Nutanix NCP-CI-AWS Practice Questions

Explanation:
To deploy NC2 in AWS using an existing VPC, the following AWS resources should be configured beforehand:
NAT Gateway: This allows instances in the private subnet to connect to the internet or other AWS services, while preventing the internet from initiating connections with those instances.
Public and Private Subnets: These are necessary to segregate the network traffic. Public subnets provide a direct route to the internet gateway, while private subnets are used for internal resources that do not need direct access to the internet.

Explanation:

• The 192.168.5.0/24 range is often reserved for internal cluster communication within Nutanix deployments.
• Using this CIDR range for other purposes could lead to network conflicts and connectivity issues, as it might interfere with the internal operations and communication channels of the Nutanix cluster.
• Ensuring that the CIDR range is not overlapping with any reserved ranges is crucial for maintaining proper network connectivity and cluster functionality.

Explanation:
Ensure the specialist is assigned the RBAC role with proper permissions (Answer A):
Role-Based Access Control (RBAC) ensures that the specialist has the necessary permissions to troubleshoot and manage the NC2 environment. This avoids unnecessary privilege escalations and maintains security.
Confirm the Support Authorization on the organization is set to Full Access (Answer C):
Setting the Support Authorization to Full Access allows the Nutanix support specialist to have the required access to investigate and resolve issues in the environment. This is essential for effective troubleshooting.

Explanation:
When setting up a landing zone for Nutanix clusters on AWS, having only private subnets for cluster management and user VMs is not sufficient for full cluster functionality. Nutanix clusters often need to communicate with the internet for updates, patches, and other cloud services.
VPC Configuration:
The VPC already has two private subnets (one for cluster management and one for user VMs).
Additional Requirements:
To access public services like S3 or for the cluster nodes to reach Nutanix services for updates, a public subnet is essential.
Why Public Subnet for Internet Access?:

• A public subnet allows resources within it to communicate directly with the internet, which is necessary for accessing Nutanix's update servers, applying patches, and other maintenance tasks.
• This subnet typically includes an internet gateway, enabling instances in the public subnet to receive and send traffic directly to the internet.

Explanation:

• To ensure that every NC2 on AWS cluster deployed allows full access from the on-premises CVM subnet efficiently, the administrator should create a custom AWS Network Security Group.
• Use a key value oftag:nutanix:clusters:externalfor the security group, and set the inbound allow address to the on-premises subnet.
• This approach leverages AWS tags to manage security group rules dynamically and ensures that the necessary access permissions are applied automatically to all clusters with the specified tag.
• This method reduces the need for manual configuration of each cluster's security group, streamlining the process for a test/dev environment where clusters are frequently created and destroyed.

Explanation:
Traffic from the on-premises network is not permitted by VM and Management security groups:
Ensure that the security groups assigned to the VMs and management interfaces in AWS allow inbound traffic from the on-premises network. Without appropriate security group rules, the traffic will be blocked.
The AWS VPC traffic is blocked by a firewall in the on-premises network:
Check if the firewall on the on-premises network is configured to allow traffic from the AWS VPC. Firewalls may have restrictive rules that block incoming traffic, preventing communication.