Installation on Nutanix AHV

1.0 Introduction

This article describes the Fortanix-Data-Security-Manager (DSM) Open Virtual Appliance (OVA) installation steps on Nutanix AHV (Acropolis Hypervisor).

2.0 Prerequisites

Ensure the following:

Nutanix AOS (Acropolis Operating System) version 7.3 or later
Nutanix AHV (Acropolis Hypervisor) version 10.3 or later.
The central processing unit (CPU) must support RDRAND and RDSEED.
Minimum requirements:
- Cores: 8 Cores
- Memory: 32GB RAM
- Storage: 600 GB hard disk space
- Operating System: 64-bit Linux (Ubuntu supported)

NOTE
This OVA is compatible with the VirtIO network adapter, as it includes the latest version of open-vm-tools (2:11.3.0-2ubuntu0~ubuntu24.04.4).

3.0 Importing the OVA

The Fortanix DSM OVA package can be imported directly into Prism Central. For more information, refer to the Nutanix official documentation.

NOTE
The supported Fortanix DSM OVA version is 5.4 or later

4.0 Configuring the Virtual Machine (VM)

4.1 Deploying the VM from OVA

After uploading the OVA to Prism Central, deploy a virtual machine from the uploaded image using the following steps:

In Prism Central, select the uploaded OVA.
Click Deploy as VM.
Figure 1: Deploy VM
Provide the required configuration details, including the following:
- VM name
- CPU and memory allocation (minimum: 2 CPUs, 2 cores per CPU, and 16 GiB memory); virtual disk size: 128 GiB
- Disk configuration
- Network settings
Figure 2: VM configuration
Figure 3: VM configuration
Review the configuration and click Next to proceed to create the VM.
Once the VM is created:
1. Locate the VM in the VM list.
  Figure 4: Locate VM
2. Power on the VM.
  Figure 5: Power on
After the VM is powered on, launch the console from Nutanix Prism Central for the initial login. A login prompt is displayed. Log in using the default credentials provided by the Fortanix Customer Success team and then proceed with the standard Fortanix DSM cluster setup steps, such as cluster creation and node joining, as described in Section 5.0: Fortanix DSM Installation. Once the network is configured and accessible, you can connect using SSH (Secure Shell).

4.2 Network Configuration

Perform the following network configuration steps:

Ensure that the VM network settings are correctly configured:
- Assign a static IP address to each DSM node.
- Ensure connectivity between all nodes in the cluster.
- Verify DNS (Domain Name System) and gateway settings.
Run the following command to update the network interface configuration inside the VM:
```
vi /etc/network/interfaces
```
Configure the network interface for each cluster node. Note that each node must have a unique value for <IP_ADDRESS> and the nodes must be able to reach one another.
For example:
```
auto ens3
iface ens3 inet static
address <IP_ADDRESS>
netmask <NETMASK>
gateway <GATEWAY>
dns-nameserver <DNS_SERVER>
```
Restart networking or reboot the VM after making changes.

5.0 Fortanix DSM installation

Perform the following steps:

Log in to one of the nodes using the IP and credentials configured in Section 4.0: Configuring the Virtual Machine (VM). This node will create the Data Security Manager cluster.
Configure the deployment-specific configuration file during Fortanix DSM installation. For detailed instructions, refer to the Fortanix Data Security Manager Installation Guide - On-Prem.
Join the other nodes to the cluster. For detailed instructions, refer to Fortanix Data Security Manager Installation Guide – On-Prem.
Install and sign the certificate. For detailed instructions, refer to the Fortanix Data Security Manager Installation Guide – On-Prem.

NOTE
There is no need for cleanup and installation; the OVA has a fresh install of the Fortanix DSM software.

6.0 Backup and Restore on Nutanix AHV

The backup and restore process remains the same as Fortanix DSM hardware-based deployments. But when deployed on Nutanix AHV, a deployment key is created in software. This deployment key is not backed up to the backup location along with the backup data due to security reasons.

For more information on configuring the backup, refer to Fortanix Data Security Manager Backup and Restore.

NOTE
The deployment key is required to restore the backup in case the cluster is being reset/re-created. Hence, the deployment key must be backed up in a safe location. Backup cannot be restored (will be rendered unusable) without this deployment key during the restoration process.

Run the following command on a cluster node to save the deployment key for the previous backup stored in a safe location:
```
$ kubectl get secrets sdkms-deployment-key-store -o yaml > sdkms-deployment-key-store.yaml
```
Save the file sdkms-deployment-key-store.yaml in a secure location. Do not save it along with the backup.
Restore the deployment key after the cluster reset.

When a new cluster is created, a new random deployment key gets auto-created. However, when restoring the cluster from a backup, the existing deployment key must be deleted and the previously saved deployment key must be restored.

Run the following command to delete any existing deployment key (which was created along with a fresh cluster):
```
$ kubectl delete secrets sdkms-deployment-key-store
```
Run the following command to create a deployment key from the backup file:
```
$ kubectl create -f sdkms-deployment-key-store.yaml
```

After the above step, the restore process can be started as documented in Fortanix DSM Restoration Guide - Automated.

7.0 Support

For production deployment of Fortanix DSM on Nutanix AHV, click here to download the OVA Software.