of
periodic snapshot creation and expiry. For custom data protection workflow, Nutanix provides REST
API that can be integrated with existing scripts.
Virtual machine can be recovered from any available snapshot with overwriting the existing one or
creating a clone.
Following is a typical architecture for various kind of backup requirements where entire backup and
recovery is managed in Nutanix Prism.

18
 Figure 10

Nutanix cloud also supports third party backup application integration like CommVault, Backup Exec
and Veeam for end-to-end backup requirements.

4.4.4 Disaster Recovery

Nutanix cloud disaster and recovery extends on the backup/recovery features discussed in previous
sections. The application consistent snapshots created are used for replicating virtual machines at
remote locations.
In Nutanix cloud platform, disaster recovery is supported by creating availability zones. For example,
all the on-premises resources in primary site can be in one availability zone. User should define other
availability zones at remote site or cloud where data will be replicated to.
Nutanix cloud provides cross-hypervisor disaster recovery. Hence virtual machines running on Nutanix
cloud platform can be easily backed up to disaster recovery sites even if primary and secondary sites
have different hypervisors. Nutanix Cloud Connect helps users to take backup to public cloud services
like Amazon Web Services and supports virtual machine recovery from there.
In the example below, few virtual machines are protected with on-premises replication on secondary
site and others are protected with cloud replication. Following is a typical disaster recovery architecture
using Nutanix cloud platform.

19
 Figure 11

4.4.5 Archival Data Services

Nutanix platform supports variety of storage options like objects, file and volumes.
Nutanix Objects provides scalable object storage compatible with AWS S3 API. The object storage is
exposed over HTTP or HTTPS so that it can be directly consumed by compatible applications without
any code change. It is an excellent destination for backup of unstructured data as it can scale from
terabytes to petabytes. Nutanix Objects also offers enterprise level features like encryption at rest,
versioning and policies for data access control.
Nutanix Files provides distributed file system for virtual machines where the data is accessed in the
form of file shares. File shares can be accessed with SMB protocol over network. Each share can have
fine-tuned access control using NT Access Control List (NTACL). Nutanix Files also supports integration
with Windows Active Directory for authentication. It provides protection with the help of snapshots
and replicating the data to a remote location as a disaster recovery configuration. These snapshots
can be scheduled to provide the required protection in case of data loss.
Nutanix Volumes provide persistent iSCSI data stores to be used with virtual machines. The volumes
are protected with snapshots in protection domain. It is basically an asynchronous disaster recovery
solution where volumes are replicated with a defined schedule.
The regulatory compliance regarding user data is an important use case of hybrid cloud where data is
located on-premises or within a specific region. Nutanix Objects provides a great way to store data
locally with granular access management, versioning and life cycle policies. The owners have full
access to their buckets and can assign read/write access to other users as well for data sharing.

20
Following is a typical architecture for archival data storage using Nutanix cloud platform.

Figure 12

4.4.6 Security
Datacenter security is an important consideration while designing a robust and secure architecture.
Nutanix Flow is the necessary tool to implement security at virtual machine level. It is software defined
networking available in Nutanix cloud platform that provides microsegmentation, a distributed firewall,
in-depth visualization and service chaining. It relies on workload-centric protection than network-
centric approach. In microsegmentation feature, traffic between virtual machine is scrutinized for
security policy violation at application level. It also enables detailed visibility in virtual network for
better understanding the traffic flow in an environment.
Typical networking workflows can be automated with Nutanix Flow API. It provides notifications for
virtual machine life cycle event, based on that networking configurations like load balancing, firewall
rules and provisioning of VALN can be automated.
Following is an architecture to demonstrate how security can be applied to a three-tier application.
Let’s say we have a development and production deployment. Typically, traffic between these
deployments is blocked for security reasons. This can be easily achieved using a Nutanix Flow security
policy. Also, within production deployment, we can configure security policies to allow traffic between
correct tiers. Every virtual machine is assigned categories and security policies are applied as per the
categories. In the below example, we have 3 categories environment, application type and application
tier that are applied to virtual machines. Based on application type and application tiers policy rules
are defined to allow or disallow traffic. Like the traffic is allowed from web virtual machine to
application virtual machine but disallowed to database virtual machine.

21
 Figure 13

Nutanix Flow also supports other advanced networking features like service chaining and quarantine.
With service chaining, you can route a traffic through a specific service like intrusion detection. And
quarantine is used to quickly isolate a virtual machine so that it’s inbound and outbound traffic are
blocked instantly.

4.4.7 Infrastructure & Application Deployment Automation

Automating repetitive infrastructure and application deployment workflow is key to fast provisioning.
Nutanix provides Calm to automate infrastructure and application deployment with blueprints. A
blueprint defines the infrastructure configurations like virtual machines, network and storage as well
as application configurations like install/uninstall script, user data and application parameters etc.
Blueprints can be considered as cookbooks or recipes that can be used to create multiple deployments
in automated way.
Let’s have a look at how we can deploy a three-tier application using Nutanix Calm. In this example,
we have created a blueprint to deploy a load balancer using HAProxy that routes the requests to
Python web services implemented using Flask. MySQL database is used as backend storage for the
Python web services. This entire infrastructure and application configuration can be defined in
blueprint using Nutanix Calm. Nutanix Calm offers configuration flexibility in the blueprint by providing
service and user variables for different deployment scenarios to be used in custom installation and
configuration scripts. It supports shell script and Python. Also, it allows user to create dependencies
so that the services are created, started and stopped in correct order. In this example, load balancer
has dependency on web services and web service has in turn dependant on database service. Once
the blueprint is created, entire stack can be created in a click. Nutanix Calm supports importing already
available blueprints or exporting the blueprints for sharing with other teams.

22
Figure 14

23
5 Next Steps
5.1 Application Catalogue
Nutanix can help enterprises to help migrate the traditional workload to modern datacenter. With
diverse toolsets available in Nutanix cloud platform, businesses can move their virtualized workload
to scalable platform. The platform can help consolidate storage silos to distributed storage fabric
provided by Nutanix cloud platform achieving the cost and performance benefits. To make the
transition easier and time efficient, we provide various application catalogue to start with. Application
catalog covers the common infrastructure architectures that are available to be deployed with end to
end automation.
Nutanix Calm, the application orchestration and lifecycle management tool, provides blueprints for
application deployment for many enterprise applications. With application catalog and blueprints, it is
straightforward job to spin new infrastructure in faster way. Following are the popular blueprints
available for application deployment. Enterprises can create a customized blueprint to suit a specific
business requirement.
Example of applications that can be deployed on Nutanix

Application Description

Active Directory Directory service from Microsoft for Windows domain networks

MariaDB MariaDB provisioning with Nutanix Era

Postgres Postgres provisioning with Nutanix Era

MS SQL Server Relational database from Microsoft with Nutanix Era

Splunk Provision Splunk, a monitoring, searching and visualization solution

Open LDAP LDAP server, an alternative to Active Directory

Oracle Provision Oracle relational database with Nutanix Era

Applications catalog details are available at https://github.com/nutanix/blueprints. For application

catalog not covered above, Nutanix has partnered with IT services companies to provide customized
application catalogs for application deployment. Please contact Nutanix info@nutanix.com for more
details.

5.2 Hybrid Cloud Strategy

Data center modernization is the first step toward the hybrid cloud infrastructure. As the modernization
is achieved, data center is well quipped to move to next goal towards hybrid cloud infrastructure to
take advantage of public cloud.
Going hybrid will bring the benefits like cost optimization, enhanced business continuity with disaster
recovery and backup solutions, workload optimization for performance, better control over data
governance and regulations.
Nutanix and partners can help enterprises come up with right hybrid cloud strategy to achieve the
benefits mentioned above. Please contact the Capgemini GSI account team at Nutanix to get started
with hybrid cloud journey.

24
About Nutanix
Nutanix makes infrastructure invisible, elevating IT to focus on the
applications and services that power their business. The Nutanix Enterprise
Cloud OS leverages web-scale engineering and consumer-grade design to
natively converge compute, virtualization, and storage into a resilient,
software-defined solution with rich machine intelligence. The result is
predictable performance, cloud-like infrastructure consumption, robust
security, and seamless application mobility for a broad range of enterprise
applications. Learn more at www.nutanix.com or follow us on Twitter
@nutanix.

© 2020 Nutanix. All rights reserved.

About Capgemini
Capgemini is a global leader in consulting, digital transformation, technology
and engineering services. The Group is at the forefront of innovation to
address the entire breadth of clients’ opportunities in the evolving world of
cloud, digital and platforms. Building on its strong 50-year+ heritage and
deep industry-specific expertise, Capgemini enables organizations to realize
their business ambitions through an array of services from strategy to
operations. Capgemini is driven by the conviction that the business value of
technology comes from and through people. Today, it is a multicultural
company of 270,000 team members in almost 50 countries. With Altran, the
Group reported 2019 combined revenues of €17billion.
Visit us at www.capgemini.com

About Digital Engineering and

Manufacturing Services
Capgemini’s Digital Engineering and Manufacturing Services brings together
deep domain expertise to lead the convergence of Physical and Digital worlds
through technology, engineering and manufacturing expertise to boost our
clients’ competitiveness. A recognized leader with over 10,000 engineers
across the globe and 30+ years of experience, Capgemini’s comprehensive
portfolio of end-to-end solutions enables global companies to unlock the true
potential of their product portfolios and manufacturing efficiencies.

Learn more about us at www.capgemini.com/engineering