An administrator has deployed NC2 on AWS. The cluster deployment completed successfully.
After deployment, the administrator created a subnet in AWS, added it as a network in Prism Element, deployed Prism Central using the newly-configured network, and registered the cloud cluster with it.
The on-premises network and AWS are connected via a Site-to-Site VPN. Cluster nodes, CVM, and Prism Central can communicate with each other, but cannot be accessed from the on-premises network.
What two issues might be the cause of this problem? (Choose two.)
Traffic from the on-premises network is not permitted by VM and Management security groups:
Ensure that the security groups assigned to the VMs and management interfaces in AWS allow inbound traffic from the on-premises network. Without appropriate security group rules, the traffic will be blocked.
The AWS VPC traffic is blocked by a firewall in the on-premises network:
Check if the firewall on the on-premises network is configured to allow traffic from the AWS VPC. Firewalls may have restrictive rules that block incoming traffic, preventing communication.
Reference: Refer to AWS documentation on security groups and firewalls and Nutanix documentation on configuring networking for NC2 clusters.
An administrator is investigating reports of network congestion on their NC2 deployment.
As part of the investigation, a packet capture is taken from a group of user VMs. During the analysis of the packet capture, it is observed that user VMs are receiving multicast traffic unexpectedly.
What action should the administrator take to resolve the issue?
Enable IGMP snooping on the AHV hosts:
IGMP (Internet Group Management Protocol) snooping is a feature that listens to IGMP traffic between hosts and routers. By enabling IGMP snooping on the AHV (Acropolis Hypervisor) hosts, the switch can intelligently forward multicast traffic only to the ports that have requested it.
This reduces unnecessary multicast traffic on the network and prevents congestion by ensuring that multicast packets are only delivered to the appropriate endpoints.
Reference: Refer to the Nutanix documentation on network configuration and best practices for managing multicast traffic.
An administrator is deploying an NC2 cluster into an existing AWS VPC.
The cluster deployment fails, with the following error message:
Why has the deployment failed?
The administrator has not created the necessary Security Group:
The error message indicates that the creation of network interfaces in a shared subnet requires specifying a security group. This means that the necessary security group has not been created or assigned to the network interfaces.
Creating the appropriate security group and ensuring it is associated with the network interfaces during cluster deployment should resolve this issue.
Reference: Refer to AWS documentation on security groups and network interface configuration and Nutanix documentation on prerequisites for deploying NC2 clusters in an existing AWS VPC.
An administrator is experiencing problems with several operations, including VM IP address assignment validations, VM power-on and VM power-off operations.
Whenever a related operation is performed, an alert is generated in the NC2 console indicating that the Cloud API endpoints are unavailable.
The issue was further investigated and it was determined that NC2 is unable to make API calls to the underlying cloud infrastructure due to network connectivity misconfigurations.
Which two connectivity misconfigurations could be causing this issue? (Choose two.)
Route tables for cloud subnets contain incorrect route entries:
If the route tables associated with the cloud subnets contain incorrect route entries, the NC2 cluster might not be able to reach the necessary AWS services or endpoints. Correct route entries are crucial for ensuring proper communication between the NC2 cluster and the underlying AWS infrastructure.
IAM roles and policies are incorrectly configured:
Incorrectly configured IAM roles and policies can prevent NC2 from making API calls to AWS services. These roles and policies must be properly set up to allow the necessary permissions for NC2 to interact with AWS resources and perform required operations.
Reference: Refer to the AWS documentation on route table configuration and IAM roles and policies, and Nutanix documentation on NC2 cloud connectivity and permissions.
An administrator is planning an NC2 deployment and wants to connect to AWS Services privately from the corporate VPC without going through the public internet.
Which connectivity solution should the administrator use?
Gateway Endpoint:
A Gateway Endpoint in AWS allows you to connect to supported AWS services privately without going through the public internet. This setup provides secure and efficient connectivity directly from the corporate VPC to the required AWS services.
Gateway Endpoints support services such as Amazon S3 and DynamoDB and are ideal for scenarios where private connectivity to these services is needed.
Reference: Refer to the AWS documentation on VPC endpoints, specifically Gateway Endpoints, and the Nutanix documentation on configuring private connectivity for NC2 deployments.
