What is ExaGrid and How it protects from Ransomware

ExaGrid is a new generation storage device that is built and designed for the backup solution. ExaGrid Doesn’t have a lock-in with one specific backup vendor and it’s supported with the most of backup software.

We all are very well aware of the data Tiered concept mainly for HOT and Cold data, ExaGrid is Tiered backup storage but with more advanced logic which is really fixing major challenges and providing robust protection against a ransomware attack.

Ransomware stories are very common these days and many organizations had faced tuff times and have lost very critical and important data. Ransomware is really scary.

The most Terrifying thing is hackers manage to delete data from the primary storage and backup storage as well and the organization is left with no option to get the data back  

Let us understand how protection works

ExaGrid’s have unique approach is called Retention Time-Lock (RTL). It prevents the threat actors/ hackers from deleting the backups and allows for retention points to be purged.

ExaGrid is Tiered Backup Storage with a front-end disk-cache Landing Zone and separate Repository Tier containing all retention data. Data is written directly to the “network facing”ExaGrid disk-cache Landing Zone. hen it is tiered into a “non-network-facing” long-term retention repository where it is stored as deduplicated data objects to reduce the storage cost of long-term retention data. As data is tiered to the Repository Tier, it is deduplicated and stored in a series of objects and metadata. As with other object storage systems, the ExaGrid objects and metadata never change allowing only for the creation of new objects or deletion of old objects when retention is reached.


  • Any deletion requests are delayed by the number of days in the protection policy
  • Encrypted data written to ExaGrid does not delete or change previous backups in the repository
  • Landing Zone data that is encrypted does not delete or change previous backups in the repository
  • Set delayed deletion in 1-day increments from 0 days to 30 days
  • Protects against loss of any and all retained backups including monthlies and yearlies
  • Two-Factor Authentication (2FA) protects changes to the Time-Lock setting
  • Separate password for primary site versus second site ExaGrid
  • Separate backup staff and security staff roles and passwords
  • Alarm on Delete
  • The alarm on data deduplication ratio change

Supported Backup software

Thanks to visit

Change Nutanix AHV NIC From access Mode to Trunked Mode

Trunked Mode allows multiple VLANs on a single NIC for VMs that are VLAN aware.

by default, NIC cards are in access mode.

mode can’t be changed from the UI (Prism) and the solution is to update from CVM acli

you can also covert exiting NIC card to Trunked Mode however based on my experience best and easy way is to add a new card


  1. SSH CVM
  2. acli
  3. <acropolis> vm.get VMNAME
  4. copy information in notepad
  5. nutanix@CVM~$ acli vm.nic_create <vm name> network=<network name> trunked_networks=<comma separated list of allowed VLAN IDs> vlan_mode=kTrunked


vm.nic_create VT-LAB-1 network=NETWORK0 trunked_networks=2021,2022 vlan_mode=kTrunked

WHY Trunked is Required

Above Setting is required when the virtual machine needs to create multiple networks on a single interface. in my case it’s WAF devices that are configured for multiple VLANs, each VLAN is associated with a different kind of application

if you want to add more VLANs run the below

vm.nic_update TT-WAF-01 00:68:8d:04:bf:4d network=NETWORK2108 trunked_networks=2120,2022,2059,2089 vlan_mode=kTrunked update_vlan_trunk_info=true



what is Nutanix Cloud Infrastructure (NCI), Nutanix Cloud Manager (NCM) & Nutanix Cloud Platform (NCP) Bundles License

Nutanix Cloud Infrastructure (NCI) is a complete software stack to unify your hybrid cloud infrastructure including compute, storage and network, hypervisors, and containers, in public or enterprise clouds; all with built-in resilience, self-healing, disaster recovery capabilities, and security. It includes enterprise data services and consolidated storage, data protection and disaster recovery, native virtualization and container management, networking, and security.

How it looks like in BOQ

NCI Software Editions

Nutanix Cloud Manager (NCM) offers our customers simplicity and ease of use to build and grow their cloud deployments faster and realize rapid ROI, by providing intelligent operations, self service and orchestration, visibility and governance of spend, security and teams, all through a unified Multi-cloud management solution.

NCM licenses can be purchased and applied on the number of physical CPU cores capacity in your deployment. Licenses are portable across hardware platforms and are available in 1 through 5-year term options.

By default, NCM provides coverage for all Nutanix and on-prem VMWare environments, metered per core. For supporting public cloud environments using the same NCM deployment, customers should purchase appropriate NCM Cloud SKUs as add-ons. Three public cloud-focused add-ons are available as SKUs- NCM Self-Service add-on for Public Cloud SKU, NCM Cost Governance SaaS SKU, and NCM Security Central SaaS SKU. These add-ons are metered by the number of Virtual Machines (VM) managed in the public cloud. Note: For on-prem environments, Cost Governance is available for AHV and ESXi on AOS, and Security Central is known for AHV.

NCM is also available as a fully managed Software as Service Option. Customers can experience multi-cloud self-service, app automation, governance, and security compliance capabilities, without requiring to run any on-prem Nutanix software. The NCM SaaS offering is available to purchase as à la carte SaaS licenses for these four NCM SaaS modules:

  • NCM SaaS – Operations (in development) 
  • NCM SaaS – Self-Service
  • NCM SaaS – Cost Governance
  • NCM SaaS – Security Central

NCM SaaS licenses are metered by the number of Virtual Machines (VM) managed in the public cloud.

Nutanix Cloud Infrastructure (NCI) and Nutanix Cloud Manager (NCM) can be purchased together in 3 ‘better together’ Nutanix Cloud Platform (NCP) bundles:

Thanks to visit my blog

What is ICAP and integration with Nutanix files

ICAP stands for internet content adaption protocol is an open standard being adopted to connect devices to enterprise-level virus scan engine . same way with the nutanix files is to enable communication with external servers hosting third-party anti-virus software to scan inbound data (files) in transit via Secure Proxy before sending it to the backend destination server.


The ICAP service runs on each Nutanix Files file server and can interact with more than one ICAP server in parallel to support horizontal scale-out of the antivirus server. The scale-out nature of Files and one-click optimization greatly mitigate any antivirus scanning performance overhead. If the scanning affects Nutanix Files FSVM performance, one-click optimization recommends either increasing the virtual CPU resources or scaling out the FSVMs. This feature also helps both the ICAP server and Files scale out, ensuring fast responses from the customer’s antivirus vendor

WHY Nutanix files integration with AV server is important

Ransomware is a persistent concern that requires multiple security controls and software layers to mitigate integration is important to protect users from malware and viruses,

WHAT all third-party vendor are support with Nutanix files

  1. Trand Micro
  2. McAfee
  3. BitDefender
  4. Symantec
  5. sentinelone

HOW to configure integration

  1. In the Files Console, go to Configuration > Antivirus.
  2. Connect the ICAP server.
    1. Click + Connect ICAP Server.A new row appears for new ICAP server details.
    2. Enter the following information in the corresponding fields:
      • IP address or hostname
      • Port (the default port number is 1344)
      • Description
    3. To save the configuration, click the check mark icon.For a detected antivirus server, the software tests the validity of the configured server and updates the status to OK.
    4. Ensure the connection status automatically updates to OK.
    5. Click Next.
    6. (https://portal.nutanix.com/page/documents/details?targetId=Files-v4_2:fil-file-server-anti-virus-enable-t.html) for more details