Systems Engineer at a tech services company with 11-50 employees
Real User
Top 5
2024-07-22T15:02:45Z
Jul 22, 2024
We have customers that use it, but I'm not an administrator or operator. I just implemented it at the customer site, that's all I did. I'm probably not as experienced as some of the customers because they use it more often than me. Our customers use it mainly for security reasons to block access between VMs in the same subnet. Sometimes, I saw that a few of them have an isolation policy. For example, if a VM is infected with malicious software, then they can put the category on the VM, and it goes automatically to the isolation network, which means that the VM cannot communicate with the outside. Only inside connections are possible. That's a nice feature, as well as the isolation of the Flow Network. They are completely divided, so they can't communicate with each other. If you have a production site and, on the same cluster or in the same network, you have a test environment, you can divide them with Flow and block any communication between these two sites. That's also a nice feature in my opinion.
Our primary use case for Nutanix Flow Network Security was to perform network mapping within our virtual environment, which is relatively flat. Regarding networking, we have a few virtual LANs set up between certain networks. However, we wanted to evaluate Nutanix Flow Network Security to create additional security rules, specifically firewall rules, for those virtual networks and the virtual machines within them. We were exploring the possibility of implementing Flow to prevent any unwanted traffic by applying such rules. During our evaluation, we used Nutanix Flow Network Security in a monitoring mode, which allowed us to capture network data between the virtual machines and virtual networks in question. This gave us the ability to create policies that would limit communication between virtual networks or servers or allow communication only between specific servers. However, we only implemented these policies in a monitoring mode. To clarify, we never implemented any firewall rules to actively prevent communication between the virtual networks or servers.
Nutanix Flow is a solution to build or provide micro-segmentation. Micro-segmentation is a zero-trust environment where no VM communicates to another VM, even if they are on the same network. There are situations when you don't want to allow them to communicate for a specific reason. Most companies have networks, but there are VMS on those networks and they can communicate with each other. The only option for the customer not to them communicate is for them to have different networks and have them pass through a firewall, which is highly expensive and difficult to manage.
Learn what your peers think about Nutanix Flow Network Security. Get advice and tips from experienced pros sharing their opinions. Updated: October 2024.
Senior Systems Engineer at a retailer with 11-50 employees
Real User
Top 5
2021-12-14T05:16:00Z
Dec 14, 2021
The solution is used for micro-segmentation and to control all the traffic east to west in the applications. It allows for policies that enable complete visibility and traffic control.
Flow Network Security is a stateful, distributed, microsegmentation firewall. It is provided as part of NCI Ultimate or as part of the optional Security Add-On package for NCI Pro.
We have customers that use it, but I'm not an administrator or operator. I just implemented it at the customer site, that's all I did. I'm probably not as experienced as some of the customers because they use it more often than me. Our customers use it mainly for security reasons to block access between VMs in the same subnet. Sometimes, I saw that a few of them have an isolation policy. For example, if a VM is infected with malicious software, then they can put the category on the VM, and it goes automatically to the isolation network, which means that the VM cannot communicate with the outside. Only inside connections are possible. That's a nice feature, as well as the isolation of the Flow Network. They are completely divided, so they can't communicate with each other. If you have a production site and, on the same cluster or in the same network, you have a test environment, you can divide them with Flow and block any communication between these two sites. That's also a nice feature in my opinion.
We use the solution for micro segmentation in the virtualization environment. I make sure VMs in the same network cannot speak to each other.
Our primary use case for Nutanix Flow Network Security was to perform network mapping within our virtual environment, which is relatively flat. Regarding networking, we have a few virtual LANs set up between certain networks. However, we wanted to evaluate Nutanix Flow Network Security to create additional security rules, specifically firewall rules, for those virtual networks and the virtual machines within them. We were exploring the possibility of implementing Flow to prevent any unwanted traffic by applying such rules. During our evaluation, we used Nutanix Flow Network Security in a monitoring mode, which allowed us to capture network data between the virtual machines and virtual networks in question. This gave us the ability to create policies that would limit communication between virtual networks or servers or allow communication only between specific servers. However, we only implemented these policies in a monitoring mode. To clarify, we never implemented any firewall rules to actively prevent communication between the virtual networks or servers.
I primarily use Flow Network Security for micro-segmentation, workload applications, and application databases.
We use this solution as a DMZ environment; it allows us to spread to the database traffic.
Nutanix Flow is a solution to build or provide micro-segmentation. Micro-segmentation is a zero-trust environment where no VM communicates to another VM, even if they are on the same network. There are situations when you don't want to allow them to communicate for a specific reason. Most companies have networks, but there are VMS on those networks and they can communicate with each other. The only option for the customer not to them communicate is for them to have different networks and have them pass through a firewall, which is highly expensive and difficult to manage.
The solution is used for micro-segmentation and to control all the traffic east to west in the applications. It allows for policies that enable complete visibility and traffic control.