Nutanix Cloud Clusters Azure

Download as pdf or txt
Download as pdf or txt
You are on page 1of 210

Nutanix Cloud Clusters

on Azure Deployment
and User Guide
Cloud Clusters (NC2) Hosted
March 7, 2024
Contents

About This Document.......................................................................................5


Reference Information for NC2................................................................................................................... 6

Nutanix Cloud Clusters Overview................................................................... 7


NC2 on Azure Overview............................................................................................................................. 7
NC2 Key Benefits............................................................................................................................. 9
Essential Concepts......................................................................................................................................9
NC2 Planning Guidance............................................................................................................................11
Costs............................................................................................................................................... 11
Sizing.............................................................................................................................................. 11
Capacity Optimizations................................................................................................................... 11
NC2 on Azure Deployment Stages...........................................................................................................12
Azure Components Installed..................................................................................................................... 13

NC2 on Azure Deployment Workflow........................................................... 16

NC2 Deployment Prerequisites......................................................................19


Requirements for NC2 on Azure.............................................................................................................. 19
Supported Regions and Bare-metal Instances......................................................................................... 22
Bare-metal Instances......................................................................................................................22
Azure Regions................................................................................................................................ 23
Limitations..................................................................................................................................................23
Non-Applicable On-Prem Configurations.................................................................................................. 24
Creating My Nutanix Account................................................................................................................... 26
Starting a Free Trial for NC2.................................................................................................................... 28

NC2 Payment Methods................................................................................... 31


Nutanix Licenses for NC2......................................................................................................................... 32
New Portfolio Licenses...................................................................................................................32
Legacy Portfolio Licenses.............................................................................................................. 35
Managing Licenses.........................................................................................................................37
Subscription Plan for NC2........................................................................................................................ 38
Nutanix Direct................................................................................................................................. 40
Azure Marketplace..........................................................................................................................45
Changing Payment Method.......................................................................................................................68
Canceling the Subscription Plan............................................................................................................... 70
Billing Management................................................................................................................................... 73
Viewing Billing and Usage Details................................................................................................. 73

Azure Tenant Setup........................................................................................ 76


Setting up an Azure Account.................................................................................................................... 76
Configuring Microsoft Entra ID..................................................................................................................76
Setting up an Azure Subscription............................................................................................................. 76
Allowlisting Your Azure Subscription........................................................................................................ 76

ii
Validating the Allowlisting...............................................................................................................80
Registering the Azure Resource Providers...............................................................................................80
Creating an App Registration....................................................................................................................81
Creating an Azure Custom Role.................................................................................................... 81
Checking the Azure AD and Azure Subscription Permissions.......................................................85
Creating and Registering an App...................................................................................................86
Assigning the Azure Custom Role................................................................................................. 87
Creating a New Client Secret........................................................................................................ 89
Getting the Azure IDs............................................................................................................................... 90
Creating Azure Policy Exemptions............................................................................................................90

Networking Infrastructure in Azure............................................................... 93


Configuring DNS Settings......................................................................................................................... 93
Setting up VPN or ExpressRoute............................................................................................................. 93
Manual Setup to Use Existing Azure Resources......................................................................................96
Creating a Resource Group........................................................................................................... 96
Configuring VNets, Subnets, and NAT Gateway........................................................................... 96

NC2 Console Workflow.................................................................................100


Creating an Organization........................................................................................................................ 100
Updating an Organization.............................................................................................................100
Adding an Azure Cloud Account to NC2................................................................................................ 101
Deactivating a Cloud Account...................................................................................................... 104
Reconnecting a Cloud Account....................................................................................................105
Adding a Cloud Account Region.................................................................................................. 105
Updating Azure Cloud Account Configurations............................................................................106
Creating a Cluster................................................................................................................................... 107

User VM Network Management and Security.............................................130


Network Connectivity for User VMs........................................................................................................ 132
Configuring Connectivity for User VMs with NAT........................................................................ 133
Configuring Connectivity for User VMs without NAT................................................................... 134
Creating an Overlay External Subnet in Transit VPC for No NAT......................................................... 135
Configuring ERP in Transit VPC.............................................................................................................137
Configuring a Route Table for No NAT Connectivity..............................................................................138
No NAT Connectivity in Scaled-out Flow Gateway Deployment............................................................ 141
Creating a User VPC.............................................................................................................................. 142
Configuring ERP in User VPC................................................................................................................ 144
Requesting Floating IPs for NAT Subnets..............................................................................................145
Creating an Overlay Subnet in the User VPC........................................................................................147
Attaching the Subnets to VMs................................................................................................................ 149
Creating Static Routes............................................................................................................................ 150
Controlling North-South Traffic................................................................................................................151
Security Rules for Connectivity with NAT.................................................................................... 151
Security Rules for Connectivity with No-NAT.............................................................................. 152

NC2 Cluster Management.............................................................................159


NC2 Management Console.....................................................................................................................159
NC2 Console........................................................................................................................................... 159
Audit Trail......................................................................................................................................163
Notification Center........................................................................................................................ 164
Configuring Email Notifications for Alerts.....................................................................................165

iii
Updating the Cluster Capacity................................................................................................................ 167
Migrating to Scaled-out Flow Gateway Deployment...............................................................................169
Scaling up or down Flow Gateway VMs.................................................................................................172
Manually Replacing a Node.................................................................................................................... 173
Azure Events in NC2.............................................................................................................................. 174
Viewing Azure Events.................................................................................................................. 175
Viewing the Licensing Details of a Cluster............................................................................................. 176
Terminating a Cluster..............................................................................................................................176
Support Log Bundle Collection............................................................................................................... 177
VM Management Using NGT..................................................................................................................177

NC2 User Management................................................................................. 179


User Roles...............................................................................................................................................179
Adding Users from the NC2 Console..................................................................................................... 180
Managing Support Authorization............................................................................................................. 192

API Key Management for NC2..................................................................... 194

Cost Analytics............................................................................................... 198


Integrating Cost Governance with NC2.................................................................................................. 198
Displaying Cost Analytics in the Cost Governance Console.................................................................. 198

Disaster Recovery and Backup................................................................... 200


Disaster Recovery Without Layer 2 Stretch............................................................................................200
Disaster Recovery Over Layer 2 Stretch................................................................................................ 200
Integration with Third-Party Backup Solutions........................................................................................ 203

System Maintenance..................................................................................... 204


Health Check........................................................................................................................................... 204
Routine Maintenance...............................................................................................................................204
Monitoring Certificates.................................................................................................................. 204
Nutanix Software Updates............................................................................................................204
Managing Nutanix Licenses......................................................................................................... 204
System Credentials.......................................................................................................................204
Managing Access Keys and Azure Service Limits.......................................................................204
Emergency Maintenance.............................................................................................................. 205
Automatic Node Failure Detection............................................................................................... 205
Enabling Support Tunnel for Nutanix Support Team................................................................... 205
Support..........................................................................................................................................207
Troubleshooting Deployment Issues....................................................................................................... 207
Documentation Support and Feedback.................................................................................................. 207

Release Notes................................................................................................209

Copyright........................................................................................................210
ABOUT THIS DOCUMENT
This User Guide describes the deployment processes for NC2 on Azure. The guide provides instructions for setting
up the Azure and Nutanix resources required for NC2 on Azure deployment, subscribing to NC2 payment plans, and
end-to-end steps for creating a Nutanix cluster. It also provides reference information for use cases, such as setting up
Disaster Recovery.
This document is intended for users responsible for the deployment and configuration of NC2 on Azure. Readers
must be familiar with the Azure concepts and Nutanix products, such as Prism, Flow Virtual Networking, and
Disaster Recovery.

Document Organization
The following table shows how this User Guide is organized and helps you find the most relevant sections in the
guide for the tasks that you want to perform.

Table 1: NC2 on Azure User Guide Roadmap

For information about See the following


A high-level overview of NC2, essential concepts, Nutanix Cloud Clusters Overview
and planning guidance.
Requirements for deploying NC2 on Azure, NC2 Deployment Prerequisites
supported regions and bare-metal instances, and
limitations in using the product.
A checklist that provides end-to-end steps for NC2 on Azure Deployment Workflow
getting started, setting up the required resources,
deploying NC2, and creating a cluster. The
deployment checklist can serve as a QuickStart
guide for NC2 on Azure.
How to start a free trial for NC2 and details on the NC2 Payment Methods
subscription plan.
How to get started with Azure portal, set up Azure Azure Tenant Setup
account and subscription, and configure the
required Azure resources.
How to configure a DNS server, set up VPN/ Networking Infrastructure in Azure
ExpressRoute, and configure VNets and NAT
gateway.
How to set up an organization and add a cloud NC2 Console Workflow
account on the NC2 console, and steps to create a
cluster.
How to configure connectivity for user VMs, create User VM Network Management and Security
VPC, and perform VPC management.
Information on the NC2 console, how to update NC2 Cluster Management
a cluster capacity, replace a node, and VM
management using NGT.
NC2 user roles, how to add users to NC2, and NC2 User Management
manage authorization to Nutanix support.

Cloud Clusters (NC2) | About This Document | 5


For information about See the following
How to use Cost Governance to analyze your cloud Cost Analytics
consumption.
How to configure Disaster Recovery and backup Disaster Recovery and Backup
your data.
Reference information on the system and System Maintenance
operational features, such as health check and
routine maintenance tasks.

Reference Information for NC2


The following documentation is available for NC2. While using NC2, you need to use several other Nutanix products,
such as Prism, Flow Virtual Networking, and Nutanix Disaster Recovery. Nutanix recommends that you read product
documentation for these products to understand how you can use these products.

• NC2 on Azure:

• Nutanix Cloud Clusters on Azure - Solution Tech Note


• Nutanix Cloud Clusters on Azure Release Notes
• Compatibility and Interoperability Matrix
• Nutanix Configuration Maximums
• Nutanix University
• Azure BareMetal Infrastructure
• Supporting Nutanix products:

• Prism Central Infrastructure Guide


• Prism Central Admin Center Guide
• Prism Central Alerts and Events Reference Guide
• Prism Web Console Guide
• Flow Virtual Networking Guide
• Nutanix Disaster Recovery Guide

Cloud Clusters (NC2) | About This Document | 6


NUTANIX CLOUD CLUSTERS OVERVIEW
Nutanix Cloud Clusters (NC2) delivers a hybrid multicloud platform designed to run applications in private or
multiple public clouds. NC2 operates as an extension of on-prem datacenters and provides a hybrid cloud architecture
that spans private and public clouds, operated as a single cloud.
NC2 extends the simplicity and ease of use of the Nutanix software stack to public clouds using a unified
management console. NC2 runs AOS and AHV on the public cloud instances and packages the same CLI, GUI, and
APIs that cloud operators use in their on-prem environments. NC2 resources are deployed in the existing public cloud
account to leverage their existing cloud provider relationships, credits, commits, and discounts.

Figure 1: Overview of the Nutanix Hybrid Multicloud Platform

NC2 on Azure Overview


With NC2 on Azure, when you run your workloads in Azure, you get the same experience you used to get with
on-prem Nutanix clusters. While consuming NC2 on Azure, the hardware is provided and billed by Azure and the
Nutanix software is billed by Nutanix. You can pay for NC2 usage directly to Nutanix using the Nutanix payment
plan or through the Azure marketplace.
Nutanix, in collaboration with Microsoft Azure, offers an Azure BareMetal instance from a hardware consumption
perspective for NC2 on Azure. It provides a consistent cluster experience for the provisioning and management of
clusters deployed in Azure. For more information, see Azure BareMetal Infrastructure.
The NC2 portal helps you perform the following to manage bare-metal instances:

• Deploy, remediate, and install Nutanix software onto bare-metal instances under your Azure account.

Cloud Clusters (NC2) | Nutanix Cloud Clusters Overview | 7


• Track server allocations and monitor fleet capacity.
• Allocate servers to ensure rack awareness inside Azure using placement groups.
• Track health and outages.
• Provision new nodes.
The clusters are created in your Azure accounts with access to the Azure services. Provisioning and cluster lifecycle
are driven by the NC2 portal, while cluster management is done through Prism (Prism Central and Prism Element),
providing identical functionality to on-prem clusters.
With the NC2 console, you can:

• Obtain and manage bare-metal resources.


• Ensure that the correct identity and access management (IAM) roles are created and used for deployment.
• Manage node placement strategy and remove or add nodes based on the health of the cluster.
With integration between the Nutanix AOS stack and Azure networking and services, enterprises can use their
existing Azure accounts, commitments, VNets, VPNs, and ExpressRoute configurations. You get a full hybrid
multicloud experience with the same Nutanix simplicity, ease of use, and high performance in your on-prem and
public cloud environments.

Figure 2: Overview of the NC2 on Azure

NC2 on Azure places the complete Nutanix hyperconverged infrastructure (HCI) stack directly on the bare-metal
instance. This bare-metal instance runs a Controller VM (CVM) and the Nutanix AHV as the hypervisor just like any
on-prem Nutanix deployment, using the Azure Virtual Network (VNet) to connect to the network.
AHV runs an efficient embedded distributed network controller that integrates user VM networking with Azure
networking. AHV assigns all user VM IPs to the bare-metal instance where VMs are running. NC2 on Azure uses
Flow Virtual Networking to create an overlay to give granular control for Nutanix administrators while allowing
connectivity to the Microsoft Azure services.
Nutanix architecture keeps hardware failures in mind, offering better resilience. AOS can withstand hardware failures
and software glitches and ensures that application availability and performance are never compromised. AOS Storage
is built to handle component, service, and CVM failures to maintain availability. AOS Storage helps to prevent
network partition errors and resolve bad disk resources.
Availability zones go offline for several reasons, such as power, cooling, networking issues, and scheduled system
maintenance. NC2 ensures that your NC2 on Azure instance meets your availability needs. To avoid downtime in

Cloud Clusters (NC2) | Nutanix Cloud Clusters Overview | 8


Azure, protect your workloads with Nutanix Disaster Recovery (formerly Leap). The Disaster Recovery destination
can be another on-prem cluster or another NC2 on an Azure instance in a different availability zone.
Combining features like native rack awareness with the bare-metal instance allows Nutanix to operate freely in a
dynamic cloud environment. NC2 on Azure offers native access to available cloud services without requiring you to
reconfigure your software.
Nutanix takes a comprehensive approach to security and mandates the following to deploy a secure NC2
infrastructure:

• An Azure account with the right set of role assignments


• Access control and user management in the NC2 console
To help reduce cost and complexity, Nutanix supports a native local key manager (LKM) for all clusters with three or
more nodes. The LKM runs as a service distributed among all the nodes. For more information on hardware failures
and key management, see Prism Web Console Guide.

NC2 Key Benefits


NC2 eliminates the complexities in managing networking, using multiple infrastructure tools, and rearchitecting the
applications.
NC2 offers the following key benefits:

• Cluster management:

• A single management console to manage private and public clouds


• Built-in integration into public cloud networking
• Burst into public clouds to meet a seasonal increase in demand
• Modernize applications and connect natively to cloud services
• Use public clouds for high availability and disaster recovery
• Easy to deploy and manage
• App mobility:

• Lift and shift applications with no retooling and refactoring


• Same performance as on-prem cloud and public clouds
• Cost management:

• Flexible subscription options


• Pay based on your actual usage
• Use your existing Nutanix licenses for NC2

Essential Concepts
This section describes the terms and concepts used throughout the guide. Nutanix recommends gaining familiarity
with these terms before you begin deploying NC2 on Azure.
Availability zone
Physically separate locations that contain one or more datacenters inter-connected by a high-
performance network with low latency links. Availability zones are physically isolated from each
other to ensure that a disaster at one availability zone does not affect another availability zone.

Cloud Clusters (NC2) | Nutanix Cloud Clusters Overview | 9


Azure Route Server
The Azure Route Server enables NC2 to exchange route information with Azure native virtual
networks dynamically.
Border Gateway Protocol
A standard routing protocol that advertises externally routable prefix (ERP) routes to the Azure
Route Server.
Cassandra
A database that stores all metadata about the user VM data stored in a Nutanix datastore.
CVM
Every host in a Nutanix cluster has a CVM that runs the Nutanix software and serves all of the I/O
operations for the hypervisor and all VMs running on that host.
Curator
A process responsible for managing and distributing tasks throughout the cluster, including disk
balancing, proactive scrubbing, and many more.
External subnet
Subnets outside a VPC are external subnets. External subnets can be the subnets within the
deployment but not included in a specific VPC. You can deploy external subnets with NAT or No
NAT.
Flow gateway
Flow gateway is a VM hosted in the Azure native network that acts as a gateway to direct all the
north-south traffic through it. It has an internal interface for overlay traffic from AHV and an external
interface to exchange traffic with the Azure network.
Flow Virtual Networking
Flow Virtual Networking is a software-defined network visualization solution that allows you to
create and manage VPCs and overlay subnets to use the underlying physical networks that connect
clusters and datacenters.
NAT gateway
Network Address Translation (NAT) is a process for modifying the source or destination addresses
in the headers of an IP packet while the packet is in transit. A NAT gateway provides the entities
inside an internal network with connectivity to the Internet without exposing the internal network and
its entities. NAT gateways are only used when you use NAT for an external subnet.
Overlay networks
You can create an IP-based overlay subnet for a VPC. An overlay network is a virtualized network
that is configured on top of an underlying virtual or physical network.
Prism Central
The user interface that allows you to monitor and manage many Nutanix clusters. Prism Central
essentially is a VM that you deploy (host) in a Nutanix cluster.
Prism Element
The user interface that allows you to configure, manage, and monitor a single Nutanix cluster. It is a
service built into the platform for every Nutanix cluster deployed.
Static route
Static routes are the fixed routes configured to direct network traffic between the cloud and your on-
prem datacenter.

Cloud Clusters (NC2) | Nutanix Cloud Clusters Overview | 10


SNAT and Floating IP Address
In Source Network Address Translation (SNAT), the NAT router modifies the IP address of the sender in IP
packets. SNAT is commonly used to enable hosts with private addresses to communicate with servers on the
public Internet.
A floating IP address is an IP from the overlay external subnet with NAT (overlay-external-subnet-nat)
that is assigned to a VM through the VPC that manages the network of the VM.
SNAT and floating IP addresses are only used when you use NAT for an external subnet.
Transit VPC
A transit VPC is created as part of NC2 on Azure deployment. It contains a VLAN-backed subnet to
get external connectivity.
User VPC
User VPC is a custom VPC that hosts user VMs. The user VPC connects to the common transit
VPC.
VNet
Azure Virtual Network (VNet) is an isolated network within the Microsoft Azure cloud that provides a
range of networking functions, such as running VMs and applications in the cloud.
VPC
A Virtual Private Cloud (VPC) is an independent and isolated IP address space that functions as a
logically isolated virtual network. A VPC can be made up of one or more subnets that are connected
through a logical or virtual router.

NC2 Planning Guidance


This section describes how you can plan costs, sizing, and capacity for your NC2 infrastructure.

Costs
While consuming NC2 on Azure, the hardware is provided and billed by Azure. The NC2 software consumption
is metered by Nutanix. You can choose to be billed for NC2 software usage either directly by Nutanix or by Azure
through your Azure marketplace account.
For more information about how your Azure BareMetal instances are billed, engage with Azure or see the Microsoft
documentation.
Nutanix sets the costs for running Nutanix clusters in Azure. For more information about the cost of running NC2 on
Azure, engage with your Nutanix sales representative.

Sizing
You can use the Nutanix Sizer tool to create the optimal Nutanix solution for your needs. For more information, see
the Sizer User Guide.

Capacity Optimizations
The Nutanix hybrid multicloud platform offers capacity optimization features, such as compression and
deduplication, that improve storage utilization and performance.
Compression
Nutanix systems currently offer the following two types of compression policies:

• Inline: The system compresses data synchronously as it is written to optimize capacity and maintain the
high performance for sequential I/O operations. Inline compression only compresses sequential I/O to
avoid degrading performance for random write I/O.

Cloud Clusters (NC2) | Nutanix Cloud Clusters Overview | 11


• Post-Process: Data writes to the SSD tier uncompressed for high performance for random workloads.
Compression occurs after cold data migrates to lower-performance storage tiers. Post-process compression
only acts when data and compute resources are available, so it does not affect normal I/O operations.
Nutanix recommends carefully considering the advantages and disadvantages of compression for your
specific applications. For more information on compression, see Nutanix Data Efficiency.
Deduplication
The software-driven Elastic Deduplication Engine increases the effective capacity in the disk tier, and the
utilization of the performance tiers (RAM and flash), by eliminating duplicate data. By providing larger
effective cache sizes in the performance tier, this feature increases performance for specific workloads.
Deduplication savings vary depending on workload and data types, but in general, deduplication provides
the largest benefit for common data sets, such as full-clone VDI workloads. Nutanix does not recommend
deduplication for general-purpose server workloads, including business-critical applications.
Nutanix recommends that you carefully consider the advantages and disadvantages of deduplication for your
specific applications. For more information on deduplication, see Nutanix Data Efficiency.
Nutanix recommends disabling deduplication for all except full-clone VDI VMs and increasing CVM
memory to at least 24 GB for the following containers:

• Containers hosting business-critical applications


• Containers hosting VDI
• Containers hosting general server workloads
• Containers hosting big data

NC2 on Azure Deployment Stages


A Nutanix cluster is deployed in Azure in approximately 3 hours. The following table lists the time taken by each
stage of cluster deployment.

Table 2: Cluster Deployment Stages

Deployment Stage Duration


AHV Download and Installation Approximately 35 to 45 minutes.
Happens in parallel on all nodes.

AOS Tar Download Approximately 4 minutes


Happens in parallel on all nodes.

AOS Installation Approximately 15 minutes


Happens in parallel on all nodes.

Cluster creation Approximately 3 minutes per node


Happens in sequence on all nodes.

Prism Central deployment Approximately 35 to 45 minutes


CMSP enablement Approximately 30 to 35 minutes
ANC enablement Approximately 30 to 45 minutes
Flow Gateway deployment Approximately 5 minutes

Cloud Clusters (NC2) | Nutanix Cloud Clusters Overview | 12


Several Azure components are installed as part of NC2 on Azure deployment. For more information, see Azure
Components Installed.

Note: If there are any issues with provisioning the Nutanix cluster, see the Notification Center on the NC2 Dashboard.

Azure Components Installed


When deploying NC2 on Azure, several Azure components are installed.
The following table lists the mandatory Azure components that are either installed when the option to create a new
VNet is selected during NC2 on Azure deployment or those components that you need to manually install when you
prefer using an existing VNet.

Table 3: Mandatory Azure Components Installed on Deployment

Azure Component Charged by Azure Description


Compute (Dedicated Bare-Metal Hosts)
Bare metal Instances Yes For the lists of the supported Azure bare-metal
instance, see Bare-metal Instances.
Networking and Security
Network Interface Card (NIC) No External NIC and internal NIC are required for Flow
Gateway VMs.
NAT Gateway Yes A NAT gateway is deployed only when you deploy
the cluster in a new VNet. If you deploy the cluster in
an existing VNet, you can leverage an existing NAT
Gateway.

Note: Charges are also applicable for data traffic.

Security Groups No While deploying NC2 on Azure, a default security


group is created and attached to the cluster
components, such as VMs and gateways. You can
modify these security groups to meet your specific
requirements.
VNet No A VNet is deployed only when you choose to create
a new VNet at the time of cluster creation on the NC2
portal.

Note: Charges are also applicable for data traffic and


VNet Peering.

Cloud Clusters (NC2) | Nutanix Cloud Clusters Overview | 13


Azure Component Charged by Azure Description
Subnets No When you deploy a Nutanix cluster in Azure by using the
NC2 console, you can either choose to deploy the cluster
in a new VNet and private subnet or choose to deploy the
cluster in an existing VNet and private subnet.
If you opt to deploy the cluster in a new VNet, the NC2
console provisions a new VNet and private subnet for
management traffic in Azure during the cluster creation
process.

Note: You must manually create one or more separate


subnets in Azure for user VMs.

Public IPs Yes Public IP addresses are created when a NAT gateway
and VPN gateway is configured.
Microsoft Entra ID (formerly Yes Microsoft Entra ID is used as Microsoft identity and
Azure Active Directory) access management.
Resource Group No Resource groups are logical groupings of resources
in Azure. There is no price for the resource group.
You need to pay for the Azure resources based on the
pricing model.
Storage
Azure Disk Storage Yes Azure disk storage is used with Azure workloads, such
as VMs and databases.
Blob Storage Yes Blob storage can be used as a backup destination
when using backup products that are compatible with
AHV.

The following table lists the optional Azure components that can be used with the NC2 on Azure deployment.

Table 4: Optional Azure Components

Azure Component Charged by Description


Azure
Network Connectivity
VPN Yes A VPN or ExpressRoute is needed for connectivity
between on-prem and Azure.
ExpressRoute Yes
Note: Charges are also applicable for data traffic.

Network Services
Azure DNS Yes Azure DNS is used by clusters for VMs by default. You
can configure AHV to use your own DNS.

You can view all the resources allocated to a cluster running on Azure on the cluster details page.

Cloud Clusters (NC2) | Nutanix Cloud Clusters Overview | 14


Figure 3: View the allocated resources

Cloud Clusters (NC2) | Nutanix Cloud Clusters Overview | 15


NC2 ON AZURE DEPLOYMENT
WORKFLOW
This topic describes the end-to-end workflow for deploying NC2 on Azure and creating Nutanix clusters in Azure. It
provides references to the required detailed procedures that you must perform to get started with NC2 on Azure.
The deployment process requires these high-level steps:
1. Setting up the required accounts and resources

• My Nutanix account and a free trial for NC2


• Azure account and resources
2. Setting up the networking infrastructure in Azure

Note: Some of the steps are only needed if you choose to use your existing Azure resources.

3. Setting up the NC2 console - adding your Azure cloud account to NC2
4. Creating a Nutanix cluster
5. Creating and managing a user VM network for external connectivity
6. Performing additional configurations after the cluster is created
For end-to-end deployment steps, see the Deployment Checklist.
NC2 provides the ability to deploy NC2 on Azure in a flexible way to suit your requirements. You can choose either
an automated workflow or a manual workflow.

Automated Workflow
Instead of using your existing Azure resources, you can create the required Azure resources, such as a resource group,
VNets, and subnets, while creating a cluster from the NC2 console. The NC2 console takes care of setting up the
required networking infrastructure.

Manual Workflow
You can use your existing Azure resources, such as a resource group, VNets, and subnets, or you can create your
Azure resources before creating a Nutanix cluster. You must take care of setting up the required networking
infrastructure.

Deployment Checklist
The following table lists the deployment flow and a checklist for all the required and optional steps that you must
perform to deploy NC2 on Azure.

Note: The steps that are only relevant to the manual workflow are listed under the Steps required only in the Manual
Workflow section in the following table. The rest of the steps apply to both workflows.

Read this checklist carefully and do the required planning and preparations to get ready for deploying NC2 on Azure.

Table 5: Steps to be Performed Before Creating a Nutanix Cluster

Serial No. Task Description


Account setup

Cloud Clusters (NC2) | NC2 on Azure Deployment Workflow | 16


Serial No. Task Description
1 Create a My Nutanix account. A My Nutanix account allows you to
access, manage, and use NC2 and is your
first point of access to NC2.
See Creating a My Nutanix Account.

2 Start a 30-day free trial for NC2 on Azure. Start a 30-day free trial for NC2 on
Azure. Beyond the free trial period, you
can pay for NC2 using the subscription
plan or use your Nutanix licenses.
See NC2 Payment Methods.

3 Set up an Azure account. You need an active Microsoft


Azure account with the required
permissions to register an app. See
Setting up Azure Account.
4 Configure Microsoft Entra ID (formerly Azure Active See Configuring Microsoft Entra ID.
Directory).
5 Set up an active Azure subscription. This Azure subscription must be
associated with the Azure AD that you
configured.
See Setting up an Azure
Subscription.

6 Get your Azure subscription allowlisted by Microsoft. See Allowlisting Your Azure
Subscription.
7 Switch to the NC2 subscription plan. You can pay for NC2 with PAYG
or your Nutanix licenses. You
can choose to pay for NC2 either
directly to Nutanix or through Azure
marketplace. See NC2 Payment
Methods.
8 Register the Azure resource providers for your See Registering the Azure Resource
account. Providers.
9 Create an App registration in Azure AD with access to See Creating an App Registration.
the new subscription with the Azure custom role.
10 Note the following details: You need these IDs later while adding
your Azure account to the NC2 console.
• Directory ID
See Getting the Azure IDs.
• Application ID
• Client secret
• Azure subscription ID

Set up the networking infrastructure in Azure


11 Configure a DNS server. See Configuring DNS Settings.
Steps 12 to 18 are required only in the manual workflow (where you use your existing Azure
resources)

Cloud Clusters (NC2) | NC2 on Azure Deployment Workflow | 17


Serial No. Task Description
12 Create a resource group if you do not want to use an See Creating a Resource Group.
existing resource group.
13 Create the required VNets. See Creating VNets and Subnets.
14 Configure two NAT gateways. See Creating a NAT Gateway in
Azure.
15 Create management/bare-metal subnets. See Creating a Virtual Network
(VNet) and Subnet in Azure.
16 Create a subnet for Prism Central. See Creating a Virtual Network
(VNet) and Subnet in Azure.
17 Create subnets in the Prism Central VNet to deploy a See Creating a Virtual Network
Flow gateway. (VNet) and Subnet in Azure.
18 Configure Prism Central VNet to deploy Nutanix Prism See Creating a Virtual Network
Central. (VNet) and Subnet in Azure.
VPN or ExpressRoute setup (for connectivity between on-prem datacenter and Azure datacenter)

Note: If direct access to the Cloud Cluster through VPN or ExpressRoute is not possible, you can deploy a Jump Host
instance to access Prism Element and Prism Central. You can deploy the Jump Host instance in the Prism Central
VNet inside a non-delegated subnet. Alternatively, you can deploy it in an external VNet and peer the VNets for
communication between Prism Central VNet and the Jump Host VNet.

19 Create VPN/ER Hub VNet See Setting up VPN or


ExpressRoute.
20 Create VPN/ER (Hub) gateway subnets. See Setting up VPN or
ExpressRoute.
21 Establish the VNet peering required for the Nutanix See Setting up VPN or
cluster. ExpressRoute.
22 Configure connectivity between your on-prem See Setting up VPN or
datacenter and Azure. ExpressRoute.
23 Configure virtual IP addresses for the on-prem cluster. See Setting up VPN or
ExpressRoute.
NC2 console setup
24 Create an organization in the NC2 console. See Creating an Organization.
25 Add your Azure account to the NC2 console. See Adding an Azure Cloud Account
to NC2.
26 Create a Nutanix cluster in Azure using the NC2 See Creating a Cluster.
console.

Table 6: Steps to be performed After Creating a Nutanix Cluster

Sr. No. Task Description


1 Configure networking for user VMs. See User VM Network Management
and Security.
2 Understand how to manage and administer NC2 on See NC2 Cluster Management and
Azure. NC2 User Management.

Cloud Clusters (NC2) | NC2 on Azure Deployment Workflow | 18


NC2 DEPLOYMENT PREREQUISITES
This section provides all the information that you need before deploying NC2. It includes prerequisites, supported
bare-metal instances, regions, and limitations in using NC2.

Requirements for NC2 on Azure


This guide assumes prior knowledge of the Nutanix stack and Azure services to operate significant deployments on
Azure.
You must meet the following requirements to use NC2 on Azure:

• My Nutanix account requirements:

• A My Nutanix account required to access the NC2 console.

Note: When you create a My Nutanix account, a default workspace gets created for you with the Account
Admin role, which is required to create an NC2 subscription and access the Admin Center and Billing Center
portals. If you are invited to a workspace, then you must get the Account Admin role so that you can subscribe
to NC2 and access the Admin Center and Billing Center.

• A free trial for NC2.


• Azure account requirements:

• An Azure account with an active subscription.


• Microsoft Entra ID (formerly Azure Active Directory) and permissions to create an App registration in Azure
AD with access to the new subscription with the Azure custom role you created in Creating an Azure
Custom Role.
• Networking requirements:

• Connectivity between your on-prem datacenter and Azure. Both ExpressRoute and VPN are supported.
• Virtual IP addresses for both the on-prem cluster and the cluster running in Azure.
• Outbound Internet access on your Azure portal.
• Azure Directory Service resolves the FQDN gateway-external-api.cloud.nutanix.com.
• Any network interface attached to a Flow Gateway VM must have the IP forwarding option enabled for it in
the Azure portal and in the operating system of the Flow Gateway VM. For more information, see Turn on IP
forwarding.

Note: Ensure that Azure policy assignments do not conflict with these requirements. For more information, see
Creating Azure Policy Exemptions.

Port Requirements
The following table lists the ports that must be open for disaster recovery between on-prem cluster and Azure.

Table 7: Port Requirements

Port Transfer Protocol Service


2009 TCP Stargate

Cloud Clusters (NC2) | NC2 Deployment Prerequisites | 19


Port Transfer Protocol Service
2020 TCP Disaster Recovery
9440 TCP Prism
22 TCP SSH
2010 TCP Curator
3260 TCP iSCSI traffic to CVM
2049 TCP NFS traffic to CVM

Note: Open the required ports and ensure that your firewall allows bi-directional Internet Control Message Protocol
(ICMP) traffic between the CVMs, Prism Element, and Prism Central. For more information on port requirements for
Nutanix products and services, see Ports and Protocols and select the Nutanix product from the Software Type
list.

The IP address 192.168.5.1 is used for all CVMs. For more information, see Networking Components.

Outbound Communication Requirements


There are a few general outbound requirements for deploying a Nutanix cluster in Azure on top of the existing
requirements that on-premises clusters use for support services. The following tables show the endpoints the Nutanix
cluster needs to communicate for a successful deployment. The list of endpoints is not comprehensive; there are
several other endpoints that you might need to allowlist depending on the Nutanix software components you use and
the firewall support requirements. For more information on port requirements for Nutanix products and services, see
the Port and Protocols guide and select the Nutanix product from the Software Type list.
Your VNets used for Azure cluster deployment need to have connectivity to the DNS servers that they were
configured to use.

Note: Many of the destinations listed here use DNS failover and load balancing. For this reason, the IP address
returned when resolving a specific domain may change rapidly. Nutanix cannot provide specific IP addresses in place of
domain names.

Table 8: Cluster Outbound to the Cluster Portal

Source Destination Protocol Purpose


Management https://downloads.cloud.nutanix.com/ TCP/443 (HTTPS) Life Cycle Manager
subnet, Flow * (LCM) required to
Gateway subnet, upgrade NCI and
and BGP subnet NC2 components.
(in case of Flow
Gateway scaled-out
deployment)
Management https://insights.nutanix.com/* TCP/443 (HTTPS) Pulse to provide
subnet, Flow diagnostic system
Gateway subnet, data to Nutanix
and BGP subnet Support.
(in case of Flow
Gateway scaled-out
deployment)

Cloud Clusters (NC2) | NC2 Deployment Prerequisites | 20


Source Destination Protocol Purpose
Management *.pool.ntp.org UDP/123 NTP server.
subnet, Flow
Gateway subnet,
and BGP subnet
(in case of Flow
Gateway scaled-out
deployment)
Management https://gateway-external- TCP/443 (HTTPS) The NC2 portal
subnet, Flow api.cloud.nutanix.com/* orchestration.
Gateway subnet,
and BGP subnet
(in case of Flow
Gateway scaled-out
deployment)
Management https://azure-support.nutanix.com/* TCP/443 (HTTPS)
subnet, Flow
Gateway subnet,
and BGP subnet
(in case of Flow
Gateway scaled-out
deployment)
Management 138.236.128.112 UDP/123 Azure NTP server.
subnet, Flow
Gateway subnet,
and BGP subnet
(in case of Flow
Gateway scaled-out
deployment)
Management https://apikeys.nutanix.com/* TCP/443 (HTTPS) Registration of
subnet, Flow API keys for
Gateway subnet, Prism Central and
and BGP subnet validation of API
(in case of Flow calls.
Gateway scaled-out
deployment)

Table 9: Cluster Outbound to Azure

Source Destination Protocol Purpose


Management https://management.azure.com/* TCP/443 (HTTPS) Make API calls from
subnet, Flow NC2 to manage
Gateway subnet, Azure resources.
and BGP subnet
(in case of Flow
Gateway scaled-out
deployment)

Cloud Clusters (NC2) | NC2 Deployment Prerequisites | 21


Source Destination Protocol Purpose
Management https://downloads.cloud.nutanix.com/ TCP/443 (HTTPS) Download NC2
subnet, Flow * RPMs.
Gateway subnet,
and BGP subnet
(in case of Flow
Gateway scaled-out
deployment)
Management subnet https://clusters-public-images.s3.us- TCP/443 (HTTPS) To download Prism
west-2.amazonaws.com/azure/prism- Central image.
central/*

Table 10: Cluster Outbound to Nutanix Teleport Proxy

Source Destination Protocol Purpose


Management subnet https://azure-support.nutanix.com/* TCP/443, 3022, Allow Teleport
3023, 3024, 3025, traffic to create
and 3080 a support tunnel
for the Nutanix
Support team to
give remote access
to your cluster for
troubleshooting
issues.

Note: These
ports must
be opened
bidirectionally.

Supported Regions and Bare-metal Instances


NC2 on Azure works with certain bare-metal instances in specific regions.

Note: NC2 might not support some bare-metal instance types in certain regions due to limitations in the number of
partitions available. NC2 supports bare-metal instances in regions with three or more partitions.

Bare-metal Instances
Azure supports the following bare-metal instances for NC2 on Azure:

Table 11: Supported bare-metal instances

Specification Ready Node for Nutanix AN36 Ready Node for Nutanix AN36P
Core Intel 6140, 36 Core, 2.3 GHz Intel 6240, 36 Core, 2.6 GHz
vCPUs 72 72
RAM 576 GiB 768 GiB

Cloud Clusters (NC2) | NC2 Deployment Prerequisites | 22


Specification Ready Node for Nutanix AN36 Ready Node for Nutanix AN36P
Storage 18.56 TB (8 x 1.92 TB SATA SSD, 2x1.6 20.7 TB (2x750 GB Optane, 6x3.2 TB
TB NVMe) NVMe)
Network 25 Gbps 25 Gbps
(Available
bandwidth
between nodes)

For more information, see Hardware Platform Spec Sheets. Select NC2 on Azure from the Select your
preferred Platform Providers list.
NC2 on Azure supports:

• Minimum of three (or more) Azure Nutanix Ready nodes per cluster.
• Only the Nutanix AHV on Nutanix clusters running in Azure.
• Prism Central instance deployed on NC2 on Azure to manage the Nutanix clusters in Azure.

Azure Regions
NC2 on Azure supports the following Azure regions and bare-metal instances:

Table 12: Supported Azure Regions

Region name Ready Node for Nutanix AN36 Ready Node for Nutanix AN36P
East US (Virginia) Yes No
West US 2 (Washington) Yes No
East US 2 (Virginia) No Yes
North Central US (Illinois) No Yes
Southeast Asia No Yes
Australia East No Yes
UK South No Yes
West Europe No Yes
Germany West Central No Yes
Japan East (Tokyo) No Yes

Limitations
This section lists the usage constraints and service limits of NC2 on Azure.
NC2 does not support:

• More than 28 nodes in a cluster

Note: A maximum of 28 nodes are supported in a cluster. AOS 6.6 or higher version and Prism Central pc.2022.9
or higher version provides the ability to create a cluster with 28 nodes or expand an existing cluster capacity to 28

Cloud Clusters (NC2) | NC2 Deployment Prerequisites | 23


nodes. However, with AOS versions earlier than 6.6 and Prism Central version earlier than pc.2022.9, a maximum
of 13 nodes are supported in a cluster.
NC2 does not recommend using single-node clusters in production environments.

• Two-node clusters
• Sharing of Azure subnets among multiple clusters

Note: NC2 requires a unique CIDR for each subnet in the Azure resource group. The subnets must not use the
same CIDR. Only private IPv4 addresses are supported.

• Use of 192.168.5.0/24 CIDR for the VNet being used to deploy the NC2 on Azure cluster. All Nutanix nodes use
that CIDR for communication between the CVM and the installed hypervisor.
• Use of IPs 192.168.0.0/16, 10.100.0.0/16, 10.200.0.0/24, or 10.200.0.0/22 for Prism Central VNet.
• Reconfiguration of Prism Central VM IP addresses for Prism Central scale-out deployments used in an NC2
environment
• Prism Central backup and recovery
• SyncRep operations
• Hibernate and resume operations
• The default configuration for CVMs on NC2 with AOS 6.7 or earlier is 32 GiB of RAM. On NC2 with AOS
6.7.1.5, the CVM memory size is set to 48 GiB.
• Access to the CVM and AHV through SSH
• Access to the CVM console through Prism Element
• Unregistering a cluster through the Prism user interface (Prism Central and Prism Element web console)
• Unregistering Prism Central from Prism Element
• Automatic installation of Nutanix Guest Tools (NGT)
• Dynamic routing (eBGP) for No-NAT connectivity as Azure VPN gateway does not redistribute UDR routes to
on-prem
• Connectivity to private endpoints from resources on Azure-delegated subnets

Note: Host, CVM, and Prism Central cannot be connected to private endpoints. User VMs do not have this
restriction as they are not deployed on delegated subnets.

For more information about the Azure limitations on UDR, SD-WAN, and global VNet peering of delegated
subnets, see Microsoft documentation. Nutanix recommends to contact your Microsoft account representative for
workarounds for these Azure-specific constraints. Additionally, for more information about the supported network
topologies, global peering, and connectivity using VPN and ExpressRoute gateway, see Microsoft documentation.

Non-Applicable On-Prem Configurations


Following is a list of the configurations that are supported in an on-prem Nutanix cluster but are not applicable to a
cluster running in Azure.

Prism Element and Prism Central Configurations

• VLAN ID: Azure does not support VLANs. Therefore, if you deploy a cluster on Azure, you do not need to
provide the VLAN ID when you create or update the network in the cluster. The VLAN ID is replaced by the
subnet ID, which uniquely identifies a given network in a VPC.

Cloud Clusters (NC2) | NC2 Deployment Prerequisites | 24


• Network visualization: The network visualization feature of the on-prem Prism Element web console is a
consolidated graphical representation of the network of the Nutanix cluster VMs, hosts, network components
(such as physical and logical interfaces), and attached first-hop switches. In an on-prem cluster, the information
about top-of-rack (ToR) Switches is configured using a CLI command. The cluster also uses SNMP and LLDP to
retrieve more information from the switch.
In a cluster running in Azure, you have no visibility into the actual cloud infrastructure such as the ToR switches.
API support is not available to discover the cloud infrastructure components in Nutanix clusters. Given that the
cluster is deployed in a single VPC, the switch view is replaced by the VPC. Any configuration options on the
network switch are disabled for clusters deployed in Azure.
• Uplink configuration: The functionality to update the uplink configuration is disabled for a cluster running in
Azure.
• Hardware configuration: The Switch tab in the Hardware menu of the Prism Element web console is disabled
for a cluster running in Azure.
• Rack configuration: The functionality to configure racks is disabled for a cluster running in Azure. Clusters are
deployed as rack-aware by default. APIs to create racks are also disabled on clusters running in Azure.
• Broadcast and multicast: Azure does not support broadcast and multicast.
• Security Dashboard: A dashboard that provides a dynamic summary of the security posture across all registered
clusters is not supported for NC2.
• Hosts only no blocks: Hosts are independent and not put together as a block. The block view is changed to the
host view in the Prism Element web console.
• Field-replaceable units: The functionality to replace and repair disks is disabled for a cluster running in Azure.
• License updates: You cannot update your NC2 licenses using the Prism Element web console. Update your NC2
licenses using the NC2 console.

Cluster Operations
Perform the following actions using the NC2 console:

• Deploy and provision the cluster using the NC2 console. Do not use Foundation.
• Perform the add node and remove node operations using the NC2 console. Do not use the Prism Element web
console.

API Operations
The following API calls are disabled or changed in a Nutanix cluster running in Azure:

Table 13: Disabled API Operations

API Changes
GET /clusters Values for the rack and block configuration are not
displayed.
POST /cluster/block_aware_fixer Not supported

Cloud Clusters (NC2) | NC2 Deployment Prerequisites | 25


API Changes
GET /hosts: Returns no values for the following attributes:
ipmiAddress (string, optional),
ipmiPassword (string, optional),
ipmiUsername (string, optional),
backplaneIp (string, optional),
bmcModel (string, optional): Specifies the model of
BMC, present on the node,
bmcVersion (string, optional): Specifies the version of
BMC, present on the node,
controllerVmBackplaneIp (string, optional),

Creating My Nutanix Account


You need a My Nutanix account to access the NC2 console. A My Nutanix account allows you to subscribe to,
access, and manage NC2. After creating a My Nutanix account, you can access the NC2 console through the My
Nutanix dashboard. You can use NC2 for a 30-day free trial period (one common free trial period for NC2 on all
supported clouds) or sign up to pay for NC2 usage beyond the free trial period. You can pay for NC2 using your
Nutanix licenses or with the subscription plan.
Perform the following procedure to create a My Nutanix account.

Procedure

1. Go to https://my.nutanix.com.

2. Click Sign up now.

3. Enter your details, including first name, last name, company name, Job title, phone number, country,
email, and password.
Follow the specified password policy while creating the password. Personal domain email addresses, such as
gmail.com or yahoo.com are not allowed. You must sign up with a company email address.

4. Click Submit.
A confirmation page appears and you receive an email from mynutanix@nutanix.com after you successfully
complete the sign-up process.

5. Click the link in the email to verify your email address.


A confirmation message briefly appears, and you are directed to the Nutanix Support portal.

6. Sign in to the portal using the credentials you specified during the sign-up process.

7. Click My Nutanix to go to the My Nutanix dashboard.

Cloud Clusters (NC2) | NC2 Deployment Prerequisites | 26


8. An educational tutorial explaining the multiple workspaces appears when you access the My Nutanix for the first
time. Click Take a Tour to learn more about workspaces. If you have an existing My Nutanix account and are
familiar with workspaces, click Skip.

Figure 4: Take a tour - multiple workspaces

A default Personal workspace is created after you successfully create a My Nutanix account. You can rename
your workspaces. For more information on workspaces, see Workspace Management.

Note: The default Personal workspace name contains the domain followed by the email address of the user and
the tenant word.

Cloud Clusters (NC2) | NC2 Deployment Prerequisites | 27


Figure 5: Workspace

Note: When you create a My Nutanix account, a default workspace gets created for you with the Account Admin
role, which is required to create an NC2 subscription and access the Admin Center and Billing Center portals. If you
are invited to a workspace, then you must get the Account Admin role so that you can subscribe to NC2 and access
the Admin Center and Billing Center.

Starting a Free Trial for NC2


Before you sign up for a paid subscription plan to use NC2, you can start a 30-day free trial. While NC2 supports
multiple public clouds (AWS, Azure), Nutanix offers only one 30-day free trial period for NC2. The free trial is for
Nutanix software usage. If your free trial period is expired, consider subscribing to a paid subscription plan.
After your NC2 trial expires, your cluster will still be accessible, but you will not be able to change the cluster
capacity or create new clusters until you subscribe to NC2. You will not be billed for Nutanix software usage while
your trial is expired; however, your cloud provider might charge you for hardware. If needed, the NC2 team can work
with you during this period to offer you an extension on your expired trial.
Your trial remains expired for a grace period of 30 days, after which your NC2 trial gets cancelled, and no more
trial extensions are possible. The NC2 cluster stays running, but you cannot modify the capacity of an existing
cluster or create new clusters. Billing from your cloud provider will continue as usual. You can still switch to a
paid subscription and regain the capabilities to use the existing configurations and NC2 features fully. For more
information on subscribing to NC2, see Changing Payment Method.

Note: The owner of the My Nutanix workspace that has been used to start the free trial for NC2 must add other users
from the NC2 console with appropriate RBAC if those users need to manage clusters in the same tenant. For more
information on adding users and the roles that can be assigned, see NC2 User Management.

Note: You are responsible for any hardware and cloud services costs incurred during the NC2 free trial.

Perform the following procedure to start a free trial of NC2:

Cloud Clusters (NC2) | NC2 Deployment Prerequisites | 28


Procedure

1. Sign in to https://my.nutanix.com using your My Nutanix credentials.

Note: Ensure that you select the correct workspace from the Workspace dropdown list on the My Nutanix
dashboard. For more information on workspaces, see Workspace Management.

Figure 6: Selecting a Workspace

2. On the My Nutanix dashboard, scroll to Cloud Services, and under Nutanix Cloud Clusters (NC2), click
Get Started.

Figure 7: Cloud Services - NC2 Get Started

3. On the Nutanix Cloud Clusters (NC2) on Public Clouds page, under Try NC2, click Start your 30 day
free trial.

Cloud Clusters (NC2) | NC2 Deployment Prerequisites | 29


4. You are redirected to the NC2 console. When prompted to accept the Nutanix Cloud Services Terms of Service,
Click I Accept. The NC2 console opens in a new tab. You can now start using NC2.

Note: If you want to subscribe to NC2 instead of using a free trial, you can click the Select from our available
plan options to get started option, and then complete the subscription on the Nutanix Billing Center.

Note: To be able to use NC2 on Azure, you must get your Azure subscription allowlisted. For more information,
see Allowlisting Your Azure Subscription.

Cloud Clusters (NC2) | NC2 Deployment Prerequisites | 30


NC2 PAYMENT METHODS
Nutanix offers a simplified licensing experience in purchasing and consuming NC2. In addition to the legacy
licensing model for AOS, Nutanix has introduced the Nutanix Cloud Platform packages that support the new and
consolidated Nutanix product portfolio. The packages are:

• Nutanix Cloud Infrastructure (NCI)


• Nutanix Cloud Manager (NCM)
• Nutanix Cloud Platform (NCP, bundle of NCI and NCM)
• Nutanix Unified Storage (NUS)
• Nutanix Database Service (NDB)
• Nutanix End User Computing (EUC)
You can use the NCI, AOS, VDI, or EUC licensing options and any associated add-ons. When you select the AOS
licensing option, you can continue using the cluster with AOS option or switch to the NCI licensing. When you select
the VDI licensing option, you can continue using the cluster with the VDI option or switch to the EUC licensing.
You must deploy Prism Central and configure your NC2 cluster with that Prism Central in order to use NCI licenses.

Note: You cannot switch back from NCI licensing to AOS licensing. You cannot switch back from EUC licensing to
VDI licensing.

Nutanix also provides flexible subscription options that help you select a suitable subscription type and payment
method for NC2.
You can use the legacy portfolio licenses and pay using the Pay As You Go (PAYG) subscription plan for overages
above the legacy license capacity used.
For more information on the pricing that is used to charge for overages above legacy AOS license capacity, see NC2
pricing options.
For the new NCI licensing, NC2 does not charge for overages above the NCI license capacity used. For more details
on the new NCI licenses, see Nutanix Cloud Platform Software Options.
You can choose to be invoiced either directly by Nutanix or through your cloud marketplace account, if you choose to
use your cloud marketplace.
NC2 supports Advanced Replication and Security add-ons for NCI Pro and Nutanix Unified Storage (NUS) Pro, and
you have to manually apply these licenses to Prism Central managing your NC2 cluster. NC2 supports Advanced
Replication and Data-at-Rest Encryption add-ons for AOS (legacy) Pro, and you have to reserve capacity from these
licenses, after which they are automatically picked up and applied to your NC2 cluster.
The following table lists the combination of license types based on the software configuration and the subscription
plan available for these license types.

Table 14: Summary of license types

Cluster Type Available License Types Available Software Tier


General Purpose NCI
• NCI Pro + Advanced Replication +
Data-at-Rest Encryption
• NCI Ultimate + Advanced Replication
+ Data-at-Rest Encryption

Cloud Clusters (NC2) | NC2 Payment Methods | 31


Cluster Type Available License Types Available Software Tier
General Purpose AOS
• AOS Pro + Advanced Replication +
Data-at-Rest Encryption
• AOS Ultimate

Note: Advanced Replication and


Data-at-Rest Encryption add-ons are
included in AOS Ultimate license.

VDI EUC EUC Ultimate


VDI VDI VDI Ultimate

Note: Advanced Replication and


Data-at-Rest Encryption add-ons are
included in VDI Ultimate license.

Nutanix Licenses for NC2


Your Nutanix licenses are given priority when covering your NC2 usage. You can use the Pay As You Go (PAYG)
subscription plan to pay for overages above your legacy license capacity. There is currently no charge for overages
above the NCI license capacity used for the new NCI licensing.
For more information on how to select AOS or NCI license during cluster creation, see Creating a Cluster.
For more information on how to switch an already running cluster with AOS legacy licensing to NCI licensing, see
Applying NCI, EUC, and NUS Licenses.

New Portfolio Licenses


When creating a cluster, you can select your general purpose type NC2 cluster to use either NCI Pro or NCI Ultimate
licenses. Or, you can select your VDI type NC2 cluster to use the End User Computing (EUC) Ultimate license. The
rest of the new portfolio, such as Nutanix Cloud Manager (NCM), Nutanix Unified Storage (NUS), and Nutanix
Database Service (NDB), is also supported with NC2. Steps to apply licenses are similar for all products and services
in the new portfolio - manually apply licenses to Prism Central. For more information, see Applying and Managing
Cloud Platform Licenses.
For the new NCI licensing, there is currently no charge for overages above the NCI license capacity used.
You must not reserve license capacity for the new portfolio licenses, unlike you do it for the legacy portfolio licenses.
In addition to using the Nutanix licenses, you also need to subscribe to NC2. For more information, see NC2
Subscription Workflow.

Note: Your NC2 cluster is enabled with AOS, NCI, VDI, or EUC licenses during the free trial. You can switch from
AOS to NCI licenses at any time; however, you cannot switch from NCI to AOS licenses. You can switch from VDI to
EUC licenses at any time; however, you cannot switch from EUC to VDI licenses.

For more information on how to switch an already running cluster with AOS legacy licensing to NCI licensing, see
Applying NCI, EUC, and NUS Licenses.
Once you have configured Prism Central with the cluster, you can manually apply the NCI licenses to that Prism
Central to cover the usage of the cloud usage.
When switching cloud cluster from one Prism Central to another Prism Central, you must manually re-license that
new Prism Central with the NCI license you want to use.

Note: You can use the same Prism Central with both AOS and NCI-licensed clusters.

Cloud Clusters (NC2) | NC2 Payment Methods | 32


Applying cloud platform licenses, excluding NUS, requires that the cluster is running the minimum versions of the
following software:

• AOS 6.0.1.7
• Nutanix Cluster Check (NCC) 4.3.0
• Prism Central pc.2021.9
Applying NUS licenses requires that the cluster is running the minimum versions of the following software:

• AOS 6.1.1
• NCC 4.5.0
• pc.2022.4

Applying NCI, EUC, and NUS Licenses


You must manually apply the NCI, NUS, and EUC licenses. Perform the following steps to use these
licenses:

Procedure

1. If you are using a free trial for NC2, you can select NCI, AOS, VDI, or EUC as the option during the free trial
period.
You can switch from the AOS to the NCI licensing option or from the VDI licensing to the EUC licensing at any
time. Make sure you follow the appropriate licensing instructions for legacy licenses or new portfolio licenses.

Cloud Clusters (NC2) | NC2 Payment Methods | 33


2. If you have a running cluster with AOS legacy licensing, then while using the new portfolio licenses, you must
switch the license type to NCI before manually applying the new portfolio licenses in Prism Central.

Note: You must perform this step with every NC2 cluster that use the new portfolio licenses, for both general
purpose and VDI clusters.

Perform the following steps to change the license type from AOS to NCI:

a. Sign in to the NC2 console: https://cloud.nutanix.com


b. In the Clusters page, click the name of the cluster for which you want to update the license type.
c. On the Settings page, click the Cluster Configuration tab.

Figure 8: Switch to NCI License


d. Your current selection of AOS license type is displayed. Click Switch to NCI.

Cloud Clusters (NC2) | NC2 Payment Methods | 34


Figure 9: Switch to NCI Manual Steps
e. Click Switch to NCI Licensing to confirm the switch of license type to NCI.
Ensure that you want to switch to NCI, as you would not be able to switch back to AOS after switching to
NCI.

3. If you already have the following licenses that you are ready to use, you can manually apply these licenses by
following the procedures described in Applying and Managing Cloud Platform Licenses.

• Nutanix Cloud Infrastructure (NCI)


• Nutanix Cloud Manager (NCM)
• Nutanix Cloud Platform (NCP, bundle of NCI and NCM)
• Nutanix Unified Storage (NUS)
• Nutanix Database Service (NDB)
• Nutanix End User Computing (EUC)
If you do not have these licenses, you can also convert your legacy AOS licenses to the new NCI licenses. For
more information, see Converting to Cloud Platform Licenses.

Legacy Portfolio Licenses


While Nutanix is transitioning from our legacy portfolio packaging, you can still use the legacy portfolio licenses
for your NC2 clusters. Overages above the license capacity used can be paid using a subscription plan and will be
invoiced directly by Nutanix. For more information on the pricing that will be used to charge for overages above
legacy AOS license capacity, see NC2 Pricing.
In addition to using the Nutanix licenses, you also need to subscribe to NC2. For more information, see NC2
Subscription Workflow.

Cloud Clusters (NC2) | NC2 Payment Methods | 35


Under the legacy portfolio licenses, you can reserve AOS Pro, AOS Ultimate, and VDI Ultimate license for NC2 on
Azure. These licenses are automatically applied to the cloud clusters to cover their configuration and usage. Rest of
the legacy portfolio licenses can be manually applied to an NC2 cluster.

Reserving License Capacity

Note: License reservation is required for AOS (legacy) licenses and the associated Advanced Replication and Data-at-
Rest Encryption add-ons. License reservation is not required for NCI licenses and the associated Advanced Replication
and Data-at-Rest Encryption add-ons, as you need to manually apply the NCI licenses.
You do not need to delete the license reservation when terminating an NC2 cluster if you intend to use the
same license reservation quantity for a cluster you might create in the future.

To reserve licenses for NC2, do the following:

Procedure

1. Sign in to the Nutanix Support portal at https://portal.nutanix.com and then click the Licenses link on the
portal home page. You are redirected to the Licensing portal.

2. Under Licenses on the left pane, click Active Licenses and then click the Available tab on the All Active
Licenses page.

Figure 10: Active Licenses Page

3. Select the licenses that you want to reserve for NC2 and then select Update reservation for Nutanix Cloud
Clusters (NC2) from the Actions list.

Note: This option becomes available only after you select at least one license for reservation.

Cloud Clusters (NC2) | NC2 Payment Methods | 36


4. On the Manage Reservation for Nutanix Cloud Clusters (NC2) page, click the hamburger icon available
in the row of the license you want to reserve, and then click Edit.

Figure 11: Manage License Reservation

5. Enter the number of licenses that you want to reserve in the Reserved for AWS and Reserved for Azure
columns for the license. The available licenses appear in the Total Available to Reserve column.

6. Click Save to save the license reservations.

Reclaiming a CBL License


Your reserved licenses can only be used on an NC2 cluster provided the license reservation is active.
If you want to use the reserved license for an on-prem cluster, ensure that you update the capacity that was reserved
for cloud clusters to zero so that it can be used by on-prem clusters.
To reclaim the NC2 license and use the license for an on-prem cluster, perform the following steps:

Procedure

1. Terminate your cluster from the NC2 console. For more information, see Terminating a Cluster.

2. Update the license reservation for the NC2 cluster under Reserved for AWS or Reserved for Azure columns
as 0 on the Licensing portal. For more information, see Modifying License Reservations.

3. Your license capacity is now available for use with any other Nutanix cluster, including on-prem clusters.

Managing Licenses
Follow these steps to manage licenses and change license type or add add-on products to your running
NC2 cluster.

Procedure

1. Sign in to the NC2 console: https://cloud.nutanix.com

2. In the Clusters page, click the cluster name for which you want to update the add-on product selection.

Cloud Clusters (NC2) | NC2 Payment Methods | 37


3. On the Settings page, click the Cluster Configuration tab.

Figure 12: Manage add-on products

4. Under Software Configuration, you can change your license tier Pro to Ultimate or vice versa from the
Software Tier list.

5. Under Add-on Products, based on the cluster type (General Purpose or VDI cluster) and the license tier, the
available add-on products are displayed. Select or remove the add-on product based on your requirements.

6. Click Save.

Subscription Plan for NC2


You can choose to pay for your NC2 usage either directly to Nutanix or through your cloud marketplace. Nutanix
licenses are given priority to cover your NC2 usage. Any overage beyond license capacity applied on the cluster is
billed to your chosen subscription plan - Nutanix Direct or Cloud marketplace.

Table 15: NC2 Subscription Plan

Subscription Plan Description Payment Method

Nutanix Direct subscription for NC2 on Azure

Cloud Clusters (NC2) | NC2 Payment Methods | 38


Subscription Plan Description Payment Method
Pay As You Go You are billed every month When you choose to pay for your NC2
for the NC2 software usage of usage directly to Nutanix, you can use
that month. There is no term one of the following payment methods:
commitment in this plan.
• Credit Card – Allows you to purchase
a payment plan using your credit card
details.
• ACH Bank Transfer – Allows
you to pay using your ACH bank
transfer details. The ACH payment
method is available only if the bill-
to address of your organization is in
the United States of America. Nutanix
enables the ACH bank transfer payment
method to you either after at least one
positive credit card transaction or if
you make a request to use this payment
method through your Nutanix sales
representative.
• Invoice Me – Direct invoicing by
Nutanix at the end of every billing
cycle. If you prefer to be invoiced by
Nutanix instead of using your credit
card or bank transfer, ask your Nutanix
account manager to enable the Invoice
Me option in your NC2 account.

Cloud Marketplace subscription for NC2 on Azure


Pay As You Go You are billed every month You will be billed by Azure
for the NC2 software usage of marketplace, and you can use your
that month. There is no term MACC commitments to pay for the bill.
commitment in this plan.
Nutanix licenses and You can work with your Nutanix The full $ value of your Nutanix
overages Account Manager and Nutanix software licenses will be invoiced
reseller to get a discounted by Azure and goes towards meeting
private offer to pay for Nutanix your Microsoft Azure Consumption
licenses for your NC2 cluster. By Commitment (MACC). You need to
subscribing to NC2 through Azure pay the total cost of Nutanix software
Marketplace, the upfront cost of for the entire duration of any multi-
your licenses and future overages year license contract in a single upfront
is billed to your cloud account. payment. The cost of future overages
is billed to your cloud account.

Note: For more information on pricing, see https://www.nutanix.com/products/nutanix-cloud-clusters/


pricing.

NC2 Subscription Workflow


You must subscribe to NC2 to continue NC2 usage after the trial period ends. You can also subscribe to NC2 anytime
during your free trial period.

Cloud Clusters (NC2) | NC2 Payment Methods | 39


Note: For the workspace you want to use to create an NC2 subscription, you must have the Account Admin role. The
default workspace that was created when you created a My Nutanix account has the Account Admin role. If you are
invited to a workspace, then you must get the Account Admin role so that you can subscribe to NC2 and access the
Admin Center and Billing Center.

You must subscribe to an NC2 subscription plan (Nutanix Direct or Cloud Marketplace) to cover your NC2 usage.
Any licenses applied to your NC2 cluster will be given priority to cover NC2 usage, and the remaining overages will
be billed to that subscription plan.

Note: You can only reserve your legacy portfolio licenses. You must not reserve the new portfolio licenses, such as
NCI and EUC licenses. You need to apply these licenses to an NC2 cluster manually.

To learn more about how to reserve the legacy portfolio licenses, see Reserving License Capacity.
To learn more about how to manually apply new portfolio licenses, see Applying NCI, EUC, and NUS Licenses.
You can subscribe to NC2 from the My Nutanix dashboard > Administration > Billing Center > Launch. In the
Billing Center, under Nutanix Cloud Clusters, click Subscribe Now.
At the beginning of the subscription steps, you get the following options to cover your NC2 usage:

• Use your reserved license capacity: You can reserve your legacy portfolio licenses, such as AOS Pro, AOS
Ultimate, VDI Ultimate license, and associated add-ons for NC2 usage. These licenses are automatically applied
to the cloud clusters to cover their configuration and usage.
You still need to select a subscription plan to cover any overage above your reserved license capacity. You have a
choice of paying directly to Nutanix or using your cloud marketplace account to pay for NC2 software usage.

Note: Ensure that you have reserved enough license capacity for NC2 if you plan to use Nutanix licenses for NC2
usage.

• Use your subscription plan: You can use your paid subscription plan and pay directly to Nutanix or use your
cloud marketplace account.
Based on your preferences, you can use the following subscription workflows to pay for your NC2 software usage,
such as any overage above your reserved license capacity or invoices for your subscription plan.

• Nutanix Direct Subscription: Pay for your NC2 software usage directly to Nutanix.
For more information, see Nutanix Direct.
• Cloud Marketplace Subscription: Pay for your NC2 software usage through your cloud marketplace account.
For more information, see Azure Marketplace.
With NC2 being a multicloud product, you can consume NC2 on AWS as well as Azure. Your Cloud marketplace
subscription is given preference to cover NC2 on Azure usage, if you are connecting your Azure marketplace
account. However, NC2 on AWS usage will still need to be covered by a Nutanix Direct subscription. Your Azure
marketplace account is not charged for any NC2 usage on AWS.
You are billed by Azure marketplace, and you can use your MACC commitments to pay for the bill.

Nutanix Direct
Perform the following procedure to pay for NC2 on Azure and NC2 on AWS consumption with a Nutanix Direct
subscription plan:

Procedure

1. Sign in to https://my.nutanix.com using your My Nutanix credentials.

Cloud Clusters (NC2) | NC2 Payment Methods | 40


2. Select the correct workspace from the Workspace dropdown list on the My Nutanix dashboard. For more
information on workspaces, see Workspace Management.

Figure 13: Selecting a Workspace

3. Perform one of the following:

• On the My Nutanix dashboard, scroll down to Administration > Billing Center and click Launch. In the
Billing Center, under Nutanix Cloud Clusters, click Subscribe Now.
• On the NC2 console, click the Nutanix billing center link in the banner displayed on the top of the NC2
console.
You are directed to the Nutanix Billing Center.

Cloud Clusters (NC2) | NC2 Payment Methods | 41


4. At the beginning of your subscription steps, the Would you like to use your existing Nutanix Licenses
for your NC2 usage? option is presented.

Figure 14: Payment Plan - Pay directly to Nutanix

• Select Yes, I would like to use Nutanix Licenses to cover NC2 usage if you want to use Nutanix
licenses for NC2. You must reserve the legacy license capacity from the Nutanix license portal or manually
apply new portfolio licenses to your NC2 cluster.
If you select this option, the licenses reserved or applied are used to cover the NC2 usage first, and any
overage is charged to the subscription plan you select in the next step.
• Select No, I don’t want to use my licenses. Invoice all NC2 usage to my subscription plan
option if you do not want to use any licenses for NC2. All NC2 usage will be charged to the subscription
plan that you select in the next step.

5. Next, the How would you like to pay for overage above any reserved license capacity? option is
presented.

• Pay directly to Nutanix: The NC2 software usage on all supported clouds (AWS and Azure) is paid to a
single subscription plan.
• Pay via Cloud Marketplace: The Azure marketplace bills you for the NC2 usage on Azure. Any NC2 on
AWS usage still goes through a Nutanix Direct subscription.
Select Pay directly to Nutanix and then click Next.

Cloud Clusters (NC2) | NC2 Payment Methods | 42


6. Click Next.

Figure 15: Payment Plan - Reserve Existing Licenses

Legacy License Portfolio: You can click Reserve existing licenses on the Support Portal to reserve
licenses for the NC2 usage. To learn more about how to reserve the legacy portfolio licenses, see Reserving
License Capacity.
New Portfolio Licenses: To learn more about how to manually apply new portfolio licenses, see Applying
NCI, EUC, and NUS Licenses.

Cloud Clusters (NC2) | NC2 Payment Methods | 43


7. On the next screen, the payment plan is presented to you based on the choices made in the previous step.

Figure 16: Pay directly to Nutanix

Select Pay As You Go (For NC2 on AWS and Azure) payment plan for your Nutanix cluster. With this
plan, you are billed at the end of each month for the NC2 usage for that month without any term commitments.
Click Next.

8. On the Company Details page, type the details about your organization and then click Next.
Nutanix Cloud Services considers the address that you provide in the Address 1 and Address 2 fields as the
Bill To Address and uses this location to determine your applicable taxes.
If the address where you consume the Nutanix services is different than your Bill To Address, under the
Sold to Address section, clear the Same information as provided above checkbox and then provide the
address of the location where you use the Cloud services. However, only the Bill To Address is considered to
determine your applicable taxes.

9. On the Payment Method page, select one of the following payment methods, and then click Next.

• Credit Card: Enter your credit card details.


• ACH Bank Transfer: Enter your Automated Clearing House (ACH) bank transfer details. You must
discuss with your account team if you prefer to use the ACH Bank Transfer option. The ACH payment
method is available only if the bill-to address of your organization is in the United States of America, and
you must at least have made one positive payment from your account for the same or any other service.
• Invoice Me: Direct invoicing by Nutanix at the end of every billing cycle. You must ask your account
manager to enable this option in your NC2 account if you prefer to be invoiced by Nutanix instead of using a
credit card or bank transfer.

Cloud Clusters (NC2) | NC2 Payment Methods | 44


10. On the Review & Confirm page, review all the details, click Edit next to each section if you want to edit any
of the details.

11. (Optional) If you have received a promotional code from Nutanix, type the code in the Promo code field and
click Apply.

12. Click Accept & Place Order.


A message confirming the success of your subscription displays. You also receive a confirmation email. You
can now begin using the NC2.

What to do next
You can now begin using the NC2.
You can do one of the following:

• Proceed to NC2: Start using the NC2 service.


• Go to Billing Center: Proceed to the Billing page of your cloud services account.
• Go to Admin Center: Proceed to the administration page of your cloud services account.

Azure Marketplace
You can subscribe to NC2 on Azure from Azure Marketplace in the following ways:

• Nutanix licenses and associated overages: Work with your Nutanix account manager to get discounted
pricing for Nutanix licenses.
For more information, see Subscribing to NC2 From Azure Marketplace With Private Offers.

Note: Nutanix recommends always reaching out to your Nutanix account manager for discounted pricing to
subscribe to NC2 from Azure Marketplace.

• Pay-as-you-go subscription plan: You can subscribe to NC2 using publicly available plans.
For more information, see PAYG Subscription Plan.

Azure Marketplace With Private Offers


Nutanix provides a convenient and cost-beneficial way to pay for NC2 through the Azure marketplace. You can work
with your Nutanix Account Manager and Nutanix reseller to get a discounted private offer for Nutanix licenses or the
subscription plan and pay for Nutanix Cloud Infrastructure (NCI) Pro, NCI Ultimate licenses, End User Computing
(EUC) Ultimate, Nutanix Cloud Platform (NCP) Pro, and NCP Ultimate licenses included in your customized private
offer through Azure Marketplace.
For more information on Azure Marketplace Private Offers, see Microsoft Documentation.
When you subscribe to NC2 using a private offer sent to you through Azure Marketplace, you will be invoiced by
Azure. The full $ value of your Nutanix software licenses goes towards meeting your Azure spend commitments that
may be part of your Microsoft Azure Consumption Commitment (MACC). You need to pay the total cost of Nutanix
software for the entire duration of any multi-year license contract in a single upfront payment.

Note: Any overages above the license capacity purchased through Azure Marketplace will also be billed through Azure
Marketplace, and the same discounted rate that was used for the initial license purchase through Azure Marketplace will
be used to calculate the billable amount for overages. The overages will be billed and invoiced monthly by Azure.

Note: You must manually apply NCI and EUC licenses to Prism Central to manage your NC2 clusters. For more
information, see Applying NCI, EUC, and NUS Licenses.

Perform the following steps to subscribe to NC2 from Azure Marketplace:

Cloud Clusters (NC2) | NC2 Payment Methods | 45


Procedure

1. Contact your Nutanix Account Manager with your NC2 sizing requirements, such as the number of licenses
required and the term for usage.
Your Nutanix Account Manager works with a Nutanix reseller, if applicable, to come up with customized
pricing and convert that into a private offer in Azure Marketplace. Once the offer is ready for you to accept
through Azure Marketplace, you will receive an email from the Nutanix reseller with the private offer details,
including the pricing that is specific to you.

Note: You need to provide your Azure billing account details to the Nutanix Account Manager. You can find
your billing account ID in the Azure portal from Subscriptions > Your subscription that you want to use for the
NC2 subscription > Properties (or Billing Properties) > Billing Account ID.

2. Click the private offer URL in the email that you receive from the Nutanix reseller.
You are redirected to Azure Marketplace.

3. Sign in to the Azure marketplace, if prompted.


You are redirected to the Private Offer details page in the Azure portal.

Cloud Clusters (NC2) | NC2 Payment Methods | 46


4. Follow these steps to accept the private offer and activate your NC2 subscription:

a. Review the private offer details, such as billing account, private offer pricing and validity duration, product
type, and the expiration date for the offer.

Figure 17: Private offer details


b. Review the terms and conditions, and click the I have read the offer’s terms and conditions
checkbox.
c. Click Accept Private Offer.
A contract is created after the offer is accepted, You are redirected to the Private Offer summary page, where
you must perform the remaining steps to complete the purchase.

Cloud Clusters (NC2) | NC2 Payment Methods | 47


Figure 18: Complete purchase of private products

5. Click Complete purchase of private products.

Cloud Clusters (NC2) | NC2 Payment Methods | 48


6. Navigate to your Azure Marketplace home page, and then on the left side of the page, under My Marketplace,
select Private products.
The private products that are available for you are displayed.

Figure 19: Azure Marketplace - Private products

Cloud Clusters (NC2) | NC2 Payment Methods | 49


7. Click the Nutanix Cloud Clusters (NC2) tile.
You are redirected to the Nutanix Cloud Clusters (NC2) listing page.

Figure 20: Marketplace - Subscribe to NC2

8. Review the plan and subscription on the Nutanix Cloud Clusters (NC2) listing page and click Subscribe.
You are redirected to the Subscribe to Nutanix Cloud Clusters (NC2) page.

Cloud Clusters (NC2) | NC2 Payment Methods | 50


9. On the Basics tab of the Subscribe To Nutanix Cloud Clusters (NC2) page, provide the following
details:

a. Under Project details, enter the following details:

• Subscription: Select your Azure subscription.


• Resource Group: Select an existing Azure resource group or create a new resource group by clicking
the Create new link.
• Resource group location: Select the location of the resource group.
b. Under SaaS details, enter the following details:

• Name: Enter a name for your marketplace subscription.


• Plan: Review the Plan details.

Note: Ensure that the plan displayed here is the same plan that was selected in the private offer details
page in Step 4. You must not click Change plan to change the offered plan because the private offer is
made against a specific plan for you.

• Billing term, Price/payment frequency, and Subtotal: Review these prefilled details.
• Recurring billing: Set the recurring billing On if you want your subscription auto-renewed at the end
of the billing term.

Note: You must negotiate the private discounted pricing before the end of your subscription term, even if
you opt-in to auto-renew your subscription. Otherwise, you are billed at the publicly available rate, the non-
discounted pricing after the end of the term of your subscription, with discounted pricing.

Your discounted pricing is always lower than this public rate. Therefore, Nutanix recommends always
re-negotiating the pricing with your Nutanix Account Manager, even if you choose to auto-renew your
subscription.
If you select Off for Recurring billing, the auto-renewal is disabled for your subscription. In this case,
some of your NC2 features might be restricted when your subscription expires. You will not be billed any
amount for ongoing NC2 usage until you renegotiate custom pricing with your Nutanix Account Manager.

Cloud Clusters (NC2) | NC2 Payment Methods | 51


Figure 21: Subscribe to NC2 - project and SaaS details

10. Click Review + subscribe and then review the offer and plan details.

Cloud Clusters (NC2) | NC2 Payment Methods | 52


11. Click Subscribe.
The subscription progress page appears.

Figure 22: Subscribe to NC2 - product and plan details

Cloud Clusters (NC2) | NC2 Payment Methods | 53


12. After the subscription process is complete, click Configure account now. You are redirected to the Nutanix
Billing Center to complete your NC2 billing configuration.

Figure 23: Subscription process

13. While you are redirected to My Nutanix Billing Center, sign in with your My Nutanix account credentials.

Note: If you do not already have an existing My Nutanix account, you must sign up for a new My Nutanix
account and verify the email address used to sign up for My Nutanix. After verifying your email address, you will
be automatically redirected to My Nutanix Billing Center. For more information, see Creating My Nutanix
Account.

Cloud Clusters (NC2) | NC2 Payment Methods | 54


14. Click Add Addresses to add your billing address and the address where the NC2 subscription will be used.
Verify that the product type and the associated license quantity match your private offer.

Figure 24: Add billing addresses

Cloud Clusters (NC2) | NC2 Payment Methods | 55


15. On the Add Address page, enter the details about your organization and then click Save.
The address that you provide in the Address 1 and Address 2 fields are considered as the Bill To Address.
If the address where you consume NC2 is different than your Bill To Address, under the Address where
service will be provided section, clear the Same information as provided above checkbox and then
provide the address of the location where you use NC2.

Figure 25: Add addresses

Cloud Clusters (NC2) | NC2 Payment Methods | 56


16. Click Accept and Continue to NC2.
If required, you can change the billing and service addresses.

Cloud Clusters (NC2) | NC2 Payment Methods | 57


Cloud Clusters (NC2) | NC2 Payment Methods | 58
Figure 26: Accept the subscription terms
Note: It might take approximately two days for your licenses to be ready to apply on the cluster. You can
continue to use NC2 in the meantime. You will be notified through email when your licenses are ready to be
applied on NC2, and then they can follow the steps described in Applying NCI, EUC, and NUS Licenses.

You are redirected to the NC2 portal: https://cloud.nutanix.com.

17. Sign in with your My Nutanix credentials.

PAYG Subscription Plan


You can subscribe to NC2 from Azure Marketplace for Pay As You Go subscription plan. Azure Marketplace sends
you billing invoices on a monthly basis for a PAYG subscription plan. The $ value of your bill for Nutanix software
usage goes towards meeting your Microsoft Azure Consumption Commitment (MACC) commitments.

Note: Nutanix recommends using an alternate method for NC2 subscriptions that involves a Nutanix reseller, where
you can work with your Nutanix Account Manager to get discounted pricing based on your specific needs. For more
information, see Subscribing NC2 From Azure Marketplace With Private Offers.

With NC2 being a multicloud product, you can consume NC2 on AWS and Azure. Your Cloud marketplace
subscription is given preference to cover NC2 on Azure usage if you are connecting your Azure marketplace account.
However, NC2 on AWS usage still needs to be covered by a Nutanix Direct subscription. Your Azure Marketplace
account is not charged for any NC2 usage on AWS.
Follow these steps to pay for NC2 on Azure with a Cloud marketplace subscription:

Procedure

1. Sign in to https://my.nutanix.com using your My Nutanix credentials.

2. Select the correct workspace from the Workspace dropdown list on the My Nutanix dashboard.
For more information on workspaces, see Workspace Management.

Figure 27: Selecting a Workspace

Cloud Clusters (NC2) | NC2 Payment Methods | 59


3. To subscribe to NC2 from the Nutanix Billing Center, perform one of the following:

• On the My Nutanix dashboard, go to Administration > Billing Center and click Launch. In the Billing
Center, under Nutanix Cloud Clusters, click Subscribe Now.
• On the NC2 console, click the Nutanix billing center link in the banner displayed on the top of the NC2
console. You are directed to the Nutanix Billing Center. In the Billing Center, under Nutanix Cloud
Clusters, click Subscribe Now.

4. On the Payment Plan page, select one of the following options under Would you like to use your
existing Nutanix Licenses for your NC2 usage?.

Figure 28: Payment Plan - Pay via Cloud Marketplace

• Select Yes, I would like to use Nutanix Licenses to cover NC2 usage if you want to use Nutanix
licenses for NC2. You must reserve the exact amount of Nutanix licenses capacity from the Nutanix License
portal.
If you select this option, the reserved license capacity is used to cover the NC2 usage first, and once the
licenses are consumed, any overage will be charged to the subscription plan you select in the next step.
If you have not reserved license capacity, you can click Reserve your license capacity from the
License Portal now to reserve licenses for NC2 usage.

Note: You can reserve only the legacy licenses. You cannot reserve new portfolio licenses (NCI and EUC
licenses); you need to manually apply the required license capacity if you want to use NCI and EUC licenses
with NC2. For more information, see Applying NCI, EUC, and NUS Licenses.

• Select No, I don’t want to use my licenses. Invoice all NC2 usage to my subscription plan
option if you do not want to use any licenses for NC2. Your entire NC2 usage will be charged to your
subscription plan in the next step.

Cloud Clusters (NC2) | NC2 Payment Methods | 60


5. Select your payment method under How would you like to pay for overage above any reserved
license capacity?:

• Pay directly to Nutanix: The NC2 software usage on all supported clouds (AWS and Azure) is paid to a
single subscription plan.
• Pay via Cloud Marketplace: The Azure marketplace bills you for the NC2 usage on Azure. Any NC2 on
AWS usage still goes through a Nutanix Direct subscription.
Here, you must select Pay via Cloud Marketplace and then click Next.

6. Click Next.

Figure 29: Payment Plan - Reserve Existing Licenses

Cloud Clusters (NC2) | NC2 Payment Methods | 61


7. Select the Pay As You Go (for NC2 on Azure) subscription plan for your Nutanix cluster.
Pay As You Go (for NC2 on Azure) provides a plan in which you are billed at the end of each month for the
NC2 usage for that month without any term commitments. You can cancel the plan anytime. You are billed by
Azure marketplace and you can use your MACC commitments to pay for the bill.

Figure 30: Pay via a Cloud Marketplace

Click Next.

Cloud Clusters (NC2) | NC2 Payment Methods | 62


8. Select the Pay As You Go (For NC2 on AWS) payment plan for your Nutanix cluster.
Pay As You Go (For NC2 on AWS) provides a plan in which you pay for what you use every month. You
are billed every month for the usage of that month. There is no term commitment in this plan. You get monthly
bills based on your consumption for that month.

Note: NC2 being a multicloud product, you can also consume NC2 on Azure and AWS. Your Nutanix Direct
subscription is used to cover NC2 on AWS consumption. Select the subscription plan to cover NC2 software
usage on AWS. You are not charged if there is no usage.

Figure 31: Pay via a Cloud Marketplace - Pay directly to Nutanix

Click Next.

9. On the Company Details page, enter your organization details and click Next.
Nutanix Cloud Services considers the address that you provide in the Address 1 and Address 2 fields as the
Bill To Address and uses this location to determine your applicable taxes.
If the address where you consume the Nutanix services is different than your Bill To Address, under the
Sold to Address section, clear the Same information as provided above checkbox and then provide the
address of the location where you use the Cloud services. However, only the Bill To Address is considered to
determine your applicable taxes.

Cloud Clusters (NC2) | NC2 Payment Methods | 63


10. Click Connect to Azure Marketplace. You are redirected to the Nutanix Cloud Clusters (NC2) - PAYG
marketplace listing.

Note: This subscription workflow only allows you to pay for Nutanix software through your Azure marketplace
account. You are responsible for paying for Azure bare-metal costs directly to Azure.

Figure 32: Connect your Azure Marketplace Account

Perform the following steps:

a. On the Basics tab, enter the following details:

• Subscription: Select your Azure subscription.


• Resource Group: Select the Azure resource group or create a new resource group.
• Name: Enter a name for your marketplace subscription.
• Plan: Review the Plan details.
• Recurring billing: Set the recurring billing On so that your subscription gets renewed at the end of
billing term.

Cloud Clusters (NC2) | NC2 Payment Methods | 64


Figure 33: Subscribe to NC2 on Azure - Basic Tab
b. Click Review + subscribe.
Review the offer and plan details.

Cloud Clusters (NC2) | NC2 Payment Methods | 65


Figure 34: Review + subscribe
c. Click Subscribe.
The subscription progress page appears.

Cloud Clusters (NC2) | NC2 Payment Methods | 66


d. After the subscription is complete, click Configure account now.
You are redirected to the Nutanix Billing center to complete the configuration of your NC2 Billing plan with
your Azure marketplace account.

Note: You might receive an email from Microsoft asking for your new subscription activation. Nutanix
recommends not clicking the Activate now button in the email.

Figure 35: Subscription Success


e. On the permission requested page, click Accept.
f. Review the selected Azure marketplace subscription. If you want to use a different subscription, click No,
I’d like to use a separate Marketplace subscription, which redirects you to the Azure marketplace
portal.

Cloud Clusters (NC2) | NC2 Payment Methods | 67


Figure 36: Payment Method - Connect your Azure Marketplace Account
g. Click Next.

11. You must also provide a payment method for the Nutanix Direct subscription to cover the NC2 software usage
on AWS. Select one of the following payment methods on the Payment Method page, and then click Next.
You are not charged on this subscription if there is no NC2 usage on AWS.

• Credit Card: Enter your credit card details.

Note: It is optional to provide credit card details. Nutanix will invoice you directly for your NC2 on AWS
usage if you do not provide a credit card.

• ACH Bank Transfer: Enter your Automated Clearing House (ACH) bank transfer details. You must
discuss with your account team if you prefer to use the ACH Bank Transfer option. The ACH payment
method is available only if the bill-to address of your organization is in the United States of America, and
you must at least have made one positive payment from your account for the same or any other service.
• Invoice Me: Direct invoicing by Nutanix at the end of every billing cycle. You must discuss with your
account team if you prefer to be invoiced by Nutanix.

12. Review all the details on the Review & Confirm page. You can click Edit next to each section if you want to
edit any of the details.

13. (Optional) If you have received a promotional code from Nutanix, type the code in the Promo code field and
click Apply.

14. Click Accept & Place Order.


A message confirming the success of your subscription displays. You also receive a confirmation email.

Changing Payment Method


You can update your existing payment plan at any time. Changes to the payment plan can take effect either
immediately, or at the end of the current billing schedule depending on your existing plan.
The following options are available if you want to change your payment plans:

• Change the selection to use reserved licenses:

• Add your reserved Nutanix licenses for NC2 usage.


• Remove the selection for using the reserved licenses and just use the subscription plan.

Cloud Clusters (NC2) | NC2 Payment Methods | 68


Perform the following steps to change the existing payment plan:
1. Sign in to https://my.nutanix.com using your My Nutanix credentials.
2. Select the correct workspace from the Workspace dropdown list on the My Nutanix dashboard. For more
information on workspaces, see Workspace Management.

Figure 37: Selecting a Workspace


3. On the My Nutanix dashboard, scroll down to Administration > Billing Center and click Launch.
4. Under Subscriptions, next to Nutanix Cloud Clusters, click View plan details.

Figure 38: View plan details

Cloud Clusters (NC2) | NC2 Payment Methods | 69


5. Under NC2, click Change under Subscription Plan section.

Figure 39: Change subscription plan


6. Click Change under Reserved Licenses to make the necessary changes to the use of reserved Nutanix
licenses or your subscription plan.

Figure 40: Change reserved licenses capacity


7. Change the subscription plan based on your requirements.
8. Click Activate & Place Order to save the changes in the subscription plan selection.

Canceling the Subscription Plan


When you cancel your Pay As You Go plan, your plan is deactivated at the end of the current billing schedule. You
can revoke the cancellation of your plan at the most two times before the plan is deactivated. You cannot revoke the

Cloud Clusters (NC2) | NC2 Payment Methods | 70


cancellation after the plan has been deactivated. Nutanix bills you for the usage of the NC2 service from the time you
cancel the plan until the end of the current billing schedule.

Note: If you have your Azure marketplace account connected for the NC2 usage, you need to first disable it before
canceling your NC2 subscription. You can cancel your Azure marketplace subscription from your Azure account.

Perform the following procedure to cancel your subscription plan:

Procedure

1. Sign in to your My Nutanix account.

2. Select the correct workspace from the Workspace dropdown list on the My Nutanix dashboard. For more
information on workspaces, see Workspace Management.

Figure 41: Selecting a Workspace

3. On the My Nutanix dashboard, go to Administration > Billing Center and click Launch.

Cloud Clusters (NC2) | NC2 Payment Methods | 71


4. Under Subscriptions, in Nutanix Cloud Clusters, click View plan details.

Figure 42: View plan details

5. Under NC2, next to the Subscription Plan, click Cancel.

Figure 43: Cancel a Subscription Plan

6. In the Cancel Plan dialog, click Yes, Cancel to cancel the subscription plan or click Nevermind to close the
Cancel Plan dialog.

7. In the Share Your Feedback dialog, you can specify your reasons to cancel the plan, and click Send.

What to do next
Your plan is deactivated at the end of the current billing schedule. The Cancel Plan dialog displays the date on
which your plan is scheduled to be deactivated.

Note: You can revoke the cancellation of your plan at the most two times before the plan is deactivated.

Cloud Clusters (NC2) | NC2 Payment Methods | 72


Figure 44: NC2 - Revoke Cancellation

Billing Management
The Billing Summary page allows you to do the following:

• Update your payment method and company information.


• Change the primary and secondary billing contacts.
Both primary and secondary billing contacts receive all billing and payment-related communications, such as
invoices, subscription updates, and reminders.

Note: Only the primary billing contact can modify any billing or subscription details.

• Upload tax documents.


• Apply promotional codes.
• Download invoices.
• Manage the subscription of NC2, which includes the following:

• If you have applied the Nutanix software licenses, you can change the licenses allocated to NC2.
• View details about the unbilled amount for the current month.
• View details of usage, such as rate, quantity, and the amount charged for each entity (CPU hours, public IP
address hours, disk size, and memory hours) for each cluster.
For more information on how to manage billing, see Nutanix Cloud Services Administration Guide.

Viewing Billing and Usage Details


The Subscriptions tab on the Billing Center displays information about the estimated total spend and total usage
for your current and the last two billing cycles of NC2. You can see a breakdown of all your unbilled spend and usage
in the Analytics graph and the summary table displayed on the page.
The Subscriptions - NC2 page displays the following details:

• Details about the rate, quantity, and amount charged per unit for a selected billing cycle. You can check the details
for the current and last two billing cycles.
• Details about the usage of clusters by units of measure for a selected billing cycle.

Cloud Clusters (NC2) | NC2 Payment Methods | 73


Perform the following procedure to display the billing and usage details of NC2:
1. Sign in to your My Nutanix account.
2. Select the correct workspace from the Workspace dropdown list on the My Nutanix dashboard. For more
information on workspaces, see Workspace Management.

Figure 45: Selecting a Workspace


3. On the My Nutanix dashboard, go to Administration > Billing Center, and click Launch.
4. Under Subscriptions, in Nutanix Cloud Clusters, click View plan details.
5. Select one of the following to either view the billing details or the usage details.

• Spend: Displays a graph detailing your estimated daily spending for a selected billing cycle. You can check
details for the current and last two billing cycles. You can apply filters to the graph for individual units of
measure. A summary table with detailed information about the current billing cycle is also displayed.
• Usage: Displays an estimate of your total usage for the billing cycle that you select. You can filter the usage
by clusters and units of measure. Individual units of measure are a breakdown of total usage on the latest day
of the billing cycle that you select. You can apply filters to see more details, such as usage information of each
cluster and find out whether a usage is processed through licensing or subscription.
Select the billing period on the top-right corner of the usage graph to see the total usage for the selected billing
cycle in the form of a graph.
Under Usage broken down by individual units of measure, click Clusters, and then select a cluster
ID and choose a unit of measure to see the total usage of each cluster for a selected billing cycle in a graphical
view. Hover over the bars in the graph to see the number of licenses and subscriptions you used.
Click Units and select a unit of measure to see the total usage of all the clusters by that unit of measure.
A breakdown of the total usage of the same billing cycle you selected is displayed in a table after the graph.
You can view the usage graph for three billing cycles.

Note: You can also download this table as a CSV file.

Cloud Clusters (NC2) | NC2 Payment Methods | 74


Figure 46: Usage Details

Cloud Clusters (NC2) | NC2 Payment Methods | 75


AZURE TENANT SETUP
This guide assumes prior knowledge of the Azure subscriptions, resource groups, and Azure Virtual Network (VNet).
Familiarity with the Azure framework is recommended to operate significant deployments on Azure.
Perform the following tasks in the Azure portal:
1. Set up Azure Account
2. Configure Microsoft Entra ID
3. Set up an Azure subscription
4. Get your Azure subscription allowlisted by Microsoft.
5. Register the Azure Resource Providers
6. Create an App Registration
7. Get the Azure IDs

Setting up an Azure Account


Configure a Microsoft Azure account that meets the following requirements:

• Sufficient permissions to register an app.


For instructions, see Creating an App Registration.
• Sufficient vCPU quota that is required to deploy a Flow Gateway.
• Sufficient public IP addresses for your clusters.

Note: Ensure to save your Azure subscription ID (GUID), a 32-digit GUID associated with your subscription.

For up-to-date and detailed instructions on creating a free Azure account, see the Microsoft Azure documentation.

Configuring Microsoft Entra ID


To build NC2 as an application that uses the Microsoft identity platform for identity and access management, you
need access to Microsoft Entra ID (formerly Azure Active Directory) tenant.
For detailed instructions on how to set up a tenant, see the Microsoft Azure documentation.

Setting up an Azure Subscription


Set up an Azure subscription. This Azure subscription must be associated with the Azure AD that you configured.
You can either create a subscription in an existing tenant or create a new tenant. Note your Azure subscription ID.
For more information on how to get your Azure subscription allowlisted, see Allowlisting Your Azure Subscription
on page 76.

Allowlisting Your Azure Subscription


After you complete the account setup tasks, such as creating a My Nutanix account, starting a 30-day free
trial for NC2 on Azure, and setting up your Azure account and subscription, you first must submit an Azure
Support case for allowlisting your Azure subscription.

Note: Do not perform any tasks in the NC2 console until the Azure support case for allowlisting is closed.

Perform the following steps to get your Azure subscription allowlisted for NC2 on Azure:

Cloud Clusters (NC2) | Azure Tenant Setup | 76


Procedure

1. Sign into the Azure portal, go to Subscriptions and your target subscription context.

Figure 47: Azure services - Subscriptions

2. In the Support + troubleshooting section, select New Support Request. The New Support Request
page appears.

Cloud Clusters (NC2) | Azure Tenant Setup | 77


3. On the Problem description tab, provide the following information:

Figure 48: New Support Request - Problem Details

• Summary: Enter the summary in the following format:


<Your company name>: Whitelisting request for NC2 on Azure
• Issue type: Select Technical as the issue type.
• Subscription: The subscription context is auto populated. You can change it to the appropriate subscription.

Note: The Service field might take approximately 2-3 minutes to load.

• Service: Select All Services.


• Service type: Search for Nutanix. Select Nutanix Cluster on Azure.
• Problem type: Select the problem type as My issue is not Described here.
After you provide all these details, select Next.

4. Click Next on the Recommended solution page.

Cloud Clusters (NC2) | Azure Tenant Setup | 78


5. On the Additional details tab, provide the following details:

Figure 49: New Support Request - Support Details

Cloud Clusters (NC2) | Azure Tenant Setup | 79


• When did the problem start?: Select the current date time.
• Problem description: Enter a suitable description for your support ticket.
• Is there a support ticket with Nutanix: If you have submitted a support ticket with Nutanix, select Yes,
and then provide the ticket details. Else, select No or Unknown.
• Allow collection of advanced diagnostic information?: To enable faster resolution, Microsoft
recommends to select Yes to allow Microsoft support to access your Azure resources to collect advanced
diagnostic information.
• Severity: Select the support method severity as C – Minimal Impact.
• Preferred contact method: Select preferred contact method and support language.
• Contact info: Provide your contact details.

6. Click Next.

7. On the Review + create tab, review the summary. If the summary is correct, click Create.

8. A support ticket gets created and an acknowledgement email is sent to the email address with which you signed
into the Azure portal.

Note: It can take at least 3 days for the allowlisting to be fulfilled.

9. After the allowlisting is complete, you receive an email confirmation for the closure of the support ticket.

Validating the Allowlisting


After you perform the steps to get your Azure subscription allowlisted, NC2 recommends first checking if you are
allowlisted by Microsoft before you start creating a cluster.
To validate if your Azure subscription is allowlisted by Microsoft, run the Get-AzProviderFeature -
ProviderNamespace microsoft.nutanix command in Azure PowerShell. If you are allowlisted, you can see the
following output:
FeatureName ProviderName Status
------------ ------------ --------
NutanixPreview Microsoft.Nutanix Registered
Alternatively, you can go to Azure portal > Subscription > Settings > Resource Providers > See
Microsoft.Nutanix in the resource providers list has status as Registered.

Registering the Azure Resource Providers


Run the following commands in Azure PowerShell:
1. Set the subscription context:
Set-AzContext -Subscription "<your Azure subscription ID>"
2. Validate if the target subscription context is set:
Get-AzContext
3. Register the resource provider for your account:
register-azresourceprovider -providername microsoft.network

register-azresourceprovider -providername microsoft.nutanix

Cloud Clusters (NC2) | Azure Tenant Setup | 80


4. Validate if the resource providers are registered:
Get-AzProviderFeature -ProviderNamespace microsoft.network

Get-AzProviderFeature -ProviderNamespace microsoft.nutanix

The following is an example output:


Get-AzProviderFeature -ProviderNamespace microsoft.network
FeatureName ProviderName RegistrationState
----------- ------------ -----------------
fastpathenabled Microsoft.Network Registered
Get-AzProviderFeature -ProviderNamespace microsoft.nutanix
FeatureName ProviderName RegistrationState
----------- ------------ -----------------
NutanixPreview Microsoft.Nutanix Registered

For more information on how to register a resource provider, see the Microsoft Azure documentation.

Creating an App Registration


Create an App registration in Azure AD with access to the new subscription with the Azure custom role created in
Creating an Azure Custom Role.

Note: If you already assigned the Azure built-in Contributor role, you must first assign the Azure Custom role and then
remove the Contributor role. For more information, see Removing the Contributor Role Assignment.

Follow these steps to create an App registration:


1. Create an Azure custom role.
2. Check Azure AD and Azure subscription permissions.
3. Create and register an app.
4. Assign the Azure custom role.
5. Create a new client secret.

Creating an Azure Custom Role


You must create an App registration in Azure AD with access to your Azure subscription so that NC2 can
provision and manage clusters in Azure. You can create a custom role with the least privileges to access
the subscription and create an App registration with that custom role in Azure AD.
Follow these steps to create an Azure custom role:

Procedure

1. Create a JSON file that has the following format:


{
"properties": {
"roleName": "nc2-custom-role",
"description": "",
"assignableScopes": [
"/subscriptions/<subscription_id>"
],
"permissions": [
{
"actions": [
"Microsoft.Compute/register/action",
"Microsoft.Compute/availabilitySets/write",
"Microsoft.Compute/availabilitySets/delete",
"Microsoft.Compute/disks/read",
"Microsoft.Compute/disks/write",

Cloud Clusters (NC2) | Azure Tenant Setup | 81


"Microsoft.Compute/disks/delete",
"Microsoft.Compute/disks/beginGetAccess/action",
"Microsoft.Compute/disks/endGetAccess/action",
"Microsoft.Compute/locations/usages/read",
"Microsoft.Compute/availabilitySets/read",
"Microsoft.Compute/virtualMachines/*",
"Microsoft.Compute/snapshots/*",
"Microsoft.Compute/images/*",
"Microsoft.Compute/skus/read",
"Microsoft.Network/register/action",
"Microsoft.Network/loadBalancers/*",
"Microsoft.Network/applicationSecurityGroups/delete",
"Microsoft.Network/applicationSecurityGroups/
joinIpConfiguration/action",
"Microsoft.Network/applicationSecurityGroups/
joinNetworkSecurityRule/action",
"Microsoft.Network/applicationSecurityGroups/
listIpConfigurations/action",
"Microsoft.Network/applicationSecurityGroups/read",
"Microsoft.Network/applicationSecurityGroups/write",
"Microsoft.Network/natGateways/*",
"Microsoft.Network/networkInterfaces/*",
"Microsoft.Network/networkSecurityGroups/*",
"Microsoft.Network/publicIPAddresses/*",
"Microsoft.Network/virtualNetworks/*",
"Microsoft.Network/locations/usages/read",
"Microsoft.Storage/register/action",
"Microsoft.Storage/checknameavailability/read",
"Microsoft.Storage/locations/checknameavailability/read",
"Microsoft.Storage/locations/usages/read",
"Microsoft.Storage/operations/read",
"Microsoft.Storage/skus/read",
"Microsoft.Storage/storageAccounts/write",
"Microsoft.Storage/storageAccounts/read",
"Microsoft.Storage/storageAccounts/delete",
"Microsoft.Storage/storageAccounts/blobServices/containers/
clearLegalHold/action",
"Microsoft.Storage/storageAccounts/blobServices/containers/
delete",
"Microsoft.Storage/storageAccounts/blobServices/containers/
lease/action",
"Microsoft.Storage/storageAccounts/blobServices/containers/
read",
"Microsoft.Storage/storageAccounts/blobServices/containers/
write",
"Microsoft.Storage/storageAccounts/blobServices/read",
"Microsoft.Storage/storageAccounts/blobServices/write",
"Microsoft.Storage/storageAccounts/listAccountSas/action",
"Microsoft.Storage/storageAccounts/listkeys/action",
"Microsoft.Storage/storageAccounts/listServiceSas/action",
"Microsoft.Storage/storageAccounts/regeneratekey/action",
"Microsoft.Storage/storageAccounts/revokeUserDelegationKeys/
action",
"Microsoft.Storage/locations/usages/read",
"Microsoft.ResourceHealth/AvailabilityStatuses/read",
"Microsoft.ResourceHealth/events/read",
"Microsoft.ResourceHealth/AvailabilityStatuses/current/read",
"Microsoft.ManagedIdentity/userAssignedIdentities/*",
"Microsoft.Resources/subscriptions/locations/read",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Resources/subscriptions/resourceGroups/write",
"Microsoft.Resources/subscriptions/resourceGroups/delete",

Cloud Clusters (NC2) | Azure Tenant Setup | 82


"Microsoft.Resources/subscriptions/resourceGroups/
moveResources/action",
"Microsoft.Resources/subscriptions/resourceGroups/
validateMoveResources/action",
"Microsoft.Resources/subscriptions/resourcegroups/deployments/
read",
"Microsoft.Resources/subscriptions/resourcegroups/deployments/
write",
"Microsoft.Resources/subscriptions/resourcegroups/resources/
read",
"Microsoft.Resources/subscriptions/tagNames/read",
"Microsoft.Resources/subscriptions/tagNames/write",
"Microsoft.Resources/subscriptions/tagNames/delete",
"Microsoft.Resources/subscriptions/tagNames/tagValues/write",
"Microsoft.Resources/subscriptions/tagNames/tagValues/read",
"Microsoft.Resources/subscriptions/tagNames/tagValues/delete",
"Microsoft.Resources/tags/read",
"Microsoft.Resources/tags/write",
"Microsoft.Resources/tags/delete",
"Microsoft.Resources/providers/read",
"Microsoft.Compute/sshPublicKeys/read",
"Microsoft.Compute/sshPublicKeys/write",
"Microsoft.Compute/sshPublicKeys/delete",
"Microsoft.Compute/sshPublicKeys/generateKeyPair/action",
"Microsoft.Nutanix/Interfaces/read",
"Microsoft.Nutanix/Interfaces/write",
"Microsoft.Nutanix/Interfaces/delete",
"Microsoft.Nutanix/Nodes/read",
"Microsoft.Nutanix/Nodes/write",
"Microsoft.Nutanix/Nodes/delete",
"Microsoft.Nutanix/locations/baremetalServersInventory/read",
"Microsoft.Nutanix/Operations/read",
"Microsoft.Nutanix/locations/operationresults/read",
"Microsoft.Nutanix/register/action",
"Microsoft.Network/virtualHubs/*"
],
"notActions": [],
"dataActions": [
"Microsoft.Storage/storageAccounts/blobServices/containers/
blobs/add/action",
"Microsoft.Storage/storageAccounts/blobServices/containers/
blobs/delete",
"Microsoft.Storage/storageAccounts/blobServices/containers/
blobs/deleteBlobVersion/action",
"Microsoft.Storage/storageAccounts/blobServices/containers/
blobs/filter/action",
"Microsoft.Storage/storageAccounts/blobServices/containers/
blobs/read",
"Microsoft.Storage/storageAccounts/blobServices/containers/
blobs/tags/read",
"Microsoft.Storage/storageAccounts/blobServices/containers/
blobs/tags/write",
"Microsoft.Storage/storageAccounts/blobServices/containers/
blobs/write",
"Microsoft.Storage/storageAccounts/blobServices/containers/
blobs/filter/action",
"Microsoft.Storage/storageAccounts/blobServices/containers/
blobs/modifyPermissions/action",
"Microsoft.Storage/storageAccounts/fileServices/fileshares/
files/*"
],
"notDataActions": []

Cloud Clusters (NC2) | Azure Tenant Setup | 83


}
]
}
}

Note: Ensure that you replace the <subscription_id> with your Azure subscription ID and update the value for
<assignableScopes> to specify the scopes that the role is available for assignment. You can also update the values
for <roleName> to specify the display name of the role and <description> to specify the description of the role.

2. Sign in to the Azure portal, go to Subscriptions, and select your Azure subscription.

3. Go to the Access control (IAM) page for your subscription.

4. Click Add > Add custom role.


The custom roles editor opens.

Figure 50: Adding a custom role

5. On the Basics tab, specify the following details for your custom role:

• Custom role name: Specify a name for the custom role.

Note: The name must be unique for the Azure AD directory. The name can include letters, numbers, spaces,
and special characters.

• Description: Specify an optional description for the custom role.


The description becomes the tooltip for the custom role.

Cloud Clusters (NC2) | Azure Tenant Setup | 84


6. On the Basics tab, follow these steps under Baseline permissions:

a. Select Start from JSON.

Figure 51: Creating a custom role


b. Next to the Select a file box, click the folder button to open the Open dialog box.
c. Select the JSON file that you created in Step 1.
d. Click Open.

7. On the JSON tab, review your custom role formatted in JSON.


The Permissions tab already lists the permissions, and the Assignable scopes tab already lists the scope
where you opened the Access control (IAM) page.

8. On the Review + create tab, review your custom role settings.

9. Click Create to create the custom role.


A message appears showing if your custom role is successfully created or if any errors are detected.

10. Check that the new custom role appears in the Roles list. Click Refresh if you do not see your custom role.
It can take a few minutes for your custom role to appear everywhere.
To learn more about how to create or update Azure custom roles using the Azure portal, see Microsoft
Documentation.

Checking the Azure AD and Azure Subscription Permissions


You must have sufficient permissions to register an application with your Azure AD tenant. Non-administrators
must be able to register applications. Users with the Owner or User Access Administrator roles can grant
Microsoft.Authorization/*/Write access to your Azure account so that you can assign a role to an AD App.
To add an enterprise application to your Azure AD tenant, you need one of the following roles:

• Global Administrator
• Cloud Application Administrator
• Application Administrator
For more information, see the Microsoft documentation.

Cloud Clusters (NC2) | Azure Tenant Setup | 85


Creating and Registering an App
Create and register NC2 as an application in Azure, so the Microsoft identity platform can provide authentication and
authorization services to NC2.
Registering NC2 as an application establishes a trust relationship between NC2 and the Microsoft identity platform.
Follow these steps to register an App:

Procedure

1. Log on to https://portal.azure.com.

2. Search for and select Azure Active Directory.

3. Under Manage, select App registrations.

Figure 52: App registration

Cloud Clusters (NC2) | Azure Tenant Setup | 86


4. Click New registration.

Figure 53: Register an application

5. Enter a display Name for your application.

6. Specify who can use the application, sometimes called its sign-in audience.

7. Skip the Redirect URI (optional) field.

8. Click Register to complete the initial App registration.


For up-to-date and detailed instructions, see the Microsoft Azure documentation.

Assigning the Azure Custom Role


Follow these steps to assign the Azure Custom role to the new App registration:

Procedure

1. Sign in to https://portal.azure.com.

2. Go to Subscriptions and select your Azure subscription.

3. Go to the Access control (IAM) page for your subscription.

Cloud Clusters (NC2) | Azure Tenant Setup | 87


4. Click Add > Add role assignment.
The Add role assignment page opens.

Figure 54: Add role assignment

5. Under Role, select Custom role from the Type dropdown list, then select the custom role that you created.

6. Click Next.

7. Under Members, select Assign access to > User, group, or service principal and then click Select
members.

Figure 55: Add role assignment

Cloud Clusters (NC2) | Azure Tenant Setup | 88


8. Search by application name, select it from the returned list, then click Select.

9. Under Review + assign, click Review + assign.


For more information, see the Microsoft Azure documentation.

Removing the Contributor Role Assignment


If you previously assigned the Azure built-in Contributor role to the App, you can remove the Contributor
role assignment for that App.

Note: You must first assign the Azure Custom role to the App registration before removing the Contributor role
assignment.

Follow these steps to remove the Contributor role assignment:

Procedure

1. Sign in to https://portal.azure.com.

2. Go to Subscriptions and select your Azure subscription.

3. Go to the Access control (IAM) page for your subscription.

4. In the list of role assignments, select the checkbox for the App that you registered with the role assignment to be
removed.

Figure 56: Removing the Contributor role assignment

5. Click Remove.

6. In the remove role assignment message that appears, click Yes.


A notification appears after the successful removal of the role assignment.
For more information, see Microsoft Documentation.

Creating a New Client Secret


You must add a client secret while you register NC2 with Azure. The client secret is also known as an application
password. It is a string value that you can use to identify itself in place of a certificate.

Note: Copy and save the client secret value for later usage while adding an Azure cloud account to NC2.

Follow these steps to create a new client secret:

Cloud Clusters (NC2) | Azure Tenant Setup | 89


Procedure

1. Log on to https://portal.azure.com.

2. Search for and select Azure Active Directory.

3. Navigate to App Registrations and select your application.

4. Click Certificates & secrets.

5. Click Client secrets, and then click New client secret.

6. Provide a description of the secret, and a duration.

Note: Set the expiration date as desired. After the client secret expiration date, you must generate a new client
secret and update the cloud account with the new client secret value.

7. Click Add.

8. Copy and save the value of the client secret because you would not be able to retrieve the key later. You need to
provide the client secret value while adding an Azure cloud account to NC2.

Figure 57: Client secret value

Getting the Azure IDs


Note the following details. You need these IDs later while adding your Azure account to the NC2 console.

• Directory ID – The Tenant ID of the Microsoft Entra ID (formerly Azure Active Directory) in which you created
the application. For more information, see Get tenant ID.
• Application ID - The Client ID of the application created earlier in Microsoft Entra ID. For more information, see
Get application ID and authentication key.
• Client Secret - The client secret, which is an authentication key string, used for password-based authentication
of the Azure services. You must have copied and saved the client secret value while creating and registering
an app as explained in Creating an App Registration. For more information, see Get application ID and
authentication key.
• Azure Subscription ID – An ID that uniquely identifies your subscription to use Azure services. For more
information, see Find your Azure subscription.

Creating Azure Policy Exemptions


The success of the NC2 on Azure deployment depends on how well the prerequisites are met. In case you have
created any policy assignments in your Azure subscription used for NC2 deployment, you must check if these
policies conflict with any of the requirements. Nutanix recommends adding a policy exemption for all such policy
assignments, especially policies in the Network category, for a successful deployment of NC2 clusters in Azure.
Some of the policies that must be exempted include:

• Network interfaces should disable IP forwarding

Cloud Clusters (NC2) | Azure Tenant Setup | 90


• Network interfaces should not have public IPs
• NSG rules permitting access from the Internet should be blocked
• Subnets should be associated with a Network Security Group
Also, NC2 creates a few Azure resources as part of cluster deployment and names these resources. If you have created
a custom policy assignment to have specific names for Azure resources, you must exempt such policy.

Note: An NC2 cluster deployment might fail when a policy conflict is detected during the cluster deployment.

Below are the high-level steps to add a policy exemption in Azure; for more information, see Azure Documentation.
You can also create a policy exemption using Azure PowerShell; see Azure PowerShell Documentation.

Procedure

1. Sign in to the Azure portal, go to Subscriptions, and your target subscription context.

2. Go to the Policies > Assignments.

Figure 58: Create exemption for policy assignment

3. Click the ellipsis in the row of the policy you want to exempt, and then click Create exemption.

Cloud Clusters (NC2) | Azure Tenant Setup | 91


4. Specify the required details on the Create exemption page:

• Exemption scope: Your Azure subscription that is used for NC2.


• Assignment name: Review the policy name, which is pre-populated.
• Exemption name: The display name for the new policy exemption.
• Exemption category: The policy exemption category of the new policy exemption. Possible values are
Waiver and Mitigated.
• Exemption expiration settings: Specify when the policy is no longer exempt from an assignment.
• Exemption description: The description for the new policy exemption.

Figure 59: Create exemption

5. Click Review and create > Create.

Cloud Clusters (NC2) | Azure Tenant Setup | 92


NETWORKING INFRASTRUCTURE IN
AZURE
After performing the steps in Azure Tenant Setup, perform the following steps to set up the required networking
infrastructure in Azure.

Configuring DNS Settings


You must add a custom DNS server to the Cluster VNet and Prism Central VNet. You would be prompted to specify
DNS servers when creating an NC2 cluster.
If you do not use your internal DNS servers, Nutanix recommends using two DNS servers, preferably from different
providers. For example, 8.8.4.4 and 1.0.0.1. You must not use more than two DNS servers.

Note: If you use a private DNS server, then the nodes must be able to reach that DNS server during the Booting stage
itself. If the DNS server is reachable only through VPN or ExpressRoute, you must set up VPN or ExpressRoute and
then peer the VPN/ER (Hub) VNet with the Prism Central VNet and the Cluster VNet.
If the Cluster VNet and Prism Central VNet are created as part of cluster creation from the NC2 console,
then you must peer these VNets with the VPN/ER (Hub) VNet as soon as they become visible in the Azure
portal, or the nodes will not progress past the Booting state. If you create these VNets yourself and use a
private DNS server, you must perform the VNet peering before you create a cluster.

You can use any of the following DNS servers:

• On-prem DNS server

Note: You must create a Cluster VNet and set up VPN or ExpressRoute connectivity to the on-prem DNS server.

• Public DNS server, such as 1.1.1.1 or 8.8.8.8


• Azure DNS server deployed from Microsoft marketplace
For up-to-date and detailed instructions on creating a DNS server in the Azure portal, see the Microsoft Azure
documentation at Create a DNS server.

Setting up VPN or ExpressRoute


You must use ExpressRoute or VPN for the connectivity between your on-premises datacenter and Azure.

Note: Microsoft does not support the Basic SKU and any gateway in an Active-Active mode. Only VpnGw1 and
higher VPN gateway SKUs are supported. For more information on Azure VPN gateway configuration, see Microsoft
documentation.

Note: If direct access to the Cloud Cluster through VPN or ExpressRoute is not possible, you can deploy a Jump Host
instance to access Prism Element and Prism Central. You can deploy the Jump Host instance in the Prism Central
VNet inside a non-delegated subnet. Alternatively, you can deploy it in an external VNet and peer the VNets for
communication between Prism Central VNet and the Jump Host VNet.

For on-prem prefixes to reach the VPC subnets through a No-NAT option, a user-defined route (UDR) needs to be
pointed towards the Flow Gateway external IP on the VPN Gateway subnet where the VPN gateway is created. Also,
the respective No-NAT configuration must be done on the VPC. For more information, see Network Connectivity
for User VMs. For reaching the user VMs through floating IPs using NAT, a UDR is not needed on the VPN
Gateway subnet.

Cloud Clusters (NC2) | Networking Infrastructure in Azure | 93


Note: The No-NAT configuration works only with static routes over the VPN tunnel between on-prem and Azure VPN
gateway; dynamic routing (eBGP) does not work as Azure VPN gateway does not redistribute UDR routes to on-prem.

Procedure

1. Create VPN/ER (Hub) VNet.


A Nutanix cluster in Azure runs in an Azure virtual network.
For more information, see the Microsoft Azure documentation at Create a virtual network.
For more information on managing subnets in the Azure portal for Nutanix clusters, see Microsoft
documentation.

2. Create VPN/ER (Hub) gateway subnets.

3. Establish the VNet peering between:

• VPN/ER (Hub) VNet and Prism Central VNet


• VPN/ER (Hub) VNet and Cluster VNet
For more information, see Create, change, or delete a virtual network peering.

Note: While establishing the VNet peering between VPN/ER (Hub) VNet and Prism Central VNet or Cluster
VNet, ensure that you specify the Virtual network gateway or Route server options as follows:

• For peering from Prism Central or Cluster VNet to Hub VNet:

• Under This virtual network: Virtual network gateway or Route Server > Use the
remote virtual network's gateway or Route Server
• Under Remote virtual network: Virtual network gateway or Route Server > Use this
virtual network's gateway or Router Server
• For peering from Hub VNet to Prism Central or Cluster VNet:

• Under This virtual network: Virtual network gateway or Route Server > Use this
virtual network's gateway or Router Server
• Under Remote virtual network: Virtual network gateway or Route Server > Use the
remote virtual network's gateway or Route Server
These settings ensure that the Hub VNet is defined as the Route Server and the spoke VNet use
the peer's Route Server. These settings must be configured when you add peering for the first time,
and not while updating the existing peering. If you already have established peering without these

Cloud Clusters (NC2) | Networking Infrastructure in Azure | 94


configurations, Nutanix recommends first removing the peering and then adding peering with these
configurations.

Figure 60: Adding VNet Peering

Cloud Clusters (NC2) | Networking Infrastructure in Azure | 95


4. Configure connectivity between your on-prem datacenter and Azure.
You can use ExpressRoute or VPN for the connectivity between your on-prem datacenter and Azure.

Note: When ExpressRoute or VPN connectivity is terminated on the Hub VNet or Cluster Management VNet, you
must add a route rule in the VNet route table for Nutanix VNet subnets with the next hop IP address of the Flow
Gateway. When VMs in the on-prem subnets need to communicate with the user VMs in Nutanix VNet subnets
using the VM IPs and not the floating IP, you must do the No NAT configurations in the VPC as described in
Network Connectivity for User VMs.

5. Configure virtual IP addresses for the on-prem cluster.


See Configure a private IP address for a VM using the Azure portal for more information on configuring a
private IP address for a VM using the Azure portal.

What to do next
Nutanix recommends that you run a packet capture on your Azure VPN gateway to confirm that the on-
prem VPN gateway is forwarding the packets to the Azure VPN gateway.

Manual Setup to Use Existing Azure Resources


Perform the following steps if you want to use your existing Azure resources to deploy NC2:

Note: These steps are not needed if you choose to create Azure resources while creating a cluster from the NC2
console.

• Creating a Resource Group on page 96


• Configuring VNets, Subnets, and NAT Gateway

Creating a Resource Group


If you do not want to use an existing Azure resource group, create a resource group. Ensure that you create all
resources (VNets and VMs) required for NC2 in the resource group you created.

Configuring VNets, Subnets, and NAT Gateway


Perform the following steps to create and configure the required VNets, subnets, and NAT gateway:

Procedure

1. Create the following VNets:

• Cluster management/bare-metal instance VNet


• Prism Central VNet
For more information, see Creating a Virtual Network (VNet) and Subnet in Azure.

2. Create a NAT gateway for the cluster management subnet and the Prism Central subnet.
For more information, see Creating a NAT Gateway in Azure.
For detailed instructions on configuring the NAT gateway, see the Microsoft Azure documentation at Set up a
NAT Gateway.

Cloud Clusters (NC2) | Networking Infrastructure in Azure | 96


3. Create cluster management/bare-metal subnets. Create a subnet in the cluster management VNet for the bare-metal
instance.
For detailed instructions on creating a subnet in Azure, see the Microsoft Azure documentation at Add, change,
or delete a virtual network subnet.

Note: Delegate the cluster management/bare-metal instance subnet to the Microsoft. BareMetal/
AzureHostedService service. Specify the DNS server listed earlier. In your Azure portal, go to your cluster
management VNet > under Subnets, click the cluster management subnet > in the right pane, select
Microsoft.BareMetal/AzureHostedService in the Delegate subnet to a service list.

For detailed instructions on delegating a subnet, see the Microsoft Azure documentation at Add or remove a
subnet delegation.

Note: Attach the NAT gateway to the cluster management subnet and the Prism Central subnet.

4. If you have chosen to create the Prism Central VNet in advance, then you must create the subnet for the Prism
Central.

Note: Delegate the Prism Central subnet to the Microsoft. BareMetal/AzureHostedService service.

5. Verify that you have applied the fastpathenabled tag with the true value to the NAT gateway.

6. Verify that the cluster management subnet has the NAT gateway and AzureHostedService configured.
In your Azure portal, go to your cluster management VNet > under Subnets, click the cluster management
subnet > in the right pane, you can see the NAT gateway name in the NAT gateway list, and the subnet
delegation in the Delegate subnet to a service list.

7. Create two subnets in the Prism Central VNet to deploy a Flow gateway.

• One non-delegated subnet (Azure native subnet) in the Prism Central VNet.
• Another non-delegated (external) subnet for Flow gateway.
• Attach the Azure NAT gateway to the external non-delegated subnet.

Note: In a configuration where the Flow Gateway external subnet does not have Azure NAT Gateway attached,
UVM internet reachability does not work. You must use a customized user-defined route (UDR) on the Flow
Gateway external subnet to provide internet reachability for UVMs.

8. Configure the Prism Central VNet to deploy Nutanix Prism Central.

• Create a delegated subnet.


• Attach the Azure NAT gateway to the delegated subnet.
• Establish VNet peering between Cluster VNet and Prism Central VNet.

9. Ensure that the Azure Directory Service resolves the specified FQDN:
gateway-external-api.cloud.nutanix.com

You can use tools like host, nslookup, ping to do a regular DNS lookup.

Creating a Virtual Network (VNet) and Subnet in Azure

Note: The following steps are only needed if you want to use your existing Azure resources to deploy NC2. These
steps are not needed if you choose to create Azure resources while creating a cluster from the NC2 console.

Cloud Clusters (NC2) | Networking Infrastructure in Azure | 97


Procedure

1. Sign in to the Azure portal with your Azure account and then go to Subscriptions.

2. Open the resource group that you have created.

3. Click +Add.

4. On the New page, in the Search box, enter Virtual Network. Select Virtual Network in the search results.

5. On the Virtual Network page, click Create.

6. In Create virtual network, enter, or select the following information in the Basics tab:

• Project details: Select your subscription and the resource group.


• Instance details: Add a name for the VNet and select the required region from the Region list.

Note: The VNet name must be unique across resource groups.

7. Click Next: IP Addresses at the bottom of the page.

8. In the IPv4 address space, select the IPv4 address space, and then click +Add subnet.

9. On the Add subnet page, add a name for the subnet (such as host-subnet) and enter the subnet address range.
Click Add.

10. Click Next: Security and Next: Tags at the bottom of the page.

11. Click Create in the Review + create page.

12. When the deployment is complete, click Go to resource. You are redirected to the VNet that is created.

13. Click Subnets. On the Subnets page, click the name of the host-subnet.

14. Under SUBNET DELEGATION, select Microsoft.BareMetal/AzureHostedService from the Delegate


subnet to a service list.

15. Click Save.

Creating a NAT Gateway in Azure


Perform the following steps to create a NAT gateway for the cluster management subnet and the Prism Central
subnet:

Note: The following steps are only needed if you want to use your existing Azure resources to deploy NC2. These
steps are not needed if you choose to create Azure resources while creating a cluster from the NC2 console.

Note: Ensure that you add the fastpathenabled tag with the true value while creating the NAT gateway, and not
after the NAT gateway is created.
Ensure that you attach the Azure NAT gateway to the cluster management subnet, the Prism Central subnet,
and the external non-delegated Flow Gateway subnet.
In a configuration where the Flow Gateway external subnet does not have Azure NAT Gateway attached,
UVM internet reachability does not work. You must use a customized user-defined route (UDR) on the
Flow Gateway external subnet to provide internet reachability for UVMs.

Cloud Clusters (NC2) | Networking Infrastructure in Azure | 98


Procedure

1. Sign in to the Azure portal with your Azure account and then go to Subscriptions.

2. Open the resource group that you have created.

3. Click +Add.

4. On the New page, in the search box, enter NAT gateway. Select NAT gateway in the search results.

5. On the NAT gateway page, click Create. The Create network address translation (NAT) gateway
page appears.

6. In the Basics tab, enter or select the following information:

• Project details: Select your subscription and the resource group.


• Instance details: Add a name for the NAT gateway, then select the region.

7. Click Next: Outbound IP at the bottom of the page.

8. On the Outbound IP page, add public IP addresses and public IP prefixes. You can click the Create a new
public IP address link to add a new IP address. The IP prefix is optional.

9. Click Next: Subnet at the bottom of the page.

10. Select the host VNet that you have created and then the host-subnet as a subnet.

11. Click Next: Tags.

12. Add the tag fastpathenabled and set its value as true.

13. Click Next: Review + create at the bottom of the page.

14. Click Create.

15. When the deployment is complete, click Go to resource group.

16. Click the host VNet and then the host-subnet that you created.

17. Select the NAT gateway in the NAT gateway list and click Save.

Cloud Clusters (NC2) | Networking Infrastructure in Azure | 99


NC2 CONSOLE WORKFLOW
Following is the summary of the tasks that you must perform in the NC2 console:

Note: Ensure that your Azure subscription is allowlisted. For more information, see Allowlisting Your Azure
Subscription. Also, ensure that you have a free trial or a subscription for NC2 on Azure.

1. Create an organization in the NC2 console as described in Creating an Organization in the NC2 Console.
2. Add your Azure account to the NC2 console as described in Adding your Azure Account to the NC2 Console.
3. Create a Nutanix cluster in Azure using the NC2 console as described in Creating a Cluster.

Creating an Organization
An organization in the NC2 console allows you to segregate your clusters based on your specific requirements.
For example, create an organization Finance and then create a cluster in the Finance organization to run only your
finance-related applications. In the NC2 console, you can use the default organization or create a new organization
and then create a cluster within that organization.
Perform the following procedure to create an organization:

Procedure

1. Sign in to the NC2 console.

2. In the Organizations tab, click Create Organization.

Figure 61: Create Organization

3. In the Create a new organization dialog, type or select the following details:

• Customer. Select the customer account in which you want to create the organization.
• Organization name. Enter a name for the organization.
• Organization URL. The URL name is automatically generated, but you can modify the name if you want.

4. Click Create. The organization displays in the Organizations tab.

Updating an Organization
Administrators can update the basic information for your organization from the NC2 console.

Cloud Clusters (NC2) | NC2 Console Workflow | 100


Note: Changes applied to the organization entity affect the entirety of the organization and any accounts listed
underneath it.

To update your organization, perform the following:

Procedure

1. Sign in to the NC2 console: https://cloud.nutanix.com.

2. In the Organization page, select the ellipsis button of a corresponding organization and click Update.

3. To update the organization’s basic details:

a. Navigate to the Basic Info tab of the Organization entity's update page.
b. You can edit any of the fields listed below if required:

• Name: Edit the name of your organization in this field.


• URL name: This specifies the slug of the URL unique to your organization. For example, specifying
documentation would look like this:
https://cloud.nutanix.com/[customer_URL]/documentation/[account_URL]

• Description: Add a description of the organization.


• Website: Place the web address for your organization here. For example, https://www.google.com.
c. Click Save.

Adding an Azure Cloud Account to NC2


To add your Azure account to NC2, you must specify your Azure cloud account name, cloud account ID, create and
verify a Resource Manager in the Azure console, and select an Azure region in which you want to create Nutanix
clusters.

Note: You can add one Azure account to multiple organizations within the same customer entity. However, you cannot
add the same Azure account to two or more different customer (tenant) entities.

If you have already added an Azure account to an organization and want to add the same Azure account to another
organization, follow the same process, but you do not need to create the Azure subscription.
Perform the following procedure to add an Azure account to NC2:

Procedure

1. Sign in to the NC2 console.

Cloud Clusters (NC2) | NC2 Console Workflow | 101


2. In the navigation pane on the left, click the Organizations tab, click the ellipsis next to the organization you
want to add the cloud account to, and click Cloud Accounts.

Figure 62: Cloud Accounts

Cloud Clusters (NC2) | NC2 Console Workflow | 102


3. On the Cloud accounts page, click Add Cloud Account. The Add a Cloud Account dialog appears.

Figure 63: Add a Cloud Account

4. Under Select Cloud provider, select Azure.

5. In the Name field, type a name for your Azure cloud account.

Cloud Clusters (NC2) | NC2 Console Workflow | 103


6. Under Connect to Azure, provide the following details:

• Enter your Azure cloud account directory ID in the Directory ID field. You can find the directory ID in the
Azure portal by clicking Azure Active Directory.
• Skip the Enable the usage of hardware for your Azure Subscription step.
• Enter your Azure cloud account subscription ID in the Subscription ID field. You can find the subscription
ID in the Azure portal by clicking Subscriptions.
• To access your Azure account and resources, you must provide authentication by creating an app registration
in the Azure portal. You can find the credentials in the Azure portal by clicking App registrations.
1. Application ID: Type the ID of your Azure cloud account.

Note: Enter the application ID that you generated while creating and registering an application in the
Azure portal. See Creating and Registering NC2 as an Application with Azure .

2. Secret: Enter the secret value.

Note: Enter the Secret value (not the secret ID) you copied earlier while creating and registering an
App. See Creating and Registering NC2 as an Application with Azure .

3. Subscription ID: Enter your Azure subscription ID.

7. Click Verify Credentials to verify the connection status. A message indicating that the cloud account setup is
verified appears after this field.

8. Under Select data centers, select the desired datacenter:

• All supported regions: if you want to create clusters in any of the supported Azure regions
• Specify regions: if you want to create clusters in specific Azure regions and select the regions of your
choice from the list of available Azure regions.

9. Select the acknowledgment checkbox to acknowledge the terms and conditions.

10. Click Add Account at the bottom of the Add a Cloud Account page.
You can monitor the status of the cloud account on the Cloud account page. The R status indicates that your
cloud account is ready.
To create and manage resources in your Azure account, NC2 requires several IAM resources.

Deactivating a Cloud Account


NC2 administrators can deactivate a cloud account from the NC2 console when they want to de-register a
cloud account from their Customer or Organization entity. Once the cloud account is deactivated, the cloud
administrator can terminate the corresponding resources that are not managed by NC2.

Note: A cloud account that has existing NC2 accounts cannot be deactivated. You must terminate all NC2 accounts
using the cloud account resources first.

To deactivate a cloud account, perform the following steps:

Procedure

1. Navigate to the Customer or Organization dashboard in the NC2 console where the cloud account is
registered.

2. Select Cloud Accounts in the left-hand menu.

Cloud Clusters (NC2) | NC2 Console Workflow | 104


3. Find the cloud account that you want to deactivate. Click the ellipsis icon against the desired cloud account and
select Deactivate.

Figure 64: Deactivate a cloud account

Reconnecting a Cloud Account


When the NC2 console is unable to communicate with the cloud account infrastructure, the status for the
cloud account in the Cloud Accounts list is displayed as U for Unavailable (instead of R for Ready). The
administrator can correct the issue and manually trigger a reconnection of the cloud account.
A cloud account might become unavailable when the Azure shared secret gets expired.
To reconnect an unavailable cloud account after the issues have been addressed, perform the following steps:

Procedure

1. Navigate to the Customer or Organization dashboard in the NC2 console where the cloud account is
registered.

2. Click the ellipsis icon against the desired organization or customer and then click Cloud Accounts.

3. Find the cloud account you want to reconnect. Click the ellipsis icon against the cloud account and click
Reconnect.

4. If the underlying issue(s) were addressed and the NC2 console can communicate with the cloud account
infrastructure, the account status will change to R.

Adding a Cloud Account Region


Administrators can add additional regions after their cloud account has been set up.

Note: Administrators must ensure they have sufficient resource limits in the regions they decide to add before adding
those regions through the NC2 console.

Procedure

1. Navigate to the Customer or Organization dashboard in the NC2 console where the cloud account is
registered.

2. Click the ellipsis icon against the desired organization or customer and then click Cloud Accounts.

3. Find the cloud account where you want to add a new cloud region. Click the ellipsis icon against the cloud
account and click Add regions. A new window appears.

Cloud Clusters (NC2) | NC2 Console Workflow | 105


4. Choose the region from:

• All supported regions: Select this option if you would like to add all other supported regions besides those
you have already specified.
• Specify regions: Select this option if you would like to add just a few additional supported regions to your
cloud account. Click inside the regions field and select as many regions as you want from the drop-down
menu.

Figure 65: Adding a region to a cloud account

5. Once you have made your selection, click Save. You will receive updates in your notification center regarding
the status.

Updating Azure Cloud Account Configurations


The configuration tab for Azure can be used to update your Azure credentials found in the Azure portal.
Most administrators must access this page to update the client secret before it expires. Microsoft Azure
limits client secrets to expire 2 years or less after their creation date.
Perform the following steps:

Procedure

1. Navigate to the Customer or Organization dashboard in the NC2 console, where the cloud account is
registered.

2. Click the ellipsis icon against the desired organization or customer and then click Cloud Accounts.

3. Find the cloud account for which you want to update the configurations. Click the ellipsis icon against the cloud
account and click Update.

Cloud Clusters (NC2) | NC2 Console Workflow | 106


4. Update the Azure cloud account credentials:

• If your client secret has expired, you can re-enter your cloud credentials here and click Verify credentials.
Your Application ID and Directory ID can be found in the Overview section of yourNC2 app registration in
the Azure Portal.
• NC2 uses the client secret to manage your BYO Azure account. Microsoft implemented a maximum expiration
date of 2 years from the client secret creation date. When your key expires, you must re-enter your cloud
account credentials from the cloud account management view of your NC2 console. If you fail to update
your client secret before it expires, NC2 will no longer be able to manage your Azure account, and you will
experience an outage.

Figure 66: Configuration - Update Credentials (Azure)

Creating a Cluster
You can create a cluster in Azure using NC2. Your Nutanix cluster is deployed in an Azure virtual network (VNet)
which is an isolated environment in the cloud provider’s region run and maintained by Nutanix.

Note: Ensure that you have created the VPN/ExpressRoute (Hub) VNet before you create a cluster. For more
information, see Setting up VPN or ExpressRoute.

Note: The default configuration for CVMs on NC2 with AOS 6.7 or earlier is 32 GiB of RAM. On NC2 with AOS
6.7.1.5, the CVM memory size is set to 48 GiB.

Perform the following to create a Nutanix cluster in an Azure environment:

Cloud Clusters (NC2) | NC2 Console Workflow | 107


Procedure

1. Sign in to NC2 from the My Nutanix dashboard.

Note: On the My Nutanix dashboard, ensure that you select the correct workspace from the dropdown list that
shows the workspaces you are part of and that you have used while subscribing to NC2.

Figure 67: Selecting a Workspace

2. On the Clusters page, click Create Cluster.

Figure 68: Create Cluster

3. Select one of the following cluster options based on how you want to use the new cluster:

• General Purpose: A cluster that utilizes general purpose Nutanix licenses. For more information on NCI
licensing, see Nutanix Licenses for NC2.
• Virtual Desktop Infrastructure (VDI): A cluster that utilizes Nutanix licenses for virtual desktops. For
more information on NCI and EUC licensing, see Nutanix Licenses for NC2.

Cloud Clusters (NC2) | NC2 Console Workflow | 108


4. In the General tab of the Create Cluster dialog, type or select the details:

• Organization. Select the organization in which you want to create the cluster.
• Cluster Name. Type a name for the cluster.
• Cloud Provider. Select Azure.
• Cloud Account. Select your Azure cloud account.
• Region. Select the Azure region in which you want to create the cluster.
• Availability zone. Based on the selected Azure region, the Azure availability zone is pre-populated. You
cannot change the availability zone.

Figure 69: Cloud Provider Tab

If you have selected the Virtual Desktop Infrastructure cluster option in the previous step, you get an
additional option to choose the Consumption Method. Under User-based, add or remove the maximum
number of concurrent users.

Cloud Clusters (NC2) | NC2 Console Workflow | 109


Figure 70: Consumption Method for VDI Cluster

In Advanced Settings, with Scheduled Cluster Termination, NC2 can delete the cluster at a scheduled
time if you are creating a cluster for a limited time or for testing purposes. Select one of the following:

• Terminate on. Select the date and time when you want the cluster to be deleted.
• Time zone. Select a time zone from the available options.

Note: The cluster will be destroyed, and data will be deleted automatically at the specified time. This is an
irreversible action and data cannot be retrieved once the cluster is terminated.

Click Next.

Cloud Clusters (NC2) | NC2 Console Workflow | 110


5. In the Software tab, provide the following information:

a. Under License Options, select one of the following:

• For the General Purpose cluster option selected in step 3:

• NCI (Nutanix Cloud Infrastructure): Select this license type and appropriate add-ons to use NCI
licensing.

Note: You must manually apply the NCI licenses in Prism Central.

• AOS: Select this license type and appropriate add-ons to reserve and use AOS (legacy) licenses. For
more information on how to reserve AOS (legacy) licenses, see Reserving License Capacity.

Figure 71: License Option


• For the Virtual Desktop Infrastructure (VDI) cluster option selected in step 3:

• EUC (End User Computing): Select this option if you want to use EUC licenses for a specified
number of users.

Note: You must manually apply the EUC licenses.

Cloud Clusters (NC2) | NC2 Console Workflow | 111


• VDI: Select this option if you want to use VDI licenses for a specified number of users.

Note: For more information on how to reserve VDI licenses, see Reserving License Capacity.

Figure 72: License Option


For more information on license options, see Nutanix Licenses for NC2.
b. Under AOS Configuration:

• AOS Version. Select the AOS version that you want to use for the cluster.

Note: The cluster must be running the minimum versions of AOS 6.0.1.7 for NCI and EUC licenses, and
AOS 6.1.1 for NUS license.

• Software Tier. In the AOS Software Tier drop-down list, select the license type that you want to
apply to your NCI or AOS cluster:

Cloud Clusters (NC2) | NC2 Console Workflow | 112


• For General Purpose cluster: Select the Pro or Ultimate license tier that you want to apply to your
NCI or AOS cluster. Click the View Supported Features link to see the available features in each
license type.
• For VDI cluster: The only available license tier for VDI or EUC cluster, that is, Ultimate, is selected
by default.

Note: If you have selected VDI and User-based licensing, then the Ultimate software edition is
automatically selected, as only the VDI Ultimate license tier is supported on NC2.

This option is used for metering and billing purposes. Usage is metered every hour and charged based on
your subscription plan. Any AOS (legacy) and VDI reserved licenses will be picked up and applied to your
NC2 cluster to cover its usage before billing overages to your subscription plan.
c. Under Add-on Products: If the AOS or VDI license option is selected: You can optionally select the
following add-on products:

• Advanced Replication
• Data-at-Rest Encryption

Note: The Advanced Replication and Data-at-Rest Encryption add-ons are selected by default for AOS and
VDI Ultimate; you need to select these add-ons for AOS Pro manually.

For more information, see Software Options.

6. In the Capacity tab of the Create Cluster dialog, provide the following information in the indicated fields:

• Redundancy Factor. Select one of the following redundancy factors (RF) for your cluster.

• Number of copies of data replicated across the cluster is 1. Number of nodes for RF1 must be 1.

Note: RF1 can only be used for single-node clusters. Single-node clusters are not recommended in
production environments. You can configure the cluster with RF1 only for clusters created for Dev, Test,
or PoC purposes. You cannot increase the capacity of a single-node cluster.

• Number of copies of data replicated across the cluster is 2. Minimum number of nodes for RF2 must be 3.
• Number of copies of data replicated across the cluster is 3. Minimum number of nodes for RF3 must be 5.
• Host type. Enter the type of bare-metal instance that you want your cluster to run on.
• Number of Hosts. Select the number of nodes that you want in your cluster.

Note: A maximum of 28 nodes are supported in a cluster. AOS 6.6 or higher version and Prism Central
pc.2022.9 or higher version provides the ability to create a cluster with 28 nodes. However, with AOS

Cloud Clusters (NC2) | NC2 Console Workflow | 113


versions earlier than 6.6 and Prism Central version earlier than pc.2022.9, a maximum of 13 nodes are
supported in a cluster.

Figure 73: Capacity tab

Click Next.

Cloud Clusters (NC2) | NC2 Console Workflow | 114


7. In the Network tab of the Create Cluster dialog, select the appropriate option for using a VNet and then click
Next. You can select one of the following:

• Use an existing VNET: to choose an existing Virtual Private Network (VNet) in which you want to create
the cluster.
• Create New VNET: to create a new VNet in the NC2 console.

Note: You must use private IPv4 addresses only.

If you choose to use an existing VNet, provide the following details:

• Resource Group: Enter a name of the existing resource group or click Create New Resource Group
and then provide a name for the resource group.
• Virtual Private Network (VNet): Select a VNet in which you want to create the cluster.
• Management Subnet: A dedicated private subnet for communication between Nutanix CVMs or
Management Services, such as hypervisor.

Figure 74: Networking - Use an Existing VNet

If you choose to create a new VNet for this cluster and do not want to use any of your existing VNet, provide the
following information:

Note: If you choose to create a new VNet in the NC2 console, Nutanix creates a resource group and delegates a
management subnet for your cluster.

Cloud Clusters (NC2) | NC2 Console Workflow | 115


• Resource Group: Enter a name of the existing resource group or click Create New Resource Group
and then provide a name for the resource group.
• VNET CIDR: Enter a VNet CIDR (required). It is a range of IP addresses for the resources deployed into
the VPC. Specify the private IPv4 address range as a Classless Inter-Domain Routing (CIDR) block; for
example, 10.0.0.0/16

Note: The VNet must have a CIDR notation between /16 and /22, including both.
NC2 requires a unique CIDR for each subnet in the Azure resource group. Cluster creation fails
when subnets use the same CIDR.
Ensure that you do not use 192.168.5.0/24 CIDR for the VNet being used to deploy the NC2 on
Azure cluster.

• DNS Servers: Enter the DNS server IP address.

Note: If you do not use your internal DNS servers, Nutanix recommends using two DNS servers, preferably
from different providers. For example, 8.8.4.4 and 1.0.0.1. For more information, see Configuring DNS
Settings.

Figure 75: Networking - Create a New VNet

Cloud Clusters (NC2) | NC2 Console Workflow | 116


8. In the Prism Central tab, choose to register the cluster with either a new Prism Central instance or an existing
Prism Central instance from the same Azure subscription and region.
Under Prism Central Configuration, select an appropriate option based on your requirements:

• Deploy new PC instance


• Connect to existing PC
The Prism Central deployment options vary based on your selection.
If you select the Deploy new PC instance option, perform the following:

• Under Prism Central Deployment, provide the following details:

• Prism Central Version: Select the version of Prism Central.


• Default Credentials: The default credentials are displayed that you can use to access Prism Central for
the first time. The default Username is admin and the default Password is Nutanix.123.
• Under Prism Central VNet, choose to either use an existing VNet or create a new VNet for Prism Central:

Note: The NC2 console does not allow using IPs 192.168.0.0/16, 10.100.0.0/16, 10.200.0.0/24, or
10.200.0.0/22 for Prism Central VNet. These IPs are reserved for internal cluster usage. You must not use
these IPs to avoid IP address conflicts.
The Cluster VNet and Prism Central VNet are peered automatically.

Cloud Clusters (NC2) | NC2 Console Workflow | 117


Figure 76: A new Prism Central instance deployment

If you select Create new network, enter the following:

• Resource Group: The Azure resource group you provide on the Network tab is displayed.
• VNET CIDR: The range of private IP addresses for the new Prism Central VNet.

Cloud Clusters (NC2) | NC2 Console Workflow | 118


Note: The Prism Central VNet must have a CIDR notation between /16 and /22, including both.
NC2 requires a unique CIDR for each subnet in the Azure resource group. Cluster creation fails
when subnets use the same CIDR.

If you select Use existing network, provide the following:

• Resource Group: The resource group that you provided on the Network tab is displayed.
• Virtual Private Network (VNET): The VNet you want to use for Prism Central.
• Management Subnet: Select the delegated, empty subnet as a management subnet.

Note: Reconfiguration of Prism Central VM IP addresses is not supported post cluster deployment.

If you have selected the Connect to existing PC option, provide the following details under Prism Central
Registration:

• Selected Region: The Azure region that is being used for cluster deployment is displayed.
• Select Prism Central Instance: Select the Prism Central instance to which you want to connect this
cluster.

Note: Only those Prism Central instances that are in the same Azure subscription and region are displayed.
The Cluster VNet and Prism Central VNet are peered automatically. Cluster VNets of clusters
registered with the same Prism Central need to be peered manually. Contact Nutanix Support for
assistance.

• Username: Enter the username used to access the selected Prism Central.
• Password: Enter the password used to access the selected Prism Central.

Cloud Clusters (NC2) | NC2 Console Workflow | 119


Figure 77: Connect to an existing Prism Central instance

Details of the Prism Central instance and the associated Flow Gateway are displayed.
Under Advanced Settings > Advanced Prism Central Networking Settings, add a specific NTP server
that you want to use in the NTP Server box or remove any of the default NTP server. You can click Restore
default to restore the default NTP servers that were removed.

Note: The default NTP servers, including 0.pool.ntp.org,1.pool.ntp.org, 2.pool.ntp.org, are added by default. You
can add another NTP server if required. A minimum of three to five NTP servers are recommended for a good
configuration. These NTP servers must be reachable from the Management and Prism Central subnet.

Click Next.

9. In the Flow Gateway tab, configure Flow Networking and deploy one or more Flow Gateway VMs for
connectivity between the Nutanix cluster and Azure native network.

Note: If you use Prism Central 2023.3, AOS 6.7, and Network Controller 3.0.1 or later, then NC2 uses the Flow
Gateway scaled-out deployment model by default. However, the Flow Gateway scaled-out deployment works as
desired only for ExpressRoute. You must use Prism Central 2023.3 or later only if you use ExpressRoute. If you

Cloud Clusters (NC2) | NC2 Console Workflow | 120


use a VPN, then you must use the pre-6.7 version of AOS and pre-2023.3 version of Prism Central, where NC2
uses a single Flow Gateway deployment model.

For more information about the scaled-out Flow Gateway deployment and required networking configurations,
see User VM Network Management and Security.
Follow these steps and click Next:

• Under Desired Network Bandwidth: The traffic routed through Flow Gateway VMs is limited by the
bandwidth of the native Azure VMs. In addition to the Flow Gateway VMs, two additional native VMs are
deployed to host the Border Gateway Protocol (BGP) service.
The total network bandwidth is determined by the total number and type of Flow Gateway VMs. The
bandwidth of the native BGP VMs is not used for traffic.

• Desired Network Bandwidth: Use the slider to choose the desired network bandwidth for the Flow
Gateway VMs. Based on the network bandwidth you select, the number and size of Flow Gateway VMs
get updated.

Note: There would be a minimum of 2 Flow Gateway VMs with 10 Gbps bandwidth each and a
maximum of 4 Flow Gateway VMs with 16 Gbps bandwidth each. The minimum bandwidth would be 20
Gbps, and the maximum bandwidth would be 64 Gbps.

You can hover over the FGW VMs to view the Flow Gateway VM specification and hover over BGP
VMs to view the BGP VM specifications.
• Subnets:
If you have selected the Create New VNet option on the Network tab of the Create Cluster
dialog: A list of subnets from the Prism Central VNet and their corresponding CIDR is displayed. Two

Cloud Clusters (NC2) | NC2 Console Workflow | 121


subnets, one as external and the other as internal, are created for Flow Gateway with the required CIDR.
One subnet is created for the BGP VM.

Note: The minimum CIDR for the two Flow Gateway subnets is /24, and for BGP Subnet is /28.

Cloud Clusters (NC2) | NC2 Console Workflow | 122


Cloud Clusters (NC2) | NC2 Console Workflow | 123
If you have selected the Use an existing VNet option on the Network tab of the Create
Cluster dialog:
Internal Subnet and External Subnet: Select the internal subnet and external subnet from the Prism
Central VNet.
BGP Subnet: Select a subnet for BGP from the Prism Central VNet or Cluster VNet.

Note: You can create a subnet for BGP in either Prism Central VNet or Cluster VNet. If the BGP subnet
is in Prism Central VNet, you must manually perform peering between the Prism Central VNet and
the VNet where the Azure Route Server is deployed. If the BGP subnet is in Cluster VNet, you must

Cloud Clusters (NC2) | NC2 Console Workflow | 124


manually perform peering between the Cluster VNet and the VNet where the Azure Route Server is
deployed.

Cloud Clusters (NC2) | NC2 Console Workflow | 125


Cloud Clusters
Figure 79: Flow Networking Configuration (NC2) | NC2
for an Existing VNetConsole Workflow | 126
• Under Flow Gateway VM Access through SSH: select the key pair that consists of a private key and a
public key used to prove your identity while connecting to the host.

• Use an existing Key Pair: Select an existing key pair from the Select SSH Key list.
• Create a New Key Pair: In Key Resource Group, select an existing SSH key resource group or
click Create New Resource Group and enter the SSH key name.

Note: You must not delete an API key that is registered with a cluster to avoid disrupting the cluster
operations where you have registered this API key.

• Under Azure Route Server: The Azure Route Server enables NC2 to exchange route information with
Azure native virtual networks dynamically. Perform the following:

• Route Server is in a different Azure Subscription: Select this checkbox and then specify the
Azure Subscription ID with which the Azure Route Server you want to use is associated.

Note: The Route Server must be in the same region as the NC2 cluster. Only Resource Groups that are
part of this Azure subscription are shown in the Resource Group field.

• Resource Group: Select the Azure resource group where these VMs would be deployed. If you do not
see the resource group, click Refresh to refresh the list.
• If you have selected the Create New VNet option on the Network tab of the Create Cluster dialog,
NC2 deploys a new Route Server in the selected VNet.
Hub Virtual Network (Hub vNet) CIDR: Specify the CIDR of the Hub VNet.
Route Server Subnet CIDR: Specify the subnet CIDR in which the Route Server must be deployed.
NC2 automatically assigns an IP address.
• If you have selected the Use an existing VNet option on the Network tab of the Create Cluster
dialog, ensure that you have configured an Azure Route Server. If an existing Azure Route Server is
found, the Route Server Subnet CIDR and Route Server IP address are displayed.

Note: A minimum of a /27 subnet is needed to accommodate the Route Server.

• (Optional) Under Advanced Settings, you can change the BGP ASN value under BGP Custom ASN.
All selections are captured and displayed on the Summary tab before creating the cluster.

Note: Depending on your choice to deploy a single Flow Gateway or scaled-out Flow Gateway while creating
a cluster, Flow Gateway VMs and BGP VMs are deployed. For deploying these VMs, the NC2 console needs a
dedicated resource group, a storage account, and a storage container within that resource group to store the disk
images. During this process, the NC2 console performs the following:

• Check if any existing storage account is available in your subscription and if any existing disk
images are available.
• Create a new Resource Group and associate a storage account with this resource group if disk
images are not available.
• Copy the disk images. Copying the disk images to the storage container might take several
minutes.
• Create a managed disk from the disk images.
• Deploy the required VMs for Flow Gateway and BGP service.
NC2 does not remove the images or delete the storage account after the VMs are deployed, keeping
the High Availability of the Flow Gateway on priority. In case the Flow Gateway VM goes down for

Cloud Clusters (NC2) | NC2 Console Workflow | 127


any reason, a new VM is quickly deployed using the same images and storage account, which reduces
or mitigates the downtime. NC2 uses this storage account and container across multiple NC2 clusters
deployed using the same Azure subscription. Therefore, a dedicated resource group and storage
account for Flow Gateway is created only once per Azure subscription when the first NC2 on Azure
cluster is deployed and then reused for subsequent cluster deployments. Using a dedicated resource
group also separates the cluster resources and disk images.

On the successful deployment of the cluster, you can view the details specific to VNet configurations, Prism
Central, and Flow Gateway from the Network tab on the cluster details page. For example, the following figure
shows the Flow Gateway details for a given cluster.

Figure 80: Flow Gateway Summary

Note: The internal and external subnets must be in the Prism Central VNet or the AHV VNet so that these
subnets are reachable from the Prism Central and AHV nodes. You must peer these two VNets.
Any network interface attached to a Flow Gateway VM must have the IP forwarding option enabled
for it in the Azure portal and in the operating system of the Flow Gateway VM. For more information,
see Turn on IP forwarding.

10. Review your cluster configuration on the Summary page and click Create Cluster. If required, you can edit
the settings.

11. Monitor the cluster creation progress on the Clusters page.


When the cluster creation is in progress, the status is Creating. After the cluster is created, the status changes to
Running.
If you have selected to use an existing Prism Central in step 8, then, when the cluster creation is in progress,
you can check the status of Prism Central registration under Registering to existing Prism Central. If the

Cloud Clusters (NC2) | NC2 Console Workflow | 128


connection to the existing Prism Central fails, then you can click Retry to retry the registration of the existing
Prism Central.
The NC2 cluster is deployed in Azure in approximately 1.5 to 2 hours.

12. After the cluster is created, click the name of the cluster to view the cluster details.

Cloud Clusters (NC2) | NC2 Console Workflow | 129


USER VM NETWORK MANAGEMENT AND
SECURITY
NC2 on Azure uses Nutanix Flow Virtual Networking to create an overlay network in Azure that eases network
administration for Nutanix administrators and reduces networking constraints across cloud vendors. Flow Virtual
Networking abstracts the underlying network in Azure and allows the network substrate to be consistent with your
on-prem Nutanix deployments. The overlay network created by Flow Virtual Networking provides communication
between workloads running in the cluster either through a Network Address Translation (NAT) external network or a
routed external network (No NAT).
As part of NC2 on Azure deployment, a new Prism Central instance gets deployed or an existing Prism Central
instance gets registered based on your selections, and Flow Virtual Networking gets enabled on Prism Central. A
logical network is created that includes a common transit VPC.
Flow Gateways are deployed into an Azure native subnet in the Prism Central VNet. You can choose to deploy up
to 4 active-active Flow Gateway instances during NC2 on Azure deployment. Post-cluster deployment, you can
scale up or scale down the Flow Gateway instances to reduce downtime, improve traffic throughput, and scale up
configurations to add a node when you need.

Note: If you are running Prism Central 2023.3, AOS 6.7, and Network Controller 3.0.1 or later, then NC2 uses the
Flow Gateway scaled-out deployment model by default. However, the Flow Gateway scaled-out deployment works as
desired only for ExpressRoute. You must use Prism Central 2023.3 or later only if you use ExpressRoute. If you use a
VPN, then you must use the pre-6.7 version of AOS and pre-2023.3 version of Prism Central, where NC2 uses a single
Flow Gateway deployment model.

The Flow Gateway scaled-out deployment is supported in the following scenarios:

• While deploying a cluster, the NC2 console creates VNets for Prism Central and an Azure Route Server, deploys
an Azure Route Server, and performs the required peering between VNets.
• While deploying a cluster, the NC2 console uses existing Cluster VNet, Prism Central VNet, and Azure Route
Server, and the user performs the peering between VNets. The NC2 console provides an option to deploy BGP
VMs in both Cluster VNet and Prism Central VNet.

Note: The Flow Gateway scaled-out deployment is not supported when the VNets are created by the NC2 console and
the Azure Route Server is deployed by the user. In this case, NC2 recommends deploying a new Azure Route Server
from the NC2 console and then migrating the required configurations from the existing Route Server to the new Route
Server.

Depending on your choice to deploy a single Flow Gateway or scaled-out Flow Gateway while creating a cluster,
Flow Gateway VMs and BGP VMs are deployed. For deploying these VMs, the NC2 console needs a dedicated
resource group, a storage account, and a storage container within that resource group to store the disk images. During
this process, the NC2 console performs the following:
1. Check if any existing storage account is available in your subscription and if any existing disk images are
available.
2. Create a new Resource Group and associate a storage account with this resource group if disk images are not
available.
3. Copy the disk images. Copying the disk images to the storage container might take several minutes.
4. Create a managed disk from the disk images.
5. Deploy the required VMs for Flow Gateway and BGP service.

Note:
NC2 does not remove the images or delete the storage account after the VMs are deployed, keeping the
High Availability of the Flow Gateway on priority. In case the Flow Gateway VM goes down for any
reason, a new VM is quickly deployed using the same images and storage account, which reduces or

Cloud Clusters (NC2) | User VM Network Management and Security | 130


mitigates the downtime. NC2 uses this storage account and container across multiple NC2 clusters deployed
using the same Azure subscription. Therefore, a dedicated resource group and storage account for Flow
Gateway is created only once per Azure subscription when the first NC2 on Azure cluster is deployed and
then reused for subsequent cluster deployments. Using a dedicated resource group also separates the cluster
resources and disk images.

A standalone Azure Route Server without vWAN is used when you need to use ExpressRoute. The Route Server
cannot be created in the same VNet where an active-passive VPN Gateway is present. NC2 on Azure does not support
the Active-Active VPN Gateway topology as delegated VNets are used.
Each Flow Gateway instance has two NICs – one NIC on the internal subnet for exchanging traffic with the AHV
and another NIC on the external subnet for exchanging traffic with the Azure network. Each Flow Gateway instance
is registered with Prism Central and is added to the traffic path. A p2p external subnet is created for each Flow
Gateway, and the transit VPC is attached to it with the Flow Gateway instance hosting the corresponding logical-
router gateway port.
The transit VPC has an Equal Cost Multipath (ECMP) default route for northbound traffic, with all the p2p external
subnets as possible next hops. In this case, the transit VPC distributes traffic across multiple external subnets hosted
on different Flow Gateways.
When using more than one Flow Gateway for southbound traffic, BGP VMs are deployed as Azure native VM
instances in the Prism Central VNet. Azure Route Server can be deployed and configured in the Hub VNet. The BGP
VM advertises the ERPs to the Azure Route Server, with each active Flow Gateway external IP as the next hop. Thus,
the Azure network distributes southbound packets across all the Flow Gateway instances.
Prism Central determines which Flow Gateway instance must host a given NAT IP and configures those NAT IPs
as secondary IPs on each Flow Gateway; thus, packets sourced from those IPs can only be forwarded through the
corresponding Flow Gateway. The No NAT traffic gets distributed across all Flow Gateways.
By default, the transit VPC consists of an overlay external subnet with NAT enabled, and the Azure physical network
prefix to which the Flow Gateway is connected. If you must have a No NAT connectivity to the Azure underlay
network, you must create a No NAT overlay external subnet in the transit VPC.
While creating a user VPC, you can add a maximum of two external subnets - one external subnet with NAT and one
external subnet without NAT to the VPC. Both external subnets cannot be of the same type. NAT gateways perform
the required IP-address translations required for external routing. You can also have external connectivity without
NAT.
A user VPC is connected to the common transit VPC to get the connectivity to the underlay Azure subnet. User VPC
uses the overlay subnet in the transit VPC as an external subnet. The Azure subnet (with the Flow gateway) provides
external access for the workloads running in user VPCs. A set of IP addresses from this subnet is reserved to use for
SNAT IP and floating IP allocation.

Note: In a configuration where the Flow Gateway external subnet does not have Azure NAT Gateway attached,
UVM internet reachability does not work. You must use a customized user-defined route (UDR) on the Flow Gateway
external subnet to provide internet reachability for UVMs.

The following diagram illustrates the networking in NC2 on Azure.

Cloud Clusters (NC2) | User VM Network Management and Security | 131


Figure 81: Flow Virtual Networking in NC2 on Azure

Network Connectivity for User VMs


You can deploy a user VPC on the Nutanix cluster infrastructure to manage the internal and external networking
requirements using Flow Virtual Networking.
For north-south (inbound and outbound) connectivity, the traffic between user VMs and the Azure network or Internet
goes through the Flow Gateway. The Flow Gateway acts as a gateway or facilitates the communication between user
VMs (UVMs) and the outside Nutanix VPC (public or Azure native network) and vice versa.
For east-west connectivity, the user VMs attached to the subnets in that user VPC communicate with each other on
the overlay network.
To get external connectivity, you can choose to connect the user VPC to the overlay external subnet using the
following:

• NAT overlay external subnet: A NATed external network can be preferred when you want to use floating IPs
for inbound connectivity.
The traffic that exits through the NAT external subnet (the overlay-external-subnet-with-nat in the transit
VPC) has the source IP translated to the SNAT IP. Outbound connectivity uses the source NAT and inbound
connectivity uses the floating IP. Both SNAT and floating IPs are the Azure-native IPs hosted on the Flow
gateway.
In a scaled-out Flow gateway deployment, a given NAT IP is bound to a specific Flow Gateway’s NIC. The NAT
IPs are distributed across the Flow Gateways to distribute the load.
For more information, see Configuring Connectivity for User VMs with NAT.
• No NAT overlay external subnet: A routed external network (No NAT) can be preferred when your Azure
service needs multiple connections to your workloads that run on NC2 or when on-prem workloads need direct

Cloud Clusters (NC2) | User VM Network Management and Security | 132


communication with Azure workloads. A No NAT network can be used where configuring a floating IP for each
VM is not feasible.
In a single Flow Gateway deployment, the traffic exiting through the No NAT path retains its source IP. You
must provide externally routable IP addresses, which are the IP addresses within the VPC that can communicate
externally without NAT.
In a scaled-out Flow Gateway deployment, the transit VPC distributes the traffic across all Flow Gateway
instances based on the ECMP default route that points to the external subnets. BGP VMs are deployed as Azure
native VM instances in the Prism Central VNet. Azure Route Server is deployed and configured in the Hub VNet.
User VPC ERPs are advertised to Azure Route Server through BGP VMs with all Flow Gateways as the next hop.
The transit VPC ERP is not advertised to Azure Route Server through BGP VMs.
For more information, see Configuring Connectivity for User VMs without NAT.
• Both: If you need to connect to both NAT and No NAT subnets, you must configure static routes in the user VPC
to specify which traffic exits through which external network.
In a scaled-out Flow Gateway deployment, when one of the Flow Gateways goes down, the traffic being forwarded
through that Flow Gateway is diverted to the other Flow Gateways. For No NAT traffic, this implies removing that
Flow Gateway from the ECMP route for both the north-bound and south-bound traffic paths. For NAT traffic, the
NAT IPs hosted on this Flow Gateway are moved to the other Flow Gateways.

Configuring Connectivity for User VMs with NAT


You can deploy a user VPC on the Nutanix cluster infrastructure to manage the internal and external networking
requirements using Flow Virtual Networking.
The traffic that exits through the NAT external subnet (the overlay-external-subnet-with-nat in the transit VPC)
has the source IP translated to the SNAT IP. Outbound connectivity happens using the source NAT and inbound
connectivity using the floating IP. Both SNAT and floating IPs are the Azure-native IPs hosted on the Flow gateway.

Note: While creating a user VPC, you can add a maximum of two external subnets - one external subnet with NAT and
one external subnet without NAT to the VPC. Both external subnets cannot be of the same type.

The workflow to create a complete network with NAT based on a VPC includes the following steps:
1. Create a user VPC.
Deploy a user VPC on Nutanix cluster infrastructure to manage the internal and external networking requirements.
See Creating a User VPC.
2. Add an Overlay subnet to the user VPC.
Create an overlay subnet in the user VPC where the VMs would be hosted. For example, 20.1.1.0/24.

Note: It must not overlap with Azure VNet prefixes and the overlay external subnet in the transit VPC.

See Creating an Overlay Subnet in the User VPC.


3. Attach the overlay subnet to the user VMs. See Attaching a Subnet to a Virtual Machine.
4. Request floating IPs.
A floating IP address is required only if inbound connectivity to the VM is required from outside the VPC over the
NATed external subnet. See Requesting Floating IPs for NAT Subnets.
5. Create static routes.
Configure static routes in the VPC to specify which traffic goes out through which external subnet. If you use one
external subnet, NAT or No NAT, you must add a default route in the VPC as the next hop. If you use both NAT
and No NAT, you must configure the route to specify which destination prefix must use which external subnet as
the next hop. See Creating Static Routes.
For more information, see the Flow Virtual Networking Guide.

Cloud Clusters (NC2) | User VM Network Management and Security | 133


Configuring Connectivity for User VMs without NAT
You can deploy a user VPC on the Nutanix cluster infrastructure to manage the internal and external networking
requirements using Flow Virtual Networking.
The traffic exiting through the No NAT path retains its source IP. You must provide externally routable IP addresses,
which are the IP addresses within the VPC that can communicate externally without NAT.

Table 16: An example scenario for a No NAT network

Resource IP Address/CIDR
Overlay external subnet without NAT in the transit VPC 100.64.1.0/24
ERP in the transit VPC 10.1.0.0/16
ERP in the user VPC 10.1.1.0/24
Overlay subnets in the user VPC 10.1.1.128/26, 10.1.1.64/26

The workflow to create a complete No NAT network based on a VPC includes the following steps:
1. Create an overlay (No NAT) subnet in the transit VPC with a prefix that does not overlap with the destination
prefixes, including Azure VNet prefixes and on-prem subnets. For example, 100.64.1.0/24. Follow the steps listed
in Creating an Overlay External Subnet in Transit VPC for No NAT.
2. Configure the externally routable prefix list (ERP) in the transit VPC for the entire range of user VM IPs across
all user VPCs that need to get No-NAT access. For example, 10.1.0.0/16. It must not overlap with the destination
prefixes, including Azure VNet prefixes and on-prem subnets. For more information, see Configuring ERP in
Transit VPC.
3. Based on the scaled-our or a single Flow Gateway deployment, perform the following:

• For a single Flow Gateway (non-scaled-out Flow Gateway deployment): Configure route table entries in
Azure. See Configuring a Route Table for No NAT Connectivity.
• For a scaled-out Flow Gateway deployment: While deploying a cluster, the NC2 console uses any existing
Azure Route Server or deploys a new Route Server in the specified Hub VNet if no existing Azure Route
Server is available. NC2 performs the required peering between the Route Server ad BGP VMs.
If you choose to use existing Azure resources, such as VNets, you can create a subnet for BGP in either Prism
Central VNet or Cluster VNet. If the BGP subnet is in Prism Central VNet, you must manually perform
peering between the Prism Central VNet and the VNet where the Azure Route Server is deployed. If the BGP
subnet is in Cluster VNet, you must manually perform peering between the Cluster VNet and the VNet where
the Azure Route Server is deployed.
See No NAT Connectivity in Scaled-out Flow Gateway Deployment.
4. Deploy a user VPC on Nutanix cluster infrastructure to manage the internal and external networking requirements.
Connect the user VPC to the No-NAT external overlay subnet in the transit VPC.
See Creating a User VPC.
5. Configure ERP in the user VPC with a prefix that is taken from the transit VPC ERP. For example, 10.1.1.0/24.
This ERP must be a sub-prefix of the ERP in the transit VPC. For more information, see Configuring ERP in
User VPC.
6. Create an overlay subnet in the user VPC with the same prefix or sub-prefix of the ERP on the user VPC. See
Creating an Overlay Subnet in the User VPC.

Note: Ensure that the externally routable IP addresses (subnets with external connectivity without NAT) for
different VPCs do not overlap.

Cloud Clusters (NC2) | User VM Network Management and Security | 134


7. Attach the overlay subnet to the user VMs. The VMs attached to this overlay subnet has No NAT connectivity to
the Azure network. See Attaching the Subnets to VMs.
8. Configure static routes in the VPC to specify which traffic goes out through which external subnet. If you use one
external subnet, NAT or No NAT, you must add a default route in the VPC as the next hop. If you use both NAT
and No NAT, you must configure the route to specify which destination prefix must use which external subnet as
the next hop. See Creating Static Routes.
9. Configure security group on the Flow Gateway external NIC to allow outbound and inbound access from and to
ERP. See Security Rules for Connectivity with No-NAT.
For more information, see the Flow Virtual Networking Guide.

Creating an Overlay External Subnet in Transit VPC for No NAT


You must create an overlay (No NAT) subnet in the transit VPC with a prefix that does not overlap with the
destination prefixes, including Azure VNet prefixes and on-prem subnets. For example, 100.64.1.0/24.
The No NAT overlay subnet prefix is used to hand out IPs for logical connectivity between user VPC and transit
VPC. These IPs are not carried by packet and do not have any bearing on packet forwarding in the Azure network.
To create an overlay external subnet in the transit VPC for No NAT connectivity, perform the following:

Procedure

1. Sign in to the Prism Central web console.

2. Click the entities menu in the main menu, expand Network & Security, and then select Virtual Private
Clouds. The Virtual Private Clouds List page appears.

3. Select the transit VPC for configuring external connectivity without NAT.

Figure 82: Create No NAT Subnet in the Transit VPC

Cloud Clusters (NC2) | User VM Network Management and Security | 135


4. Click Create Subnet. The Create Subnet dialog appears.

Figure 83: Create Subnet Dialog

5. Provide the following information:

• Name: Provide a name for the subnet.


• Type: The overlay subnet type is populated.
• IP Address Management: Provide the Network IP Address / Prefix - Gateway IP Address for the
prefix.
• IP Pool: Defines a range of addresses. Specify at least one IP address pool. IP addresses are used for
assigning external IPs to VPCs.
1. Click the Create Pool button and enter the following on the Add IP Pool page.
2. Enter the starting IP address of the range in the Start Address field.
3. Enter the ending IP address of the range in the End Address field.
4. Under Actions, click the check mark to submit the starting and ending IP addresses you entered. You can
click the X mark to remove the entries.

Cloud Clusters (NC2) | User VM Network Management and Security | 136


6. Click Create.

Configuring ERP in Transit VPC


Configure the externally routable prefix list (ERP) in the transit VPC for the entire range of user VM IPs
across all user VPCs that need to get No-NAT access. For example, 10.1.0.0/16; it must not overlap with
the destination prefixes, including Azure VNet prefixes and on-prem subnets.

Note: The transit VPC ERP must not be the same as user VPC ERPs, it must be a superset of all ERPs.

To configure ERP in the transit VPC:

Procedure

1. Sign in to the Prism Central web console.

2. Click the entities menu in the main menu, expand Network & Security, and then select Virtual Private
Clouds. The Virtual Private Clouds List page appears.

Cloud Clusters (NC2) | User VM Network Management and Security | 137


3. Select the transit VPC. The Update VPC dialog appears.

Figure 84: Update Transit VPC

4. In the Externally Routable IP Addresses field, specify the prefixes of the user VPC subnets that need to be
accessed through the No NAT option.

5. Click Update.

Configuring a Route Table for No NAT Connectivity


For No NAT connectivity in a single Flow Gateway (non-scaled-out Flow Gateway deployment), you must add a
user-defined route (UDR) in Azure with the ERP prefix of the Transit VPC subnet as destination IP address and the
Flow gateway external IP as the next hop address, and then associate the route table (UDR) to the Azure subnets from
where the No-NAT connectivity to user VMs is required. In case of VPN connection to on-prem, the UDR would be
associated with the subnet where the VPN gateway is hosted.
If you want to use a scaled-out Flow Gateway deployment, see No NAT Connectivity in Scaled-out Flow
Gateway Deployment.

Cloud Clusters (NC2) | User VM Network Management and Security | 138


Note: For Azure VMs to communicate with the user VMs in Nutanix VPC using the VM IPs and not the floating IPs,
you must define a route rule in the routing table of the Azure VNets where the VMs reside with the next hop IP address
of the Flow Gateway for Nutanix VPC prefixes. Also, the ERP must not conflict with the IPs in Azure native subnets.
Nutanix recommends checking with your Azure network administrator about the prefixes used for Azure native subnets.

For more information, see Microsoft documentation.

Procedure

1. To add a route table:

a. Sign in to the Azure portal with your Azure account.


b. Search for Route table using the Search box, and then select Route table that appears.
c. In the Route table page, select Create.
d. In the Create route table dialog box, enter the following details:

• Name: Enter a name for the route table.


• Subscription: Select the subscription to deploy the route table in. This must be the same Azure
subscription that you set up in Setting up an Azure Subscription.
• Resource group: Choose an existing Resource group or select Create new to create a new resource
group.
• Location: Select a region to deploy the route table in. This must be the same Azure region you plan to use
for NC2 on Azure deployment. For more information on the supported Azure regions, see Azure Regions.
• Propagate gateway routes: Set the virtual network gateway route propagation to Enabled.
e. Click Review + create and then Create to create your new route table.

Cloud Clusters (NC2) | User VM Network Management and Security | 139


2. To add a route entry:

a. Go to the Azure portal home page and then search for and select Route tables.
b. In the route table list, choose the route table you created in step 1 to add a route to.
c. From the route table menu bar, choose Routes and then click Add.
d. Enter the following details:

• Name: Enter a unique name for the route within the route table.
• Address prefix destination: Select IP Addresses.
• Destination IP addresses/CIDR ranges: Enter the Address prefix CIDR that you want to route traffic
to. Here, the ERP prefix of the transit VPC subnet must be the destination IP address.

Note: You must not duplicate the prefix in more than one route within the route table. The prefix can be
within another prefix. For example, if you used 10.0.0.0/16 as a prefix in one route, you can still use another
route with the 10.0.0.0/22 address prefix.

• Next hop type: Choose Virtual Appliance as the next hop type.
• Next hop address: Enter an IP address for Next hop address. Here, the Flow gateway external IP
must be the next hop address.
e. Click OK.

Figure 85: Add a route entry

Cloud Clusters (NC2) | User VM Network Management and Security | 140


3. To associate a route table to a subnet:

a. Go to the Azure portal home page, and then search for and select Virtual networks.
b. In the virtual network list, choose the virtual network that contains the subnet you want to associate a route
table to.
c. In the virtual network menu bar, choose Subnets.
d. Select the subnet you want to associate the route table to.
e. In Route table, choose the route table you want to associate to the subnet.
f. Click Save.

Figure 86: Associate a route table to a subnet

No NAT Connectivity in Scaled-out Flow Gateway Deployment


In a scaled-out Flow Gateway deployment, for northbound traffic, the Transit VPC distributes the traffic across 2 to 4
Flow Gateway instances based on the Equal Cost Multipath (ECMP) default route that points to the external subnets.
The transit VPC externally routable prefix list (ERP) is advertised to Azure Route Server with each Flow Gateway
external NIC as the next hop. Two BGP VMs are deployed as Azure native VM instances in the Prism Central VNet.
Azure Route Server is deployed and configured in the Hub VNet. The BGP VM advertises the ERPs to the Azure
Route Server, with each active Flow Gateway external IP as the next hop.
While deploying a cluster, the NC2 console checks for if there is any Azure Route Server configured. If an existing
Azure Route Server is found, the NC2 console displays the Route Server Subnet CIDR and Route Server IP
address. If no existing Azure Route Server is found, then NC2 deploys a new Route Server in the specified Hub
VNet.
In Route Server Subnet CIDR, you can specify the subnet CIDR in which the Route Server must be deployed.
NC2 automatically assigns an IP address. NC2 performs the required peering between the Route Server ad BGP VMs.
For entities in the Azure network to reach the No NAT IPs, the VNet hosting these entities need to be peered with the
Azure Route Server with route propagation enabled.
For more information on Azure Route Server, see Microsoft Documentation. Review the service limits for Azure
Route Server listed in Microsoft Documentation.
If you want No NAT connectivity in a single Flow Gateway (non-scaled-out Flow Gateway deployment), see
Configuring a Route Table for No NAT Connectivity.

Cloud Clusters (NC2) | User VM Network Management and Security | 141


Table 17: Flow Gateway VM Specifications

VM Type vCPUs Memory Bandwidth

Standard_D4_v4 4 16 GiB 10 Gbps


Standard_D32_v4 32 128 GiB 16 Gbps

Table 18: BGP VM Specifications

VM Type vCPUs Memory ASN Value

Standard_D4_v4 4 16 GiB 65000

Creating a User VPC


A subnet with external connectivity, referred to as an external subnet, is required if the VPC needs to send traffic to a
destination outside of the VPC.
To create a VPC, perform the following:

Procedure

1. Sign in to the NC2 Prism Central web console.

2. Click the entities menu in the main menu, expand Network & Security, and then select Virtual Private
Clouds. The Virtual Private Clouds List page appears.

Figure 87: Virtual Private Clouds Page

Cloud Clusters (NC2) | User VM Network Management and Security | 142


3. Click Create VPC. The Create VPC dialog opens.

Figure 88: Create VPC Dialog

Cloud Clusters (NC2) | User VM Network Management and Security | 143


4. Provide the necessary values in the respective fields in the Create VPC dialog.

• Name: Provide a name for the VPC.


• Under External Connectivity: Configure the parameters necessary for connectivity to the Internet or
clusters outside the VPC. A subnet with external connectivity (external subnet) is required if the VPC must
send traffic to a destination outside of the VPC.

Note: You can add a maximum of two external subnets - one external subnet with NAT and one external
subnet without NAT to a VPC. Both external subnets cannot be of the same type. For example, you cannot add
two external subnets, both with NAT. You can update an existing VPC similarly.

• External Subnets: Select an external subnet from the dropdown list. By associating the VPC with the
external subnet, you can provide external connectivity to the VPC.
The following subnets are displayed:

• The auto-configured overlay-external-subnet-nat that can be used for NAT


• The external subnet you created under transit VPC for No-NAT
• Externally Routable IP Addresses: (for No NAT connectivity) Provide IP addresses that are
externally routable. Externally routable IP addresses are IP addresses within the VPC, which can
communicate externally without NAT. These IP addresses are used when an external subnet without NAT
is used. This ERP must be a sub-prefix of the ERP in the transit VPC.

Note: Ensure that the externally routable IP addresses (subnets with external connectivity without NAT) for
different VPCs do not overlap.

• Domain Name Servers (DNS): DNS is advertised to user VMs through DHCP. This can be overridden
in the subnet configuration.

Note: User VPC cannot resolve the domain names if the DNS server is not provided. For more information
on DNS servers, see Configuring a DNS Server.

5. Click Save.

Configuring ERP in User VPC


You must configure ERP in the user VPC with a prefix is that taken from the transit VPC ERP. For
example, 10.1.1.0/24. This ERP must be a sub-prefix of the ERP in the transit VPC.
To configure ERP in the user VPC:

Procedure

1. Sign in to the Prism Central web console.

2. Click the entities menu in the main menu, expand Network & Security, and then select Virtual Private
Clouds. The Virtual Private Clouds List page appears.

Cloud Clusters (NC2) | User VM Network Management and Security | 144


3. Select the user VPC. The Update VPC dialog appears.

Figure 89: Update User VPC

4. In the Externally Routable IP Addresses field, specify the entire range of IP addresses taken from the transit
VPC ERP.

5. Click Update.

Requesting Floating IPs for NAT Subnets


When you need an inbound connectivity to your user VM, you must allocate a floating IP and associate it to that user
VM. An Azure entity can initiate connection to this user VM using the assigned floating IP.

Note: Floating IP gets allocated from the NAT pool of the external overlay subnet (overlay-external-subnet-with-
nat) in the transit VPC.

To request a floating IP, do the following:

Cloud Clusters (NC2) | User VM Network Management and Security | 145


Procedure

1. Sign in to the Prism Central web console.

2. Click the entities menu in the main menu, expand Network & Security, and then select Floating IPs. The
Floating IPs List page appears.

Figure 90: Floating IPs Page

3. Click Request Floating IP. The Request Floating IP(s) dialog appears.

Figure 91: Request Floating IP(s) Dialog

Cloud Clusters (NC2) | User VM Network Management and Security | 146


4. Provide the following information:

• External Subnet: Select the auto-configured overlay-external-subnet-nat that is displayed by default.


• Number of Floating IPs: Enter the number of floating IPs you want. You can request a maximum of 5
floating IP addresses at a time.
• Assign Floating IPs: Select this checkbox if you want to assign the floating IPs to specific VMs in the
table.
Based on the number you entered in the Number of Floating IPs field, the system provides an equivalent
number of rows of Search VMs and IP Address in the table.
Under Search VMs, select the VM to which you want to assign a floating IP address. Under IP Address,
select the IP address on the VM (primary or secondary IP address) to which you want to assign the floating IP.
You can assign multiple floating IP addresses to multiple secondary IP addresses that you can create on the
NIC of the VM.

5. Click Save.

Creating an Overlay Subnet in the User VPC


You must create an overlay subnet in the user VPC using the same prefix or sub-prefix of the ERP on the user VPC.
To create a subnet, perform the following:

Procedure

1. Sign in to the Prism Central web console.

2. Click the entities menu in the main menu, expand Network & Security, and then select Virtual Private
Clouds. The Virtual Private Clouds List page appears.

3. Click the user VPC name under which you want to create the subnet.

Figure 92: Create Subnet in the User VPC

Cloud Clusters (NC2) | User VM Network Management and Security | 147


4. Click Create Subnet. The Create Subnet dialog appears.

Figure 93: Create Subnet Dialog

Cloud Clusters (NC2) | User VM Network Management and Security | 148


5. Provide the following information:

• Name: Provide a name for the subnet.


• Type: The overlay subnet type is populated.
• IP Address Management: Provide the Network IP Address / Prefix - Gateway IP Address for the
prefix.

Note: For No-NAT connectivity, the overlay subnet in the user VPC must use the same prefix or sub-prefix of
the ERP on the user VPC. For example, 10.1.1.0/24.

• IP Pool: Defines a range of addresses. Specify at least one IP address pool. IP addresses are used for
assigning external IPs to VPCs. These external IPs can also be consumed as SNAT and floating IPs.
1. Click the Create Pool button and enter the following on the Add IP Pool page.
2. Enter the starting IP address of the range in the Start Address field.
3. Enter the ending IP address of the range in the End Address field.
4. Under Actions, click the check mark to submit the starting and ending IP addresses you entered. You can
click the X mark to remove the entries.
• Domain Settings: Select this checkbox to display fields for defining a domain.
Selecting this checkbox displays fields to specify DNS servers and domains. Clearing this checkbox hides
those fields.

Note: User VPC cannot resolve the domain names if the DNS server is not provided. For details on DNS
servers, see Configuring DNS Settings.

• Domain Name Servers: Provide a comma-separated list of DNS IP addresses. Example: 8.8.8.8, or
9.9.9.9
• Domain Search: Enter a comma-separated list of domain names. Use only the domain name format.
Example: nutanix.com
• Domain Name: Enter the domain name. Use only the domain name format. Example: nutanix.com
• TFTP Server Name: Enter a valid TFTP host server name of the TFTP server where you host the host
boot file. The IP address of the TFTP server must be accessible to the virtual machines to download a boot
file. Example: tftp_server103
• Boot File Name: The name of the boot file that the VMs must download from the TFTP host server.
Example: boot_ahv202010

6. Click Create.

Attaching the Subnets to VMs


To attach the overlay subnet to a VM, perform the following:

Procedure

1. Sign in to the Prism Central web console.

2. Select the VM that you want to attach a subnet to. Click Actions > Update.

3. In the Update VM dialog, click Add NIC.

Cloud Clusters (NC2) | User VM Network Management and Security | 149


4. Provide the necessary information in the indicated fields in the Create NIC dialog.

• Select the Subnet Name from the dropdown list.


• Select the Network Connection State as Connected or Disconnected. The Network Connection
State selection defines the state of the connection after the NIC configuration is implemented.
• Private IP Assignment: The details of the Network Address / Prefix are populated.
• Select the Assignment Type. You can select Assign with DHCP to assign a DHCP-based IP address to
the VM.
You can select Assign Static IP to assign a static IP address to the VM to reach the VM quickly from any
endpoint in the network such as a laptop.
• Secondary IP Address: (optional) Enter a comma-separated list of secondary IP addresses.
• Floating IP Assignment: Assign the floating IP address. You can assign the floating IP address to an IP
address, such as a private IP address in a VPC or the primary IP address of a VM or a secondary IP address
created on a VM.
• Click Add.

5. Click Save on the Update VM dialog.

Creating Static Routes


Add a route table entry with the next hop as the No NAT overlay external subnet for the routed external
connectivity without NAT. Add a Nutanix VPC route table to point to on-prem, Azure subnets, or any subnet
which needs to be reached from the user VPC subnets with the real IPs.
To create a static route, perform the following:

Procedure

1. Sign in to the Prism Central web console.

2. Click the entities menu in the main menu, expand Network & Security, and then select Virtual Private
Clouds. The Virtual Private Clouds List page appears.

Cloud Clusters (NC2) | User VM Network Management and Security | 150


3. On the VPC list view, select the VPC and click Manage Static Routes.

Figure 94: Manage Static Routes Dialog

4. Provide the following details:

• Destination Prefix: Provide the IP address with the prefix of the destination subnet.
• Next Hop: Select the next hop link from the dropdown list. The next hop is the IP address that the traffic must
be sent for the static route you are configuring.
• Add Static Route: You can create multiple static routes using this option. Click the Add Static Route link
to add another set of Destination Prefix and Next Hop to configure another static route.

5. Click Save.

Controlling North-South Traffic


While deploying NC2 on Azure, a default security group is created and attached to the cluster components, such as
VMs and gateways. You can modify these security groups to meet your specific requirements.

Security Rules for Connectivity with NAT


The following diagram shows the default security groups of Flow gateway in inbound and outbound security groups
for external NIC and internal NIC at the Azure portal > Resource Group > Nutanix Cluster Management
VNet > Nutanix Cluster Management (External) Subnet > Flow gateway VM > Settings > Networking.

Cloud Clusters (NC2) | User VM Network Management and Security | 151


Figure 95: Default Network Security Rules - NAT Subnet

Security Rules for Connectivity with No-NAT


If you have configured external connectivity without NAT, you must add the inbound and outbound security rules in
the Flow Gateway to control traffic from the user VPC to an external network (such as Azure network or Nutanix on-
prem cluster) and vice versa.
Perform the following steps to configure security rules for inbound (from an external network, such as Azure network
or Nutanix on-prem cluster to the user VPC) and outbound (from the user VPC to an external network, such as Azure
network or Nutanix on-prem cluster) traffic without NAT:

Procedure

1. Sign in to your Azure portal and go to Resource groups.

2. Navigate to your resource group.

3. Go to the Flow Gateway VM, and then click Settings > Networking.

4. Select the external NIC tab.

5. Click the Inbound port rules tab, and then click Add inbound port rule to configure port rules for inbound
traffic.

Figure 96: Port Rules

Cloud Clusters (NC2) | User VM Network Management and Security | 152


6. Add or select the following details on the Add inbound security rule dialog:

• Source: Select Source IP addresses to provide IP addresses from which you want to connect.
• Source IP addresses/CIDR ranges: Enter the IP addresses and CIDR of the source from where you
want to access the user VPC. For example, IP addresses/CIDR of the Nutanix on-prem Prism Central subnet.
• Source port ranges: Keep the default *.
• Destination: Keep the default value, which is Any or enter the real IP of the user VPC subnet or the
floating IP.
• Service: Select Custom to provide a specific port to use.
• Destination port ranges: Enter the destination port range based on your requirements. For example, 22
for SSH.
• Protocol: Keep the default value, which is Any.
• Action: Select Allow.
• Priority: Provide the priority. The priority affects the order in which rules are applied: the lower the
numerical value, the earlier the rule is applied.
• Name and Description: Enter a name and description for the inbound security rule.

Cloud Clusters (NC2) | User VM Network Management and Security | 153


Figure 97: Add inbound security rules

Cloud Clusters (NC2) | User VM Network Management and Security | 154


7. Click Add.
The inbound rule that you added appears as shown in the following diagram.

Figure 98: Inbound Port Rules - No NAT Subnet

8. Click the Outbound port rules tab, and then click Add outbound port rule to configure port rules for
outbound traffic without NAT.

Cloud Clusters (NC2) | User VM Network Management and Security | 155


9. Add or select the required details on the Add outbound security rule dialog.

• Source: Select Any or provide the user VPC subnet.


• Source port ranges: Keep the default *.
• Destination: Select IP Addresses.
• Destination IP addresses/CIDR ranges: Enter the IP addresses and CIDR of the destination to which
you want to connect from the user VPC. For example, IP addresses/CIDR of the Nutanix on-prem Prism
Central subnet.
• Service: Select Custom to provide a specific port to use.
• Destination port ranges: Enter the destination port range. For example, 443 for HTTPS.
• Protocol: Keep the default value, which is Any.
• Action: Select Allow.
• Priority: Provide the priority. The priority affects the order in which rules are applied: the lower the
numerical value, the earlier the rule is applied.
• Name and Description: Enter a name and description for the outbound security rule.

Cloud Clusters (NC2) | User VM Network Management and Security | 156


Figure 99: Add outbound security rules

Cloud Clusters (NC2) | User VM Network Management and Security | 157


10. Click Add.
The outbound rule that you added appears as shown in the following diagram.

Figure 100: Outbound Port Rules- No NAT Subnet

For more information on network security rules, see Microsoft documentation.

Cloud Clusters (NC2) | User VM Network Management and Security | 158


NC2 CLUSTER MANAGEMENT
This section provides details on how you can modify, update, manually condemn, display Azure events, resume, and
delete NC2 running on Azure using the NC2 console.

NC2 Management Console


Nutanix provides three management consoles, namely NC2 console, Prism Element web console, and Prism Central
web console, to provision and manage your Azure resources.

• NC2 console: You can access the NC2 console from your existing My Nutanix account. You can use the NC2
console to create, update, and delete a Nutanix cluster running on Azure.
• Prism Central web console: While deploying NC2 on Azure, a new Prism Central instance is deployed, or an
existing Prism Central instance is registered based on your selections, and Flow Virtual Networking is enabled to
provide overlay networking. Prism Central is used to manage multiple Nutanix clusters.
For more information on how to sign into the Prism Central web console, see Logging Into Prism Central.
Prism Central can manage your deployed NC2 on Azure clusters alongside your on-prem clusters and other
clouds. Prism Central also manages AOS upgrades for on-prem and cloud-based Nutanix clusters. For more
information on creating a user VM and managing multiple Nutanix clusters, see Prism Central Infrastructure
Guide.
• Prism Element web console: You can use the Prism Element web console to manage routine Nutanix tasks in
a single console. Unlike Prism Central, Prism Element is used to manage a specific Nutanix cluster. For more
information on managing Nutanix tasks, see Prism Web Console Guide.

Figure 101: NC2 Management Console

NC2 Console
The NC2 console displays information about clusters, organizations, and customers.
The following section explains all the tasks that you can perform and view from this console.

Cloud Clusters (NC2) | NC2 Cluster Management | 159


Main Menu
The following options are displayed in the main menu at the top of the NC2 console.

Figure 102: NC2 Console - Main Menu

Navigation Menu
The navigation menu has three tabs: Clusters, Organizations, and Customers.
Tasks
1. The circle icon displays ongoing actions performed in a system that takes a while to complete.
For example, actions like creating a cluster or changing cluster capacity.
The circle icon also displays the progress of each ongoing task, and a success message appears if the task is
complete, or an error message appears if the task fails.
2. The gear icon displays the source details of each task performed.
For example, Account, Organization, or Customer.
Notifications
1. The bell icon displays notifications if some event in the system occurs or if there is a need to act and resolve the
existing issue.

Note: You can choose to Dismiss notifications from the Notification Center. However, the dismissed
notifications no longer appear to you or any other user.

2. The gear icon displays source details and a tick mark to acknowledge notifications.
3. The dropdown arrow to the right of each notification displays more information about the notification.

Note: If you want to receive notifications about a cluster that you do not create, you must be an organization admin
and subscribe to notifications of the respective clusters in the Notification Center. The cluster creator is subscribed to
notifications by default.

User Menu
Displays the username option to edit the account details.

Cloud Clusters (NC2) | NC2 Cluster Management | 160


1. Profile option displays the following tabs.

• General: Edit your First name, Last name, Email, and Change password from this screen. This screen
also displays various roles assigned.
• Preferences: Displays enable or disable slider options based on preference.
• Storage Providers: Displays storage providers, such as Google Drive, Dropbox, OneDrive, and Box.
• Advanced: Displays various assertion fields and values.
• Notification Center: Displays the list of Tasks, Notifications, and Subscriptions from this view.
2. Go back to return to the main menu, and Logout options are displayed.
Navigation Menu
The navigation menu has three tabs on the top; Clusters, Organizations, and Customers, and two tabs in the
bottom; Documentation and Support.

• Displays the Create Cluster option to create a new cluster.


• Provides a search bar to Search Clusters.
• Displays a list of all active clusters by default.
Displays a filter button to the right of the search bar. Click Active or Deleted to switch the list of currently
visible active or terminated clusters, respectively.
• Displays details of each cluster, such as Name, Organization, Cloud, Created On, Capacity, and Status.
The last created cluster is on top by default and to change the order, click cluster Name heading to change the
value and direction by which the entries are ordered.
• The ellipsis icon against each cluster displays options like Audit Trail, Users, Notification Center, and
Settings.

• Audit Trail: Contains the activity log of all actions performed by you on a specific cluster.
• Users: Contains all the screens for user management, such as Authentication Providers and Support
options.
• Notification Center: Shows a complete list of all the tasks and notifications.
• Settings: Contains screens to update the settings of clusters.
• Terminate: Opens the dialog where you can terminate the cluster.

Organizations

Cloud Clusters (NC2) | NC2 Cluster Management | 161


Figure 103: NC2 Console - Organization

• Displays the Create Organization option to create a new organization.


• Provides a search bar to Search Organizations.
• Displays a list of active organizations by default.
Displays a filter button to the right of the search bar. Click Active or Terminated to switch the list of currently
visible active or terminated organizations, respectively.
• Displays the details of each organization such as Name, Customer, Description, URL Name, and Status.
The last created organization is on the top by default and to change the order, click the organization Name
heading to change the value and direction by which the entries are ordered.
• The ellipsis icon against each organization displays options like Audit Trail, Users, Notification Center, and
Update.

• Audit Trail: Contains the activity log of all actions performed on a specific organization.
• Users: Contains all screens for user management like User Invitations, Permissions, Authentication
Providers, and Support options.
• Sessions: Contains the basic information of the organizations and lists the active clusters and cloud
accounts.
• Notification Center: Shows a complete list of all Tasks and Notifications.
• Cloud Accounts: Displays the status of the Cloud Account if it is active (A-Green) or inactive (I-Red).
• Update: Contains options to update settings of organizations.

Customers

Cloud Clusters (NC2) | NC2 Cluster Management | 162


Figure 104: NC2 Console - Customers

• Displays a search bar to Search Customers.


• Displays a list of active customers by default.
Displays a filter button to the right of the search bar. Click Active or Terminated to switch the list of currently
visible active or terminated customers, respectively.
• Displays details of each customer, such as Customer Name, Description, URL Name, Billing and Status.
The last created customer is on the top by default and to change the order, click the customer Name heading to
change the value and direction by which the entries are ordered.
• The ellipsis icon against each customer displays options like Audit Trail, Users, Notification Center,
Update and Cloud Accounts.

• Audit Trail: Contains the activity log of all actions performed on a specific cluster.
• Users: Contains all screens for user management like user invitations, permissions, authentication providers.
• Notification Center: Shows complete list of all tasks and notifications.
• Cloud Accounts: Displays the status of the cloud account if it is active (A-Green) or inactive (I-Red).
• Update: Contains options to update settings of customers.
Documentation
Directs you to the documentation section of NC2.
Support
Directs you to the Nutanix Support portal.

Audit Trail
Administrators can monitor user activity using the Audit Trail. Audit Trail provides administrators with an audit
log to track and search through account actions. Account activity can be audited at all levels of the NC2 console
hierarchy.
You can access the Audit Trail page for an Organization or Customer entity from the menu button to the right of the
desired entity.

Cloud Clusters (NC2) | NC2 Cluster Management | 163


Figure 105: Audit Trail

The following figure illustrates the Audit Trail at the organization level.

Figure 106: Audit Trail - Download CSV

Under the Audit Trail section header, you can search the audit trail by first name, last name, and email address. You
can also click the column titles to sort the Audit Trail by ascending or descending order.
If you want to search for audit events within a certain period, click the date range in the upper right corner of the
section. Set your desired period by clicking on the starting and ending dates in the calendar view.
You can filter your results using the filter icon in the top right corner by specific account action.
You can download the details of your Audit Trail in CSV format by clicking the Download CSV link in the upper
right corner. The CSV will provide all Audit Trail details for the period specified to the left of the download link.

Notification Center
Admins can easily stay up to date regarding their NC2 resources with the Notification Center. Real-time notifications
are displayed in a Notification Center widget at the top of the NC2 console. The Notification Center displays two
different types of information: tasks and notifications. The information displayed in the Notification Center can be for
organizations or customer entities.

Note: Customer Administrators can see notifications for all organizations and accounts associated with the tenant by
navigating to the Customer or Organization dashboard from the initial NC2 console view and clicking Notification
Center.

Notification Center Widget


The Notification Center splits information into two categories: Tasks (bullet list icon) and notifications (bell icon).
Clicking these icons from the NC2 console view will display a list of pending tasks or notifications to which the
current user is subscribed.

Cloud Clusters (NC2) | NC2 Cluster Management | 164


Figure 107: Notification Center

Tasks
Tasks (bullet list icon) show the status of various changes made within the platform. For example, creating an
account, changing capacity settings, and so on trigger a task notification informing the admin that an event has
started, is in progress, or has been completed.
Notifications
Notifications (bell icon) differ from tasks; notifications notify administrators when specific events happen. For
example, resource limits, cloud provider communication issues, and so on.). There are three types of notifications:
info, warning, or error.
Dismiss Tasks and Notifications
You can dismiss tasks or notifications from the Notification Center widget by selecting the task or notification icon
and click the dismiss (x) button inside the event.
Dismissing an event only dismisses the task or notification for your console view; other subscribed admins still see
the event.
Acknowledge Notifications
You can click the check mark icon to acknowledge and dismiss a notification for all users subscribed to that resource.
Acknowledging a notification removes it from the widget, but the notification is still available on the Notification
Center page.

Note: Acknowledging a notification will dismiss it for all administrators subscribed to the same resource.

Configuring Email Notifications for Alerts


Administrators can subscribe or unsubscribe to receive notification emails from the NC2 console for specific clusters
or organizations to ensure that they are in the loop when changes are made, or alerts are triggered.
A few example scenarios where automated email notifications are sent include:

• An NC2 cluster is successfully created.


• A user is added to an organization or customer account.
• When the cluster is ready for the customer to start using.
Follow these steps to configure email notifications:

Procedure

1. Sign in to the NC2 console: https://cloud.nutanix.com

Cloud Clusters (NC2) | NC2 Cluster Management | 165


2. On the Clusters page, click the ellipsis icon against the desired cluster for which you want to configure email
notifications.

Note: If you want to set email notifications for an organization or customer entity, select the Organizations or
Customers tab.

Figure 108: Cluster Notification Center

3. Click Notification Center.

4. On the Notification Center page, click the Settings tab.

Figure 109: Notification Settings

Cloud Clusters (NC2) | NC2 Cluster Management | 166


5. Under Notification Settings, specify the following:

• Receive email notifications: To enable automatic email notifications, turn on the Receive email
notifications toggle.
• Severity:

• Info: Receive emails for informational notifications


• Warning: Receive emails for warning notifications
• Critical: Receive emails for critical notifications
• Recipients: Enter the email address of the recipient. To add more recipients, click Add Recipient and then
provide the email address.

6. Click Save.

Updating the Cluster Capacity


You can expand the cluster by adding more nodes to the cluster or shrink the cluster by removing nodes from the
cluster.
Ensure the following before you expand or shrink the cluster.

• Your cluster is at least a three-node cluster.


• Your cluster is in a Cluster Ready state.
You can add nodes of the same bare-metal instance type to your cluster.

Note: You must update the cluster capacity using the NC2 console only. You cannot update the cluster capacity using
the Prism Element web console.
When expanding an NCI cluster beyond what the NCI license covers, you need to purchase and manually
apply additional license capacity. Contact your Nutanix account representative to purchase an additional
license capacity.

Perform the following to update the capacity in your cluster:

Procedure

1. Sign in to NC2 from the My Nutanix dashboard.

2. On the Clusters page, click the name of the cluster.

Cloud Clusters (NC2) | NC2 Cluster Management | 167


3. In the Summary section, click Update Capacity under the Actions dropdown list.

Figure 110: Cluster Summary - Update Capacity

4. On the Capacity page, do the following in the indicated fields:

Figure 111: Update Capacity

• Host type. The host type used at the time of initial cluster creation is displayed. You cannot change the host
type.
• Number of Hosts. Click + or - depending on whether you want to add or remove nodes from the cluster.

Note: A maximum of 28 nodes are supported in a cluster. AOS 6.6 or higher version and Prism Central
pc.2022.9 or higher version provides the ability to expand an existing cluster capacity to 28 nodes. However,
with AOS versions earlier than 6.6 and Prism Central version earlier than pc.2022.9, a maximum of 13 nodes
are supported in a cluster.

5. In the Status column, you can track the progress of the update capacity operation. After the operation is
complete, the status changes to Cluster Ready.
The expansion operation is completed in approximately 25–30 minutes.

Cloud Clusters (NC2) | NC2 Cluster Management | 168


Migrating to Scaled-out Flow Gateway Deployment
If you have NC2 on Azure with a single Flow Gateway, you can migrate to the scaled-out Flow Gateway
deployment for higher resiliency and availability. For more information about scaled-out Flow Gateway
deployment and required networking configurations, see User VM Network Management and Security.

Note: If you use Prism Central 2023.3, AOS 6.7, and Network Controller 3.0.1 or later, then NC2 uses the Flow
Gateway scaled-out deployment model by default. However, the Flow Gateway scaled-out deployment works as desired
only for ExpressRoute. You must use Prism Central 2023.3 or later only if you use ExpressRoute. If you use a VPN,
then you must use the pre-6.7 version of AOS and pre-2023.3 version of Prism Central, where NC2 uses a single Flow
Gateway deployment model.

Before migrating from a single Flow Gateway deployment to the scaled-out Flow Gateway deployment, ensure that
you have the following:

• Prism Central 2023.3


• AOS 6.7
• Network Controller (Formerly Advanced Networking Controller (ANC)) 3.0.1
• AHV 20230302.207
If you use Prism Central 2022.9 or later with ANC 2.2.0, then first upgrade to Prism Central 2023.3, AOS 6.7, and
Network Controller 3.0.1. The order of upgrades must be Prism Central > AOS > AHV > Network Controller.

Note: If you use an older version of Prism Central than 2022.9, then upgrade Prism Central to 2023.1.0.1 and Network
Controller to 2.2.0, and then upgrade to Prism Central 2023.3 and Network Controller 3.0.1. Ensure that you upgrade
Network Controller 3.0.1 from Network Controller 2.2.0 and not from Network Controller 2.1.0. The order of upgrades
must be Prism Central > AOS > AHV > Network Controller.

For upgrade instructions, see:

• Prism Central: Upgrading Prism Central


• AOS: Life Cycle Manager Guide and Acropolis Upgrade Guide
• Network Controller: Upgrading Flow Virtual Networking
Follow these steps to migrate to the scaled-out Flow Gateway deployment:

Procedure

1. Sign in to the NC2 console.

2. On the Clusters page, click the cluster name for which you want to scale out the Flow Gateway.

Cloud Clusters (NC2) | NC2 Cluster Management | 169


3. Navigate to Settings > Flow Gateway.

Figure 112: Flow Gateway Settings

4. Under Flow Gateway VMs, the current and available version of the Flow Gateway VMs is displayed.
If a higher version is available, the Upgrade option is displayed. You can choose to upgrade the Flow Gateway
VMs.

Note: The Flow Gateway VM upgrade process might take 20 to 60 minutes and cause downtime.

Cloud Clusters (NC2) | NC2 Cluster Management | 170


5. Under Desired Network Bandwidth:

a. Click Scale out Flow Gateway VMs. The Scale-out Flow Gateway dialog appears.
b. Under Desired Network Bandwidth:
The traffic routed through Flow Gateway VMs is limited by the bandwidth of the native Azure VMs. In
addition to the Flow Gateway VMs, two additional native VMs are deployed to host the Border Gateway
Protocol (BGP) service.
The total network bandwidth is determined by the total number and type of Flow Gateway VMs. The
bandwidth of the native BGP VMs is not used for all traffic.

• Desired Network Bandwidth: Use the slider to choose the desired network bandwidth for the Flow
Gateway VMs. Based on the network bandwidth you select, the number of Flow Gateway VMs gets
updated.
You can hover over the FGW VMs to view the Flow Gateway VM specifications and hover over BGP
VMs to view the BGP VM specifications.
• Subnets:
If you have selected the Create New VNet option on the Network tab while creating the
cluster:
A list of subnets from the Prism Central VNet and their corresponding CIDR is displayed. Two subnets,
one as external and the other as internal, are created for Flow Gateway with the required CIDR. One
subnet is created for the BGP VM.

Note: The minimum CIDR for the two Flow Gateway subnets is /24, and for BGP Subnet is /28.

If you have selected the Use an existing VNet option on the Network tab while creating
the cluster:
Internal Subnet and External Subnet: Select the internal subnet and external subnet from the Prism
Central VNet.
BGP Subnet: Select a subnet for BGP from the Prism Central VNet or Cluster VNet.

Note: You can create a subnet for BGP in either Prism Central VNet or Cluster VNet. If the BGP subnet
is in Prism Central VNet, you must manually perform peering between the Prism Central VNet and
the VNet where the Azure Route Server is deployed. If the BGP subnet is in Cluster VNet, you must
manually perform peering between the Cluster VNet and the VNet where the Azure Route Server is
deployed.

Cloud Clusters (NC2) | NC2 Cluster Management | 171


6. Under Azure Route Server: The Azure Route Server enables NC2 to exchange route information with Azure
native virtual networks dynamically.
Perform the following:

a. Resource Group: Select the Resource Group where these VMs would be deployed. If you do not see the
Resource Group, click Refresh to refresh the list.
b. Route Server:

• If you have selected the Create New VNet option on the Network tab while creating the cluster, NC2
deploys a new Route Server in the selected VNet.
Hub Virtual Network (Hub vNet) CIDR: Specify the CIDR of the Hub VNet.
Route Server Subnet CIDR: specify the subnet CIDR in which the Route Server must be deployed.
NC2 automatically assigns an IP address.
• If you have selected the Use an existing VNet option on the Network tab while creating the cluster,
ensure that you have configured an Azure Route Server. If an existing Azure Route Server is found, the
Route Server Subnet CIDR and Route Server IP address are displayed.

Note: A minimum of a /27 subnet is needed to accommodate the Route Server.

7. (Optional) Under Advanced Settings, you can change the BGP ASN value under BGP Custom ASN.
All of your selections are captured and displayed on the Summary tab.

8. On the Summary tab, click Scale-out Flow Gateway.

9. Check the status on the cluster Summary page. After the BGP and Flow Gateway VMs are provisioned, the
Flow Gateway configuration gets initiated.

10. On the successful configuration of the scaled-out Flow Gateway, the Flow Gateway Status is marked as
Running.
You can hover over Flow Gateway Status and click Details to view the Flow Gateway details.

Scaling up or down Flow Gateway VMs


While deploying NC2 on Azure, you had the option to deploy a minimum of one and a maximum of four Flow
Gateway instances. You can scale up or down the Flow Gateway instances post-cluster deployment based on your
needs to reduce downtime, improve traffic throughput, and scale up configurations to add a node when you need to.
Perform the following steps to add or remove a Flow Gateway VM:

Procedure

1. Sign in to the NC2 console.

2. On the Clusters page, click the name of the cluster for which you want to scale out the Flow Gateway.

Cloud Clusters (NC2) | NC2 Cluster Management | 172


3. Navigate to Settings > Flow Gateway.

Figure 113: Flow Gateway Settings

4. Under Flow Gateway, the current and available version of the Flow Gateway VM is displayed.
If a higher version is available, the Upgrade option is displayed. You can choose to upgrade the Flow Gateway
VMs.

Note: The Flow Gateway VM upgrade process might take 20 to 60 minutes and cause downtime.

5. Under Desired Network Bandwidth, use the slider to choose the desired network bandwidth for the Flow
Gateway VMs. After you select the bandwidth, the number of Flow Gateway VMs gets updated. You can hover
over FGW VMs to view the Flow Gateway VM specifications and hover over BGP VMs to view the BGP VM
specifications.

6. Under Flow Gateway VM Access through SSH: select the key pair that consists of a private key and a public
key used to prove your identity while connecting to the host.

a. Use an existing Key Pair: Select an existing key pair from the Select SSH Key list.
b. Create a New Key Pair: In Key Resource Group, select an existing SSH key resource group or click
Create New Resource Group and enter the SSH key name.

7. Click Save to save the changes in Flow Gateway configurations.

Manually Replacing a Node


If any issues occur in a node in a cluster, you can choose to replace that node. The replace node operation first adds a
new node to the cluster, and then removes the node you want to replace.

Note:

Cloud Clusters (NC2) | NC2 Cluster Management | 173


As long as the node stays in your account, it keeps your data. Your data is retained even when the node is
rebooted. However, all data is erased when a node is deallocated (condemned in the NC2 portal or deleted
from the Azure portal (which you must not do)).
The replace node operation is not supported in a single-node cluster.

Perform the following to condemn a node in a cluster:

Note: If a node turns unhealthy and you add another node to a cluster for evacuation of data or VMs, Azure charges
you additionally for the new node.

Procedure

1. Sign in to NC2 from the My Nutanix dashboard.

2. On the Clusters page, click the name of the cluster.

3. On the Hosts page, click the ellipsis of the corresponding host you want to replace, and click Replace Host.

4. In the Replace Host dialog, specify why you want to condemn the node and click Confirm.

Figure 114: Replace Host Dialog

Azure Events in NC2


Events raised by Azure are sent to the cluster and the NC2 console displays these events in the notification center.
The following table shows the Azure events displayed in the notification center and the actions taken by the NC2
console to manage them:

Cloud Clusters (NC2) | NC2 Cluster Management | 174


Table 19: Azure Events in NC2

Event Description Action

Instance Retirement At the scheduled time, the bare- Nutanix automatically condemns
metal instance is stopped if it is the host, triggering replacement
backed by the Azure managed of the host.
disk or terminated if it is backed
by an instance store.
System reboot At the scheduled time, the Nutanix restarts the AHV host.
host running on the bare-metal
instance is restarted.
Instance status impaired An Azure VM status check is No action is taken.
failing for the bare-metal instance.
System Status impaired An Azure VM system status No action is taken.
check is failing for the bare-metal
instance
Instance Stopped Azure VM reports that the bare- Nutanix automatically condemns
metal instance is in stopped the host, triggering replacement
state when Nutanix expects it of the host.
to be in running state. When an
instance enters a stopped state,
the hardware reservation is lost,
and the instance store is erased.
Instance Terminated VM reports that the instance is in Nutanix automatically condemns
terminated state when Nutanix the host, triggering replacement
expects it to be in running state. of the host.
When an instance enters a
terminated state, the hardware
reservation is lost, and the
instance store erased.

Viewing Azure Events


This section provides instructions on viewing the Azure events in the NC2 console. The NC2 console does not display
AOS events. View the AOS alerts in the Prism Element web console.
To view the Azure events, perform the following:

Procedure

1. Sign in to NC2 from the My Nutanix dashboard.

2. Select the ellipsis button of a corresponding cluster and click Notification Center.
View AOS-specific alerts from Prism web console.

3. Go to the Notifications tab.


The Notifications page displays the Azure events such as messages, entity details, severity of the Azure events
that occur in your NC2 on the Azure environment.

4. To acknowledge a notification, in the row of a notification, click the corresponding ellipsis, and select
Acknowledge.

Cloud Clusters (NC2) | NC2 Cluster Management | 175


Viewing the Licensing Details of a Cluster
The Clusters page displays the details of the licenses that you have applied to a cluster and links to the licensing
portal where you can view and manage all your Nutanix licenses.
To display the licensing details of a cluster, perform the following:

Procedure

1. Sign in to NC2 from the My Nutanix dashboard.

2. On the Clusters page, click the name of the cluster whose licensing details you want to display.

3. In the Properties section, click View Details in Licensing.


This section displays information such as the number of cores, memory capacity, and storage capacity of the
cluster based on the license you have applied to the cluster.
The Nutanix licensing portal is displayed where you can view and manage all your Nutanix licenses.

Terminating a Cluster
You can terminate an NC2 cluster if you do not want to use the cluster anymore.

Note: You must only terminate the clusters from the NC2 console and not from your public cloud console. If you try
to terminate the cluster or some nodes in the cluster from your cloud console, then NC2 will continue to attempt to re-
provision your nodes in the cluster.
You do not need to delete the license reservation when terminating an NC2 cluster if you intend to use the
same license reservation quantity for a cluster you might create in the future.

Note: Ensure that the cluster on which Prism Central is deployed is not deleted if Prism Central has multiple Prism
Elements registered with it.

To terminate an NC2 cluster, perform the following procedure.

Procedure

1. Sign in to NC2 from the My Nutanix dashboard.

2. Go to the Clusters page, click the ellipsis in the row of the cluster you want to terminate, and click Terminate.

Cloud Clusters (NC2) | NC2 Cluster Management | 176


3. In the Terminate tab, select the confirmation message to terminate the cluster.

Figure 115: Terminate an NC2 cluster

Support Log Bundle Collection


You can generate a support logbay bundle that you can send to Nutanix Support if you need further assistance with a
reported issue.
Support logbay bundle of NC2 on Azure contains all the standard on-prem AOS logs and the following logs specific
to NC2:

• Clusters_agents_upgrader
• Cluster_agent
• Host_agent
• Hostsetup
• Infra_gateway
• cloudnet
You can collect the logs either by using the Prism Element web console or Nutanix Cluster Check (NCC) command
line.
For instructions about how to collect the logs by using the Prism Element web console, see Collecting Logs from
the Web Console with Logbay.
For instructions about how to collect the logs by using the NCC command line, see Logbay Log Collection
(Command Line).
You can collect the logs using logbay for a certain time frame and share the respective log bundle with Nutanix
Support to investigate the reported issue. You can upload logs collected by logbay on the Nutanix SFTP or FTP
server.
For more information on how to upload the collected logs, see Uploading Logbay Logs.

VM Management Using NGT


You can install Nutanix Guest Tools (NGT) in a user VM (Microsoft Windows or Linux) to enable the advanced VM
management features provided by Nutanix.

Cloud Clusters (NC2) | NC2 Cluster Management | 177


Note: When you install NGT from the Prism Central web console, ensure that you select the Skip and Mount option
in the NGT installation dialog so that only the NGT ISO gets mounted on a user VM. The automatic installation of
NGT is not supported with NC2 on Azure. On the user VM, you must manually install the NGT agent from the ISO
attached using the setup.exe on a Windows machine or setup_python.sh script on a Linux machine.

For more information, see Prism Web Console Guide.

Cloud Clusters (NC2) | NC2 Cluster Management | 178


NC2 USER MANAGEMENT
NC2 provides access control through which you can assign roles to users that you add to your My Nutanix account.
You have account administrator permissions by default when you sign up for a My Nutanix account. You can add two
more users with the account administrator role to the same account. Therefore, one account can have only three users
with the account administrator role at any given time. To add users to your account, you can either integrate your
organization's SAML authentication solution (Active Directory, Okta, and others) with My Nutanix or invite specific
users to access the NC2 console.
While the administrators can remove users from a tenant using the Global Admin Center, the users, tenant owner,
and administrators can choose to leave a tenant themselves on specific conditions using the Tenant Details feature,
which is available under My Nutanix > Profile > Profile Settings. When there are no users in the tenant or there
is no active subscription in the Billing Center, then the tenant owner can leave and close the tenant. When a tenant
is closed, all subscriptions and services associated with that tenant are erased. As the user's tenant-related data also
gets deleted, users will not be able to rejoin that tenant. If you must retain the data, then instead of closing the tenant,
invite a new account administrator from the Admin Center before leaving the tenant. For more information on the
Leave Tenant feature, see the Nutanix Cloud Services Administration Guide.

User Roles
The NC2 console uses a hierarchical approach to organizing administration and access to accounts.
The NC2 console has the following entities:

• Customer: This entity is the highest business entity in the NC2 platform. You create multiple organizations
under a customer and then create clusters within an organization. When you sign up for NC2, a Customer
entity is created for you. You can then create an Organization, add a cloud (Azure or AWS) account to that
organization, and create clusters in that organization. You cannot create a new Customer entity in your NC2
platform.
• Organization: This entity allows you to set up unique environments for different departments within your
company. You can create multiple clusters within an organization. You can separate your clusters based on your
specific requirements. For example, create an organization Finance and then create a cluster in the Finance
organization to run only your finance-related applications.

Note: One Azure cloud account can be part of only one organization. However, an organization can have multiple
Azure cloud accounts.

Users can be added from the Cluster, Organization, and Customer entities. However, the user roles that are available
while adding users vary based on whether the users are invited from the Cluster, Organization, and Customer entities.
Administrators can grant permissions based on their own level of access. For example, while a customer administrator
can assign any role to any cluster or organization under that customer entity, an organization administrator can only
grant roles for that organization and the clusters within that organization.
The following user roles are available in NC2.

Table 20: User Roles in NC2

Role Description
Customer Administrator Highest level of access. Customer administrators can create
and manage multiple organizations and clusters. Customer
administrators can also modify permissions for any of the user
roles.

Cloud Clusters (NC2) | NC2 User Management | 179


Role Description
Customer Auditor Customer Auditor users have read only access to functionality at
the customer, organizations, and account levels.
Customer Security Administrator Customer Security Administrator users can only access Audit Trail
and Users functions at the customer level to manage all authentication
providers (such as, Basic (username/password), Google, SAML2, and
API), configures SAML2 providers, manage SAML2 permissions, and
manages users for all organizations and accounts.

Organization Administrator Organization administrators can manage any organizations


assigned to them by the Customer administrator and those
organizations’ accounts. Organization administrators can only be
created by Customer administrators.
Organization Auditor Organization Auditor users have read only access to the
organization and clusters under the organization.
Organization Security Administrator Organization Security Administrator users can only access Audit Trail
and Users functions at the specified organization level to manage
all authentication providers (such as, Basic (username/password),
Google, SAML2, and API), configures SAML2 providers, manage
SAML2 permissions, and add users for all accounts under the specified
organization.

Cluster Administrator Cluster Administrator can access and manage any clusters
assigned to them by the Organization or Customer administrators.
Cluster Admin can also open, close, or extend a support tunnel for
the Nutanix Support team.
Cluster Super Admin Cluster Super Admin can open, close, or extend a support tunnel
for the Nutanix Support team.
Cluster Auditor Cluster Auditor users have read only access to the clusters under
the organization.
Cluster User Cluster User can access a specific cluster assigned to them by the
Cluster, Organization or Customer Administrator.

See the Local User Management section of the Nutanix Cloud Services Administration Guide for more
information about the following:

• Invite additional My Nutanix administrators.


• Remove the My Nutanix administrator.
• Resend or cancel the invite for a My Nutanix administrator.

Note: The user roles described in the Local User Management section of the Nutanix Cloud Services
Administration Guide guide are not applicable to NC2. For the user roles in NC2, see the user roles described in this
section.

See the Nutanix Cloud Services Administration Guide for more information about authentication mechanisms,
such as multi-factor authentication and SAML authentication.

Adding Users from the NC2 Console


The NC2 Customer and Organization Security Administrators can enforce the authentication settings for
your NC2 account. Cluster administrators and users can add other users and assign roles based on their

Cloud Clusters (NC2) | NC2 User Management | 180


own level of access to the NC2 resources. Users can be added at the customer account, organization, and
cluster level.

Note: Users can be added from the Cluster, Organization, and Customer entities. However, the user roles that
are available while adding users vary based on whether the users are invited from the Cluster, Organization, and
Customer entities. Administrators can grant permissions based on their own level of access. For example, while a
customer administrator can assign any role to any cluster or organization under that customer entity, an organization
administrator can only grant roles for that organization and the clusters within that organization.

Perform the following to add users to NC2:

Procedure

1. Sign in to the NC2 console.

2. Click the Customers tab.

3. Click the ellipsis icon against the desired customer entity, and click Users.
The Authentication tab displays the identity authentication providers that are currently enabled for your
account, and the relevant tabs for the enabled authentication providers are displayed. The NC2 account
administrator must have first unlocked the Enforce settings slider.

Figure 116: User Authentication Enforcement

Perform the following steps to invite users based on the authentication provider.

Cloud Clusters (NC2) | NC2 User Management | 181


4. To invite users with the basic authentication method where username and password is used:

a. Click the Basic (username/password) tab.

Figure 117: Invite Users with Basic Authentication


b. Click Invite Users.

Figure 118: Invite Users - Basic Authentication


c. Enter a comma-separated email address of the users you want to add to NC2. You can invite 100 users at a
time.
d. Select the desired user role for the invited user from the Roles list, and then select the desired customer entity.
Click Add to add more entries to assign more user roles.
e. Click Invite to invite the users to NC2.

Cloud Clusters (NC2) | NC2 User Management | 182


5. To invite users with the My Nutanix authentication method:

a. Click the My Nutanix tab.

Figure 119: My Nutanix Administrator Access


b. Enable or disable access to My Nutanix using the Allow Nutanix Admins on MyNutanix to administer
this customer slider. If you lock the My Nutanix slider, then the slider cannot be unlocked at the
Organization entity level.

Cloud Clusters (NC2) | NC2 User Management | 183


6. To invite users with Google authentication:

a. Click the Google tab.

Figure 120: Invite Users with Google Authentication


b. Click Add.

Figure 121: Add Google Authentication


c. Enter an email address or domain of the user you want to add to NC2.
d. Click Add Recipient to add more users.
e. Select the desired user role for the invited user from the Roles list, and then select the entity that the role
applies to. Click Add to add more entries to assign more user roles.
f. Click Add.

Cloud Clusters (NC2) | NC2 User Management | 184


7. To add users with SAML2 authentication, first add the SAML2 provider and then add the desired permissions:
To add a SAML2 provider:

a. Click the SAML 2 Providers tab.

Figure 122: Adding SAML 2 Provider


b. Click Add SAML 2 Provider. The Add A SAML 2 Identity Provider dialog appears.

Cloud Clusters (NC2) | NC2 User Management | 185


Figure 123: Adding a SAML 2 Identity Provider
c. Enter or select the following details:

• Application Id
• Auth provider metadata: URL or XML
• Metadata URL or Metadata XML
• Integration Name
• Custom Label
• Authentication token expiration
• Signed response
• Signed assertion
d. Click Add.
To add SAML 2 Permission:

a. Click the SAML 2 Permission tab. The SAML 2 Permissions dialog appears.
b. Click Add Permission. The Create A SAML2 Permission dialog appears.

Cloud Clusters (NC2) | NC2 User Management | 186


Figure 124: Creating A SAML2 Permission
c. Enter or select the following details:

• For provider: Select the SAML2 Provider you are designating permissions for.
• Allow Access:

• Always: Once the user is authenticated, they have access to the role you specify – no conditions
required.
• When all conditions are satisfied: The user must meet all conditions specified by the
administrator to be granted access to the role specified.
• When any condition is satisfied: The user can meet any conditions specified by the administrator
to be granted access to the role specified.
• Conditions: Specify your assertion claims and their values which correspond with the roles you wish to
grant.
• Grant roles: Select the desired roles you wish to grant to your users. You can add multiple role sets using
the Add button.
d. Click Save.
e. To update the SAML 2 permissions of the users in your account, click the SAML 2 Permissions tab. The
SAML 2 Permissions page displays the list of all users in your account.
f. Click the ellipsis icon against the user you want to edit the SAML 2 permissions for, and then click Update.
The Update a rule dialog appears.

Cloud Clusters (NC2) | NC2 User Management | 187


Figure 125: Updating a SAML 2 Permission Rule
g. Edit the details, such as roles.
h. Click Save.

Cloud Clusters (NC2) | NC2 User Management | 188


8. To invite users with API authentication:

a. Click the API tab. The APIs dialog appears.


b. Click Add API.

Figure 126: Adding an API


c. Enter a name for the API and select the desired role.
d. Click Add.
e. To update an API, click the API tab. The APIs page displays the list of all APIs in your account. Click the
ellipsis icon against the API you want to edit. You get Update, Delete, and Manage options. To update the
API, click Update. The Update API dialog appears.

Figure 127: Updating an API


f. Enter details, such as Roles.

Cloud Clusters (NC2) | NC2 User Management | 189


g. Click Save.
To manage API credentials, Click Manage. The Manage API Credentials dialog appears. Click the trash icon
if you want to delete the API key.
To delete an API, click Delete.

9. To invite users with Secure Anonymous: You can create many users without email invitation or activation.
Mass user creation can be used to deliver training and certification tests to end users who are guest users (not

Cloud Clusters (NC2) | NC2 User Management | 190


employees, but clients or anonymous users). This solution does not rely on any existing identity provider
integration.

a. Click the Secure Anonymous tab.

Figure 128: Anonymous Access Provider


b. Click Add Provider. The Add Anonymous Access Provider dialog appears.

Figure 129: Adding Anonymous Access Provider


c. Enter or select Name, Description, Token Duration, and Roles. Click Save.

Cloud Clusters (NC2) | NC2 User Management | 191


d. Once you have created a Secure Anonymous Token Provider and set the desired token duration and roles,
simply click on the ellipsis listed next to your Anonymous Access Provider and click Playground.
e. Specify the number of tokens you need, enable the Embed token in a URL toggle, and then click Generate
Anonymous Tokens.
f. All tokens and their pre-constructed URLs are copied to your clipboard. You can now distribute these URLs to
your end users to give them access to your NC2 environment.

Managing Support Authorization


NC2 specialists, a group of Nutanix Support team, can view customer names, organization names, and the
cluster details. However, they cannot access these entities or make any changes to these entities.
When you report any issue with your NC2 cluster, the specialists can request admin-level access to your cluster
entities to be able to view the cluster details and aid you in the troubleshooting process. If the specialist makes any
changes, these changes are logged in the audit trail. The admin-level access requests are granted by default; however,
NC2 provides a way to manage the support authorization to allow complete, partial, or block access to your entities.
Perform the following steps to manage support authorization:

Procedure

1. Sign in to the NC2 console.

2. Click the Organizations tab.

3. Click the ellipsis icon against the organization entity, and then click Users.

4. Click the Support tab. The Support Options page appears.


Under Support Options, you can specify how much control you would like to grant NC2 support engineers.

Figure 130: Support Authorization

Cloud Clusters (NC2) | NC2 User Management | 192


5. Select the required option under Support Authorization:

• Full access to this organization and its accounts: Grants NC2 support engineers the same level of
access as a Customer Administrator.
• Full access without ability to start sessions and manage users: NC2 support engineers may not
start sessions to your workload VMs.
• No Access: NC2 support engineers have no access to your customer and organization(s).

6. If you choose to give full access, then you can choose to give full access to specific NC2 specialists. Click Add
Personnel and then enter the email address of the NC2 specialist.
To revoke access, click the trashcan symbol listed to the right of the Nutanix staff member you would like to
remove from the Authorized Nutanix Personnel list. Click Save to apply your changes.

Cloud Clusters (NC2) | NC2 User Management | 193


API KEY MANAGEMENT FOR NC2
You can create API keys that can be used to assign roles to NC2 users.
Follow these steps to create an API key for NC2:

Cloud Clusters (NC2) | API Key Management for NC2 | 194


Procedure

1. Create an API key:

a. Sign in to https://my.nutanix.com with your My Nutanix account.

Note: Ensure that you select the correct workspace from the Workspace list on the My Nutanix dashboard. For
more information on workspaces, see Workspace Management.

b. In the My Nutanix dashboard, go to the API Key Management tile and click Launch.
If you have previously created API keys, a list of keys is displayed.
c. Click Create API Keys to create a new key.
The Create API Key dialog appears.

Figure 131: Creating an API Key


d. Select or enter the following details:

• Name: Enter a unique name for your API key to help you identify the key.
• Scope: Select the NC2 scope category under Cloud from the Scope list.

Cloud Clusters (NC2) | API Key Management for NC2 | 195


• Role: Select the NC2 role for which the API Key authorization/permissions will be used. You can select
one of these roles:

• Admin: Create or delete a cluster and all permissions that are assigned to the User role.
• User: Manage clusters, update cluster capacity, perform Flow Gateway upgrade and all permissions
that are assigned to the Viewer role.
• Viewer: View account, organization, cluster, and tasks on the NC2 console.
e. Click Create.
The Created API dialog is displayed.

Figure 132: Created API Key


f. Copy the API Key and Key ID field values and store them securely for use. You can use the clipboard button
to copy the value to your clipboard.

Note: You cannot recover the generated API key and key ID after you close this dialog.

For more details on API Key management, see the API Key Management section in the Licensing Guide.

Cloud Clusters (NC2) | API Key Management for NC2 | 196


2. Generate a JSON Web Token (JWT) token for authentication to call the REST APIs.
You can clone the script from https://github.com/nutanix/generate-jwt-key and update it as needed.

Note: This step uses Python to generate a JWT token. You can use other programming languages, such as
Javascript and Golang.

a. Run the following command to install the PyJwt package:


pip install PyJWT==2.3.0

b. Replace the API Key and Key ID in the following Python script and then run it to generate a JWT token.
Also, you can specify expiry time in seconds for the JWT token to remain valid. In the requesterip attribute,
enter the requester IP.
from datetime import datetime
from datetime import timedelta
import base64
import hmac
import hashlib
import jwt

api_key = "enter the API Key" # API_KEY


key_id = "enter the Key ID" # KEY_ID
aud_url = "https://apikeys.nutanix.com"

def generate_jwt():
curr_time = datetime.utcnow()
payload = {
"aud": aud_url,
"iat": curr_time,
"exp": curr_time + timedelta(seconds=120),
"iss": key_id,
"metadata": {
"reason": "fetch usages",
"requesterip": "enter the requester IP",
"date-time": curr_time.strftime("%m/%d/%Y, %H:%M:%S"),
"user-agent": "datamart"
}
}
signature = base64.b64encode(hmac.new(bytes(api_key, 'UTF-8'), bytes(key_id,
'UTF-8'), digestmod=hashlib.sha512).digest())
token = jwt.encode(payload, signature, algorithm='HS512',
headers={"kid": key_id})
print("Token (Validate): {}" .format(token))

generate_jwt()

c. A JWT token is generated. Copy the JWT token on your system for further use. The JWT token can be used as
an Authorization header when validating the API call. The JWT token remains valid for the duration that you
have specified.

Cloud Clusters (NC2) | API Key Management for NC2 | 197


COST ANALYTICS
NCM Cost Governance (formerly Beam) enables you to gain visibility into your Nutanix Cloud Clusters (NC2) spend
in Azure. The cost governance feature of Cost Governance provides visibility into your cloud consumption and, in
turn, helps you optimize and control the usage of your Nutanix clusters running in Azure.
If you use Cost Governance with NC2, you can analyze the cost of bare-metal instances, cost per VM, cost of
outbound traffic and network interfaces, and spend of storage of the Nutanix clusters in Azure.

• Key: nutanix:clusters:cluster-uuid
• Value: UUID of the cluster created in Azure
See the NCM Cost Governance User Guide for more information about setting up and using Cost Governance.

Integrating Cost Governance with NC2


To integrate Cost Governance with NC2, you must have a Cost Governance subscription and configure Cost
Governance with your Azure account.
Perform the following tasks to integrate Cost Governance with NC2:

Procedure

1. Subscribe to the Cost Governance service.


See the Cost Governance section in the Nutanix Cloud Services Administration Guide for instructions on
subscribing to the Cost Governance service.

2. Configure Cost Governance with your Azure account.


See the NCM Cost Governance User Guide for instructions on performing this task.
All the tags created in Azure are supported in Cost Governance.

Displaying Cost Analytics in the Cost Governance Console


You can display the cost of bare-metal instances, cost per VM, cost of VM outbound traffic and network interfaces,
and spend of storage of the Nutanix clusters in Azure in the Cost Governance console.
In the Cost Governance console, perform the following:

Note: For the up-to-date instructions about how to perform the following tasks, see the NCM Cost Governance
User Guide.

Procedure

1. Sign in to the Cost Governance console.

2. Select Azure and your Azure account in the cloud and account selection menu.

3. Click Analyze to display the Cost Analytics screen.

Cloud Clusters (NC2) | Cost Analytics | 198


4. To display the cost of VMs, do the following:

• In the Cost Analytics screen, go to Virtual Machine > Resource IDs.


• In the Filters pane, in the Tag Key field, select the nutanix:clusters:cluster-uuid and, in the Tag Value
field, select the UUID of the cluster for which you want to view the spend.
• Click Apply.

5. To display the cost of the VM outbound traffic, do the following:

• In the Cost Analytics screen, go to Data Services.


• In the Filters pane, in the Tag Key field, select the nutanix:clusters:cluster-uuid and, in the Tag Value
field, select the UUID of the cluster for which you want to view the spend.
• Click Apply.

6. To display the cost for each instance type, do the following:

• In the Cost Analytics screen, go to Virtual Machine > Subservices.


• In the Filters pane, in the Tag Key field, select the nutanix:clusters:cluster-uuid and, in the Tag Value
field, select the UUID of the cluster for which you want to view the spend.
• Click Apply.

7. To display the cost for each instance type, do the following:

• In the Cost Analytics screen, go to Storage.


• In the Filters pane, in the Tag Key field, select the nutanix:clusters:cluster-uuid and, in the Tag Value
field, select the UUID of the cluster for which you want to view the spend.
• Click Apply.

Cloud Clusters (NC2) | Cost Analytics | 199


DISASTER RECOVERY AND BACKUP
Note: NC2 on Azure does not support Prism Central backup and recovery. It only supports Nutanix Disaster Recovery
(formerly Leap) from Prism Central.

NC2 supports Asynchronous and NearSync replication. NearSync replication is supported with AOS 6.7.1.5 and later,
while Asynchronous replication is supported with all supported AOS versions. NearSync replication is supported only
when clusters run AHV; NC2 does not support cross-hypervisor disaster recovery. For more information on Nutanix
Disaster Recovery capabilities, see Nutanix Disaster Recovery Guide.
If you want to use protection policies and recovery plans to protect applications across multiple Nutanix clusters,
set up Nutanix Disaster Recovery from Prism Central. Disaster Recovery allows you to stage your application to
be restored in the correct order. You can also use protection policies to failback to on-prem if necessary. For data
protection and disaster recovery, you can pair your Prism Central of the Nutanix cluster running in Azure with the
Prism Central of the Nutanix cluster running in your on-prem datacenter. You must configure connectivity between
your on-prem datacenter and Azure VNet using the Azure VPN or Azure ExpressRoute. NC2 on Azure also supports
disaster recovery from on-prem to Azure over layer 2 stretched subnets. Layer 2 subnet extension assumes that the
underlay reachability between on-prem and Azure is over a VPN or ExpressRoute.
For more information on disaster recovery over the Layer 2 stretch, see Disaster Recovery Over Layer 2 Stretch.
For more information on disaster recovery without the Layer 2 stretch, see Disaster Recovery Without Layer 2
Stretch.

Note: Ensure that the Prism Central version is not End of Maintenance and End of Support Life. For more information,
see https://portal.nutanix.com/page/documents/eol/list?type=pc. For more information about the
compatibility of Prism Central with AOS, see https://portal.nutanix.com/page/documents/kbs/details?
targetId=kA00e000000LIi9CAG.

Disaster Recovery Without Layer 2 Stretch


For more information on disaster recovery, see Disaster Recovery Between On-Prem AZ and Nutanix Cloud
Cluster (NC2) and Disaster Recovery Between Two Nutanix Cloud Clusters.

Disaster Recovery Over Layer 2 Stretch


NC2 on Azure supports disaster recovery from on-prem to Azure over Layer 2 stretched subnets. Layer 2 subnet
extension assumes that the underlay reachability between on-prem and Azure is over a VPN or ExpressRoute.
Extending a subnet between on-premises local and remote clusters or sites (Availability Zones) supports the following
use cases:

• Disaster Recovery: Partial subnet failover while maintaining Layer 2 adjacency.


• Hybrid Cloud Connectivity: Active-Active Data Canters and run VMs in the same subnet in both sites.
• IP Portability: Seamless application migration between these clusters or sites while retaining their network
bindings such as IP address, MAC address, and default gateway.
• VPC to physical network extension: Connect VPC VMs to physical servers in the same VLAN with L2 VTEP
stretch to hardware. The on-prem subnet might be ESX, VLAN, or VPC.
For more information on Layer 2 Subnet Extension, Prerequisites, and Best Practices for setting up subnet extension,
see Layer 2 Subnet Extension.
Prerequisites
Ensure that you complete the following prerequisites before configuring disaster recovery from on-prem to Azure
VNet over Layer 2 stretched subnets:

Cloud Clusters (NC2) | Disaster Recovery and Backup | 200


• Understand how Layer 2 virtual network extension works in Flow Virtual Networking. For details, see Flow
Virtual Networking Guide.
• Understand how to use Nutanix Disaster Recovery. For details, see Nutanix Disaster Recovery Guide.
• Ensure that you have configured network connectivity for user VMs. For more information, see User VM
Network Management and Security.
• Ensure that you have configured Azure VPN /ExpressRoute. For details, see Setting up VPN or ExpressRoute.
• The cluster is running the minimum versions of AOS 6.6 and pc.2022.9.
• The following ports must be open:

• UDP port 500


• UDP port 4500
• ESP
• ICMP
• SSH
• VTEP Port 4789
• Note the Autonomous System Number (ASN) for on-prem and Azure if you configured eBGP as the external
routing protocol.
Workflow
Perform the following steps to configure L2 stretched network connectivity for disaster recovery:

Note: You can extend a subnet over VPN or VTEP gateway. These steps are validated using the Static route for
internal route configuration; however, OSPF, or eBGP route can also be used. eBGP is used for an external route
configuration.

The following steps cover both VPN and VTEP. The fields vary based on your selection for VPN or VTEP.

Procedure

1. Pair the Prism Central at the on-prem AZ with the Prism Central at the NC2 on Azure (remote AZ).
The Availability Zone Type must be selected as Physical Location. Ensure that the availability zone is
reachable.
For more information, see Pairing Availability Zones.

2. Create a subnet on the on-prem cluster. You can also use an existing subnet if that subnet is not used for user
VMs.
You can skip the IP Address Management and DHCP Settings fields for VLAN.
For more information, see Creating a Subnet.

3. Create a user VPC or use an existing user VPC.


For more information, see Creating a User VPC.

4. Create a local gateway on NC2 on Azure.


You can choose either VPN or VTEP gateway.
If you have selected the VPN gateway service: This gateway creates the Nutanix VPN VM on NC2 on Azure.
You can have existing overlay connectivity through VPN/ExpressRoute. You must select the Gateway

Cloud Clusters (NC2) | Disaster Recovery and Backup | 201


Attachment as VPC, and then select the user VPC. A floating IP gets assigned to the local gateway. You must
select the Routing Protocol as eBGP.
If you have selected the VTEP gateway service: The VxLAN (UDP) port must be kept as default 4789.
For more information, see Creating a Network Gateway.

5. Create a local gateway on the on-prem with the VLAN subnet created for the Nutanix VPN.
You can choose either VPN or VTEP gateway.
If you have selected the VPN gateway service: You must select the Gateway Attachment as VLAN. The
static IP address for the VPN comes from VLAN - the subnet created in step 2. The eBGP password must be the
same used earlier in step 4. This gateway creates the Nutanix VPN VM on the on-prem cluster.

Note: The subnet created for the overlay VPN must not be used to create UVMs.

If you have selected the VTEP gateway service: The VxLAN (UDP) port must be kept as default 4789.
For more information, see Creating a Network Gateway.

6. Create a remote gateway on NC2 on Azure.


You can choose either VPN or VTEP gateway.
If you have selected the VPN gateway service: You must use the on-prem local gateway IP address for the
Public IP Address option.
If you have selected VTEP gateway service: The VxLAN (UDP) port must be kept as default 4789. The VTEP
IP Addresses is the IP address of the remote endpoints that you want to create the gateway for.
For more information, see Creating a Network Gateway.

7. Create a remote gateway on on-prem.


You can choose either VPN or VTEP gateway.
If you have selected the VPN gateway service: You must use the NC2 on Azure local gateway IP address for the
Public IP Address option.
If you have selected VTEP gateway service: The VxLAN (UDP) port must be kept as default 4789. The VTEP
IP Addresses is the IP address of the remote endpoints that you want to create the gateway for.
For more information, see Creating a Network Gateway.

8. If you must extend the on-prem VLAN subnet over VPN, then perform these additional steps:

• Create a VPN connection on on-prem as an initiator. For more information, see Creating a VPN
Connection.
• Create a VPN connection on NC2 on Azure as an acceptor. For more information, see Creating a VPN
Connection.
• Make sure the IPSec and eBGP are enabled.

9. Extend the on-prem VLAN subnet over VPN or VTEP:

Note: Ensure that you perform the subnet extensions steps using the Networking & Security > Connectivity
> Subnet Extension option. You must not perform these steps using the Network and Security > Subnets

Cloud Clusters (NC2) | Disaster Recovery and Backup | 202


> List > Actions > Manage Extensions option and the Virtual Private Cloud > Subnet > Manage
Extension option.

• To extend a subnet over VPN, see Layer 2 Virtual Subnet Extension Over VPN.
• To extend a subnet over VTEP, see Layer 2 Virtual Subnet Extension Over VTEP.

Note: You must select the Subnet Type as Overlay for NC2 on Azure and Overlay or VLAN for on-prem.
Ensure that you select the user VPC and do not select the transit VPC while extending the subnet over VPN. The
VPC option populates when the Overlay subnet type is selected.

10. Configure disaster recovery.

Note: Ensure that you have installed Nutanix Guest Tools (NGT) on the user VMs for static IP address mapping
of user VMs between source and target virtual networks and static IP address preservation after failover.

Typical tasks that you would perform include:

• Create a category to put the VMs in.


• Enable disaster recovery.
• Create a protection policy.
• Create a recovery plan.
• Perform failover and failback operations.
For more information, see Nutanix Disaster Recovery Guide.

Integration with Third-Party Backup Solutions


Deploying a single cluster in Azure is great for more ephemeral workloads where you want to take advantage of
performance improvements and use the same automation pipelines you use on-prem.
Nutanix recommends using backup products compatible with AHV to target Blob storage as the backup destination.
Nutanix qualifies most of the backup products compatible with AHV. For example, HYCU is compatible with AHV
and qualified as a backup solution to work in an NC2 environment. See the HYCU documentation for instructions on
implementing and configuring HYCU solution.

Cloud Clusters (NC2) | Disaster Recovery and Backup | 203


SYSTEM MAINTENANCE
This section describes the system and operational features of NC2 that enables you to configure data protection,
perform routine and emergency maintenance, monitor the health of the cluster through health checks, and access
support services.

Health Check
Nutanix provides robust mechanisms to monitor the health of your clusters using Nutanix Cluster Check and health
monitoring through the Prism Element web console.
For more information on how to assess and monitor the health of your cluster, See Health Monitoring.

Routine Maintenance
This section provides information about routine maintenance activities like monitoring certificates, software updates,
managing licenses, and system credentials.

Monitoring Certificates
You must monitor your certificates for expiration. Nutanix does not provide a process for monitoring certificate
expiration, but Azure provides an Azure subscription that can help you set up alarms.
See Microsoft documentation for more information. Follow the Azure best practices for certificate renewals.

Nutanix Software Updates


You can track and manage the software versions of all the entities in your Nutanix cluster using the methods
described in the Life Cycle Manager Guide and Acropolis Upgrade Guide.

Managing Nutanix Licenses


After you log on to the Nutanix Support portal at https://portal.nutanix.com and click the Licenses link on the
portal home page, you can expand the Clusters on the left pane to manage the licenses.
The Clusters page includes the following category pages depending on the license type used for your NC2 cluster:

• Licensed Clusters. Displays a table of licensed clusters including the cluster name, cluster UUID, license tier,
and license metric. NC2 clusters with AOS and NCI licensing appear under Licensed Clusters.
• Cloud Clusters. Displays a table of licensed Nutanix Cloud Clusters including the cluster name, cluster UUID,
billing mode, and status. NC2 clusters with AOS licensing appear under Cloud Clusters. NCI-licensed clusters
do not appear under Cloud Clusters.
To purchase and manage the software licenses for your Nutanix clusters, see the License Manager Guide.

System Credentials
See the Microsoft documentation to manage your Azure accounts and their permissions.
For NC2 credentials, see User Management.

Managing Access Keys and Azure Service Limits


Nutanix recommends that you follow the Azure best practices to manage access keys and service limits.

Cloud Clusters (NC2) | System Maintenance | 204


Emergency Maintenance
The NC2 software can automatically perform emergency maintenance if you configure redundancy factor 2 (RF2) or
RF3 on your cluster to protect against rack failures and asynchronous replication to protect against AZ failures. NC2
detects a node failure and replaces the failed node with a new node for node failures.
Hosts in a cluster are deployed using a partition placement group with seven partitions. A placement group is created
for each host type, and the hosts are balanced within the placement group. The placement group, along with the
partition number, is translated into a rack ID of the node. This enables AOS Storage to place meta data and data
replicas in different fault domains.

Figure 133: Partition Placement

A redundancy factor 2 (RF2) configuration of the cluster protects data against a single-rack failure, and an RF3
configuration protects against a two-rack failure. Also, to protect against multiple correlated failures within a
datacenter and an entire AZ failure, Nutanix recommends that you set up Disaster Recovery to a different AZ.
See Data Protection and Recovery with Prism Element for more information.

Automatic Node Failure Detection


If a node failure occurs, the NC2 software detects the failure and automatically condemns the node, adds a new node
to the cluster, and ultimately removes the failed node. Depending on the type of failure, the workload on the failed
node is either migrated or restarted on the remaining nodes.

Note: NC2 detects a node failure in a few minutes and brings a replaced node online in approximately one hour; this
duration varies depending on the time taken for data replication, the customer’s specific setup, and so on.

Enabling Support Tunnel for Nutanix Support Team


If you encounter an issue in your Nutanix cluster running in Azure and the Nutanix Support team needs access to
your cluster to troubleshoot the issue, the Cluster Owner and Cluster Super Admin can open a support tunnel for the
Nutanix Support team to give remote access to your cluster. The Nutanix Support team ensures that the connection
to your cluster through the support tunnel is secure and compliant by consolidating connectivity, authentication,
authorization, audit, and recorded sessions.

Note: Only the Cluster Owner and Cluster Super Admin can open, close, or extend a support tunnel for the Nutanix
Support team.

Cloud Clusters (NC2) | System Maintenance | 205


The Cluster Owner and Cluster Super Admin have complete control over enabling or disabling the support tunnel for
a specific cluster. They can enable the support tunnel for a certain amount of time, close it at any time, or extend the
duration to keep the support tunnel open. The support tunnel is automatically closed after a defined period.

Note: Before enabling a support tunnel for a specific cluster, ensure that at least one CVM is functional and accessible.
If enabling the support tunnel fails, you must contact the Nutanix Support team.

To enable a support tunnel:


1. Sign in to NC2 from the My Nutanix dashboard.
2. Go to the Clusters page and click the name of the cluster for which you want to open the support tunnel.
3. Click Settings.
4. On the General tab, perform the following steps in the Support Tunnel section:

Figure 134: Open Support Tunnel

1. In the Duration (h) box, enter the number of hours you want to keep the support tunnel open.
2. Click Open Support Tunnel.
5. The circle icon in the Notification Center displays the progress of the task. A success message appears if the task
is complete, or an error message appears if the task fails. You receive an email notification stating that the support
tunnel has been opened.

Cloud Clusters (NC2) | System Maintenance | 206


6. In the Cluster Summary page, the Support Tunnel section displays a timer showing the duration the support
tunnel remains open.

Figure 135: Extend or Close Support Tunnel


7. You can perform the following tasks based on your requirements:
1. If you need to extend the duration of the support tunnel, click Extend and then enter the new period in the
number of hours.
2. If you want to close the support tunnel, click Close Support Tunnel. This results in revoking the remote
access to the Nutanix Support team.

Support
You can access the technical support services in several ways to troubleshoot issues with your Nutanix cluster.
Using your NC2 on Azure subscription, open a support case with Nutanix customer support when you have an issue
that requires assistance. See the Creating a Case topic in Support Portal Help for more information.
Nutanix recommends that you sign up for an Azure support plan subscription for technical support of the Azure
resources. See Azure Support for more information.

Troubleshooting Deployment Issues


Nutanix provides knowledge-base articles to address any errors that users might encounter while deploying and using
NC2 on Azure. You can find the most recent KBs under Knowledge Base. You can also get a list of known issues in
the NC2 on Azure Release Notes.

Documentation Support and Feedback


Nutanix strives to improve product documentation continuously to ensure that users get the information they want.
Making sure our content is sufficiently solving our users' problems is essential to us. With feedback, you can indicate
if you found the documentation helpful and highlight the article that needs improvements.
Nutanix provides a way for users to share their feedback for documentation and takes necessary actions to incorporate
the feedback received to improve the documentation quality and user experience.
To share your feedback for documentation:

Cloud Clusters (NC2) | System Maintenance | 207


Procedure

1. When accessing a document on https://portal.nutanix.com/, navigate to the Feedback dialog displayed at the
bottom of the page.

Figure 136: Documentation Feedback

2. Select one to five stars to rate the page you referred to. Here, a single star means poor, and five stars mean
excellent.

3. Select the predefined feedback messages that are presented based on the number of stars selected.

Figure 137: Submit Documentation Feedback

4. Enter your suggestion on how this section can be improved.

5. Enter your email address and click Submit.

Cloud Clusters (NC2) | System Maintenance | 208


RELEASE NOTES
Nutanix recommends following the NC2 on Azure Release Notes to learn more about:

• Changes or enhancements
• Known Issues
• Fixes and workarounds
• Software compatibility

Cloud Clusters (NC2) | Release Notes | 209


COPYRIGHT
Copyright 2024 Nutanix, Inc.
Nutanix, Inc.
1740 Technology Drive, Suite 150
San Jose, CA 95110
All rights reserved. This product is protected by U.S. and international copyright and intellectual property
laws. Nutanix and the Nutanix logo are registered trademarks of Nutanix, Inc. in the United States and/or other
jurisdictions. All other brand and product names mentioned herein are for identification purposes only and may be
trademarks of their respective holders.

Cloud Clusters (NC2) | Copyright | 210

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy