Private and Hybrid Cloud Reference Architectures

Powered by Nutanix

May 2020

1

Table of Contents

1 Cloud Landscape............................................................................................................ 1

1.1 Cloud Options ........................................................................................................... 1

1.1.1 Public Cloud ................................................................................................... 1

1.1.2 Private Cloud .................................................................................................. 1

1.1.3 Private Hosted Cloud ....................................................................................... 1

1.1.4 Hybrid Cloud .................................................................................................. 1

1.2 Why Hybrid Cloud ..................................................................................................... 2

2 Hybrid Cloud Design ...................................................................................................... 3

2.1 Application Deployment Decisions ............................................................................... 3

2.2 Hybrid Cloud Architectures ......................................................................................... 4

2.2.1 Identity and Access Management ...................................................................... 4

2.2.2 Application Development ................................................................................. 5

2.2.3 Application Testing .......................................................................................... 6

2.2.4 Production Deployment .................................................................................... 6

2.2.5 Backup and Recovery ...................................................................................... 7

2.2.6 Disaster Recovery ........................................................................................... 7

2.2.7 Performance Monitoring ................................................................................... 8

2.2.8 Application Logs.............................................................................................. 8

2.2.9 File Storage .................................................................................................... 9

2.2.10 Object Storage ............................................................................................... 9

2.2.11 Volume Storage .............................................................................................. 9

2.2.12 Hybrid Cloud Storage Decision Matrix ................................................................ 9

2.2.13 Security ....................................................................................................... 10

2.2.14 Load Balancing ............................................................................................. 10

2.2.15 Firewall ........................................................................................................ 11

3 Hybrid Cloud Trends .................................................................................................... 12

4 Nutanix Private and Hybrid Cloud for Applications ...................................................... 13

4.1 Nutanix Architecture ................................................................................................ 13

4.1.1 Nutanix Distributed Storage Fabric .................................................................. 14

4.1.2 Nutanix Prism ............................................................................................... 14

4.2 Nutanix Cloud Deployments ..................................................................................... 14

4.2.1 On-Premises Private Cloud ............................................................................. 14

4.2.2 Hybrid Cloud ................................................................................................ 14

4.2.3 Hosted/Managed Cloud .................................................................................. 15

4.2.4 Nutanix cloud deployment decision matrix ....................................................... 15

4.3 Nutanix Cloud Platform Necessities ........................................................................... 16

4.4 Deployment Strategies ............................................................................................ 16

2

4.4.1 Three Tier Applications .................................................................................. 16

4.4.2 Cloud Native ................................................................................................ 17

4.4.3 Data Protection ............................................................................................. 18

4.4.4 Disaster Recovery ......................................................................................... 19

4.4.5 Archival Data Services ................................................................................... 20

4.4.6 Security ....................................................................................................... 21

4.4.7 Infrastructure & Application Deployment Automation ......................................... 22

5 Next Steps ................................................................................................................... 24

5.1 Application Catalogue .............................................................................................. 24

5.2 Hybrid Cloud Strategy ............................................................................................. 24

1

1 Cloud Landscape

Cloud computing has changed the way applications are being delivered in enterprise world. It has far

reaching impact on the businesses and has re-defined application development and operational models

for many enterprises. Cloud brings with it the benefits like agility, scalability, responsiveness and cost

effectiveness. Traditionally, the applications are deployed on specialized data centers managed by IT

staff of companies. Though self-managed data centers provide a complete control over the operational

aspect, it also carries the additional liabilities like dedicated team to monitor and remediate issues, up

front capital expenditure on the hardware, year on year budget for upgrades and de-

commissioning/refreshing older hardware etc. Cloud computing offers solution to these challenges

that exists with traditional data centers. It provides freedom from owning and managing the data

centers so that businesses can focus on delivering values to the customers with their applications.

There are multiple cloud options available depending on business requirements. The following section

provides more details on different approaches to cloud and best option to select from.

1.1 Cloud Options

This section describes the available cloud options namely public cloud, private cloud, private hosted

cloud and hybrid cloud.

1.1.1 Public Cloud

Public cloud is the infrastructure managed by companies like Amazon, Google, Microsoft, and others.

These services are available as self-service portals to provision hardware, software and various

services. The biggest advantage of public cloud is faster time to market as it allows applications to be

migrated with lift and shift methodology using virtual machines. It is also important to note the

challenges of public cloud as well specifically, data regulations, performance requirements,

unpredictable and potentially cost, dependency on specialized hardware and intellectual property are

few of the reasons that businesses still opt out of public cloud.

1.1.2 Private Cloud

Private cloud is the infrastructure entirely managed by enterprises also called as on-premises cloud.

The infrastructure is owned and managed by enterprises with dedicated staff. It provides the full

control over the cloud in terms of deployment, operations and cost. It has other advantages like data

locality, fine grained control over data at rest and in flight. For businesses where data management is

of paramount importance, private cloud provides perfect infrastructure. Private cloud also offers

maximum flexibility for hardware and software stacks as it can be highly customized for specific

business needs. Private Cloud requires an ongoing investment in hardware, software licenses, and

staff for managing the cloud infrastructure.

1.1.3 Private Hosted Cloud

Private hosted cloud is variation of private cloud where it is managed by third party vendors and can

be still located on-premises or in a third-party vendor’s datacenter. This cloud option helps to cut

down on dedicated staffing required for managing infrastructure as it is outsourced to different teams.

In some cases, the hardware can also be managed by third party vendor and the cloud services are

billed on monthly basis. This cloud model helps enterprise to cut down on capital expenditure while

optimizing operational costs.

1.1.4 Hybrid Cloud

Hybrid cloud is combination of public and private cloud. Critical and data sensitive workload is deployed

on private or on-premises infrastructure whereas public facing workload is delivered from public cloud.

2

This cloud offers best of the features and advantages from both public and private cloud at the same

time providing required flexibility. We will go in more detail how hybrid cloud can be the best option

for most of the business requirements.

1.2 Why Hybrid Cloud

Before we jump into hybrid cloud details let’s have a look at Enterprise Cloud Index 2019 report

created by Vanson Bourne and Nutanix.

Figure 1

Over two-thirds (85%) of the enterprises polled in the study are leveraging hybrid cloud as a part of

cloud infrastructure. Enterprise will typically have the mix of the workloads as shown above hosted

either in public or private cloud. Hybrid cloud offers this flexibility where application workload can be

seamlessly deployed as well as dynamically moved between public and private cloud. Administrators

typically manage the cloud infrastructure from single pane of window as hybrid cloud abstracts the

underlying public and private cloud details.

Let’s see few of the important decision points for the enterprises that is driving hybrid cloud adoption.

With the advent of strict data regulation like General Data Protection Regulation (GDPR) it has become

more important to manage data is such way so as not to impact the business. Consumer as well

business critical data needs to be managed with a robust data management strategy that involves

tighter control over access, authorization and location. Hybrid cloud provides better data management

options so that the regulatory sensitive data can be located on-premises and rest on public cloud.

Also, for the hardware optimized workload it is always better to run it on a customized hardware on-

premises than on commodity hardware in public cloud. But for public facing workload like website or

mobile application, hosting in public cloud offers the greater advantage than private cloud. The high

availability and scalability that applications can achieve in public cloud is challenging to achieve in

private cloud. In summary, hybrid cloud offers best of the both public and private cloud.

In the next section, we will explore different hybrid cloud architectures.

3

2 Hybrid Cloud Design

As discussed in previous section, enterprises take first step toward cloud journey with data center

modernization. As a part of data center modernization, virtualization of application workload is the

always a starting point. Majority of the businesses have already adopted virtualized platforms like

VMware ESXi, Microsoft Hyper-V and the open source KVM Hypervisor. Hence in the context of data

modernization, it is primarily moving from traditional IT practices to modern strategies like continuous

integration/deployment, dynamic capacity management, centralized monitoring, automation and

service orchestration. Also, the modern data center is capable of handling not just virtualized workload

for traditional application but also modern application workload like containers and microservices.

The next step after data center modernization is having a strategy for moving the relevant workload

from on-premises to public cloud. The workload that is already transformed to either virtual machines

or containers can be easily deployed on public or on-premises. Hybrid cloud design involves identifying

the workloads and related data that can be moved between on-premises or public cloud. The next

section describes typical application deployment decision matrix that can be followed as a part of

hybrid cloud design.

2.1 Application Deployment Decisions

It is critical to business to decide the application deployment strategy when working with hybrid cloud.

As discussed in the previous sections, there are two options where application can run, it’s either on-

premises or in cloud. There are multiple decision criteria to select the optimal location for the

application deployment.

Following is a typical decision matrix recommended for application deployment in hybrid cloud. Note,

this is a general advice and critical business requirements like company policies, regional regulation

may override the proposed application location.

Workload Type Recommendation Rationale

Intellectual Property

sensitive or regulated

data

On-Premises Functional requirement for business and critical to

region specific rules and regulations

Long term backup

data

Cloud Cloud provides optimal cost per GB of data

Short term backup

data

On-Premises Business continuity takes priority over cost hence

data should be located close to applications

Real time sensor

analytics

On-Premises Local application offers the best latency required

for streaming sensor data

Long term analytics Cloud Cloud offers periodic high compute and storage

required for analytics with cost benefit

Identity and Access

Management (IAM)

Cloud and On-

Premises

Common authentication and authorization for on-

premises and cloud applications requires directory

services to be present on both location

Multimedia Cloud Content distribution network provides

geographical advantage with low latency and

caching for better performance

Load balancer Cloud Global routing techniques like DNS and highly

available load balancer provide better service

delivery

4

2.2 Hybrid Cloud Architectures

Hybrid cloud is architected using key services like identity access management for authentication and

authorization. It also needs to have a development and testing methodology that spans on-premises

and public cloud. Application deployment strategies ensures continuous integration and delivery with

minimal downtime. Deployed applications are ensured to have high availability for business continuity

by using backup and disaster recovery. Application deployed on-premises or public cloud are

continuously monitored for functional and performance parameters. In overall hybrid cloud

architecture, storage is foundational component, selecting optimal storage type and location has

impact on overall application performance. Finally, networking and application security builds a strong

foundation for overall hybrid architectural components. Following section will describe the different

hybrid cloud architectures and best practices in more details.

2.2.1 Identity and Access Management

Authentication and authorization are a critical part of business applications. It is required to have a

strong identity and access management system in place for users, IT team, services and applications.

With common identity management, it becomes a uniform process independent of the user or service

location, be it on-premises or cloud. Identity can be managed either as a service in cloud also known

as Identity as a Service (IDaaS) or it can be managed on-premises and synchronized to cloud. It

depends on the business requirement to select the best option.

Typically, enterprise migrating to hybrid cloud architecture already has an identity and access

management system on-premises hence it becomes intuitive to synchronize to cloud directory service.

In some cases, where regulatory requirements do not permit to synchronize credentials to cloud, the

authentication is performed on-premises using passthrough identity service.

Following is a hybrid cloud architecture for providing a common identity management for windows

workload using Microsoft Active Directory either on-premises or in cloud. It demonstrates the use of

synchronized directory.

Figure 2

5

Following is a hybrid cloud architecture where credentials are not synchronized to cloud, but the

authentication request is passed to on-premises directory.

Figure 3

2.2.2 Application Development

Developing applications for hybrid cloud has a different mindset compare to that on-premises

applications. It is important to have a uniform and consistent toolset and methodology for on-premises

and cloud applications. It’s typically related to continuous integration (CI) and continuous deployment

(CD) practices. Hybrid cloud development encourages architects and programmers to follow 12 factor

app development methodology (https://12factor.net/).

Automation is key aspect of hybrid cloud as it involves workflows for multiple software engineering

practices. Build, Release and Deploy of multiple services in seamless way requires an automation

strategy. Automation typically starts from codebase; the source is recommended to be maintained in

single code repository. A single source code can have multiple workflows for build, release and deploy.

Every code commit will trigger automated build and unit test cases. The successful release build is

then deployed either on staging area or production.

Hybrid cloud can have different continuous integration architecture based on business requirements

like number of builds triggered per day, build and test hardware, source code confidentiality,

regulatory requirements etc. Following is a reference architecture where master source code repository

is present on-premises, and developers perform code check-in to it. On-premises infrastructure also

has required build and test servers. The successful builds are stored on build artefact for deployment.

The architecture has an optional and extended infrastructure in public cloud. The addition build

workload can be offloaded to cloud in dynamic way. The public cloud has a replicated source code

repository that is periodically synchronized with on-premises repository. In case of increased

workload, new virtual machines are created for build and test process. These are dynamic resources

and can be scaled out or in as per input workload. In some use cases, user can also choose to have

complete build infrastructure in public cloud to save cost on premises hardware and to achieve the

required agility.

6

Figure 4

2.2.3 Application Testing

Automated tests are integral part of continuous integration process. It starts with unit test case

automation that can be run independently without requiring any external interfaces. Unit test case

framework is selected based on programming language and test cases are written and committed to

code repository along with source code. Unit test cases are run as part of new code check-ins to ensure

code is not broken. In hybrid cloud, unit test cases can be run on local source code repository or in

cloud based on continuous integration configuration. The other types of test cases are functional and

regression that are run typically at the release time. Performance tests are performed to find the

bottlenecks in the code and optimize the resource utilization in production deployments. Hybrid cloud

allows specific type of tests to be run in cloud where the infrastructure is required on periodic basis to

save on cost.

2.2.4 Production Deployment

Hybrid cloud production environment includes different continuous deployment strategies. Following

are the important deployment scenarios for a typical business application.

2.2.4.1 Blue Green

In case of blue green deployment, new version of application is deployed, and traffic is cut over to

new deployment. The functional and performance parameters are observed over a period. If the

parameters are acceptable, traffic is kept routed to new version else it is routed back to old version.

2.2.4.2 Rolling Update

Rolling update deployment strategy updates the application instances in incremental way. The older

application version is replaced with newer ones and actively monitored based on functional

/performance parameters. In case of unacceptable parameters, application instances are rolled back

to previous version. Note, there is no specific rule for how the traffic is routed to new or old applications

and it is distributed equally.

7

2.2.4.3 Canary Release

Canary release allows to deploy new application instances and route a part of traffic to it. This is

typically achieved by configuring load balancer. Over a period, functional and performance parameters

are monitored. In case of acceptable parameters, more old application instances are replaced with

new version and traffic is increased to new versions until all the old application versions are replaced.

2.2.5 Backup and Recovery

Backup and recovery involve taking periodic data backup and optionally restoring in case of data

loss/corruption, analysis or audit purpose. Traditionally, the backup is taken in traditional data centers

infrastructure using traditional network storage using proprietary solution from different enterprise

storage vendors. It also requires specialized hardware, software and trained IT team to manage the

backup process as per business or regulatory guidelines. The cost impact of owning specialize backup

solutions and managing it is significantly high. Also, not all the data is needed immediately in all

scenarios. If the data is backed up for audit or regulatory purpose, it is typically required to be

retrieved in months or year. Hence for data of archival nature, it is best and cost effective to store in

a cloud designed for long term retention. Only hot business transactional data that has time value is

needed to be backup on-premises for faster retrieval. In the architecture below, the data is periodically

sent to public cloud and backed up as snapshots. If required, the data can be restored from any of

the available snapshots.

Following is a typical hybrid cloud architecture with proposed data locality based on retrieval time

requirements.

Figure 5

2.2.6 Disaster Recovery

Enterprise applications availability to the user in the wake of infrastructural failure or natural disaster

is key to business. Hybrid cloud enables businesses to leverage public cloud to achieve business

continuity in case of disaster. Public cloud provides infrastructure for spinning virtual machines in case

of any failure of the primary data center. There is no upfront infrastructure provisioned on public cloud

hence the cost impact is minimal. Additionally, cloud infrastructure automation tools help to create

and operate infrastructure without any specialized IT team. Disaster recovery has two important

metrics namely recovery point objective (RPO) and recovery time objective (RTO). There is always a

8

cost tradeoff while selecting the desired RPO and RTO. Lower the RPO/RTO requirement, more is the

cost. Hence it is important to select the right RPO/RTO as per the business needs.

Following is a typical architecture for disaster recovery using on-premises private cloud as primary

site and public cloud as secondary site.

Figure 6

2.2.7 Performance Monitoring

Performance monitoring is key to ensure high availability for the application or services in hybrid cloud.

Monitoring can be categorized at infrastructure level like CPU, memory, disk or network and at

application level. Application monitoring typically involves having a close watch on software

components like web server, application server and databases. Performance monitoring is normally

associated with dynamic scaling where resources are scaled out or in based on resource consumption.

Monitoring is enabled by installing an active agent on virtual machines that periodically sends

performance metric to centralized server. Centralized server displays the consolidated metric trends,

alert and recommendation on a graphical dashboard. Resource consumption also provides a good

insight on cost patter in hybrid cloud.

In application monitoring, there are different checks that monitors liveness and readiness of the

application. Liveness indicates that application is accessible to the client and readiness indicates that

it is ready to offer the intended service. Liveness and readiness are typically HTTP based checks that

runs a custom program for providing the required status. Also, monitoring agent can stream logs from

multiple applications to centralized server that in turn perform text analysis to identify any issue with

application functions and performance.

2.2.8 Application Logs

Hybrid architecture typically has distributed applications or services each having its own logs. Hence

it is important to have all the logs streamed at centralized location for monitoring and troubleshooting.

It typically has a central log store and shared log API. All the services use the shared log API to write

log to central location. Application Logs system also provides a dashboard to view, analyze and

download logs.

Key attributes of an application log and monitoring system is as follows.

9

▪ Centralized log repository and support for streaming logs

▪ Log analysis and insights

▪ Ability to monitor functional, performance and SLA metrics

▪ Configurable alert based on high and low threshold

▪ Actionable recommendation for critical alerts

▪ Integration with knowledge base for quick issue resolution

2.2.9 File Storage

Enterprise application requires a solid foundation for data storage. Typical kind of data for an

application could be files, folders, databases, virtual machine images and virtual disk files. It needs

an enterprise grade file system to store the various types of data and at the same time should be

reliable, scalable and highly performant.

In hybrid cloud use cases, data is segregated for either on-premises or in cloud. Hence it is required

to have a distributed file system that can be used on both locations. It also needs to support features

like NFS/SMB protocol compatibility so that the data can be accessed with industry standard tools and

API. Advanced features like file snapshots, backup and recovery, encryption at rest, compression,

deduplication have become de-facto norms for most of the enterprise applications. It is to be noted

that, file system is expected to be mounted on application host for data access. File storage is best

suitable for application that requires standard access to data with random read/write access to files.

File storage supports strong consistency and good for direct local access to data from application

running on virtual machine but are not efficient for data access over internet using HTTP protocol.

2.2.10 Object Storage

The data requirement has significantly exploded in last decade and data capacity in the scale of

terabyte or petabytes are now typical. This requirement is best handled by object storage that offers

scalable and highly available storage space for unstructured data.

For enterprise applications that need to store large amount of data has dynamic capacity requirement,

object storage is the best choice. Object storage is also used for backup and recovery purpose where

the data is regularly backed up and archived for future recovery. Object storage architecture are based

on eventual consistency model hence it is not suited for application that needs random read/write to

file content or expects data to be consistent after every write and before next read. The access to data

stored in object storage is typically provided by REST API.

2.2.11 Volume Storage

Volume are disk-based block storage used as primary store for virtual machine. In hybrid cloud,

volumes are typically attached to virtual machine with storage protocol like iSCSI. It provides the

ephemeral disk storage for operating system to boot from or persistent storage for data types like

databases, files and folders. Volumes are dedicated to one virtual machine at a time hence it cannot

be used as shared storage.

2.2.12 Hybrid Cloud Storage Decision Matrix

Following is a typical decision matrix for selecting the appropriate storage option in hybrid cloud.

10

Type Recommendation Rationale

Operating system Volume Storage Block devices formatted with optimized file system

offers the best performance

Databases Volume Storage Volumes directly connected to database servers

operates optimally for read-write transactions. Also,

volumes can be replicated to provide multiple read

replicas.

Shared data and

configuration

File Storage Distributed file storage provide access to multiple

virtual machines with file shares

Archival data Object Storage Object storage can scale to petabyte size and provide

REST API for data upload and download. Also, support

versioning for data recovery

Disk Cache Volume Storage Hot data that is frequently accessed is stored close to

virtual machine on block device for better performance

Unstructured

static data

Object Storage Object storage provides geographical distribution of file

data with HTTP protocol and supports replication

2.2.13 Security

Hybrid cloud adopts defense in depth strategy that spans multiple level in the infrastructure. It

basically encompasses identity, information and infrastructure and it is implemented in uniform way

to on-premises and cloud.

Identity security management consist of a common way of authentication user and providing access

as per the authorization. It is typically provided by identity and access management system in hybrid

cloud. The widely adopted architecture is to have primary directory service on-premises and

synchronize the user credentials to cloud directory service. In some regulated environment, the

credentials are not synchronized to cloud, but cloud users are authenticated by having a passthrough

to on-premises directory service.

Information security is mainly related to protecting data in transit and at rest. Data is protected in

transit by using end to end encryption like SSL or HTTPS protocol. At rest, data is secured using

encryption techniques like Advanced Encryption Standard (AES). The cryptographic keys used for

encryption are protected using Key Management Service (KMS)

Infrastructure security involves securing network, compute and storage. Network level traffic is

restricted by using techniques like microsegmentation that creates secured zones and isolate the

workload. Network security can also use advanced feature like firewall and Access Control List (ACL)

to define ingress and egress rules. Compute access is typically restricted with asymmetric key based

logins and operating system level security is ensured by up to date security patches.

2.2.14 Load Balancing

Load balancer service allow client request to be routed to optimal service endpoint. These services

can be running in same geographical region or in different regions. Load balancing is critical service

in hybrid cloud as it ensures the high availability of service. Routing request is important as

applications might be distributed across on-premises and cloud. Load balancing can be implemented

with specialized hardware or can be a complete software-based solution. Hardware load balancer offers

optimized performance, but scaling can be challenging and costly. Software load balancer provide

dynamic capacity provisioning as per the workload and operate globally.

Load balancing can be implemented at network Layer 4 or Layer 7.

11

Layer 4 load balancer routes the requests based on transport layer protocol like TCP, UDP and IP. In

case of Layer 7 load balancer, requests are routed based on application layer protocol like HTTP. Layer

4 load balancer routing uses standard algorithms like round robin, weighted routing, least connection

or least latency etc. Whereas Layer 7 load balancer is capable more advanced routing not only based

on standard routing algorithm but also based on packet content. It is to be noted that Layer 7 load

balancer can be CPU intensive as compared to Layer 4, however it offers the most flexibility.

Following is a decision matrix for Layer 4 versus Layer 7 load balancer.

Requirement Recommendation Rationale

Uniform load

distribution

Layer 4 Routing algorithms like round robin offers the best

performance

SSL termination Layer 7 Layer 7 load balancer operates at HTTP layer

Session Affinity Layer 7 Cookie based session affinity can be supported as

packet content is processed

Advanced Logging Layer 7 Selective packet content can be saved as log stream

Low CPU overhead Layer 4 Layer 4 does not process packet content

Low latency Layer 4 Due to low processing latency is optimal

Microservice or

container workload

Layer 7 Layer 7 is capable of URL based optimized routing

for different backends

2.2.15 Firewall

In hybrid cloud, strong firewall infrastructure is important foundation for network security. Firewall

typically offer protection and isolation for outbound and inbound network traffic. Most of the private

as well as public cloud supports firewall natively. It can be configured for following network security

aspects.

▪ Open specific inbound ports for application delivery to limit the area of attack

▪ Open outbound ports for service to service communication

▪ Allow traffic from specific IP addresses to enable access from authorized network machines

Firewall typically supports the configuration in terms of rules with priorities attached so that the rules

are evaluated as per defined priorities. By default, firewall denies all ingress and egress traffic following

principle of least privilege and administrator must allow specific traffic by defining appropriate firewall

rules.

Firewall in hybrid cloud is tightly coupled with underlying virtual network technology.

Basic firewall covered earlier provides the protection at network level for ingress and egress traffic in

hybrid cloud. Application level firewalls like Web Application Firewall (WAF) provide advanced

networking security features. It is capable of inspecting HTTP content and prevent attacks like SQL

injection, cross site scripting etc. Web Application Firewall can be deployed as a hardware appliance

or software component.

This section covered hybrid cloud design and different reference architectures. In the next section, we

will cover current trends in hybrid cloud.

12

3 Hybrid Cloud Trends

The key trends in hybrid cloud adoption are in the area of business agility, developer productivity,

rapid release cycles, resiliency, performance and cost optimization.

Business agility is achieved with adapting to the market expectations in shortest time. Hybrid cloud

with its flexible application deployment model that is either on-premises or in cloud, enables enterprise

deliver services in flexible way. Data protection laws, regional regulations, compliances and privacy

are some of the non-technical requirements that can have an adverse impact on businesses. Hybrid

cloud infrastructure is well equipped to address these challenges.

Developer productivity is driven by the technical choice that the team must design and implement a

solution. Hybrid cloud offers wide variety of workload and data management options for optimal and

faster service delivery. Performance optimization can be achieved with on-premises applications with

low latency infrastructure.

Rapid release cycles is achieved by industry standard DevOps practices that works seamlessly with

on-premises and public cloud. With continuous integration and deployment practices, incremental

feature can be released to market in non-disruptive way. Adoption of modern practices like

infrastructure as code, domain driven design, cloud native and micro-services is on the rise.

Resiliency enables high availability of business functions even in the case of technical or natural

challenges. Data replication and periodic backups from on-premises to public cloud is key to business

continuity. Backup and disaster recovery are far more popular use case of hybrid cloud that offers

best value for money. Application delivery to various geographical region with the help of global load

balancing ensures requests are routed to the best possible data center.

Performance optimization is the key attribute of hybrid cloud. Not all workloads have the same

characteristics when it comes to performance. Some workloads like real time analytics are best

performed on on-premises data center whereas multimedia content distribution is effectively achieved

with public cloud. Hybrid cloud allows the flexibility of deploying the workload either on on-premises

or on public cloud based on performance requirement.

Cost optimization is best controlled with hybrid cloud as it provides the flexibility of distributing the

workload based on performance, functional and resource requirements. Resource consumption,

running time and cost incurred are key attributes to decide the best place to run the workload.

Business are performing exhaustive cost benefit analysis for substantial cost saving with hybrid cloud.

In the next section, we will cover Nutanix hybrid cloud platform and different solutions available to

implement the architectures discussed in previous sections.

13

4 Nutanix Private and Hybrid Cloud for

Applications

Nutanix is hyperconverged platform that provides scale-out compute and storage. The core principle

of hyperconverged platform is to enable user to select the optimal virtualized solution, provide simple

but intelligent software stack for building the scalable infrastructure and offer an intuitive graphical

user interface for managing infrastructure components. The above benefits are achieved by using

software defined paradigm that leverages cluster of non-proprietary hardware. The hardware choices

include direct from Nutanix, OEM or third party. Each hardware node in cluster runs hypervisor of

choice (Microsoft Hyper-V, VMware ESXi or Nutanix AHV Hypervisor, and builds a complete scalable

and distributed fabric. Apart from on-premises hardware, Nutanix also supports integration with all

major public cloud vendor like AWS (currently in early access).

In the next section, we will discuss details of Nutanix architecture for Hyperconverged infrastructure.

4.1 Nutanix Architecture

Following is a high-level architecture of the Nutanix platform.

Figure 7

The key component of the architecture is the core platform that provides services for running

workloads (virtual machines or containers) and managing distributed storage.

The core platform features are extended with platform services like object storage, volume storage,

file storage, backup and container orchestration. Platform services also includes Database as a Service

(DBaaS) and Desktop as a Service (DaaS). We will discuss the above services in more detail in

subsequent sections.

Management and operations tools provide a single pane of window for infrastructure monitoring,

resource management and operation insights.

14

4.1.1 Nutanix Distributed Storage Fabric

Nutanix hyperconverged platform is powered by Acropolis Distributed Storage Fabric (ADSF). It

provides a highly available and fault tolerant distribute storage with industry standard interface

NFS/CIFS and iSCSI. This distributed storage also supports enterprise feature like deduplication,

compression, snapshots.

The data is protected using replication across the nodes and controlled by replication factor.

Replication factor defines the number of copies available in the cluster. Distributed storage fabric also

supports Availability Domains to make sure data is distributed in such way so that it is always available

in case of failure at disk, node or rack level. Nutanix platform utilizes different storage optimization

techniques like erasure coding, compression and deduplication that ensures efficient use of available

storage.

Networking is a key element in distributed storage systems. Distributed storage fabric network is built

on 10Gbit ethernet. Storage I/O are handled by underlying hypervisor on private network. As the data

is located close to virtual machine the storage I/O is always contained in the node. The traffic that

goes on the external 10Gbit ethernet is typically replication data and VM-to-VM communication.

4.1.2 Nutanix Prism

Nutanix Prism is resource management platform that offers unified experience to manage and monitor

objects and services in Nutanix cluster. It is built with leading user interface technologies like HTML5,

REST and has a plug-in architecture. Nutanix Prism has two main components namely Prism Central

and Prism Element. Prism Central is responsible for managing multiple clusters whereas Prism Element

is used to manage a localized cluster. Nutanix Prism can be integrated with various identity providers

like Active Directory and Light Weight Directory Access (LDAP) protocol.

Nutanix Prism provides integrated management console for various Nutanix cloud functions like data

protection, disaster recovery, security, storage services and automation etc.

4.2 Nutanix Cloud Deployments

In this section, we will have a look at different deployment options for Nutanix cloud platform.

4.2.1 On-Premises Private Cloud

Nutanix Enterprise Cloud platform offers tools and technology to build private cloud on premises.

Nutanix core HCI provides the foundation toolset like operating system, hypervisor and management

console (Nutanix Prism). In addition to core toolset, additional tools provided are Nutanix Flow for

software defined networking including microsegmentation and service chaining, Nutanix Files for

distributed file services and analytics, and Nutanix Calm for application orchestration and lifecycle

management.

4.2.2 Hybrid Cloud

Nutanix hybrid cloud deployment includes all the toolsets described in on-premises private cloud

section as Nutanix Core as well as toolset from Enterprise cloud platform. The enterprise toolset

includes advanced storage option like Nutanix Objects for object storage, Nutanix Volumes for high

performance local storage and Nutanix Karbon for container orchestration. Database as a Service

(DBaaS) with Nutanix Era provides the enterprise storage for business applications with choice of

relational databases like SQL Server, Oracle, MySQL, MariaDB, and Postgres.

Nutanix also supports running Acropolis Operating system on bare metal instance in AWS public cloud.

It helps create a homogenous infrastructure for on-premises and public cloud that is easy to manage

and operate. This enables hybrid cloud in true sense as the same tools, technologies and processes

can be used seamlessly for on-premises and public cloud workloads.

15

4.2.3 Hosted/Managed Cloud

Hosted cloud is an infrastructure where hardware is located and managed by third party. It provides

benefit over private cloud as the operational aspects including security is managed by vendor. The

businesses only pay for the hardware and services consumed. It also saves cost on hardware purchase

as it is owned by vendor. Nutanix offers a complete ecosystem to build hosted or managed cloud that

can be offered to many enterprises or internal departments in organization. Hosted cloud, in many

ways like private cloud as described in previous section in terms of tools and technologies used from

Nutanix.

4.2.4 Nutanix cloud deployment decision matrix

Let’s have a look at different use cases and related Nutanix cloud deployment with associated benefits.

Deployment Use Cases Benefits

On-Premises

Private Cloud

Data center

modernization

Scaling infrastructure as per the on-demand

workload can be achieved.

Development and production workflow can be

automated for faster releases

Specialized hardware Workload that relies on customized hardware can

perform better on-premises

Hybrid Cloud Governance and

regulatory

requirement

It offers data management flexibility in terms of

geographical location.

Complete control over data life cycle management

can be achieved with custom processes

Real time sensor

analysis

Application having stringent network latency

requirements can benefit from on-premises

deployment

Hosted/ Managed

Cloud

Disaster Recovery Business continuity is achieved with no hardware

commitment and IT staff overhead

Backups Workflows associated with backup and recovery can

be outsourced to third party vendors

Public Cloud

(Cluster on AWS)

Capacity bursting Resource demand from development and production

can be easily satisfied with reduced lead time

Global application

delivery

Leveraging geographical presence of public cloud

data centers as applications can be located close to

users

Data center

consolidation

Migrating secondary workload to public cloud

ensures cost benefits

16

4.3 Nutanix Cloud Platform Necessities

Nutanix tools have been categorized as per customer current infrastructure level and desired

transformation.

For customers having tradition three tier deployment and looking for a datacenter modernization or

Private cloud, the Nutanix products that are the best suited that includes:

▪ Acropolis Operating System (AOS)

▪ Nutanix AHV Hypervisor

▪ Prism

▪ Flow

▪ Files

▪ Calm

Customers who are at the high end of transformation and planning for a hybrid cloud deployment can

design the infrastructure using their broader HCI based functionality. These Nutanix Enterprise tools

include:

▪ Prism Pro

▪ Objects

▪ Volumes

▪ Karbon

▪ Era

Next section will discuss typical use of above tools in hybrid cloud scenarios with industry standard

practices and real-life customer use cases.

4.4 Deployment Strategies

In this section, we will have a look at the deployment strategy for various enterprise architectures

using Nutanix tools described in previous section.

4.4.1 Three Tier Applications

Three tier applications have still a major portion of deployments in the enterprises due to its

advantages like simplicity, performance, ease of deployment. A typical three tier application has

following layers:

▪ Presentation (Client)

▪ Application (Business)

▪ Database (Data)

Presentation layer has graphical interface elements like web pages that is delivered to client. In a

typical web application, this is handled by front end toolkits based on HTML protocol.

Application layer has business logic, also commonly known as backend in web application

development. Backend application is typically developed in high level languages like Java, Python, PHP

or JavaScript running on application server.

Database layer is implemented with relational databases like Postgres, MySQL or MS SQL.

Following is typical architecture of three tier application designed with Nutanix cloud platform.

17

Figure 8

Application delivery is managed by Domain Name Service (DNS) and external application load

balancer. DNS ensures that the traffic is routed to geographically closest private cloud and application

load balancer routes the client requests to one of the front-end virtual machines. The workload for

application server is also balanced with one more internal load balancer for high availability.

Database servers are configured in master slave mode where write request are routed to master and

read requests are forwarded to slave. Nutanix Era is used as database as service platform that provides

database provisioning and life cycle management. It also provides advanced features like database

cloning, backup and restore. It is ideal for migrating databases like Oracle, SQL server, Postgres and

MariaDB from traditional deployment to service as a model in hybrid cloud.

Nutanix Calm is used to provide application automation and life cycle management like provisioning,

scaling, clean-up. The application provisioning is defined with blueprints that can be published as

reusable components. Blueprints are like cookbook or recipe for regularly used application

infrastructures. Nutanix Calm also integrates with Jenkins for continuous integration and continuous

deployment pipeline.

Nutanix Prism helps to monitor the infrastructure for alerts and warnings at infrastructure and

application level.

4.4.2 Cloud Native

Cloud native application follows the principle of immutable infrastructure with microservices. The

applications are designed as loosely coupled services independently deployable and scalable

components. Microservices are deployed as docker containers and orchestrated with kubernetes.

Following is a typical cloud native architecture using Nutanix cloud platform.

18

Figure 9

Cloud native application leverages containers technology for application workload. In the above

architecture, web server and application server are implemented with containers instead of virtual

machines.

Nutanix Karbon is Kubernetes cluster management solution that provides cluster provisioning,

operations and life cycle management. With Nutanix Karbon, we can deploy production-ready multi-

master kubernetes cluster in automated way. It has full support for native integration with Nutanix

Volumes and Files for persistent storage. It plays a key role in application transformation where legacy

virtual machine-based applications are packaged as docker containers and deployed in Nutanix hybrid

cloud platform.

Here Nutanix Calm is used to deploy microservice application containers for web server, application

server and databases. It also supports features like scaling the application containers, upgrading and

roll back containers. The storage for database tier is provided by Nutanix volume driver for kubernetes.

4.4.3 Data Protection

Nutanix cloud platform provides disk-based backups with crash and application consistent snapshots.

Application consistent snapshot snapshots are achieved using Nutanix Volume Shadow Copy Service

(VSS) provider.

The resources to be protected are configured in protection domains for creating snapshots on periodic

basis. Also, resources that have crash-consistent requirement are configured in consistency group.

Apart from on-demand snapshot creation, schedule and retention policy automate the workflow of

periodic snapshot creation and expiry. For custom data protection workflow, Nutanix provides REST

API that can be integrated with existing scripts.

Virtual machine can be recovered from any available snapshot with overwriting the existing one or

creating a clone.

Following is a typical architecture for various kind of backup requirements where entire backup and

recovery is managed in Nutanix Prism.

19

Figure 10

Nutanix cloud also supports third party backup application integration like CommVault, Backup Exec

and Veeam for end-to-end backup requirements.

4.4.4 Disaster Recovery

Nutanix cloud disaster and recovery extends on the backup/recovery features discussed in previous

sections. The application consistent snapshots created are used for replicating virtual machines at

remote locations.

In Nutanix cloud platform, disaster recovery is supported by creating availability zones. For example,

all the on-premises resources in primary site can be in one availability zone. User should define other

availability zones at remote site or cloud where data will be replicated to.

Nutanix cloud provides cross-hypervisor disaster recovery. Hence virtual machines running on Nutanix

cloud platform can be easily backed up to disaster recovery sites even if primary and secondary sites

have different hypervisors. Nutanix Cloud Connect helps users to take backup to public cloud services

like Amazon Web Services and supports virtual machine recovery from there.

In the example below, few virtual machines are protected with on-premises replication on secondary

site and others are protected with cloud replication. Following is a typical disaster recovery architecture

using Nutanix cloud platform.

20

Figure 11

4.4.5 Archival Data Services

Nutanix platform supports variety of storage options like objects, file and volumes.

Nutanix Objects provides scalable object storage compatible with AWS S3 API. The object storage is

exposed over HTTP or HTTPS so that it can be directly consumed by compatible applications without

any code change. It is an excellent destination for backup of unstructured data as it can scale from

terabytes to petabytes. Nutanix Objects also offers enterprise level features like encryption at rest,

versioning and policies for data access control.

Nutanix Files provides distributed file system for virtual machines where the data is accessed in the

form of file shares. File shares can be accessed with SMB protocol over network. Each share can have

fine-tuned access control using NT Access Control List (NTACL). Nutanix Files also supports integration

with Windows Active Directory for authentication. It provides protection with the help of snapshots

and replicating the data to a remote location as a disaster recovery configuration. These snapshots

can be scheduled to provide the required protection in case of data loss.

Nutanix Volumes provide persistent iSCSI data stores to be used with virtual machines. The volumes

are protected with snapshots in protection domain. It is basically an asynchronous disaster recovery

solution where volumes are replicated with a defined schedule.

The regulatory compliance regarding user data is an important use case of hybrid cloud where data is

located on-premises or within a specific region. Nutanix Objects provides a great way to store data

locally with granular access management, versioning and life cycle policies. The owners have full

access to their buckets and can assign read/write access to other users as well for data sharing.

21

Following is a typical architecture for archival data storage using Nutanix cloud platform.

Figure 12

4.4.6 Security

Datacenter security is an important consideration while designing a robust and secure architecture.

Nutanix Flow is the necessary tool to implement security at virtual machine level. It is software defined

networking available in Nutanix cloud platform that provides microsegmentation, a distributed firewall,

in-depth visualization and service chaining. It relies on workload-centric protection than network-

centric approach. In microsegmentation feature, traffic between virtual machine is scrutinized for

security policy violation at application level. It also enables detailed visibility in virtual network for

better understanding the traffic flow in an environment.

Typical networking workflows can be automated with Nutanix Flow API. It provides notifications for

virtual machine life cycle event, based on that networking configurations like load balancing, firewall

rules and provisioning of VALN can be automated.

Following is an architecture to demonstrate how security can be applied to a three-tier application.

Let’s say we have a development and production deployment. Typically, traffic between these

deployments is blocked for security reasons. This can be easily achieved using a Nutanix Flow security

policy. Also, within production deployment, we can configure security policies to allow traffic between

correct tiers. Every virtual machine is assigned categories and security policies are applied as per the

categories. In the below example, we have 3 categories environment, application type and application

tier that are applied to virtual machines. Based on application type and application tiers policy rules

are defined to allow or disallow traffic. Like the traffic is allowed from web virtual machine to

application virtual machine but disallowed to database virtual machine.

22

Figure 13

Nutanix Flow also supports other advanced networking features like service chaining and quarantine.

With service chaining, you can route a traffic through a specific service like intrusion detection. And

quarantine is used to quickly isolate a virtual machine so that it’s inbound and outbound traffic are

blocked instantly.

4.4.7 Infrastructure & Application Deployment Automation

Automating repetitive infrastructure and application deployment workflow is key to fast provisioning.

Nutanix provides Calm to automate infrastructure and application deployment with blueprints. A

blueprint defines the infrastructure configurations like virtual machines, network and storage as well

as application configurations like install/uninstall script, user data and application parameters etc.

Blueprints can be considered as cookbooks or recipes that can be used to create multiple deployments

in automated way.

Let’s have a look at how we can deploy a three-tier application using Nutanix Calm. In this example,

we have created a blueprint to deploy a load balancer using HAProxy that routes the requests to

Python web services implemented using Flask. MySQL database is used as backend storage for the

Python web services. This entire infrastructure and application configuration can be defined in

blueprint using Nutanix Calm. Nutanix Calm offers configuration flexibility in the blueprint by providing

service and user variables for different deployment scenarios to be used in custom installation and

configuration scripts. It supports shell script and Python. Also, it allows user to create dependencies

so that the services are created, started and stopped in correct order. In this example, load balancer

has dependency on web services and web service has in turn dependant on database service. Once

the blueprint is created, entire stack can be created in a click. Nutanix Calm supports importing already

available blueprints or exporting the blueprints for sharing with other teams.

23

Figure 14

24

5 Next Steps

5.1 Application Catalogue

Nutanix can help enterprises to help migrate the traditional workload to modern datacenter. With

diverse toolsets available in Nutanix cloud platform, businesses can move their virtualized workload

to scalable platform. The platform can help consolidate storage silos to distributed storage fabric

provided by Nutanix cloud platform achieving the cost and performance benefits. To make the

transition easier and time efficient, we provide various application catalogue to start with. Application

catalog covers the common infrastructure architectures that are available to be deployed with end to

end automation.

Nutanix Calm, the application orchestration and lifecycle management tool, provides blueprints for

application deployment for many enterprise applications. With application catalog and blueprints, it is

straightforward job to spin new infrastructure in faster way. Following are the popular blueprints

available for application deployment. Enterprises can create a customized blueprint to suit a specific

business requirement.

Example of applications that can be deployed on Nutanix

Application Description

Active Directory Directory service from Microsoft for Windows domain networks

MariaDB MariaDB provisioning with Nutanix Era

Postgres Postgres provisioning with Nutanix Era

MS SQL Server Relational database from Microsoft with Nutanix Era

Splunk Provision Splunk, a monitoring, searching and visualization solution

Open LDAP LDAP server, an alternative to Active Directory

Oracle Provision Oracle relational database with Nutanix Era

Applications catalog details are available at https://github.com/nutanix/blueprints. For application

catalog not covered above, Nutanix has partnered with IT services companies to provide customized

application catalogs for application deployment. Please contact Nutanix info@nutanix.com for more

details.

5.2 Hybrid Cloud Strategy

Data center modernization is the first step toward the hybrid cloud infrastructure. As the modernization

is achieved, data center is well quipped to move to next goal towards hybrid cloud infrastructure to

take advantage of public cloud.

Going hybrid will bring the benefits like cost optimization, enhanced business continuity with disaster

recovery and backup solutions, workload optimization for performance, better control over data

governance and regulations.

Nutanix and partners can help enterprises come up with right hybrid cloud strategy to achieve the

benefits mentioned above. Please contact the Capgemini GSI account team at Nutanix to get started

with hybrid cloud journey.

About Nutanix

Nutanix makes infrastructure invisible, elevating IT to focus on the applications and services that power their business. The Nutanix Enterprise

Cloud OS leverages web-scale engineering and consumer-grade design to natively converge compute, virtualization, and storage into a resilient, software-defined solution with rich machine intelligence. The result is predictable performance, cloud-like infrastructure consumption, robust security, and seamless application mobility for a broad range of enterprise applications. Learn more at www.nutanix.com or follow us on Twitter @nutanix.

© 2020 Nutanix. All rights reserved.

About Capgemini

Capgemini is a global leader in consulting, digital transformation, technology and engineering services. The Group is at the forefront of innovation to address the entire breadth of clients’ opportunities in the evolving world of cloud, digital and platforms. Building on its strong 50-year+ heritage and deep industry-specific expertise, Capgemini enables organizations to realize their business ambitions through an array of services from strategy to operations. Capgemini is driven by the conviction that the business value of technology comes from and through people. Today, it is a multicultural company of 270,000 team members in almost 50 countries. With Altran, the Group reported 2019 combined revenues of €17billion.

Visit us at www.capgemini.com

About Digital Engineering and Manufacturing Services

Capgemini’s Digital Engineering and Manufacturing Services brings together

deep domain expertise to lead the convergence of Physical and Digital worlds

through technology, engineering and manufacturing expertise to boost our

clients’ competitiveness. A recognized leader with over 10,000 engineers

across the globe and 30+ years of experience, Capgemini’s comprehensive

portfolio of end-to-end solutions enables global companies to unlock the true

potential of their product portfolios and manufacturing efficiencies.

Learn more about us at www.capgemini.com/engineering