Adaptive Segmentationmicro-segmentation October 26, 2015

Infrastructure and Security Compete for Applications: The Illumio and Nutanix Partnership

Alan S. Cohen,

There are two core principles of the “new stack” (i.e., the distributed computing paradigm) that we fell in love with when first learning about Nutanix:

  1. Embracing automation and abstractions to streamline development and operations across the stack
  2. Removing the requirement for human beings to place every application and service directly onto infrastructure


These same principles underlie the Illumio Adaptive Security Platform (ASP)™.  We looked at Nutanix and saw ourselves.  We saw the opportunity to build a partnership that has clear and immediate benefits for our customers.

Illumio brings a new security paradigm, purpose built for the distributed, heterogeneous, and fast data centers and clouds of today.  With Illumio, speed and security can go hand in hand, rather than live as an either/or paradox.  We recognized that from a cybersecurity perspective, we must insert security much closer to the data (i.e., the process or workload level) across the application life cycle.  Illumio did not simply take a network service like a firewall and replicate it onto virtual machines.  Given the rapid increase in cybersecurity spending and the increasingly compromised data center, we do not believe offering a better version of the old model would reduce risk for the enterprise.  Einstein is attributed with saying that the definition of insanity is doing the same thing over and over again and expecting a different result.

Moreover, most security and security chokepoints are based on networking, which is based on hierarchies.  In the world of distributed systems, hierarchies impose complexity and necessitate costly, complicated workarounds. 

Increasingly, IT leaders have seen power shift to the hands of developers and DevOps practices.  In the past, developers would build applications based on the requirements and constraints presented by the infrastructure layer.  Today, in the words of Docker executive Nick Stinemates, “infrastructure must compete for applications.”  We believe security should, too.  Illumio ASP can be inserted into Nutanix environments when developers begin creating applications.

What is unique about the Illumio and Nutanix partnership is that it delivers security that works independently of the hypervisor and network. Thus, Illumio ASP works with all Nutanix hypervisors (Acropolis, Hyper-V, and ESXi) on any network infrastructure.  Moreover, we are jointly architected for scale with distributed enforcement at each workload—no extra VMs or appliances necessary, with no network tromboning or chokepoints.  And most significantly, we detect and automatically adapt to workload changes in real time—security moves with the workload throughout its life cycle, no matter where it is hosted.

The “invisible” and dynamic nature of Nutanix Acropolis provides businesses of any size a private cloud offering that is second to none in terms of simplicity, scale out, and automation.  And now, with Illumio, its security is second to none.  So what does Illumio do in the Acropolis context?

  • We secure workloads and applications running on Nutanix. Illumio ASP enables Nutanix customers to micro-segment workloads running on a Nutanix Cluster, providing full visibility and control over network traffic at the application or workload or process level.
  • We help securely migrate workloads to Nutanix. Workloads running on bare metal, virtualization infrastructure, or in the cloud (e.g., Amazon Web Services) can be moved rapidly to Nutanix with security intact. With Illumio ASP, security is attached to, and moves with, the workload. Security rules are automatically updated for migrated workloads and applications maintain an identical security posture. This is a fully automated process, enabling rapid migration to Nutanix without compromising security.
  • We enable security to work with the Acropolis App Mobility Fabric. When the Acropolis App Mobility Fabric moves workloads to balance load or provide disaster recovery services, Illumio ASP automatically detects the move and updates the security rules on all impacted workloads to ensure they remain secure.

Our joint partnership means that enterprises can end the paradox of moving quickly or being secure, especially when it comes to the world of hyperconverged infrastructure and micro-services.  That means working anywhere on anything.  We are proud to be the first application security partner validated for Nutanix across all hypervisors. 

And this is not a future.  All of this is available today.

Adaptive Segmentationmicro-segmentation
Share this post: