Nutanix Weekly

Join XenTegra on a journey through the transformative world of Nutanix’s hyper-converged infrastructure. Each episode of our podcast dives into how Nutanix’s innovative technology seamlessly integrates into your hybrid and multi-cloud strategy, simplifying management and operations with its one-click solutions. Whether you're operating on-premises or in the cloud, discover how Nutanix enables always-on availability, intelligent automation, and the operational simplicity that drives business forward. Tune in for expert insights, real-world success stories, and interactive discussions. Engage with us as we explore how to harness the full potential of your IT environment in this rapidly evolving digital landscape.

All Episodes

Nutanix Weekly

Nutanix Weekly: Built-in Security Across Platform, Data, Network and Applications

November 11, 2025 • XenTegra • Season 1 • Episode 115

So far in 2025, enterprises have faced a surge in sophisticated cyberattacks — with ransomware, data breaches, and social engineering attacks dominating the threat landscape. AI is playing an increasing role in attacks. Almost 9 in 10 global organizations (87%) faced an AI-powered cyber attack in the last year. Recent cuts in funding for the Cybersecurity and Infrastructure Security Agency (CISA) may add to the cyber risks that enterprises face.

Blog Post: https://www.nutanix.com/blog/engineered-differently-built-in-security-across-platform-data-network-and-apps#

Host: Phil Sellers, XenTegra

Co-Host: Jirah Cox, Nutanix

Co-Host: Andy Greene, XenTegra

Co-Host: Chris Calhoun, XenTegra

WEBVTT

1
00:00:03.110 --> 00:00:13.890
Philip Sellers: Hey again, and welcome to another episode of Nutanix Weekly. I'm your host, Phil Sellers, the Practice Director for Modern Data Center here at Zentagra.

2
00:00:14.290 --> 00:00:30.490
Philip Sellers: This podcast, along with so many others that we have coming at us Integra, is something we like to call Content with Context. We scour the internet for the best content around the topics we're covering, and then try to bring our real-world context to the conversation.

3
00:00:30.720 --> 00:00:38.129
Philip Sellers: But conversation's not one-sided. I have to have friends on the podcast to make this thing happen, so,

4
00:00:38.310 --> 00:00:47.660
Philip Sellers: Please welcome, some of my friends, Andy Green, a Solutions Architect here at Zentegra. Andy, how's things going today?

5
00:00:48.600 --> 00:00:51.070
Andy Greene: Going well. Excited to be here.

6
00:00:51.070 --> 00:01:05.869
Philip Sellers: Yeah, you know, hopefully the rain outside today has not got you too far down. You may not even know that it's raining. You've been heads down in work all day, I'm sure, but it's raining outside.

7
00:01:05.870 --> 00:01:12.469
Andy Greene: We had a beautiful weekend in North Carolina, and if it had to rain, Monday was the perfect day for it to happen.

8
00:01:12.470 --> 00:01:26.500
Philip Sellers: Hey, I like that attitude. You found a, a silver lining, for sure, in those clouds. Chris Calhoun's also here, another Solutions Architect on my team, here at Zentagra. Chris, how are you on a gray day?

9
00:01:27.020 --> 00:01:31.370
Chris Calhoun | XenTegra: Not quite as fantastic as I usually am.

10
00:01:31.710 --> 00:01:32.560
Philip Sellers: fair?

11
00:01:32.700 --> 00:01:34.990
Chris Calhoun | XenTegra: Pretty good, pretty good start to the week.

12
00:01:35.140 --> 00:01:47.080
Philip Sellers: Yeah, normally his answer is fantastic, so, not as fantastic, but that's okay. As Andy pointed out, at least it's a workday, and not the weekend. We got a beautiful weekend.

13
00:01:47.080 --> 00:01:47.790
Chris Calhoun | XenTegra: after that.

14
00:01:48.540 --> 00:02:00.010
Philip Sellers: And we're also joined with Jair Cox, a principal architect for Nutanix, and very good friend of the podcast, been here pretty much since the beginning.

15
00:02:00.420 --> 00:02:06.070
Philip Sellers: I would say 99% of our episodes, you've been a part of.

16
00:02:07.100 --> 00:02:14.519
Jirah Cox: And… and happy to be a part of this one, too! I, as we keep on, you know, muddling our way through

17
00:02:14.910 --> 00:02:30.969
Jirah Cox: technology changes of varying degrees. I was just reading about how it took, like, 40 years just to get adoption of barcodes for, like, supermarket goods. So, you know, if you're listening to this and you're thinking about technology changes.

18
00:02:31.000 --> 00:02:37.730
Jirah Cox: Just know sometimes these things can take a very long time, but hopefully we can help you shortcut that, that process.

19
00:02:38.050 --> 00:02:52.580
Philip Sellers: Well, and it's interesting you bring up barcodes in the supermarket. I saw an article over the weekend that now, if you think to go into Best Buy and the digital price tags that they have in front of all the products.

20
00:02:52.880 --> 00:03:06.570
Philip Sellers: Those are starting to come to the grocery stores, too, and it's the first step towards dynamic pricing inside of a store. So you think about dynamic pricing that happens on Amazon and things like that, they raise and lower prices to test us out.

21
00:03:06.980 --> 00:03:09.689
Philip Sellers: That may be coming to a store near you in the near future.

22
00:03:09.940 --> 00:03:15.590
Jirah Cox: I think Christmas Day just got a little bit less fantastic learning about surge pricing for groceries.

23
00:03:15.590 --> 00:03:21.620
Philip Sellers: Yeah, I'm judged by Chris's face that that's not good news for him.

24
00:03:22.010 --> 00:03:23.200
Chris Calhoun | XenTegra: No thanks.

25
00:03:24.790 --> 00:03:26.570
Chris Calhoun | XenTegra: Unsubscribe from that.

26
00:03:26.570 --> 00:03:39.979
Philip Sellers: But the same goes, like, the only thing constant is change, and especially in the IT industry, we've been faced with a lot of change. We've also been faced with new challenges we didn't see coming,

27
00:03:40.120 --> 00:03:54.460
Philip Sellers: The blog post we're talking about today is from Nutanix.com slash blog. It's called Built-in Security Across Platform, Data, Network, and Applications. It's written by Jason Burns and Eric Walters.

28
00:03:54.460 --> 00:04:11.940
Philip Sellers: Just want to say shout out to Jason Burns, who has done an awful lot of collaboration with the team here at Zentagra, most of our managed services products, and especially Nutanix Flow. Jason's been really instrumental in helping us over the years, so shout out to Eric and Jason.

29
00:04:12.560 --> 00:04:32.349
Philip Sellers: But, you know, backing up to the point, the only thing constant is change. We've got a lot of change that's happened this year alone when it comes to cybersecurity and, really cyber attacks. There's a lot more sophisticated cyber attacks that are coming.

30
00:04:32.480 --> 00:04:44.580
Philip Sellers: You know, as the article kind of points out, almost 9 in 10 global organizations, 87%, faced some type of AI-powered cyber attack in the last year.

31
00:04:44.810 --> 00:04:57.660
Philip Sellers: And that all comes on top of the fact that the federal government has cut funding to the Cybersecurity and Infrastructure Security Agency, or CISA, CESA,

32
00:04:57.700 --> 00:05:09.309
Philip Sellers: And that may be, you know, added risk to enterprises, because we're not getting notifications of vulnerabilities and other services from CISA.

33
00:05:09.550 --> 00:05:17.890
Philip Sellers: Yeah, that's a considerable amount of risk increasing in just a calendar year.

34
00:05:18.700 --> 00:05:20.950
Philip Sellers: But the good news is that…

35
00:05:21.360 --> 00:05:33.510
Philip Sellers: from a Nutanix perspective, they've approached infrastructure as security first, security integrated. And, I don't know… guys, have any of you read the Phoenix Project?

36
00:05:34.950 --> 00:05:50.930
Philip Sellers: So, Jairah, I'll pose this question to you. This was required reading in my last job, and it's a book that I love, because it tells a great story, but the cybersecurity guy in the Phoenix Project, he was basically the land of no.

37
00:05:51.210 --> 00:06:01.759
Philip Sellers: And, his teammates didn't really care for him, but what did he learn as kind of a principal learning during the course of the Phoenix Project?

38
00:06:04.470 --> 00:06:09.010
Jirah Cox: You know, that's a good question, Phil, and I think… I think both… I mean, obviously I know, but I think…

39
00:06:09.010 --> 00:06:15.120
Philip Sellers: Chris and Andy and all of our listeners would appreciate you kind of restating it in your words. Sorry, I thought you owned completely.

40
00:06:15.120 --> 00:06:16.439
Chris Calhoun | XenTegra: Good answer! Good answer!

41
00:06:16.440 --> 00:06:27.160
Philip Sellers: Hey, it's that security is in the middle of everything. It shouldn't be a bolt-on. It should be something that is a thread throughout the story.

42
00:06:27.160 --> 00:06:41.349
Philip Sellers: And that's what I love about Nutanix, is that they have taken and adopted that. Security is baked into everything. And Jairah, I am so sorry. I did not mean to throw you for a loop there, man.

43
00:06:41.350 --> 00:06:42.879
Jirah Cox: Oh, good! Keeps me on my toes.

44
00:06:42.880 --> 00:06:59.419
Philip Sellers: So yeah, you know, as we talk about this blog post today, you know, there's really a lot of different aspects we're going to kind of talk about, but the Nutanix difference is stated here, it is security that is built in, not bolted on.

45
00:06:59.420 --> 00:07:17.180
Philip Sellers: And that's by design. At every level, from the platform, the data, the network, and the application, Nutanix Cloud Platform lets you protect your apps and data against cyber attacks and data loss. So we're gonna dig into this and talk about it, because I think it's a really important topic, it's timely.

46
00:07:17.180 --> 00:07:24.790
Philip Sellers: I may actually bump a couple blog posts to get this one out, or excuse me, a couple podcast episodes to get this out quicker.

47
00:07:25.350 --> 00:07:28.029
Philip Sellers: Because I do believe this is something people…

48
00:07:28.630 --> 00:07:45.759
Philip Sellers: need to hear. Cybersecurity is something that needs to be integrated at every level of your business, at every level of your decisioning, and it does not need to be an afterthought. So let's… let's talk about, a little bit, the Nutanix difference. I'm going to throw to you first, Jairah.

49
00:07:46.190 --> 00:07:54.010
Philip Sellers: what is… kind of the platform difference for, Nutanix.

50
00:07:55.030 --> 00:07:56.660
Jirah Cox: So,

51
00:07:56.780 --> 00:08:04.250
Jirah Cox: as we live in this security space, right, where we've all heard the phrase, defense in depth, right, security for us is not one thing, and we'll spend

52
00:08:04.450 --> 00:08:21.019
Jirah Cox: the rest of the episode probably unpacking this. Security for us is, is a whole bunch of things, right? It's across the entire stack, across lots of various aspects and offerings, and it's for that… getting that layers of protection, right? So, of course, at the base level, it's infrastructure. That's got to be hardened, gotta be secure.

53
00:08:21.020 --> 00:08:29.659
Jirah Cox: At just how do we exist, right? As we host customer data and are a steward of that, that's got to be absolutely, unimpeachably, thoroughly secure.

54
00:08:29.690 --> 00:08:37.520
Jirah Cox: Moving up, of course, there's networking, you know, at the VM level, at the network level, that needs to be secured as well.

55
00:08:37.520 --> 00:08:57.219
Jirah Cox: how do we do things like data protection for DR? And then getting into the app level, right? How do we offer application and data services? How do we, you know, add security to things like containers, to VMs, right? Wherever… however that application is shaped, we need to be able to have a thorough, baked-in, to your point, security offering for that.

56
00:08:58.170 --> 00:09:06.290
Philip Sellers: Yeah, it is important, and baked in is exactly how I would describe what Nutanix is delivering, because

57
00:09:06.700 --> 00:09:11.109
Philip Sellers: Yo, out of the box… You have a secure state.

58
00:09:11.330 --> 00:09:18.770
Philip Sellers: you know, I remember a time with Microsoft where there… baseline…

59
00:09:19.120 --> 00:09:24.670
Philip Sellers: something analyzers, MBPA, I think was the acronym,

60
00:09:24.790 --> 00:09:29.700
Philip Sellers: Helped you establish that baseline, helped you get to a secure place.

61
00:09:29.840 --> 00:09:36.859
Philip Sellers: The difference with Nutanix is you're secure out of the box. Tell us how that's done.

62
00:09:37.640 --> 00:09:54.079
Jirah Cox: Sure. The biggest one that we've had, the longest, because it was asked for by some of our earliest customers in our history, right, is aligning to, Department of Defense, STIG guidelines, right? They're secure technical implementation guides, which say, if you're gonna run this, configure it this way.

63
00:09:54.380 --> 00:10:09.610
Jirah Cox: we taught our systems how to self-harden themselves to those baselines, a long, long time ago, and we've maintained that. So, it's as little as one instruction, right, from the operator to the system to say, pardon yourself to that, DoD baseline.

64
00:10:09.610 --> 00:10:27.769
Jirah Cox: And the system can then even monitor its compliance to that baseline, and will re-heal if someone monkeys with it, right? If I go in and say, or reduce, like, say, SSH from a key-based authentication down to, like, password, we'll catch that, we'll automatically alert on that, and then re-heal back to the stated desired baseline.

65
00:10:27.820 --> 00:10:45.150
Jirah Cox: So, that's huge. One of our recent improvements, right, to go from oldest to newest, I love our security dashboard, right? So, in the product, we now give the customer and the administrator a dashboard that helps them understand, hey, how secure is my posture here, right? What do I also need to consider?

66
00:10:45.150 --> 00:10:56.470
Jirah Cox: To get to a secure deployment, right? Things like, you know, we'll touch more on this, that network micro-segmentation, even that stig posture, any kind of, high severity patching that's required.

67
00:10:56.470 --> 00:11:07.230
Jirah Cox: network security policies, things like that. We can give you a dashboard that you can even give to your security teams, right, so that they can get visibility as well as stakeholders of the platform into how secure it is.

68
00:11:08.000 --> 00:11:22.260
Jirah Cox: Obviously, zero trust, right? Commonly means starting with, like, network-level micro-segmentation, where we help out with, how do we help wrap a firewall around a virtual machine so that we can actually enforce policy into and out of that virtual machine for what it can talk to.

69
00:11:22.430 --> 00:11:39.449
Jirah Cox: A great enhancement that just shipped recently from us that I was doing some reading on is we can now enforce that on a per-VNIC basis, not just a per-VM basis. So that means I can now have, like, an internal and an external NIC, and have different security policies for what each virtual adapter on the virtual machine can talk to.

70
00:11:39.450 --> 00:11:45.870
Jirah Cox: So, even more dynamic ability to apply those policies, and target where I need that control to be.

71
00:11:45.970 --> 00:11:55.540
Jirah Cox: And then, of course, managing the vulnerabilities and upgrades, right? So, all software, needs patching. All software has flaws, because it's all made by humans.

72
00:11:55.590 --> 00:12:13.940
Jirah Cox: Very timely statement, as you can tell I'm saying that in 2025. Maybe in the future, we'll have software not made by humans, but today, so far, all software made or aided by humans, so some bugs do ship. So sometimes the way to fix those is to patch. So how do we help make it easier for customers to patch, to know when they need to patch, to get them applied to their clusters.

73
00:12:13.940 --> 00:12:17.329
Jirah Cox: With, of course, table stakes for that is zero downtime.

74
00:12:17.330 --> 00:12:39.069
Jirah Cox: and automating the entire process, right? So you just tell us when to apply patches, and which code version you want to move to, and then our native LCM engine, which does lifecycle management, knows how to take those patches, fetch them from either our support portal, or you can host an internal repository and apply them to your one cluster, your dozens of clusters, your hundreds of clusters, same process at any scale.

75
00:12:40.410 --> 00:12:56.619
Philip Sellers: So, Andy, you know, as we talk about the self-healing stick, you know, configuration drift is a really, real problem. You know, we talk about it with our VDI heritage. Every time you make hone of a virtual machine, it's an exact copy, right?

76
00:12:56.700 --> 00:13:05.769
Philip Sellers: But how long does it stay an exact copy? And configuration drift is a real big problem with most other infrastructure systems.

77
00:13:06.530 --> 00:13:14.839
Philip Sellers: how does this, you know… and I guess, how pervasive is that configuration drift problem based on what you've seen working with customers?

78
00:13:15.760 --> 00:13:24.060
Andy Greene: Yeah, it's definitely, an issue. It's definitely out there. You know, one thing that we see is that we live in a

79
00:13:24.060 --> 00:13:37.020
Andy Greene: world where our clients tend to be managing many different sites, right? We may have a hybrid cloud model where we have some on-prem workloads, we're operating in the hyperscalers.

80
00:13:37.020 --> 00:13:50.319
Andy Greene: We may have brought compute to the edge sites, and as a result of that, you know, we have many different environments that we need to monitor. So bringing all of this into a single platform with those self-healing capabilities that we just talked about.

81
00:13:50.320 --> 00:14:01.590
Andy Greene: You know, goes a long way towards making sure that as we stand up new environments, as we, make changes in a singular environment, as one engineer makes one change.

82
00:14:01.590 --> 00:14:10.879
Andy Greene: that those changes aren't impacting that security baseline that we've set for the organization. And, you know, if we do make any of those changes, like Jaira called out.

83
00:14:10.880 --> 00:14:22.069
Andy Greene: the self-healing capability of that machine-readable STIG will come into play, and it'll alert administrators, and in some cases, set itself back to that security baseline.

84
00:14:23.660 --> 00:14:27.419
Philip Sellers: Yeah, and the fact is, you hit a key topic.

85
00:14:28.430 --> 00:14:30.280
Philip Sellers: It does it on its own.

86
00:14:30.610 --> 00:14:49.569
Philip Sellers: So, with someone heads down managing other systems, this isn't something that's going to go unresolved. It's going to show up as an alert, or it's going to get fixed on its own. So, that's the nirvana state, right, for a busy administrator. And so, that's one of the key differences to me.

87
00:14:49.710 --> 00:14:52.690
Philip Sellers: Versus other infrastructure solutions.

88
00:14:52.920 --> 00:15:01.229
Philip Sellers: Chris, you know, vulnerabilities, you know, as Jairus said, at least today, you know, AI's changing things with AI-generated code.

89
00:15:01.340 --> 00:15:11.180
Philip Sellers: But, you know, vulnerabilities are there, and I would argue at the state where we're at today, AI-generated code can be less

90
00:15:11.600 --> 00:15:14.510
Philip Sellers: Compliant and less secure.

91
00:15:14.800 --> 00:15:27.259
Philip Sellers: than human-written code. I saw a meme where it showed a straight railroad track, and then it showed AI-generated code as the next one, and it had rails going all over each other.

92
00:15:27.350 --> 00:15:35.510
Philip Sellers: And I think it's an appropriate meme, right? You know, it's more complicated code today as AI is figuring out how to code.

93
00:15:35.980 --> 00:15:38.840
Philip Sellers: But, vulnerabilities happen, you know.

94
00:15:38.940 --> 00:15:47.550
Philip Sellers: LCM's a great additional feature to same point as Andy was getting at simplicity in the platform.

95
00:15:47.720 --> 00:15:51.830
Philip Sellers: Can you talk a little bit about the Vulnerability Management and Lifecycle Manager?

96
00:15:52.230 --> 00:16:05.899
Chris Calhoun | XenTegra: Absolutely, because to me, this is… this is definitely, it hits home from my past, because I remember the days of having to analyze a matrix of compatibility from past,

97
00:16:06.660 --> 00:16:23.450
Chris Calhoun | XenTegra: fiber channel adapters matching up with versions of VMware ESX. Which one comes first? Oops, did I read the small asterisk? And then, did I then apply the second asterisk before the fir- and just that approach alone made

98
00:16:23.770 --> 00:16:25.340
Chris Calhoun | XenTegra: patching scary.

99
00:16:25.750 --> 00:16:44.050
Chris Calhoun | XenTegra: vulnerability management scary, you know, just as a whole, because you wanted to almost turn a blind eye because I don't want to touch it. You know, it kind of goes back to that day one, it's pristine, it's in good condition, it's the most secure, and then from there, it's all downhill. You know, from

100
00:16:44.050 --> 00:16:46.270
Chris Calhoun | XenTegra: We'll say past technologies.

101
00:16:46.280 --> 00:16:49.269
Chris Calhoun | XenTegra: But obviously, in…

102
00:16:49.420 --> 00:17:01.829
Chris Calhoun | XenTegra: respect to LCM specifically. To me, that's a fantastic way of Nutanix taking a difficult concept and making it simple for end users. It's really, hey, look.

103
00:17:01.830 --> 00:17:10.879
Chris Calhoun | XenTegra: Because of the, hardware compatibility list that's built into Nutanix, it aids in the simplicity of

104
00:17:10.880 --> 00:17:25.050
Chris Calhoun | XenTegra: keeping your environment up to date. It'll do the scan for you, it applies the updates in the order that it needs, and I really think that that's just a part of the overall functionality of Nutanix, but even more so that

105
00:17:25.530 --> 00:17:38.470
Chris Calhoun | XenTegra: I would say it's less vulnerable than some of the competitors. I remember days past as a customer where there was a day zero vulnerability out pretty much once or twice a month.

106
00:17:38.760 --> 00:17:55.880
Chris Calhoun | XenTegra: And if you were a large customer, you just barely got everything patched before the next round of vulnerabilities came in. So, to me, that's a big difference in the approach that now Nutanix is taking for simplicity, and just making the life of a day-to-day engineer much easier.

107
00:17:56.640 --> 00:17:59.109
Jirah Cox: Yeah, I think that's part of the philosophy, is how do we make it…

108
00:17:59.350 --> 00:18:01.960
Jirah Cox: Easier and more boring to patch more often.

109
00:18:02.110 --> 00:18:02.650
Chris Calhoun | XenTegra: Right.

110
00:18:02.650 --> 00:18:07.999
Jirah Cox: Because when you… when you have a hand in owning that infrastructure, if you're a customer, you've…

111
00:18:08.080 --> 00:18:22.290
Jirah Cox: heard me say this, like, the value prop to being a practitioner of, like, I manage the hardware firmware, I manage the, you know, HBA or the NIC firmware updates, it's like, well, that's kind of a zero-sum value prop to you as the practitioner, right? Either it's

112
00:18:22.330 --> 00:18:34.919
Jirah Cox: either you do it so well that no one notices it, and all the redundancy works, and everything kicks in, and it's one of those invisible IT, like, business forgets there's value there, and that being done well, or…

113
00:18:35.650 --> 00:18:48.959
Jirah Cox: if anyone in the business notices that it's happening, that's bad too, right? So, there's no… there's less and less value in being good at it, and the cost of failure there gets scarier and scarier. Therefore.

114
00:18:49.000 --> 00:18:58.709
Jirah Cox: That's the value in, look, we automate the entire thing, we know how to do it for the full stack, you just tell us how far to upgrade to, which version, and when to start. And that's it.

115
00:18:58.850 --> 00:19:11.399
Jirah Cox: Right, so that, to Chris's point, how do we help do it faster, right? Again, to your point, Philip, Phoenix Project, great. How would I do it weekly? How would I do it daily? How would I make it boring and just in the fabric of existing with the platform?

116
00:19:11.770 --> 00:19:19.999
Philip Sellers: Yeah, safer. Safer is how I would sum that up, right? How do you do this in a way that it reduces risk within your organization?

117
00:19:20.460 --> 00:19:21.010
Chris Calhoun | XenTegra: Yeah.

118
00:19:21.480 --> 00:19:22.520
Chris Calhoun | XenTegra: Absolutely.

119
00:19:23.030 --> 00:19:35.610
Philip Sellers: And, Chris, you are our resident former teacher. You've got some homework for everyone listening, because this blog post is pretty special. It's got a lot of…

120
00:19:36.110 --> 00:19:37.410
Philip Sellers: Extras.

121
00:19:37.860 --> 00:19:38.630
Chris Calhoun | XenTegra: Yes.

122
00:19:38.790 --> 00:19:54.549
Chris Calhoun | XenTegra: So, there are sections, obviously, throughout this, particular blog post that I think are absolutely foundationally fantastic for, those engineers, those admins, those upper-level executives that want to understand

123
00:19:54.660 --> 00:19:56.639
Chris Calhoun | XenTegra: how Nutanix is different.

124
00:19:56.900 --> 00:20:03.789
Chris Calhoun | XenTegra: This is a centralized post that pretty much talks about those components, and each one has

125
00:20:03.860 --> 00:20:19.509
Chris Calhoun | XenTegra: an included video from some of the Nutanix experts that you mentioned. Jason Burns has got a great one in here. Throughout the scrolling through are all of the names that are… and it's not about name dropping, but it's about content dropping.

126
00:20:19.510 --> 00:20:25.689
Chris Calhoun | XenTegra: This is a fantastic place to come for this particular article, just to understand

127
00:20:25.690 --> 00:20:35.740
Chris Calhoun | XenTegra: the holistic approach that Nutanix takes, the value of security. Whenever, obviously, Andy and I, our past, we…

128
00:20:35.810 --> 00:20:49.939
Chris Calhoun | XenTegra: talk Nutanix security from day one, and that's really built in the platform, and that's, to me, the key differential that some folks haven't recognized that goodness yet. So please come here.

129
00:20:50.000 --> 00:20:58.699
Chris Calhoun | XenTegra: Listen to the podcast first, give us a vote of 110,000, thumbs up, and…

130
00:20:58.970 --> 00:21:08.330
Chris Calhoun | XenTegra: go listen to these videos, watch those, in your free time. I promise you, you'll gain some understanding and appreciation from

131
00:21:08.330 --> 00:21:22.839
Chris Calhoun | XenTegra: one of the specific concepts that'll help you in understanding the value of Nutanix. So, that's the homework that I would recommend. Check out the videos, check out the blog, and check out this crazy crew of, cast of characters in our podcasts.

132
00:21:23.250 --> 00:21:25.260
Jirah Cox: And, teacher, that's, due when?

133
00:21:26.700 --> 00:21:29.050
Chris Calhoun | XenTegra: By next episode.

134
00:21:29.050 --> 00:21:33.599
Philip Sellers: That's fantastic. Thank you, Professor Calhoun.

135
00:21:33.940 --> 00:21:43.309
Philip Sellers: For everybody listening, you go watch the videos, we're gonna send you, something for completing Nutanix 310 as assigned here from the podcast.

136
00:21:43.700 --> 00:21:44.330
Chris Calhoun | XenTegra: There you go.

137
00:21:44.680 --> 00:21:57.279
Philip Sellers: But, it is great. This is… we were talking before we started the recording today, this is a great introduction. If you're looking at moving to Nutanix from VMware or from another platform.

138
00:21:57.310 --> 00:22:09.980
Philip Sellers: This is a great central blog post to kind of understand what it's all about, how things work. So, there's a ton of additional content linked to the blog post. Please do check that out.

139
00:22:10.940 --> 00:22:19.439
Philip Sellers: So let's move to the next layer. We talked about the platform first, now let's talk about the data. Data protection is core.

140
00:22:19.600 --> 00:22:29.080
Philip Sellers: There's a lot of different ways around data protection, so we're gonna highlight 3 of them. Jaira, what are those 3 for data protection?

141
00:22:29.980 --> 00:22:34.510
Jirah Cox: First one's, data host encryption. Gotta do it, right? As we're hosting data.

142
00:22:34.700 --> 00:22:44.800
Jirah Cox: Lots and lots of regulation can exist for lots of very good reasons, saying that data must be stored in an encrypted fashion, especially think about… think about IoT, think about AI at the edge.

143
00:22:44.850 --> 00:22:56.590
Jirah Cox: As the data lives closer to where perhaps end users or even less trusted users might reside, like, think point of sale, encryption's got to be table stakes, and of course we have that. We specifically call out ours as being flexible.

144
00:22:56.610 --> 00:23:15.419
Jirah Cox: Because we can do it with or without specialized hardware. If you require specialized hardware encryption, we can, of course, comply with that. Software, of course, can run anywhere, and even can get integrated with, like, cloud-based key managers as well, when you have a cloud-based requirement to use a KMS as a service from, like, a hyperscaler as well.

145
00:23:16.160 --> 00:23:34.780
Jirah Cox: Business continuity and disaster recovery, right? Because again, part of security is availability, right? So therefore, part of an attack can be denial of availability. So then business continuity, disaster recovery, things like, how do we replicate your data from, location A to location B, or location A to B and C?

146
00:23:34.880 --> 00:23:45.330
Jirah Cox: And how fast, right? So, nightly, hourly, minutely, or even if you're close enough that laws of physics support it, even full synchronous replication as well.

147
00:23:45.440 --> 00:23:53.600
Jirah Cox: How do we store that data using immutable snapshots? Immutable both in that they can't be changed after they're taken, but also immutable, like, we can prevent

148
00:23:53.600 --> 00:24:08.670
Jirah Cox: say, deletion by, like, a malicious admin account. So if I even had one of my users get, compromised and had full-on admin credentials to the cluster, maybe only one human isn't allowed to delete that data. I need to have two humans approve that kind of action.

149
00:24:09.320 --> 00:24:25.930
Jirah Cox: How would I even store data up in, like, cloud-like formats? How can I take a snapshot from a running application on-prem, send that up to, like, say, AWS S3 storage as a usable snapshot? Well, that's mostly 321 compliant, right? It's not a backup, it's, like, a 3.21 snapshot.

150
00:24:25.930 --> 00:24:30.019
Jirah Cox: But now I've got multiple copies, in multiple formats, in multiple availability zones.

151
00:24:30.020 --> 00:24:31.990
Jirah Cox: That's pretty resilient.

152
00:24:32.120 --> 00:24:46.810
Jirah Cox: And then lastly, you know, how do you get visibility into that data, right? And something that we just, frankly, couldn't say enough good things about if we tried to for data lens, right? Our eye in the sky, watching transactions into the unstructured data you host on the platform, so think

153
00:24:46.810 --> 00:24:53.749
Jirah Cox: file shares, think object shares, you know, that kind of stuff. I love about Datalens, how we've walked down

154
00:24:53.750 --> 00:25:07.620
Jirah Cox: that exposure window. When we first launched it, it was, like, 15 minutes of response time was our published, SLA there. We were at 10 minutes for a while. Now, this article called out 6 minutes or less for a threat containment window.

155
00:25:07.620 --> 00:25:26.460
Jirah Cox: for active ransomware doing bad things to my data, 6 minutes is pretty darn fast, where we can detect and alert and block that attack from happening, and then if you give us permission to, automatically recover that share to a prior known good point in time, which might be

156
00:25:26.490 --> 00:25:39.840
Jirah Cox: maybe 7 minutes ago, right? Get that share back online, automatically, zero human interaction, and let the business keep on moving forward in time with very, very little data loss. And then I can have my forensics teams come in, sweep the data that was touched.

157
00:25:39.840 --> 00:25:51.569
Jirah Cox: isolate it, you know, do what they need to do for that, for reporting, or, or selective restores, and, you know, as I'm doing all of that, I'm also moving forward in time and helping the business stay running.

158
00:25:52.270 --> 00:26:01.390
Philip Sellers: Yeah, love DataLens, love the… the purpose of that tool, and it comes at an amazing time when there is increasing

159
00:26:01.810 --> 00:26:08.419
Philip Sellers: risk from AI-based attacks. You know, earlier this year, you also,

160
00:26:08.460 --> 00:26:20.849
Philip Sellers: released an integration with CrowdStrike. So, CrowdStrike plus Data Lens is another place where you're able to work together with their next-gen SIM, to be able to,

161
00:26:20.850 --> 00:26:37.160
Philip Sellers: correlate and do some alerting. So, you've always had that mindset of better together, working with partners in the ecosystem. So that's just a great place to highlight that you're continuing to push forward, even in newer products like Data Lens.

162
00:26:37.160 --> 00:26:38.690
Jirah Cox: Yep, it's definitely very exciting.

163
00:26:39.090 --> 00:26:44.220
Philip Sellers: And Andy, I mean, when we talk about DR in general,

164
00:26:44.570 --> 00:26:57.359
Philip Sellers: you know, the data set, or the toolset here in the Nutanix platform is amazing. You know, the outcomes we can drive are really fundamentally different than,

165
00:26:57.380 --> 00:27:07.440
Philip Sellers: other competitive platforms. Talk a little bit about the DR capabilities and the outcomes we're driving with customers.

166
00:27:08.120 --> 00:27:24.899
Andy Greene: Sure, sure, yeah, you know, like I mentioned before, we live in that hybrid, multi-cloud world, and you know, the Nutanix platform has those capabilities built in, so we don't need third-party applications or necessarily the application-specific capabilities.

167
00:27:24.900 --> 00:27:31.600
Andy Greene: to provide that data protection and online DR for the applications that our clients are managing.

168
00:27:31.670 --> 00:27:50.000
Andy Greene: So, you know, they're going to provide strong protection across all RPO and RTO levels, and you really don't need to purchase anything additional to do that site recovery, whether you're recovering to the same data center, recovering to your DR site, recovering to the cloud, maybe a cleanroom scenario.

169
00:27:50.000 --> 00:27:53.980
Andy Greene: Or, you know, here at Zentegra, we have our own,

170
00:27:54.450 --> 00:28:14.019
Andy Greene: product that's available for that, and that would be DR as a service that allows our clients to basically have, you know, full-stack Nutanix, both in your data center and in ours, and take advantage of all of that BCDR capability that's built into the platform without having to manage and maintain that secondary data center.

171
00:28:14.920 --> 00:28:24.329
Philip Sellers: Yeah, you know, it's simplified again. At the end of the day, we're driving outcomes, and it's a full feature set. You know, you're able to do…

172
00:28:24.420 --> 00:28:36.059
Philip Sellers: The data replication, which is generally where storage vendors stop, they do data replication, and then some other application has to come along and handle orchestration.

173
00:28:36.260 --> 00:28:47.319
Philip Sellers: this is all built in. You can orchestrate, you can run scripts, you can have failover. It is really end-to-end, and so I think that's one of the key differentiators, is it's not…

174
00:28:47.560 --> 00:28:57.780
Philip Sellers: an afterthought, just like security, DR protection is fully baked. You've got the end-to-end solution, and that's something to be really appreciated.

175
00:29:00.100 --> 00:29:18.749
Philip Sellers: Once again, homework. There is a great video here about Datalins, embedded into the article. Would love for you to spend some time learning more about Datalins, if that's not a product that you're aware or familiar with. Definitely homework from Professor Calhoun.

176
00:29:20.480 --> 00:29:33.749
Philip Sellers: And then, let's move to the next layer, the networking layer. Jaira, networking comes in a couple of different varieties when it comes to Nutanix, and they share a name.

177
00:29:35.150 --> 00:29:46.100
Jirah Cox: They do! They're in the same family, if you will, right? So, under that, under our flow marketing umbrella, right, we've got, two main,

178
00:29:46.240 --> 00:29:47.240
Jirah Cox: Pillars?

179
00:29:47.680 --> 00:30:01.050
Jirah Cox: what goes under umbrellas? There's two people under the umbrella, I guess, is maybe the analogy, goes that way. The first one, of course, is, is flow virtual networking, right? So how do we apply, like, SDN principles

180
00:30:01.050 --> 00:30:08.979
Jirah Cox: to bring, cloud-like networking, think, like, VPCs, right? So, which themselves, it gets, I guess, to be kind of a recursive acronym.

181
00:30:08.980 --> 00:30:16.499
Jirah Cox: of virtual private clouds to your deployment, right? How can I treat my on-prem networking, or my cola networking, or even my edge networking

182
00:30:16.500 --> 00:30:26.010
Jirah Cox: like I would cloud networking, right? Where I can define my networks per application or per tenant, all in software, no need for additional hardware.

183
00:30:26.010 --> 00:30:38.019
Jirah Cox: And even that by itself can lead to things like tenant isolation or application isolation that I might want for my security outcomes, and I'm doing that at the, you know, layer 3, layer 4 network layer as well.

184
00:30:38.150 --> 00:30:53.629
Jirah Cox: But on top of that, of course, we can also do, network security, right? So flow network security, the other, the other person under that umbrella. Micro-segmentation, right? So zero trust for how do I ensure that even two VMs with, joining IP addresses.

185
00:30:53.630 --> 00:31:00.699
Jirah Cox: on the same network, on the same hypervisor, still can't talk to each other in any ways that I don't approve of, right? So I can…

186
00:31:00.700 --> 00:31:05.419
Jirah Cox: block at the VM level, block at the VNIC level, block at the port level.

187
00:31:05.680 --> 00:31:11.680
Jirah Cox: or even for a VDI use case, make all of this application, Active Directory aware.

188
00:31:11.680 --> 00:31:28.869
Jirah Cox: So that I can even have per-user rule sets as well. Because I like to think of, and apologies to all my EUC friends, the VDI part of the network is, like, the dirtiest, least trusted part of the network. That's where users live, they open attachments and click on links and do their email.

189
00:31:28.870 --> 00:31:48.189
Jirah Cox: Click on random YouTube videos. So, like, I want to have a lot of security in that part of the network, for sure. So letting that control to say, maybe in my entire VDI environment, no desktop, talk to any other desktop, period. They talk to patching, talk to XDR, I can get northbound, but I can never get east-west.

190
00:31:48.190 --> 00:31:53.360
Jirah Cox: Is a huge, huge restriction immediately on what ransomware can do with my environment.

191
00:31:54.570 --> 00:32:08.200
Chris Calhoun | XenTegra: And I think I've got a good example of that, because thinking about those kind of users, Jairus specifically, you know, obviously those EUC users, they… out in a remote workforce, they are using

192
00:32:08.200 --> 00:32:19.079
Chris Calhoun | XenTegra: this device as a connection into corporate, but they need to be filtered, monitored, protected, secured, and almost fenced in as

193
00:32:19.080 --> 00:32:32.379
Chris Calhoun | XenTegra: please be careful of what you access. So, to me, the guardrails are really key to that, and I think one of the neat, concepts is being able to even, by use of Active Directory groups.

194
00:32:32.380 --> 00:32:39.480
Chris Calhoun | XenTegra: specifically limit, what users can get to. And I think either… I'll say limit, but also allow.

195
00:32:39.480 --> 00:32:59.300
Chris Calhoun | XenTegra: So that's a good way of putting it, from some structure that you already have as a, I'll say, a capable system administrator that already has some logical constructs in place for the grouping of those end-user compute users, that that would be something that you would want to implement.

196
00:32:59.330 --> 00:33:06.019
Chris Calhoun | XenTegra: And then, to segue, my own, thought is something else that I just remembered, is…

197
00:33:06.090 --> 00:33:14.989
Chris Calhoun | XenTegra: Back in my day, of course, app owners would come to me and say, hey, Chris, I need your help, understanding what my application talks to.

198
00:33:15.810 --> 00:33:29.730
Chris Calhoun | XenTegra: Believe it or not. And I was like, okay, you wrote the application, it's homemade script, so how do you not know? But, with the fact that with Flow Virtual… I'm sorry, Flow Network Security, you can put it in monitoring mode.

199
00:33:29.730 --> 00:33:39.070
Chris Calhoun | XenTegra: That's something that is an absolute blessing for any system administrator, and just watch the communication, so that you can help users

200
00:33:39.070 --> 00:33:56.730
Chris Calhoun | XenTegra: put guardrails around that so that they just don't say, okay, I need any, any access from a network's perspective. So, with those two faults of guardrails, that's kind of my main focus here around flow network security, is…

201
00:33:56.740 --> 00:33:58.140
Chris Calhoun | XenTegra: Please be…

202
00:33:58.520 --> 00:34:10.840
Chris Calhoun | XenTegra: of course, diligent, and also purposed in your efforts to make sure that you put guardrails around your end users, and I'm telling you, Flow can help with that, for sure.

203
00:34:11.230 --> 00:34:14.669
Jirah Cox: Well, obviously that person doesn't want their phone ringing too much after 5 o'clock.

204
00:34:15.050 --> 00:34:16.820
Jirah Cox: Maybe not even before 5 o'clock.

205
00:34:16.820 --> 00:34:17.279
Chris Calhoun | XenTegra: There you go.

206
00:34:17.280 --> 00:34:26.080
Jirah Cox: Sounds like a really good way that we could actually add security to running applications without making the phone ring more, which kind of is job number one, right?

207
00:34:26.080 --> 00:34:29.370
Chris Calhoun | XenTegra: Absolutely. Almost like, fantastic.

208
00:34:30.920 --> 00:34:37.780
Andy Greene: Yeah, I definitely have been a big fan of Flow Network Security from when it was first released.

209
00:34:37.790 --> 00:34:51.349
Andy Greene: you know, I think, back to our discussion earlier about that defense-in-depth strategy, this is the perfect example of it. Traditionally, you know, we treated the data center like a fortress, and we built that big, strong wall around it.

210
00:34:51.350 --> 00:34:57.980
Andy Greene: And then we used something like a VPN to get in, and we trusted that that made our data center secure.

211
00:34:57.980 --> 00:35:12.540
Andy Greene: But, you know, Flow brings to the table the ability for our platform administrators now to have security at the vSwitch layer. And if you think about it, all of that network traffic from all of your virtual machines has to flow through the vSwitch.

212
00:35:12.540 --> 00:35:18.079
Andy Greene: So, you know, we can do that without necessarily involving the networking team if we don't want to.

213
00:35:18.080 --> 00:35:32.990
Andy Greene: And it's just a great way to head off that east-west traffic and, you know, with the understanding that once some type of infection, some type of malware gets into your data center, the first thing that it wants to do is it wants to spread itself, and

214
00:35:32.990 --> 00:35:41.129
Andy Greene: So I've always been a big fan of flow. You know, I think there is a level of simplicity that we haven't seen with a lot of similar type of

215
00:35:41.130 --> 00:35:51.819
Andy Greene: micro-segmentation products that are out on the market today. And, you know, the simplicity and just being part of that defense in-depth strategy is a big part of why.

216
00:35:53.560 --> 00:35:56.119
Philip Sellers: Yeah, I'll… I'll point out that,

217
00:35:56.400 --> 00:36:03.410
Philip Sellers: Nicera, before VMware acquired them, their innovation was in the overlay networks, and that was really…

218
00:36:03.540 --> 00:36:10.209
Philip Sellers: their take on network virtualization. You guys approached it differently. You started in the security space.

219
00:36:10.250 --> 00:36:24.300
Philip Sellers: then brought the overlay networks kind of to bear, and… if I have my history right. And, you know, I think that's a realization that this east-west conversation is a much more valuable thing

220
00:36:24.320 --> 00:36:41.079
Philip Sellers: you guys had this unbuckled from your overlays, because again, it didn't quite exist then, where VMware had to unbuckle their network security product from overlays, and then make it available to traditional vSwitches, so…

221
00:36:41.460 --> 00:36:50.329
Philip Sellers: from the beginning, your intent has always been securing the network, no matter where the traffic's at, and I think that's a great value to customers.

222
00:36:50.570 --> 00:36:57.710
Jirah Cox: Totally agree. I would also submit that, there's some real opportunities that we were able to take advantage of by

223
00:36:58.050 --> 00:37:16.990
Jirah Cox: coming along after public clouds, right? Because that's really become the goal, is to look, act, feel like a cloud platform that you can vend securely to your tenants and with full sovereignty and full governance, wherever you want to run it, right? So, private cloud, public cloud, hybrid multi-cloud, your data center, colo, or even in hyperscalers.

224
00:37:16.990 --> 00:37:32.849
Jirah Cox: So therefore, it's easier to look, act, and feel like cloud after cloud had been invented. So that's… that's one… one, one thing that was in our favor. And then also, the dramatic rise in open source, right? So we get to use things like OpenVSwitch, which we can program ACLs into.

225
00:37:32.850 --> 00:37:51.429
Jirah Cox: to power, the actual functionality of our micro-segmentation, things like Genev tunneling for our overlays, that can power, the VPCs. It's, it's a better-together kind of approach of how can we help make using awesome open source tech easier for our customers.

226
00:37:51.430 --> 00:38:03.429
Jirah Cox: without requiring traditional open source care and feeding of, you know, you pay for that differently, not with cash, but with, like, human capital around getting SMEs. Well, this is both, right? It's just a product that you get to own and administer.

227
00:38:04.060 --> 00:38:05.230
Philip Sellers: Yeah, absolutely.

228
00:38:05.640 --> 00:38:12.600
Philip Sellers: You know, one more thing to talk about when it comes to networking security from Nutanix is Security Central.

229
00:38:12.750 --> 00:38:20.530
Philip Sellers: overarching product, helps with compliance. Jairic, what can you tell us a little more about Security Central?

230
00:38:21.230 --> 00:38:39.449
Jirah Cox: So, yeah, the goal of Security Central, and I love it, right, is to give you that kind of, one browser tab to rule them all, right, that shows you all of your stuff everywhere, all of the time, right? So, in even keeping with this theme, well, I want to have a global dashboard for things like vulnerabilities, or configuration drift.

231
00:38:39.480 --> 00:38:55.740
Jirah Cox: I want to see all of my stuff, whether it's at the edge, or in a hyperscaler, or in the, you know, through the wall behind me, no matter where it lives. And that, helps give visibility to things like, you know, am I aligned with my NIST baselines? Am I aligned with my PCI DSS baselines?

232
00:38:55.740 --> 00:39:06.949
Jirah Cox: And I can see that in one spot now. So that's, you know, to be not too obvious here, the central part of Security Central, you know, as part of, as part of Nutanix Central.

233
00:39:07.560 --> 00:39:16.749
Philip Sellers: Well, and having had to do PCI, and understanding and trying to navigate just the rules and regulations that come from the body.

234
00:39:18.110 --> 00:39:34.899
Philip Sellers: Yeah, I feel for you. So, if you're doing PCI, and you're doing it manually, there's a ton of value, and you should be talking to someone at Nutanix about Security Central, because, again, simplifying that process, being able to not only

235
00:39:35.060 --> 00:39:46.380
Philip Sellers: get into the desired state, but keep it in desired state, and then prove that back to an auditor. There's huge value in that, and that's what Security Central's all about.

236
00:39:47.780 --> 00:39:57.100
Philip Sellers: Let's wrap things up with one last section. We're going to talk about application security. What do we have from an application security standpoint, Jairah?

237
00:39:57.620 --> 00:40:14.840
Jirah Cox: So keeping with that theme of availability, right? Things like, how do we help apply that to databases, right? Because databases, and what our database as a service platform can do, you know, things like, how quickly can you go patch every critical database engine that hosts data that powers your business?

238
00:40:14.840 --> 00:40:25.819
Jirah Cox: Right? Do you even have up-to-date spreadsheets around which versions of SQL or Oracle or, you know, Postgres are we running, to even know where, like, maybe a hot new CVE applies?

239
00:40:25.820 --> 00:40:36.050
Jirah Cox: how quickly, once you knew where to go stamp out those patches, could you get humans to go do that, right? Is database patching still exciting or boring yet in your organization, right? We obviously want to help

240
00:40:36.100 --> 00:40:50.689
Jirah Cox: with, processes and products to help make it much more boring, rather than spicy. And so, helping patch databases, helping patch those environments, and even in that vein of, you know, consistency.

241
00:40:50.690 --> 00:41:07.350
Jirah Cox: yields uptime, right? Just even solving for, like, configuration drift and getting closer to policy-based management, that's where we play in the database as a service space, which you get to own and run and host anywhere you choose to, right? In a private cluster, in the cloud, in a hyperscaler, in a colo, or anywhere.

242
00:41:08.110 --> 00:41:25.819
Jirah Cox: Again, you know, we're all big fans of humans clicking on fewer buttons and letting automation and policy-based governance do more and more for us. That, of course, is where leaning into automated application deployments yields a lot of benefits, right? That's where our NCM self-service product really shines.

243
00:41:25.820 --> 00:41:33.579
Jirah Cox: Where we can help, people create blueprints, and I can write that once and then deploy it many. Some folks even have, like, a blueprint for

244
00:41:33.580 --> 00:41:45.219
Jirah Cox: you know, if they're doing higher, more complex tasks, like, I have developers that are running software that I sell, cool, here's a blueprint to give a new developer on day one their own sandbox, right? Their own…

245
00:41:45.220 --> 00:41:55.600
Jirah Cox: code repo, their own sandbox, their own, maybe, database fork, so they can get productive even sooner, right? Or if they break it all, I can redeploy that, even faster.

246
00:41:55.670 --> 00:42:06.619
Jirah Cox: And then, keeping in that vein, the most platonic ideal of automated application deployments, of course, is Kubernetes, right? Where, like, literally everything is done in everything as code.

247
00:42:06.620 --> 00:42:18.880
Jirah Cox: And so being here for both, you know, applications of, like, say, yesterday and today's shape of virtual machines, and of tomorrow's shape of containers, but offering that unified benefit of, like, security and automation for the entire thing.

248
00:42:19.270 --> 00:42:36.280
Jirah Cox: that by having a Kubernetes platform built into our platform, customers get the benefit of that for both container-based deployments, but also the security aspects as well, right? It's not just fast, it's not just agile, it's not just something that my developers want to see me vent to them as an application architect.

249
00:42:36.280 --> 00:42:42.140
Jirah Cox: It also brings along security and observability, and yields uptime by virtue of what it is.

250
00:42:48.800 --> 00:43:05.420
Philip Sellers: Yeah, you know, the changes in the way that we use software, the way that we architect applications is a big part of, you know, the conversation these days. I mean, supporting app developers, and again, automation being a key point.

251
00:43:05.420 --> 00:43:09.330
Philip Sellers: You talked about it with Nutanix, or NCM Self-Service.

252
00:43:09.400 --> 00:43:10.979
Philip Sellers: But also, you know, the

253
00:43:11.090 --> 00:43:20.000
Philip Sellers: primary value of NKP is self-service, too. You're really driving those outcomes for businesses. You know, one of the…

254
00:43:20.010 --> 00:43:33.460
Philip Sellers: One of the things that I love that you guys have done is, you've also entitled every user who already has NCI Pro or Ultimate to have NKP Starter. That's a great way of getting

255
00:43:33.650 --> 00:43:41.899
Philip Sellers: A platform where you can highly automate your software development, marry it to your pipelines, meet your app developers halfway.

256
00:43:42.100 --> 00:43:49.790
Philip Sellers: and be cloud-like You know, 3 great things that are all of value to your organization.

257
00:43:49.950 --> 00:44:02.320
Philip Sellers: So, you know, it's a great way to take an infrastructure team and make yourself look like a huge winner. You're a pro company, you're pro-app developer. This is a great way of being able to do it.

258
00:44:02.440 --> 00:44:18.330
Philip Sellers: I happened to do a lab with a group I'm a part of through Nutanix, and got to see the deployment and the tooling and stuff in NKP. And, you know, what I would say is, like so many other things you're doing.

259
00:44:18.540 --> 00:44:36.479
Philip Sellers: NKP makes Kubernetes approachable. You're giving GUIs and interfaces and the ability to do policies and controls. So I know we're talking security. Those policies and controls are not an afterthought. It's all prescribed. You can add users and add access and…

260
00:44:36.610 --> 00:44:45.219
Philip Sellers: It's really approachable for an administrator, it's point and click. So, that's a huge win, along with the supportability for

261
00:44:45.390 --> 00:45:00.769
Philip Sellers: as you said, something that's largely CNCF… well, it is CNCF compliant, but largely open source in its base. So, that's what an enterprise needs to be able to succeed, with open source.

262
00:45:01.210 --> 00:45:12.619
Jirah Cox: And what I love about that, to your point about it being included for so many of our customers, is that, we've all been there. I've been the person on the other end of the email catching a surprise, and oops, I need to go solve for that.

263
00:45:12.700 --> 00:45:31.139
Jirah Cox: And this is such a great inclusion for our customers that, you know, when someone says, hey, I need this, you can say, hold on, give me 20 minutes, come back, and look, that's now solved for. So, you know, no one loves that whole, oops, let me go find a product for that, or solution for that, and demo it, and POC it, and integrate it. This is… this is… that's all done for you here.

264
00:45:31.300 --> 00:45:42.569
Philip Sellers: Quinn, the last point, integrate it, right? You know, there's a lot of products out there, but do they integrate? Do they… do they integrate to a level that meets the user needs?

265
00:45:43.080 --> 00:46:00.800
Philip Sellers: More than likely, the answer is yes now, where Nutanix stands in the industry. You know, there's wide support across all sorts of applications and ecosystem partners, so that's… that's all a check mark. But again, where it's built into the platform, it's fully integrated.

266
00:46:03.700 --> 00:46:10.280
Chris Calhoun | XenTegra: I definitely think, something to… to me around the app deployment that really makes sense is,

267
00:46:10.370 --> 00:46:26.020
Chris Calhoun | XenTegra: with a focus around security, these days, obviously, anything that's being automated, tooling that you guys, as end users, or, I'm sorry, as admins are, are using, whether it's a PowerShell, it's…

268
00:46:26.020 --> 00:46:45.630
Chris Calhoun | XenTegra: any kind of scripting environment that you're accustomed to, Nutanix, to me, what used to be called Nutanix Calm is now this, NCM self-service. And the benefit there is Nutanix is the glue. You don't have to change your tooling, so if you've already got

269
00:46:45.710 --> 00:46:59.679
Chris Calhoun | XenTegra: a secure scripted environment. Continue using that. Integrate that with Nutanix, and that's the… that's the integration that we've all talked about today, is it's baked in. And… and…

270
00:46:59.970 --> 00:47:15.420
Chris Calhoun | XenTegra: Nutanix is allowing for that, even though, yes, it is additional tooling, but it's not anything that you have to pick up and learn. Use your existing automation toolset, continue with the platform, and move forward with making your work

271
00:47:16.080 --> 00:47:20.590
Chris Calhoun | XenTegra: Smarter and more secure just by, automation.

272
00:47:21.630 --> 00:47:27.690
Philip Sellers: Yeah, and, you know, I think that's been kind of the key point all throughout this section, talking about

273
00:47:27.950 --> 00:47:40.779
Philip Sellers: applications is… is automation. And so, I think, you know, Jairus said it really well when we talk about Nutanix database services. It's really around changing that paradigm

274
00:47:41.890 --> 00:47:46.080
Philip Sellers: to think about databases differently, Andy,

275
00:47:46.710 --> 00:47:53.779
Philip Sellers: what… what kind of have you seen in the past with databases and DBAs that… that…

276
00:47:54.420 --> 00:47:58.550
Philip Sellers: probably needs to change, and that MDB can help with.

277
00:47:59.770 --> 00:48:08.180
Andy Greene: you know, in the past, databases were really just set up to run and run and run. We didn't make changes unless we really had to.

278
00:48:08.210 --> 00:48:23.040
Andy Greene: But, you know, that's not providing a service to the business. So, database as a service is just something far more dynamic. It makes it very easy to do things like all of your patching, your cloning.

279
00:48:23.040 --> 00:48:42.290
Andy Greene: standing up those additional copies for your test dev environments, QA environments, etc. But I think the, you know, the key thing with regards to this security discussion that we're having is making sure that you're always up to the latest, you know, patch levels from a security perspective.

280
00:48:42.700 --> 00:48:44.570
Philip Sellers: Yeah, I think Waterfall…

281
00:48:44.860 --> 00:48:52.320
Philip Sellers: versus Agile, you know, the development methods has really kind of driven this change in the database culture.

282
00:48:52.660 --> 00:48:57.069
Philip Sellers: You know, it used to be we would take an application, we would buy it.

283
00:48:57.510 --> 00:49:00.740
Philip Sellers: There'd be a release once, twice a year.

284
00:49:01.120 --> 00:49:09.200
Philip Sellers: the database was just supporting that application. And that's waterfall method. You know, you do a big code release, big bang.

285
00:49:09.490 --> 00:49:15.479
Philip Sellers: DevOps and Agile change the world. We're doing incremental changes all the time, and so…

286
00:49:15.600 --> 00:49:28.740
Philip Sellers: the database layer, or I'd argue the caching layer with something like Redis, or any of these other microservices that support data interchange.

287
00:49:28.740 --> 00:49:36.439
Philip Sellers: in an application, all of those services are just expected to be incrementally updated, and so…

288
00:49:36.510 --> 00:49:51.559
Philip Sellers: NDB is recognition of the fact that you need APIs to be able to interact with it. Cloning that data is a critical thing, because you need clones of it to test it, right? As part of automated testing and things in your development pipeline.

289
00:49:52.000 --> 00:49:57.860
Philip Sellers: But to your point, keeping it secure is paramount. Can't afford to have insecure

290
00:49:58.040 --> 00:50:06.380
Philip Sellers: things just sitting on your network anymore. The entry points and the AI to leverage the hosts is out there, and so…

291
00:50:06.570 --> 00:50:08.619
Philip Sellers: That kind of brings us full circle.

292
00:50:08.850 --> 00:50:12.970
Philip Sellers: to the topic that we started with, AI attacks are up.

293
00:50:13.190 --> 00:50:32.009
Philip Sellers: We need to protect things. You know, so much of the infrastructure's running on our hosting platform, on our cloud platform. How do we keep it secure? And kudos to folks at Nutanix, because this is an integrated approach across all layers, and

294
00:50:32.470 --> 00:50:37.039
Philip Sellers: it's gonna help you have less calls. I love that call out, Jairah.

295
00:50:37.210 --> 00:50:44.630
Philip Sellers: Have less calls after 5, and, you know, just manage and maintain, because none of us want the call.

296
00:50:44.930 --> 00:50:48.670
Philip Sellers: Of some sort of a cybersecurity event at the end of the day.

297
00:50:48.800 --> 00:51:00.489
Philip Sellers: And it's never my point, or I think any of our collective points, to instill fear out there, but there has to be a realization of the landscape and how it's changing, so…

298
00:51:00.860 --> 00:51:19.270
Philip Sellers: Guys, I appreciate all of your perspectives. We've had a great conversation around this. It's a longer blog post, and I'm gonna tease, with your homework to go see the videos. There's also another section at the end that you can read for yourself, how Nutanix Security stacks up against VMware.

299
00:51:19.270 --> 00:51:29.559
Philip Sellers: We're not going to cover that on this podcast, but it's a great reason for you to go and look this one up. Again, it's available at Nutanix.com slash blog. The name of the

300
00:51:29.650 --> 00:51:41.299
Philip Sellers: blog post is built-in security across platform data, network, and applications. We covered all four of those major areas. Thank you, Jairah. Thank you, Chris. Thank you, Andy.

301
00:51:42.030 --> 00:51:46.130
Philip Sellers: Appreciate you having on the podcast with me today, and

302
00:51:46.240 --> 00:51:51.220
Philip Sellers: Thank you for listening. We appreciate it, we know your time's valuable, and

303
00:51:51.320 --> 00:51:55.650
Philip Sellers: We hope to catch you on the next episode. Until then, have a great day.