Support Center > Search Results > SecureKnowledge Details
CloudGuard Network Security for Nutanix Technical Level
Solution

Table of Contents:

  1. Introduction to CloudGuard Network Security for Nutanix
    • Nutanix Overview
    • CloudGuard Controller for Nutanix
    • CloudGuard Network Security with Nutanix Flow
    • Use Cases
  2. Required Components for installation of CloudGuard Network Security Gateway for Nutanix
  3. Prerequisites
  4. Deployment Instructions CloudGuard Controller for Nutanix
  5. Deployment Instructions CloudGuard Network Security Gateways for Nutanix Flow
  6. Documentation
  7. Known Limitations

(1) Introduction to CloudGuard Network Security for Nutanix

Nutanix Overview

    Nutanix delivers a web-scale, hyperconverged infrastructure solution purpose built for virtualization and both containerized and private cloud environments. This solution brings the scale, resilience, and economic benefits of web-scale architecture to the enterprise through the Nutanix enterprise cloud platform, which combines the core HCI product families—Nutanix AOS and Nutanix Prism management—along with other software products that automate, secure, and back up cost-optimized infrastructure.

    CloudGuard Controller for Nutanix

    CloudGuard supports importing Nutanix virtual infrastructure entities. CloudGuard connects to Nutanix Data Center and integrates the virtual cloud environment with CloudGuard gateways. CloudGuard automatically updates the security policy and security logs. CloudGuard reads the inventory from Nutanix Data Center and allows the security operator to use virtual machines and categories from the inventory as part of the security policy. CloudGuard watches these objects and updates the gateway regarding any change that might occur on the Nutanix side. Nutanix allows the dynamic export of network topology, providing CloudGuard with immediate access to all network configuration changes. This functionality is particularly important to support the dynamic nature of customer cloud deployments.


    CloudGuard Controller for Nutanix


    Item Description
    1 CloudGuard Controller for Nutanix establishes a trusted relationship with the cloud environment.
    2 With the use of Nutanix APIs, the CloudGuard Controller connects to the Nutanix environment and regularly polls it for changes.
    3 Changes in Nutanix environment are sent to the CloudGuard Controller
    4 The CloudGuard Controller for Nutanix pushes updates to attributes and objects in the Security Policy rules to Check Point Security Gateways.

    CloudGuard Network Security with Nutanix Flow

    CloudGuard enables automated deployment of CloudGuard Network security gateways and micro-segmentation capabilities, using Nutanix Calm Framework. 


    Nutanix Flow’s ability to control traffic is augmented with CloudGuard’s industry-leading threat prevention capabilities. The joint solution for Nutanix Data Center effectively addresses one of the key challenges of modern data center networks, securing workloads at the perimeter with Check Point’s industry-leading firewall.

    CloudGuard Network Security with service chaining protects against advanced threats (Source: Nutanix)
     

    Use Cases

    Here are examples of how you can set up your Nutanix Flow Gateway architecture

    Architecture Description
    Micro-Segmentation Micro-Segmentation is a component of Nutanix Flow networking that simplifies policy management. Using Multiple Prism Central categories (logical groups), a powerful distributed firewall can be created which gives the administrators an application-centric policy management tool for securing traffic.

    Micro-Segmentation helps reduce the sum of vulnerabilities, by preventing activities along the east-west traffic within the perimeter. This is established by deploying CloudGuard Network Security Gateways integrated with Nutanix Flow.

    By using the Nutanix Calm Blueprint, a service chain and Security Gateways are created on each AHV host.

    Together with Nutanix Flow, Traffic can be redirected to the CloudGuard Network Security Gateway within the service chain for inspection, based on the user-defined Nutanix Flow Policy.
    Virtual Desktop Infrastructure (VDI) Nutanix Flow can separate groups of virtual desktops with a security policy and work with CloudGuard Network Security Gateways on Acropolis Hypervisor (AHV) to inspect and enforce application layer traffic along with blocking threats across the virtual desktop infrastructure. 

    (2) Required Components for installation of CloudGuard Network Security Gateway for Nutanix

    Show / Hide this section
    Component Description
    Security Management Server /
    Multi-Domain Security Management Server
    The Check Point Security Management Server is the basic infrastructure managing Check Point Security Gateways.
    SmartConsole SmartConsole is the new unified application of Check Point's R81 Security Management.
    Cloud Management Extension (CME) As a Service that runs on Check Point Management Servers, it continuously monitors CloudGuard Network Gateways deployed in Nutanix and synchronizes them with the Security Management Server.
    Nutanix Prism Central Prism Central is a Multi-cluster manager responsible for managing multiple Nutanix Clusters to provide a single, centralized management interface.
    Nutanix Calm Nutanix Calm is a multi-cloud application management framework.
    Nutanix Flow Nutanix Flow offers policy-based network security integrated into Nutanix AHV
    and Nutanix Prism Central. 
    Nutanix Flow can separate groups of virtual desktops with a security policy and work with CloudGuard Network Security Gateways on Acropolis Hypervisor (AHV) to inspect and enforce application layer traffic along with blocking threats across the virtual desktop infrastructure. 

    (3) Prerequisites

    Show / Hide this section

    CloudGuard Compatibility with Nutanix

    Component Version Check Point Version
    AOS  5.15.4 LTS, 5.20 LTS  R81

    NCC 

    3.10.1, 4.1.0 
    AHV  20170830.434, 
    20201105.2030
    Nutanix Prism Central pc.2020.11.0.1,
    pc.2021.5
    Nutanix Calm v3.1.1, v3.2.6

    Refer to the Nutanix Compatibility Matrix for more information.

    (4) Deployment Instructions CloudGuard Controller for Nutanix

    Show / Hide this section
    Step Description
    1 In SmartConsole, create a new Data Center object:
    In the top left corner, click Objects menu > More object types > Cloud > Data Center > New Nutanix.
    2 In the Enter Object Name field, enter the applicable name.
    3 In the Hostname field, enter the IP address or hostname of your Nutanix Prism Central server
    4 In the Username field, enter your Nutanix Prism Central administrator username
    5 In the Password field, enter your Nutanix Prism Central administrator password
    6 Click Test Connection
    7 Click OK
    8 Publish the SmartConsole session

    Nutanix Objects

    Object Description
    VM Represents an entity of type ‘VM’ in Nutanix Prism
    Category A category in Nutanix Prism contains values, and a VM can be assigned with values. In SmartConsole, a category contains all the VMs that are assigned with any of the values of that category.

    Downloads

    Management Download Link
    Check Point R81 CloudGuard Controller for Nutanix CPuse Hotfix
    Version ICE_NUTANIX_HF_MAIN_Bundle_T4
    Date Published 2021-04-26
    (TAR)
    SmartConsole For R81 CloudGuard Controller for Nutanix
    Version ice_nutanix_hf_gui_995000002_1
    Date Published 2021-04-26
    (RAR)

    Refer to R81 CloudGuard Controller Administration Guide for detailed instructions.

    (5) Deployment Instructions CloudGuard Network Security Gateways for Nutanix Flow

    Show / Hide this section
    1. Install Security Management Server / Multi-Domain Security Management Server.
    2. Install SmartConsole for Security Management Server.
    3. Install the CME Bundle on the Security Management Server.
    4. Upload R81 CloudGuard Network Security Gateway image to Prism Central from CloudGuard for Private Cloud images.
    5. Import and Configure Nutanix Calm Blueprint.
    6. Apply Micro-Segmentation Policy on Nutanix Prism Central

    Downloads 

    CME Download

    Please use the latest version from:
    CME (Cloud Management Extension) for CloudGuard Latest Updates 


    Nutanix CALM CloudGuard Network Security Gateway Blueprint Download Link
    Check Point Gateway Blueprint for Nutanix Calm
    Date Published 2021-07-05
    (JSON)
    Refer to the Deployment Guide for detailed instructions.

    (6) Documentation

    (7) Known Limitations

    This solution has been verified for the specific scenario, described by the combination of Product, Version and Symptoms. It may not work in other scenarios.

    Give us Feedback
    Please rate this document
    [1=Worst,5=Best]
    Comment