AFS Adds New Capabilities Through An Expanding Partner Ecosystem
This post was authored by Shubhika Taneja, Sr. Product Marketing Manager and Shubhankar Chatterjee, Principal Product Manager
Acropolis File Services (AFS), is a complete rethink of file services as it brings the best attributes of NAS and public cloud services together for your enterprise cloud. With AFS, customers can consolidate VMs and unstructured data on Nutanix to get a simpler infrastructure stack. With unmatched simplicity, scalability and elasticity, and continuous addition of enterprise grade features, AFS brings together the best attributes of public cloud solutions such as Amazon’s Elastic File Services (EFS) and traditional NAS.
AFS can be deployed on any Nutanix cluster in a few clicks from Prism, our unified management plane. AFS is expanding its capabilities through a rich ecosystem of partners integrating with Nutanix APIs. These Nutanix APIs make is extremely simple for ecosystem partners to integrate and build solutions on the Nutanix enterprise cloud platform by obliterating the need to install any Nutanix components by partners and vice versa.
Some of these upcoming capabilities are discussed below:
Inline Antivirus scans
Customers will be able to secure sensitive company data with in-line virus scans using popular AV solutions from Symantec and McAfee. Nutanix chose ICAP (Internet Content Adaptation Protocol) that is a standard protocol supported by several security vendors and products.
Once the SMB client submits a file access request, AFS determines if the file needs to be scanned based on metadata and virus scan policies. If a scan is needed, then AFS sends the file to the ICAP server for scanning. The ICAP server reports the scan results back to the AFS server, based on which the AFS server determines whether to grant or deny access to the SMB client.
Fast and Efficient Backups
Traditionally, NAS backups have required the NAS admins to setup complex infrastructure for using NDMP. This involves configuring complex fiber channel zoning and many other things. The core foundation for Nutanix was to eliminate this type of complexity, and so it should not come as a surprise that for AFS we have decided not to implement support for NDMP.
All environments that do not want to use NDMP (and we have seen many of those in our customer base) will typically point the backup software directly to the shares that need to be backed up, and then the backup application will read the files to be backed up as any other NAS client. The challenge arises when the backup software needs to do an incremental backup. For doing that, the backup application will need to scan through the filesystem metadata to detect all the files that have changed since the last backup, and this can be very time consuming in implementations will billions of files.
Nutanix has paved the way for efficiently and easily backing up AFS file shares by exposing APIs. These API’s will allow backup applications to get a list of files that have changed since the last backup; thereby eliminating the need for scanning the filesystem to detect the changes. This gives the efficiency of NDMP, but without the complexity and restrictions imposed by NDMP. At the time of going to press, Nutanix has started working with Comtrade and Rubrik to add support for these API’s, with active discussions with other vendors.
Ever since AFS has been released, we have been frequently hearing two use cases from our customers:
► How can AFS be used to host user home directories for a VDI environment, where the VDI instances are load balanced between two sites? ► How can users at geographically distributed offices collaborate on the same project without having to access files over the WAN, or having to pass around some sort of ownership token?
In both these cases, customers would typically say that they use Microsoft DFS-R with their Windows fileservers to get close to this functionality, but it is a nightmare for them to manage as they regularly get pulled in to resolve file conflicts. When we looked at this problem, we decided that it did not make sense to add support for DFS-R to AFS and create the same problems for our customers. Today, we are glad to announce our partnership with Peer Software, wherein we will integrate with their PeerLink product, which will solve both of the use cases for our customers, while leveraging the benefits of AFS at all their sites.
To use this, customers will need to purchase the PeerLink product from Peer Software, and then deploy that software as shown in the figure above.
Each site collaborating on a project (or at the two sites in case of VDI load balancing) will have an independent AFS namespace. Anytime, there is a relevant change within an AFS namespace, the PeerLink software will be notified about the change. PeerLink will then replicate this change to all the “peer” AFS namespace(s), including file locks, thereby keeping the namespaces in sync. This will allow for bi-directional synchronization between two sites, or multi-site synchronization for collaboration of projects.
Data breaches have become fairly common, and a lot of our customers want the ability to maintain audit logs of all access/modifications to AFS. While this would allow them to maintain the necessary history for all accesses to AFS, current generation auditing applications go above and beyond by not only storing the audit information, but also providing real-time analysis and alerts whenever some unexpected activity is detected. Today, we are proud to announce that we are partnering with Varonis and STEALTHbits to deliver such powerful auditing solutions using their DatAdvantage and StealthAUDIT® products respectively.
To leverage this integrated solution, customers will have to purchase their auditing application of choice, and then use that to impose appropriate security and data governance controls over their unstructured data.
While it is exciting to announce all these partnerships, it is equally important to point out that these capabilities have all been enabled through standard REST API’s. While, we are working with these selective vendors today, we will open up our API’s for all partners to consume once we reach GA status with these partners. By leveraging the REST framework, we have made it easy for anyone to work with these API’s. We expect our customers to come up with very innovative uses of these API’s, and we will share those use cases with the world, as we learn more about them.
This is just the beginning, stay tuned for more exciting features on AFS later this year ! Here is a link to our press release on AFS, that highlights these partnerships, and also touches upon the momentum that we have generated with AFS.
Disclaimer: This blog may contain links to external websites that are not part of Nutanix.com. Nutanix does not control these sites and disclaims all responsibility for the content or accuracy of any external site. Our decision to link to an external site should not be considered an endorsement of any content on such site.