Nutanix AOS 5.1 & Companions are now GA

For the second time this year, Nutanix has released a major feature upgrade to AOS and companion software. Now available, is AOS 5.1! Top of the list of new features is vSphere 6.5 support for NX platforms (Nutanix branded gear). vSphere 6.5 support for OEM platforms is coming soon. But that’s not the only new feature. Here’s a rundown of some (not all) of the new features:

  • 1-click controller VM (CVM) memory upgrade
  • XenServer support on NX-1065-G5, NX-3060-G5, NX-3175-G5 (optionally with NVIDIA M60)
  • All-flash clusters now support adding hybrid nodes (e.g. cold storage only nodes). Minimum 2 AF nodes.
  • Automatic “admin” account password sync across all CVMs, Prism Web console, and SSH interfaces.
  • Docker container management through self-service portal.
  • Prism 1-click feature to install Docker host VM
  • Post-process compression is enabled by default on all new containers with Pro and Ultimate licenses
  • 1-click centralized upgrades from Prism Central
  • 1-click Prism central cluster registration and Prism Central Deployment
  • Pulse (telemetry) enabled for Prism Central
  • Auto-resolved alerts
  • User defined alerts
  • Graphics and compute mode for NVIDIA M60 GPU
  • CHAP authentication for Acropolis Block Services
  • Hot-plug CPU and memory on AHV VMs
  • Metro availability and synchronous replication supported across hardware vendors (NX, Dell, Lenovo). Async support continues.
  • VirtIO drivers updated to v1.1
  • Dynamically increase EC-X strip size as cluster is expanded
  • Much improved storage efficiency reporting in Prism (compression, dedupe, EC-X, etc.)
  • Disk rebuild time estimation
  • AFS supports Mac OS v10.10, v10.11, v10.12
  • Acropolis Block Service enhanced OS support (Solaris 11, RHEL 6, 7, 6.8)

Tech Preview Features include:

  • Software only support for UCS B-series blades
  • GPU pass-through for AHV guest VMs
  • Support 3rd-party network function VMs (e.g. load balancer, firewall, etc.) routed through Open vSwitch (OVS).

Companion Software Updates

  • Prism Central 5.1
  • Acropolis File Services (AFS) 2.1
  • Acropolis Container Services (ACS) 1.0
  • Foundation 3.7.2

Helpful Links

As of 5/1/2017, AOS 5.1 has not been enabled for automatic download and 1-click upgrades. As always, if you don’t want to wait for the automatic download switch to be flipped (in the near future), you can grab the AOS binary from the support portal and use our 1-click upgrade process. As always, thoroughly read the full release notes on the support portal before attempting an upgrade.

Deploy the SourceFire Cisco FireSight Management Virtual Appliance

As you know, Cisco entered the game of NGFW purchasing SourceFire. Still now, SourceFire is still a not integrated with ASA, which imo represents 2 different products to manage.

Here we will just deploy the FireSight Management Virtual Appliance which is the new name for the Defense Center. This is the configuration/control center for all of our FirePower devices. But first, let’s get it started.

Download the firesight ovf from the cisco web site. (log in required)
The current package is called:  Cisco_Firepower_Management_Center_VMware-6.0.1-1213 – use the DuckDuckGo Power instead of the browsing the Cisco site.

Somehow there are 2 OVFs:
Cisco_Firepower_Management_Center_Virtual_VMware-VI-6.0.1-1213.ovf
Cisco_Firepower_Management_Center_Virtual_VMware-ESXi-6.0.1-1213.ovf

They offer different style of setup. I am just going to pick the VI one as it includes a wizard to configure the network of the VM.

fire1

I find funny that this is a ovf that doesn’t support much vmware stuff. Not to say, it is officially not supported under ESX6!
The guide makes it look like nothing virtual is supported…
Guidelines and Limitations
The following limitations exist when deploying Firepower NGIPSv for VMware:

  • vMotion is not supported.
  • Cloning a virtual machine is not supported.
  • Restoring a virtual machine with snapshot is not supported.
  • Restoring a backup is not supported.

Something else puzzle me, while the memory and cpu are configurable, the disk size is not!
I wonder how we can increase the size for additional logging/retention.

fire2
Nonetheless, install the ovf as usual using the ovf wizard.
The wizard also include so configuration item for name, dns, and network settings…

It boots, and then says it is going to take forever to initialize. The Ui says up to 30 minutes, the manual says up to 40 minutes!

fire3

25 minutes later
WebUI seems started however

fire4

fire5
Once ready, onto some basic configuration:
Verifying network settings, ntp, smtp
Enabling VMware tools

fire6
Rules and Geolocation updates
Do the recurring update imports as well

fire7
Enable auto-backup
And of course register.

fire8
I usually would do the integrations with your ASA/Firepower device so that you can objects to create rules on and so on. Let me know what you want to see.