cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post
Highlighted
Nickel

Smartcenter gaia on nutanix ?

Jump to solution

Hi All,

A new customer of mine want to move his R80.10 smartcenter (currently on Hyper-V) to Nutanix.

is it supported ?

Thanks in advance

Aner

1 Solution

Accepted Solutions
Highlighted
Employee+
Employee+

Re: Smartcenter gaia on nutanix ?

Jump to solution

@aner_sagi @Garrett_Anderso @Alexandru_Costi  

Hi all,

We now support R80.40 Security Management on Nutanix AHV.

To install R80.40 on Nutanix AHV, please use qcow2 image files from sk158292 

image.png

View solution in original post

29 Replies
Highlighted

Re: Smartcenter gaia on nutanix ?

Jump to solution

Nutanix Hypervisor (AHV)? Not supported as far as I know. 

If you only mean Nutanix HW with VMware ESX or Hyper-V, this should work for sure.

Highlighted
Employee+
Employee+

Re: Smartcenter gaia on nutanix ?

Jump to solution
 
Highlighted

Re: Smartcenter gaia on nutanix ?

Jump to solution

Hi Dima,

Are there any news regarding having R80.20 Smart Center running on Nutanix AHV? We also have a customer that has this requirement.

Thank you,

Alex

Highlighted
Admin
Admin

Re: Smartcenter gaia on nutanix ?

Jump to solution

We may be able to provide this through your local Check Point office.

Highlighted
Nickel

Re: Smartcenter gaia on nutanix ?

Jump to solution

Hi.

Any progress on the certification process?

Thanks in advance

aner.

Highlighted

Re: Smartcenter gaia on nutanix ?

Jump to solution

I had the same question recently and was told they stopped testing due to lack of a solid business case and there weren't many customers requesting this from checkpoint. I opened an RFE with checkpoint and notified my checkpoint team a couple weeks ago but haven't heard back yet if they will continue testing or not.  For us the business case would be pretty simple - we can put everything else in AHV but would have to keep a separate environment just for Checkpoint management VMs.  One cluster is sure easier than two (on different technologies).  Nutanix loses a lot if we instead do Nutanix on Hyper-V (ADS, windows stability, windows update issues,  etc) and I don't have any vmware admins sitting around.  It seems like management should be somehow easier to certify than gateways but I suppose it's more a matter of enough customers requesting AHV support.

Highlighted
Ivory

Re: Smartcenter gaia on nutanix ?

Jump to solution
We also would like to migrate our SmartCenter to Nutanix AHV. Our business case is similar to yours. In our case, everything else has been migrated from ESX to AHV, now we are stuck maintaining a VMware machine for one VM.
Highlighted
Admin
Admin

Re: Smartcenter gaia on nutanix ?

Jump to solution
Your best bet is to engage with your local Check Point office on this requirement.
Highlighted

Re: Smartcenter gaia on nutanix ?

Jump to solution

update Sept20, 2019.    significantly more information has surfaced on this topic since original post.

The default GAIA R80.20/R80.30 network driver does not work well on Nutanix platform.   Check Point Solution Center has released an updated driver for Nutanix platform that is specifically for GATEWAY deployments.    You local Check Point field engineer can obtain this through internal process with Solution Center.

However, the development and testing for this NIC driver and Nutanix is ONLY for gateway and SmartCenter is not currently supported. 

 

>>> original <<<<

We have fielded similar query from customer "migrating SmartCenter virtual instance from VMware to Nutanix".

Our local CP engineer researched and was told "not officially supported but it should work".    In addition, there was suggestion to test operation thoroughly as possible to identify any obvious service-affecting issues.    If nothing awful, then issues encountered for production instance would be review on case-by-case basis. 

Ie -- software config issues would be supported as normal, but it something seems to be result of platform then customer on own.

Customer OK with this position.  We built Nutanix SmartCenter image (32G RAM, 8Cores, 500G disk) and have been playing to insure no surprises.

on side topic of GATEWAY on Nutanix, CP engineers have "internal" PDF that details how to deploy gateway on Nutanix.  This under the Cloudguard realm.    CP maintaining pre-build nutanix images that are downloaded internally and deployed on customer.

Best wishes.  -GA

 

Highlighted

Re: Smartcenter gaia on nutanix ?

Jump to solution

I have seen in the Check Point site, https://www.checkpoint.com/support-services/hcl/, that the Nutanix Acropolis Hypervisor (AHV/AOS), version AHV-20170830.184 & AOS-5.10 is supported by the version R80.30 (3.10 Kernel) to run the Security Gateway (not the SMS).

0 Kudos
Highlighted

Re: Smartcenter gaia on nutanix ?

Jump to solution

Nudging this topic to see if there's an update from @Tomer_Noy and team.

   I know it's a financial decision.     I understand the Nutanix platform supported in Cloudguard IaaS (gateway) with special NIC driver.

Customer would like to leverage Nutanix LEAP (DR-as-a-service).

In the LEAP environment they can deploy stand-alone VM image.    Customer wants to deploy CP SmartCenter in Nutanix LEAP environment to augment their existing Mgmt HA between primary and physical DR sites.     

Over time, physical DR moving to LEAP as some legacy apps tying them to physical DR are decomissioned.

Of course, a great alternative strategy would be to leverage MaaS (management-as-a-service) but it's unclear if/when MaaS will support Mgmt HA with on-premise SmartCenter. 

Yes, I understand target for MaaS is 99.9xxxxx% uptime, but Mgmt HA provides operational flexibility for network circuit issues.   Thus, the number of "9's" for MaaS does not solve all issues.

advise on thoughts. -GA

 

 

0 Kudos
Highlighted
Employee+
Employee+

Re: Smartcenter gaia on nutanix ?

Jump to solution

Regarding official driver support for Management as well as Gateway, that's really something for the OS team. If you need to promote it, then Solution Center may be the right path.

Regarding MaaS, we are looking into the option of allowing HA but it's not going to be immediate.

There are various challenges when MaaS is maintained by Check Point while the on-premise HA is maintained by the customer. For example, Management machines must be on the same version and JHF level for HF sync to succeed. If the secondary HA will be on-premise the sync will frequently break whenever we update / upgrade our side.

Also, the main benefit of MaaS is not having to deal with maintenance and sizing of the Management. It loses the impact a bit if the customer needs to take care of a secondary.

We are looking into other options such as the ability to fetch an export of the Management environment. A customer could periodically copy these on-premise and in a disaster case, install a new machine / VM, import and control his gateways.

Would be glad to hear thoughts / comments from the field on these directions.

Highlighted

Re: Smartcenter gaia on nutanix ?

Jump to solution

Hello @Tomer_Noy .  thanks for update and insight.     

Customer currently using SmartEvent onsite with dedicated appliance (in addition to HA Management between two physical SmartCenters). 

How does "logging" work with MaaS?    Is there a equivalent of Log Exporter to redirect MaaS logging to SIEM, etc.?

Can customer leverage MaaS with separate on-premise Log Server?    Is this recommended when using SmartEvent?

Thanks -GA

0 Kudos
Highlighted
Employee+
Employee+

Re: Smartcenter gaia on nutanix ?

Jump to solution

A main benefit of MaaS is that it takes care of the logging for you.
We also plan to support a way to use log exporter to export your logs from the cloud to you SIEM.

We've heard some requests for using an on-premise log server. We may offer such support going forward, but we are still evaluating the use-cases. If you are interested, you can take this discussion offline with @Amir_Jaron.

0 Kudos
Highlighted
Admin
Admin

Re: Smartcenter gaia on nutanix ?

Jump to solution
The relevant Nutanix drivers need to be added to an OS image that support management.
This was done for a special R80.30-3.10 image for gateways.
Not sure why these aren't in the maintrain yet.

As Tomer said, your best bet is to engage with Solution Center.
This will need to be done through your local Check Point office.
Highlighted

Re: Smartcenter gaia on nutanix ?

Jump to solution

👍

Highlighted

Re: Smartcenter gaia on nutanix ?

Jump to solution

Hi,

 

When I started looking into it, I never got a clear answer regarding when/if Smart Management will be officially supported on Nutanix AHV.

In the meantime we have 3 x R80.20 Smart Center VMs running on our Nutanix clusters for the last 6-8 months. We didn't have any issues with network cards, the only problem we had was with no drivers for SCSI disk so we used a SATA disk for the VM instead.

We are running Nutanix AOS - 5.10.8.1 and AHV - 20170830.337. The installation of the Smart Center VMs was done using R80.20 - Build 095.

Recently we upgraded our Nutanix environment (to the versions mentioned above) and we didn't have any problems with the Check Point VMs: no issues with migration of VMs between nodes during the Nutanix upgrade and no downtime.

 

Thanks,

Alex 

Highlighted
Admin
Admin

Re: Smartcenter gaia on nutanix ?

Jump to solution
I suspect if you use fairly generic virtual hardware, it should work fine in Nutanix, as Gaia generally does in many virtualized environments, but it may not be as performant as if the specific virtualized hardware Nutanix provides.
Formal support is, of course, a different matter.
0 Kudos
Highlighted

Re: Smartcenter gaia on nutanix ?

Jump to solution

Hello @PhoneBoy and @Tomer_Noy .   

For past Nutanix builds, @Timothy_Hall observed the following problems with SmartCenter open-server build. 

Per comments from @Alexandru_Costi , I plan to have (different) customer re-test and validate Nutanix versions.

>>

  1. [use] netstat -ni .   they were accumulating RX-DRPs when under no load whatsoever, the virtio network driver appears to suck.
  2. horrible disk I/O. 

 

Thanks to all.  -GA

0 Kudos
Highlighted

Re: Smartcenter gaia on nutanix ?

Jump to solution

hello @Alexandru_Costi .   thanks for this very helpful insight.  -GA

0 Kudos
Highlighted
Employee+
Employee+

Re: Smartcenter gaia on nutanix ?

Jump to solution

@aner_sagi @Garrett_Anderso @Alexandru_Costi  

Hi all,

We now support R80.40 Security Management on Nutanix AHV.

To install R80.40 on Nutanix AHV, please use qcow2 image files from sk158292 

image.png

View solution in original post

Highlighted

Re: Smartcenter gaia on nutanix ?

Jump to solution

wow.  thanks @Dima_M 

0 Kudos
Highlighted

Re: Smartcenter gaia on nutanix ?

Jump to solution

Hello @Dima_M ,    any ideas if "overview" section of sk158292 will be updated to specifically mention Nutanix AHV?

At moment, here's the relevant portion from Overview section.   It seems somewhat ambiguous to think Nutanix support is present (unless you read checkmates!). 

////   sk158292 

The below tables show CloudGuard for Private Cloud R80.x releases for the following Cloud platfoms:

  • VMware ESXi
  • KVM/OpenStack
Highlighted
Employee+
Employee+

Re: Smartcenter gaia on nutanix ?

Jump to solution
Hey Garret,

Thanks for heads up. Yes, already in progress...
0 Kudos
Highlighted

Re: Smartcenter gaia on nutanix ?

Jump to solution

Hello @Dima_M .     thanks for update.   

small topic that may be relevant to  sk158292  would be licensing.    Will a standard open-server container licenses work with these cloudguard builds or are there cloudguard-specific licenses (smartcenter, MDS, gateway, all-in-one, etc)?

thanks GA

0 Kudos
Highlighted
Admin
Admin

Re: Smartcenter gaia on nutanix ?

Jump to solution
For Management, you can definitely use Open Server licensing.
For gateways, I believe you can still use Open Server licensing but the CloudGuard IaaS licensing may be cheaper.
0 Kudos
Highlighted
Nickel

Re: Smartcenter gaia on nutanix ?

Jump to solution
Is there a timeline for R80.40 to suppport VMware VSphere?
0 Kudos
Highlighted

Re: Smartcenter gaia on nutanix ?

Jump to solution

It's in works

0 Kudos
Highlighted
Nickel

Re: Smartcenter gaia on nutanix ?

Jump to solution
Thanks for the quick feedback. I have a customer that want to run an MDS HA Pair, one on Nutanix and one on VMware. Is there any timelines that can be communicated?
0 Kudos