Team Leader - Nutanix Technology Champion - Nutanix NTC Storyteller

Julien DUMUR
Infrastructure in a Nutshell

Tech and Lab

Nutanix .NEXT 2025 : Zero Day !

Published: 12 May 2025
Written by Julien D.
No comments
Categories: Events

This year again, I was lucky enough to be invited, due to my status as Nutanix Technology Champion, to the annual event organized by Nutanix: .NEXT 2025!

Heading to Washington DC!

Every year, .NEXT moves to a new continent. Last year, Europe hosted the event in Barcelona, ​​Spain. This year, Washington DC, United States of America, has been chosen to host the event from May 7 to 9, 2025.

This is my second trip to the United States (the first was during NTC Tech Connect in San Jose), so I decided to take advantage of the opportunity to spend an extra day as a tourist. It’s Zero Day!

A Relaxing Journey

The journey from my home in France to Washington, D.C., was relatively smooth. First, I took the TGV from Orange to Lyon on May 5th so I could sleep at the airport and be there the next morning.

Boarding, Lyon

May 6th, early 7am, baggage check-in at 8am and takeoff at 10am after passing through all security checks without incident. Landing in Dublin at 11am local time, 1h30 of transit, just enough time to pass through US border control before boarding my transatlantic flight. 8 hours of flight, 3 movies (Top Gun Maverick, Deadpool 2 and finally Deadpool and Wolverine), a meal, a nap and a snack later, here I am finally at Dulles International Airport.

Dulles International Airport, Washington DC
Dulles International Airport, Washington DC

A final subway ride will allow me to arrive at the hotel around 5 p.m. local time, after a journey of about 15 hours… A shower later, I went out to walk around the hotel. I was able to see the Friendship Gate at the entrance to Chinatown and the FBI offices before the rain (it felt like Brittany) arrived and forced me to go back inside…

Federal Bureau of Investigations, Washington DC
Federal Bureau of Investigations, Washington DC

Zero Day: A “stroll” through Washington DC

Completely jet-lagged, I woke up at 5:00 a.m. A quick phone call home (convenient, it was 11:00 a.m. there), a shower, and off I went, wandering the streets of Washington DC at 6:30 a.m., heading for the White House!

The White House, Washington DC
The White House, Washington DC

After asking the Secret Service twice for directions (you guys are so nice, thank you!), I was able to tour the Residence (a very good series on Netflix, by the way) before heading to Constitution Avenue and its array of monuments.

I started with the Washington Monument. I then headed to the World War II Memorial while answering technical questions from a concerned customer, then walked along the Lincoln Memorial Reflecting Pool to reach the Lincoln Memorial.

Lincoln Memorial, Washington DC
Lincoln Memorial, Washington DC

A quick detour to the Vietnam War Memorial and I headed back the other way, across the Lincoln Memorial Reflecting Pool, to the Smithsonian National Air and Space Museum, which opened at 10 a.m. and for which I had reserved a spot.

The Smithsonian National Air and Space Museum, Washington DC
The Smithsonian National Air and Space Museum, Washington DC

After a very interesting two-hour tour (honestly, if you absolutely want to read everything, plan on three or even four hours), I was off again. I visited the Smithsonian Castle before heading to the Capitol, recalling the good times I had watching House of Cards…

You might think the end of the day was approaching, but… No, not at all! Since I left the hotel at 6:30 a.m., it was barely 1 p.m.

So I decided to visit the Smithsonian National Museum of Natural History! And I can tell you, it’s worth the detour. I spent another two hours there (same time as for the first museum, and it takes about three or four hours to read all the little signs) and I was absolutely not disappointed!

The Smithsonian National Museum of Natural History, Washington DC
The Smithsonian National Museum of Natural History, Washington DC

Now I’m off to the convention center to pick up my pass for tomorrow…

Picking up the .NEXT pass

To avoid the queue tomorrow morning, I decided to pick up my 3-day .NEXT pass early. Since it’s right next to the hotel, I didn’t even have to go out of my way to get there.

In 3 minutes flat I had recovered my precious sesame and found 2 of my NTC acolytes, Chad and Jason with whom I chatted for a few minutes before returning to the hotel to regain my strength before the evening with the Mikadolabs team!

Read More

Road to Nutanix .NEXT 2025 !

Published: 14 April 2025
Written by Julien D.
No comments
Categories: Events, Nutanix EN

The world of hybrid computing and multicloud is about to experience a major moment with the Nutanix .NEXT 2025 event, which will take place from May 7 to 9 in Washington DC.

This annual event is a must-attend platform for IT professionals, cloud experts, and technology enthusiasts.

With engaging sessions, innovative product demonstrations, and networking opportunities, Nutanix .NEXT 2025 promises to be an enriching experience. As a reminder, last year it was Barcelona’s turn to host the event!

Why attend .NEXT?

The Nutanix .NEXT event is much more than just a conference. It’s a unique opportunity to discover the latest advancements in hybrid cloud, artificial intelligence, and cloud-native applications. Attendees will have access to interactive sessions, hands-on labs, and free certifications. Topics include:

  • AI and ML in the Enterprise: Discover how artificial intelligence and machine learning can transform your organization.
  • Cloud-Native Applications: Learn how to manage VM-container convergence for modern applications.
  • Security and Networking in the Modern Cloud: Explore Micro-Segmentation and Ransomware Protection Solutions

Event Highlights

The event will feature keynote addresses (including Rajiv Ramaswami), new feature demonstrations, and networking opportunities. Speakers will include renowned figures such as José Andrés (chef, restaurateur, and author) and Evy Poumpouras (former special agent and interrogator for the Secret Service, national security analyst), who will share their experiences and visions for the future of IT.

Additionally, attendees will be able to take advantage of the event to meet event partners such as OVHcloud and HYCU directly at their respective booths.

My Nutanix .NEXT 2025 Schedule

As part of the Nutanix Technology Champion program, I’m fortunate to be invited to the event. Here’s an overview of my planned schedule for the event:

  • Day 0: May 6
    • As a “tourist” day, I’m arriving 24 hours early to enjoy a full day in Washington, DC.
    • No specific plans yet in mind for this day, but I’m likely to visit the major tourist sites.
    • I’m reserving my entrance fees to avoid the crowds on the first day.
  • Day 1: May 7
    • 8:00 AM: Networking Coffee, the perfect opportunity to expand your network
    • 8:30 AM: Booth exploration (get the goodies ready, I’m coming!)
    • 10:15 AM: Opening Keynote
    • 11:45 AM: Lunch and exhibition exploration
    • 3:00 PM: NCP Unified Storage 6.10 Certification (refresh)
    • 3:30 PM: Nutanix Cloud Infrastructure Super Session
    • 5:00 PM: Welcome Reception
    • I’ll likely do a short “Washington by Night” session before heading back to the hotel.
  • Day 2: May 8
    • 9:30 AM: AI and ML Keynote
    • 11:00 AM: NCM MCI 6.10 Certification (refresh)
    • 1:00 PM: Lunch
    • 2:15 PM: Cloud Security Session
    • 3:30 PM: Mastering the Nutanix Migration: Strategies, Tools, and Best Practices
    • 4:45 PM: Day 2 Closing General Session
    • 6:00 PM: .NEXT Celebration
  • Day 3: May 9
    • 8:00 AM: NCP Database Automation 6.10 Certification
    • 9:00 AM: Not much has been finalized yet, probably just a booth exploration
    • 11:45 AM: Event Close

If you see me in the aisles, feel free to drop by if you’re interested!

See you in Washington, DC!

Nutanix .NEXT 2025 is an exceptional opportunity to deepen your knowledge, expand your professional network, and discover the trends that will shape the future of IT.

Whether you’re a novice or an expert, this event has something for everyone. So, pack your bags and join me in Washington, DC for three exciting days!

Wanna join the event ? https://next2025.nutanix.com/

Read More

Nutanix AHV: Modifying VLANs on the Cluster

Published: 21 January 2025
Written by Julien D.
No comments
Categories: Network, Nutanix AHV EN, Nutanix EN

Sometimes and for various reasons, it is necessary to configure the VLAN directly at the level of our Nutanix cluster, in particular to ensure network segmentation.

Use case

Having had a little time for myself during the Christmas holidays, I set about resuming the configuration of my local network in order to isolate my Nutanix lab from my internal network.

To do this, I had to reconfigure my Ubiquiti equipment in order to:

  • create VLAN 84 at the Dream Machine Pro level
  • propagate VLAN 84 on the 24-port switch then on the 5-port switch on which the cluster is connected

Changing the VLAN on AHV

Before starting the modifications, I start by checking the network configuration of my host:

[root@NTNX-5e8f7308-A ~]# ovs-vsctl list port br0
_uuid : b76f885d-59b2-4153-99d3-27605a729ab8
bond_active_slave : []
bond_downdelay : 0
bond_fake_iface : false
bond_mode : []
bond_updelay : 0
cvlans : []
external_ids : {}
fake_bridge : false
interfaces : [17e8b0de-2ef5-4f6f-b253-94a766ec9603]
lacp : []
mac : []
name : br0
other_config : {}
protected : false
qos : []
rstp_statistics : {}
rstp_status : {}
statistics : {}
status : {}
tag : 0
trunks : []
vlan_mode : []

The output of the command shows us that there is no tag on my host. We will fix this with the following command:

[root@NTNX-5e8f7308-A ~]# ovs-vsctl set port br0 tag=84

The command “ovs-vsctl set port br0 tag=” allows me to tag my host interface with the VLAN ID that I have dedicated to my Nutanix network. We then check that the configuration is applied:

[root@NTNX-5e8f7308-A ~]# ovs-vsctl show
Bridge br0
    Port vnet4
        tag: 0
        Interface vnet4
    Port br0-up
        Interface eth4
        Interface eth0
        Interface eth5
        Interface eth2
        Interface eth1
        Interface eth3
    Port br0.u
        Interface br0.u
            type: patch
            options: {peer=br.dmx.d.br0}
    Port br0
        tag: 84
        Interface br0
            type: internal
    Port br0-dhcp
        Interface br0-dhcp
            type: vxlan
            options: {key="1", remote_ip="192.168.84.200"}
    Port br0-arp
        Interface br0-arp
            type: vxlan
            options: {key="1", remote_ip="192.168.5.2"}
    Port vnet2
        Interface vnet2
ovs_version: "2.14.8"

We can now see that the VLAN is configured on my host, we must now do the configuration on the CVM side…

Configuring the VLAN on the CVM

We start by checking the network configuration of our CVM:

[root@NTNX-5e8f7308-A ~]# ovs-vsctl show
    Bridge br0
        Port br0-up
            Interface eth4
            Interface eth0
            Interface eth5
            Interface eth2
            Interface eth1
            Interface eth3
        Port br0-arp
            Interface br0-arp
                type: vxlan
                options: {key="1", remote_ip="192.168.5.2"}
        Port br0.u
            Interface br0.u
                type: patch
                options: {peer=br.dmx.d.br0}
        Port vnet5
            Interface vnet5
        Port br0
            tag: 84
            Interface br0
                type: internal
        Port br0-dhcp
            Interface br0-dhcp
                type: vxlan
                options: {key="1", remote_ip="192.168.84.200"}
        Port vnet2
            Interface vnet2
    ovs_version: "2.14.8"

Here we can see that my network interface does not have any vlan information. So I proceed to configure the VLAN ID by connecting to my CVM and then typing the command

change_cvm_vlan VLANID
nutanix@NTNX-5e8f7308-A-CVM:192.168.84.200:~$ change_cvm_vlan 84
This operation will perform a network restart. Please enter [y/yes] to proceed or any other key to cancel: y
Changing vlan tag to 84
Replacing external NIC in CVM, old XML:
<interface type="bridge">
      <mac address="52:54:00:8e:69:bc" />
      <source bridge="br0" />
      <virtualport type="openvswitch">
        <parameters interfaceid="356e3bf3-5700-4131-b1b2-4fa65195a6e2" />
      </virtualport>
      <target dev="vnet0" />
      <model type="virtio" />
      <driver name="vhost" queues="4" />
      <alias name="ua-1decc31c-2764-416a-b509-d54ecd1a684f" />
      <address type="pci" domain="0x0000" bus="0x00" slot="0x03" function="0x0" />
    </interface>

        new XML:
<interface type="bridge">
      <mac address="52:54:00:8e:69:bc" />
      <model type="virtio" />
      <driver name="vhost" queues="4" />
      <address type="pci" domain="0x0000" bus="0x00" slot="0x03" function="0x0" />
    <source bridge="br0" /><virtualport type="openvswitch" /><vlan><tag id="84" /></vlan></interface>

CVM external NIC successfully updated.
Performing a network restart

We now check the CVM network configuration to verify that the tag has been configured correctly:

[root@NTNX-5e8f7308-A ~]# ovs-vsctl show
    Bridge br0
        Port br0-up
            Interface eth4
            Interface eth0
            Interface eth5
            Interface eth2
            Interface eth1
            Interface eth3
        Port br0-arp
            Interface br0-arp
                type: vxlan
                options: {key="1", remote_ip="192.168.5.2"}
        Port br0.u
            Interface br0.u
                type: patch
                options: {peer=br.dmx.d.br0}
        Port vnet5
            tag: 84
            Interface vnet5
        Port br0
            tag: 84
            Interface br0
                type: internal
        Port br0-dhcp
            Interface br0-dhcp
                type: vxlan
                options: {key="1", remote_ip="192.168.84.200"}
        Port vnet2
            Interface vnet2
    ovs_version: "2.14.8"

My CVM is now on VLAN 84. All I have to do now is repeat these operations on all my nodes and then check that everything works properly.

WARNING: the change_cvm_vlan command has a known bug in 6.8 with AHV 20230302.100173 that causes the VLAN ID not to be preserved when repeating the host: https://portal.nutanix.com/page/documents/kbs/details?targetId=kA0VO0000002uJ30AI

Read More

Nutanix AHV : SSH keys and cluster lockdown

Published: 17 April 2024
Written by Julien D.
No comments
Categories: Nutanix AHV EN, Nutanix EN, Security

It’s in Nutanix’s roadmap! Password authentication is in the sights of the publisher who intends to put an end to it and warn its users via an informational alert:

The objective is to gradually switch clients to SSH key authentication in order to impose it in a future version of its hypervisor.

Creating SSH keys

Supported SSH encryption algorithms are:

  • AES128-CTR
  • AES192-CTR
  • AES256-CTR

If you already have such a key pair, you can proceed directly to cluster integration.

To create an SSH key pair, we will need a tool like PuttyGen.

Click “Generate” and move the mouse cursor over the window. Then indicate a passphrase then save the public key and the private key.

WARNING: be sure to use a strong, non-predictable passphrase.

We must now integrate the public key into the cluster.

Integration of the public key on the cluster

To integrate your public key into your cluster, connect to the Prism interface and go to “Settings > Cluster Lockdown”

Click on “New Public Key”, give it a name, paste the public key content and validate.

At this stage, classic password authentication and SSH key authentication are both active and functional, it is time to test.

Testing and activation of the cluster lockdown feature

First, we will test authentication via SSH key. Don’t panic, whatever happens, even if the SSH connection via the keys does not work after activating the cluster lockdown, you can always backtrack via the Prism interface.

Configure your favorite SSH connection tools, integrate your private key then launch a connection to your Nutanix cluster. First, enter the login you want to use, here I chose “nutanix”:

Then enter the passphrase that you configured when creating your SSH key. Validate, you are now connected to your cluster via your SSH key without having to use the password for the “nutanix” account.

Now let’s deactivate password authentication by returning to the “Settings > Cluster Lockdown” menu. Uncheck the “Enable Remote Login with Password” box:

Try logging in again using the “nutanix” account and the usual password and notice that you can no longer log in with this method:

Try with your private key and the associated passphrase :

Your cluster is now SSH accessible only via the SSH key system. If there are several administrators working on the server, don’t forget to repeat the operation for each of them.

Important point: remember to keep your private keys in a safe place and use a strong passphrase.

Official documentation

The Nutanix official documentation: https://portal.nutanix.com/page/documents/details?targetId=Nutanix-Security-Guide-v6_7:mul-security-cluster-lockdown-pc-t.html

Read More

Nutanix AHV – Add subnet to your cluster

Published: 22 January 2024
Written by Julien D.
No comments
Categories: Community Edition EN, Network, Nutanix AHV EN, Nutanix EN

To be able to deploy a virtual machine on your Nutanix cluster and have it reachable on your network, you will need to start by configuring the network(s) on your cluster.

Creating a network using Prism Element

Under Prism Element, in the “Settings > Network Configuration” menu is the list of all existing networks on the cluster, click on “Create Subnet”:

Then enter your network information, namely the name and vlan ID:

If you do not have a DHCP server, you can let Nutanix manage the addressing of the network created using the “Enable IP address management” option:

You will then need to complete all the options that would normally have been delivered by a traditional DHCP server:

Click “Save” once the settings are correct. Repeat for each VLAN you need on your infrastructure.

Creating a network using Prism Central

In Prism Central, network management is carried out in “Network & Security > Subnets”:

To add a new network, click “Create Subnet”:

It is then a form similar to that of Prism Element that must be completed by activating, or not, the “IP Address Management” option if you wish to leave the management of your addressing to Nutanix.

Official Nutanix documentation

Link to official documentation: https://portal.nutanix.com/page/documents/solutions/details?targetId=BP-2071-AHV-Networking:bp-ahv-network-management.html

Read More

Sad Servers : Troubleshoot and make a sad server happy!

Published: 7 November 2023
Written by Julien D.
No comments
Categories: Linux

Do you want to improve your Linux diagnostics or kill time while waiting for your infrastructure to reboot? I have the solution !

Sad Servers

The Sad Servers site offers diverse and varied scenarios that will confront you with problems to resolve. Everything happens in the browser, no need for special software other than your usual browser.

sadservers

On the program, a “sick” server that you will have to take care of in as little time as possible. Be careful, although some scenarios may seem simple at first glance, a solid knowledge of Linux commands will greatly help you in your task.

How it works ?

Well it’s very simple, you select your scenario, you read the pitch, you start the console (allow 50 to 60s for the VM to start) and you can start to diagnose!

A help system is present if you no longer know what to do to resolve the current problem.

A perfect way to review your Linux commands and acquire/perfect your problem resolution skills.

The site: https://sadservers.com/

Read More

Unifi : switch adoption issues

Published: 6 March 2023
Written by Julien D.
No comments
Categories: Network

Recently, my Ubiquiti USW-Pro-24-PoE switch had some connection issues with my Unifi console.

Read More

Hardening a SSH Server

Published: 28 December 2022
Written by Julien D.
No comments
Categories: Linux, Security

An SSH access is a privileged entry point for hackers. Today I am offering you a guide that will allow you to strengthen the security of your SSH accesses, to reduce the attack surface, in order to make them much more difficult to attack.

Read More