My first three Nutanix Kubernetes Platform (NKP) solution blog posts focused on how and why Nutanix became a leader for enterprise containerization with some of the key features that got us there. In this post, our full stack story is more complete when networking and security are added as key differentiators for NKP—alongside simplicity and ease of use.
Cloud native workloads with robust full stack networking and security thrive in production grade enterprise environments. No one is going to argue that. For us, these features are built in, and we’d expect nothing less as stated in this Cloud Native at Nutanix Is Fierce post.
Networking and Security for Containerization
We’ve recently highlighted as others have that the competitive landscape for modern apps has become more focused on stateful containerization so that secure, persistent, and resilient data services are more critical than ever. This means networking and security for containerization should not expose any vulnerabilities for external and sometimes internal threats. The data must also be application-aware to maintain business continuity when an inevitable recovery event occurs.
Enterprise, production-grade containerization must restore applications and the associated data any time there’s an outage. We do that with NKP and our Nutanix Data Services for Kubernetes (NDK) solution at Nutanix. There’s no need for additional tooling outside what is shipped with our full stack solution.
So you might be wondering, why such attention to full stack networking and security now?
Why Networking and Security Matter Now – Hint: They always have
When Kubernetes® container management is supporting regulated workloads with stateful application awareness, or multi-tenant platforms, networking and security cannot be a hope-it-works-with-what-we-have scenario. They become demanding prerequisites and need to be included in what we mean by “full stack” as we continue to gain a lot of traction with NKP in our customer environments.
Considering how networking and security get integrated into enterprise containerization significantly changes the competitive landscape. We know this because of the customers who are choosing us like General Dynamics Information Technology (GDIT) and Edward Jones, two publicly referenceable case studies summarized in the next section. There are others, of course, that are not publicly referenceable but equally compelling for our ongoing analysis.
Other competitor container platforms make networking and security more of a struggle. They rely on 3rd party integrations with independent lifecycle, policies, and operational risks. For example, a robust security and networking environment for OpenShift requires Portworx and possibly a storage solution for an enterprise class workload as noted here.
For us, it’s just one platform.
There’s no need to coordinate and upgrade based on two vendor schedules and licensing arrangements. I’m sure many IT admins are very familiar with waiting on a bug fix from one vendor while running a less than ideal environment.
Check out the latest release of NKP and security features here.
Real Examples
The two examples I’ve provided below for GDIT and Edward Jones show how networking and security are designed into the platform instead of added on. The environments could not be more different, but the conclusion is the same: Kubernetes worked in production because networking and security were native, consistent, and operationally manageable.
Case Study 1 GDIT Summary: Kubernetes Under Zero-Trust Assumptions
For organizations supporting government and defense workloads like GDIT, Kubernetes must operate under the assumption that everything is hostile until proven otherwise. Networks are segmented. Access is tightly controlled. Environments are often disconnected or severely restricted. Security tooling cannot be fragile or externally dependent.
Instead of stitching together CNIs, service meshes, and external firewalls, teams were able to apply consistent network policy, isolation, and visibility across clusters without increasing operational risk. Kubernetes became something they could operate with confidence with networking and security built into the platform.
In other words, the platform aligned with the security posture that they needed instead of having to separately architect an add on to it. This is huge for organizations that want to minimize operations overhead that often gets overlooked in some competitive analysis situations. We also provide the tools for organizations to do a complete, total cost of ownership (TCO) and return on investment (ROI) study if necessary.
Case Study 2 at Edward Jones Summary: Financial Services at Scale Without Fragility
With a completely different organizational framework, large financial institutions like Edward Jones face other challenges. Their Kubernetes environments are highly dynamic, multi-tenant, and under constant change. The threat is not just external attackers, but misconfiguration, lateral movement, and human error.
Just as importantly, recovery was not an afterthought. When something broke, teams could reset environments confidently, knowing that network and security policies would reassert themselves automatically rather than needing manual intervention.
NKP’s advantage was that networking and security were policy-driven and integrated, not layered on after the fact. Teams could define their requirements once and rely on the platform to enforce it consistently as applications scaled, moved, or recovered.
In this environment, security cannot slow developers down, and networking cannot become a debugging exercise every time a service changes.
Why This Completes the Full Stack Story
These examples highlight the same conclusions from very different industries: when networking and security are native to the platform, Kubernetes becomes predictable, operable, and resilient. When they’re not, teams spend their time compensating for gaps instead of delivering applications. Leadership often feels pressure to move forward rather than acknowledge that there is an issue with multivendor complexity that they did not foresee.
To summarize, Nutanix provides simplicity and ease of use with one platform for delivering network and security. As if we have to pile on to what’s already a compelling choice for NKP, we have incredible Support so that when customers have an issue, there’s just one place to go and it is super reliable with a track record NPS score of over 90 for many years.
Compute and storage get Kubernetes running. Networking and security determine whether it survives production.
As Aniket Daptari our Senior Director of Product Management stated recently, “[T]he Nutanix stack is not "full" or "complete" if we don't talk of a Nutanix solution for Networking and Network Security across AHV and K8s.”
If you want to try it yourself, click here.
Of course, these are not the only reasons that the Nutanix Kubernetes Platform (NKP) stands out. With recognition in the Forrester Wave 2025 and Gartner® Magic Quadrant™ 2025,
Nutanix is a force in cloud native VMs and containerization and we’re playing to win. We are fierce as enterprise containerization thrives with our networking and security features built in.
Thanks Aniket!
To find out more check out the following:
- Nutanix Cloud Native Community
- Nutanix University: NKP Playlist
- Simplify Cloud Native Kubernetes Management
FAQ: Full Stack Networking and Security for Kubernetes
What does “full stack networking” mean for Kubernetes?
Full stack networking in Kubernetes means that connectivity, segmentation, policy enforcement, and security are native to the platform, not assembled from multiple third-party components. It spans the entire stack—from infrastructure networking and Kubernetes CNI behavior to application-aware network policies that move with workloads as they scale, restart, or recover.
In a full stack model, networking is operationally consistent, policy-driven, and lifecycle-aligned with the Kubernetes platform itself rather than dependent on separate vendors, overlays, or SaaS control planes.
Why does full stack networking matter for production-grade Kubernetes?
Production Kubernetes environments fail not because containers don’t start, but because networking and security break under real-world conditions: scale events, misconfigurations, recovery scenarios, or multi-tenant access requirements.
Full stack networking matters because it ensures:
- Network and security policies survive outages and recovery events
- East-west traffic is controlled without manual rework
- Security intent is enforced consistently across clusters and environments
- Operations teams are not forced to debug interactions between multiple vendors during incidents
When networking and security are built in, Kubernetes becomes predictable and operable in production rather than fragile under pressure.
How is native networking different from third-party Kubernetes networking add-ons?
Third-party networking approaches typically require stitching together:
- A CNI from one vendor
- Security tooling from another
- Data services and recovery tooling from yet another
Each component has its own lifecycle, upgrade cadence, and policy model. This introduces operational risk, delays in remediation, and vendor dependency during outages.
Native networking integrates these capabilities into the platform itself, allowing policy enforcement, segmentation, and recovery behavior to remain intact even as workloads move, scale, or are restored.
Why is application-aware networking important for stateful containerized workloads?
Stateful applications depend on more than connectivity—they require consistent identity, security posture, and data access throughout their lifecycle.
Application-aware networking ties security and network policies to:
- Kubernetes labels and services
- Application identity and intent
- Workload behavior rather than static IPs
This allows policies to reapply automatically during redeployments or recovery events, reducing downtime and eliminating manual reconfiguration during incidents.
How does integrated networking improve security in regulated or zero-trust environments?
In regulated environments, security assumptions start with distrust. Integrated networking enables:
- Native microsegmentation across VMs and containers
- Policy enforcement at the platform level rather than external firewalls
- Operation in restricted or disconnected environments without SaaS dependencies
This allows Kubernetes to operate under zero-trust assumptions without introducing fragile external dependencies or manual policy reconciliation.
How does full stack networking reduce operational risk?
Operational risk increases when teams must coordinate fixes across multiple vendors during incidents. Full stack networking reduces risk by:
- Aligning networking, security, and Kubernetes lifecycle management
- Eliminating version skew between dependent components
- Providing a single operational model and support path
This is especially critical during recovery scenarios, where policies must be restored automatically rather than rebuilt under pressure.
What makes Nutanix Kubernetes Platform (NKP) different in this context?
NKP delivers Kubernetes with networking and security designed into the platform, not bolted on later. Networking, microsegmentation, and policy enforcement are aligned with the same operational frameworks customers already trust for virtualized workloads.
This allows organizations to run Kubernetes in production with confidence, knowing that networking and security behavior remain consistent during scale events, failures, and recovery operations.
©2025 Nutanix, Inc. All rights reserved. Nutanix, the Nutanix logo and all Nutanix product and service names mentioned herein are registered trademarks or trademarks of Nutanix, Inc. in the United States and other countries. Nutanix, Inc. is not affiliated with VMware by Broadcom or Broadcom. VMware and the various VMware product names recited herein are registered or unregistered trademarks of Broadcom in the United States and/or other countries. Red Hat and OpenShift are registered trademarks or trademarks of Red Hat, Inc. or its subsidiaries in the United States and/or other countries. Kubernetes is a registered trademark of The Linux Foundation in the United States and other countries. All other brand names mentioned herein are for identification purposes only and may be the trademarks of their respective holder(s).
FORRESTER and FORRESTER WAVE are registered trademarks or trademarks of Forrester Research, Inc. in the United States and other countries. Forrester does not endorse any company, product, brand, or service included in its research publications and does not advise any person to select the products or services of any company or brand based on the ratings included in such publications. Information is based on the best available resources. Opinions reflect judgment at the time and are subject to change. For more information, read about Forrester’s objectivity here .
GARTNER is a registered trademark and service mark, and MAGIC QUADRANT is a registered trademark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and are used herein with permission. All rights reserved. The Gartner content described herein (the “Gartner Content”) represents research opinion or viewpoints published, as part of a syndicated subscription service, by Gartner, Inc. ("Gartner"), and is not a representation of fact. Gartner Content speaks as of its original publication date (and not as of the date of this Nutanix publication, and the opinions expressed in the Gartner Content are subject to change without notice. Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.