Acropolis-security Acropolis Security

Defense in depth through a security-first approach

The Nutanix Enterprise Cloud Platform combines powerful security features, including role based access control (RBAC),  two-factor authentication, Application Security from VM microsegmentation, and FIPS compliant data at rest encryption, with a Security Development Lifecycle (SecDL) that is integrated into product development. Increase your security posture and reduce threats with a self-healing security configuration baseline that exceeds the requirements of the U.S. Department of Defense.

Security Standards and Certifications

Our SecDL process is based on multiple security standards and validation programs. It complies with the strictest international standards, including the SP800-53 guidelines, to assure governments worldwide that Nutanix products perform as expected and work with their existing technology.

Information Security in the Enterprise Cloud

Nutanix takes a holistic approach to security with a secure platform, extensive automation, anda robust partner ecosystem. The Nutanix security development life cycle integrates security into every step of product development, rather than applying it as an afterthought. The strong pervasive culture and processes built around security harden the Enterprise Cloud Platform and bolster your security strategy.


Nutanix uses a unique Security Development Lifecycle (SecDL) to incorporate security into every step of the software development process, from design and development to testing and hardening. The Nutanix solution is certified across a broad set of evaluation programs for government, financial services and healthcare to ensure compliance.

Security Development Lifecycle

SecDL Integration

Security is incorporated into every step of the product development lifecycle and covers the entire hyperconverged infrastructure stack, including storage, virtualization, and management.

Fully Automated Testing

SecDL testing is fully automated during development and all security-related code modifications are timed during minor releases to minimize risk.

Threat Modeling

Threat modeling is used to assess and mitigate customer risk from code changes.

System Level Security

Two-Factor Authentication

If implemented, logins require a combination of a client certificate and username/password. Administrators can use local accounts built into the Nutanix UI, or use Active Directory.

Data at Rest Encryption (Hardware)

Nutanix encrypts user and application data to a level of FIPS 140-2 Level 2 compliance through factory-installed self-encrypting drives (SED), and meets HIPAA, PCI DSS and SOX standards.

Data at Rest Encryption (Software)

Nutanix encrypts user and application data to a level of FIPS 140-2 Level 1 compliance through the use of standard drives and software based encryption, and meets HIPAA, PCI DSS and SOX standards.

Power Failure Safeguards

In the event of a power cycle or host reboot, Nutanix software retrieves the keys from the key management server and uses them to unlock the drives.

Key Administration

Instantly reprogram security keys to meet site-specific policies, or use Crypto Erase to instantly erase all data on the drive while generating a new symmetric encryption key.

Industry Compatibility

Rather than storing keys on the nodes themselves, Nutanix software interfaces with third-party key management servers using the industry-standard Key Management Interface Protocol (KMIP).

Cluster Lockdown

Administrators can restrict access to a Nutanix cluster in security-conscious environments, disabling interactive shell logins automatically and leveraging non-repudiated SSH keys.


Powerful automation and self-healing security models help maintain continuous security in enterprise cloud environments with efficiency and ease. Nutanix developed our own Security Technical Implementation Guide (STIG) to speed up the accreditation process for the Department of Defense Information Assurance Certification and Accreditation Process (DIACAP) and the Department of Defense Information Assurance Risk Management Framework (DIARMF).

Fast Baseline Checks and Validation

The Nutanix STIGs are written in XCCDF format and support the SCAP standard for compatibility with automated assessment tools like HBSS, cutting down accreditation time.

Automatic Configuration Management

Security configuration management automation (SCMA) efficiently checks over 800 security entities in the Nutanix STIGs that cover both storage and built-in virtualization.


Nutanix leverages SaltStack and SCMA to self-heal any deviation from the security baseline configuration of the OS and hypervisor to remain in compliance.

Ecosystem Support

In addition to built-in security, the highly extensible Nutanix Acropolis architecture exposes APIs that allow integration with a broad ecosystem of security partners. Verified joint solutions provide flexibility at every layer, including network, data, and end-point security, and deliver a committed support experience.

Network Security

Nutanix works with ecosystem partners to provide monitoring of inter-VM, east-west traffic patterns that typical north-south solutions do not capture. These internal flows create protection gaps inside the datacenter, since they are not intercepted by typical perimeter security solutions.

End-Point Security

Support an increasingly large number of virtual end points in the enterprise cloud, and protect them from being exposed to any virus or malware. Nutanix partner solutions:

  • Preserve performance and consolidation ratios
  • Provide comprehensive agentless security built specifically to maximize protection
  • Provide intrusion prevention and web application security for extra protection against malicious attacks

Data Security

Nutanix works with third-party KMIP-compatible enterprise key and policy management servers that enable consistent policy implementation and ensure compliance. Centralized key management makes it easier for administrators to account for encryption keys from Nutanix SEDs and disparate encryption solutions, and to generate detailed records for auditors and regulators.


Get hands on with the hyperconverged infrastructure that powers the world’s most advanced datacenters. Sign up for a free test drive to gain immediate access to Nutanix in the cloud.