Nutanix AOS 5.20 (LTS) now Available

AOS 5.20 delivers performance enhancements that build on the breakthroughs in AOS 5.19 and expands on built-in key management capabilities for keeping data encrypted and secure. AOS 5.20 also increases the portability of VMs running on the built-in hypervisor AHV, streamlines advanced management capabilities, and more. A complete list can be found in the Release Notes.

Nutanix Insights:

Available with all new AOS releases is Nutanix Insights. Most enterprise IT solutions rely on a reactive approach to system maintenance and issue resolution. For example, when a technical issue arises, vendor support teams typically capture detailed system data from the customer and recreate the issue in a separate environment—only then can the actual debugging begin. This approach consumes unnecessary time and resources and ultimately delays resolution.

Nutanix simplifies and streamlines this process through two important support services: Nutanix Pulse and Nutanix Remote Diagnostics. When enabled, Pulse captures purpose-driven diagnostic data on a regular schedule. The Remote Diagnostics service, which is enabled by default on Pulse-enabled clusters (and can be disabled by the customer), is event-driven and helps in providing proactive support.

Benefits of enabling Nutanix Pulse and Remote Diagnostics include:

• Reduce resolution time by up to 40 percent.

• Personalize your Nutanix Support experience.

• Proactive issue resolution.

• Intelligent monitoring.

• Secure data transmission.

For more information, refer to the Nutanix Support Services: Pulse datasheet.

Key Features available in AOS 5.20 (LTS)

• AOS 5.20

  • Security

    • Native KMS for ROBO Environments

    • AHV support for Microsoft’s VBS and Credential Guard

    • Identity Based Network Policy for VDI

  • Performance

    • Adaptive Oplog optimization

    • Oplog Improvements for Sequential Writes

  • Availability and Business Continuity

    • Nondisruptive Planned Failovers

    • Multisite Replication With Leap Disaster Recovery

  • Manageability

    • Introducing Prism X-Pilot 

    • Storage Overprovisioning Widget

    • Nondisruptive vDisk Migration Across Storage Containers for AHV

    • Simplified Cluster Network Management for AHV

Security

Native KMS for ROBO Environments

We continue to simplify security by extending the promise of encryption everywhere to new environments. Nutanix already offers native FIPS 140-2 validated data-at-rest encryption and key management with the choice of external KMS support or native KMS. Read the Data at Rest guide for more information. 

With this release, we have extended the native KMS to now support 1 and 2-node Remote & Branch Office (ROBO) sites, enabling a simple and cost effective secure edge solution. Native KMS now features a new option for a remote PC-based root-of-trust that enhances the protection for remote office locations. AOS 5.20 also introduces the ability to back up locally deployed KMS instances from multiple remote clusters to a central PC instance, making it easy to keep both your data and keys protected and secure.

AHV support for Microsoft’s VBS and Credential Guard

AOS 5.20 strengthens AHV’s secure compute capabilities to protect the integrity of user VMs, a journey we started earlier in the year with Secure Boot. AHV now supports Microsoft’s Virtualization Based Security (VBS) and Credential Guard. 

VBS is a Microsoft Windows feature that creates an isolated region of memory protected against guest VM compromise. Credential Guard leverages VBS to protect Windows credentials from attacks such as Pass the Hash exploits, thus mitigating the risk of credential compromise and lateral movement. With 5.20, Credential Guard can be enabled on supported Windows desktops and server operating systems. 

Identity Based Network Policy for VDI

The ability to leverage user identity to group and segment VDI desktops with microsegmentation from Nutanix Flow was added in 5.17. This allowed security policies to be dynamically mapped to a user and simplify the creation of policies that map to those specific user roles. For example, limiting contractors to specific applications or network segments based on the contractor Active Directory (AD) group. In the 5.20 release, the process has been streamlined to both simplify the Category to User Group mapping in AD and also to make the policy application even easier and more secure. We enhanced options to map desktop VMs to categories based on VM name string matching and added a default policy option for all desktops. 

Performance

Adaptive Oplog optimization

Nutanix AOS leverages Oplog as a persistent write buffer for certain I/O operations to efficiently handle bursts of random writes. Oplog is a shared resource and allocation is done on a per-vDisk basis to ensure each vDisk has dedicated resources to accelerate random write performance. With AOS 5.20, Oplog can grow dynamically to a larger size than the current per-vDisk limit of 6GB. This performance optimization automatically kicks in when required and benefits clusters running workloads that use a smaller number of large vDisks, such as large databases. This enhancement can improve performance up to 20% for large database operations with heavy writes and large block sizes. 

Oplog Improvements for Sequential Writes

In addition to the adaptive Oplog improvements, AOS 5.20 also optimizes which data is written to Oplog to maximize performance for both random and sequential workloads. Data written in large blocks or in sequential streams doesn’t benefit from buffering in Oplog like small random writes do, so AOS dynamically chooses which data is written to Oplog and which data skips it. AOS 5.20 enhances the algorithm to more effectively identify sequential write streams to skip Oplog, with the effect of greatly improving the performance of sustained sequential write workloads by as much as double.

Availability and Business Continuity

Nondisruptive Planned Failovers

Not all business continuity plans are for disasters. Being able to perform routine maintenance or upgrades without disruption of operations is an important part of any BCDR strategy. In 5.20, AHV now has simplified workflows to migrate applications live as part of a planned failover. Any VMs protected by synchronous replication and a recovery plan can be migrated to the destination cluster and made active via two new workflows. The first option allows the failover migration of all VMs that are part of a defined Recovery Plan in Prism Central. The second option allows you to select a single VM to be migrated.

Multisite Replication With Leap Disaster Recovery

Nutanix Leap brings a powerful set of functionality to the built-in Disaster Recovery capabilities in AOS. With policy-based management, DR runbooks, cloud DR, and more, Nutanix Leap enables your organization to maintain business continuity at scale. While AOS has supported multisite replication for years, AOS 5.20 brings this functionality to Leap for maximum control and flexibility with optimized protection. For many organizations, multisite replication is a strict requirement, so this new functionality will enable them to benefit from the powerful capabilities of Leap.

Multisite replication is a critical requirement for many IT organizations. For example, tight SLAs require some organizations to replicate between datacenters in relatively close proximity. In this case, a localized disaster might affect both datacenters simultaneously, disrupting services without the possibility of normal DR failover/recovery. With multisite replication capabilities now a part of Leap, data can also be replicated with a higher RPO to a third datacenter or to public cloud targets (such as Nutanix Clusters or Xi Leap DRaaS) and maintain service availability even in in the face of regional disasters.

Manageability

Introducing Prism X-Pilot 

Users of Prism’s IT Operation tiers (Pro and Ultimate) are already familiar with X-Play, enabling low code or no code automation of routine tasks.  We are excited to release the next major milestone for Prism Central, PC 2020.11, in this journey. Now available in the Prism Ultimate tier: X-Pilot (pronounced “Cross Pilot”) alleviates IT teams’ operational overhead by providing intelligent autonomy. By defining rules for a system, IT admins can let Prism intelligently guide infrastructure metrics within defined KPIs to achieve a desired state.

Here’s how it works. An admin can choose an infrastructure metric, a range of optimal boundaries for that metric, and then defines a period of time for the KPI to be monitored. The admin will then define a set of actions the system can take, ensuring that the system always behaves in a predictable manner, and the maximum number of allowed autonomous corrections before manual intervention will be needed. Once these X-Pilot inputs are defined and enabled, Prism will intelligently tune infrastructure parameters and take action to ensure that the defined metrics stay within the predetermined boundaries.

Storage Overprovisioning Widget

Thin provisioning in AOS means that the storage system consumes capacity only when data is written. This prevents wasted storage resources and enables flexibility when provisioning workloads. This means that it’s possible to provision more storage than is actually available, leading to potential problems if not monitored properly. The storage overprovisioning widget in Prism helps administrators with capacity planning by providing at-a-glance insight about the storage overprovisioning ratio. With AOS 5.20, administrators can now set thresholds on this ratio to more confidently manage the potential risk from overprovisioning, generating alerts when the ratio limit is approaching and changing to color to indicate the proximity to the configured limit.

Nondisruptive vDisk Migration Across Storage Containers for AHV

Customers create and manage AOS storage containers for many reasons - logical organization, capacity management, or storage feature configuration. In 5.20, we are making it easier to migrate vDisks among different storage containers present on a cluster. This enables additional flexibility in being able to change the storage attributes of a VM’s disks by moving them to a differently configured container. For example, with this new workflow, a VM’s vDisk can be moved to take advantage of deduplication, compression, and erasure coding by migrating it to a differently configured container without any downtime.

Simplified Cluster Network Management for AHV

With 5.20, the management of network uplinks and bonds is enhanced and centralized within Prism Central. This starts with the introduction of a cluster-wide logical virtual switch concept and adds new workflows that allow for easily managing the network bonds and physical uplinks on each host that encompass the new virtual switch construct. Being available via Prism Central means that operators benefit from comprehensive management and visibility of virtual networking across Nutanix clusters.

End of Support Life (EOSL) and Release Information:

AOS 5.20 is a Long Term Support (LTS) Release:

• Information on AOS Long Term Support (LTS) and Short Term Support (STS) Releases, please see KB 5505 or the Support policies page

• Please refer to the AOS EOL Schedule for release details

• If you are on an EOSL release, please plan on moving to one of the following to avoid disruption in support:

  • AOS 5.20 (LTS) or a supported LTS release

  • AOS 5.19 (STS) for rapid adoption of new features mentioned in the Release Notes

Hardware Compatibility List (HCL) for Approved Platforms and EOL:

• Information on the Hardware Compatibility Guidelines and EOL can be found on the Support policies page

• Please refer to the HW EOL Schedule for details on the compatible hardware platforms (“Approved Platforms”)

If you are currently under a valid support contract or subscription, you are entitled to upgrade. If you have any questions about how to upgrade, or interoperability, please refer to the following links:

https://portal.nutanix.com/#/page/upgradePaths or https://portal.nutanix.com/#/page/softwareinteroperability