---
title: "Configura Flusso Nutanix (EN)"
description: "Find out how to configure and use Nutanix Flow"
url: https://docs.ovhcloud.com/it/guides/hosted-private-cloud/nutanix-on-ovhcloud/flow
lang: it
lastUpdated: 2022-04-08
---
# Configura Flusso Nutanix (EN)

## Objective

Nutanix Flow is available on all **Nutanix on OVHcloud** offers. This option secures the network in one or more clusters managed by **Prism Central**

**Learn how to use Nutanix Flow for network security within a Nutanix cluster.**

:::warning
OVHcloud provides services for which you are responsible, with regard to their configuration and management. It is therefore your responsibility to ensure that they work properly.

This guide is designed to assist you as much as possible with common tasks. Nevertheless, we recommend contacting a specialist provider if you experience any difficulties or doubts when it comes to managing, using or setting up a service on a server.
:::

## Instructions

Log in to **Prism Central**.

To connect to a Nutanix cluster, if required, see the [Go further](#gofurther) section in this guide.

### Enabling **Nutanix Flow**

Click the gear in the top right to change the settings.

![Activate Flow 01](/images/hosted-private-cloud/nutanix-on-ovhcloud/28-flow/activatemicrosegmentation01.png)
Click `Microsegmentation
` from the scroll bar on the left.
![Activate Flow 02](/images/hosted-private-cloud/nutanix-on-ovhcloud/28-flow/activatemicrosegmentation02.png)
Select the **Enable Microsegmentation**
 checkbox and click `Save
`.
![Activate Flow 03](/images/hosted-private-cloud/nutanix-on-ovhcloud/28-flow/activatemicrosegmentation03.png)
Microsegmentation is enabled. You can always disable it.

![Activate Flow 04](/images/hosted-private-cloud/nutanix-on-ovhcloud/28-flow/activatemicrosegmentation04.png)
### Category configuration [](#)
A category is an object that can contain one or more values.

When installing a cluster, some categories already exist and can be modified, other categories can be added.

Entities, such as virtual machines, subnets, or images, can be among the categories used for a tool like **Flow**, for example.

#### Creating a category

From the main menu, click `Categories
` on the `Administration`
 submenu.
![Create Category 01](/images/hosted-private-cloud/nutanix-on-ovhcloud/28-flow/configurecategories01.png)
Click `New Category
`.
![Create Category 02](/images/hosted-private-cloud/nutanix-on-ovhcloud/28-flow/configurecategories02.png)
Type the name of the category in **Name**
 and Click `New value
`.
![Create Category 03](/images/hosted-private-cloud/nutanix-on-ovhcloud/28-flow/configurecategories03.png)
Type a name in **Value** and click the blue validation button on the right.

![Create Category 04](/images/hosted-private-cloud/nutanix-on-ovhcloud/28-flow/configurecategories04.png)
Click `Save
`.
![Create Category 05](/images/hosted-private-cloud/nutanix-on-ovhcloud/28-flow/configurecategories05.png)
The new category appears in the category list.

![Create Category 06](/images/hosted-private-cloud/nutanix-on-ovhcloud/28-flow/configurecategories06.png)
#### Modifying a Category

Select the `Special-Computers category
`
![Create Isolation Rule 02](/images/hosted-private-cloud/nutanix-on-ovhcloud/28-flow/modifycategory02.png)
Click `Update
` on the `Actions menu
`.
![Create Isolation Rule 03](/images/hosted-private-cloud/nutanix-on-ovhcloud/28-flow/modifycategory03.png)
Click `New value
`.
![Create Isolation Rule 04](/images/hosted-private-cloud/nutanix-on-ovhcloud/28-flow/modifycategory04.png)
Enter a value in the **Value** column and click the validation icon.

![Create Isolation Rule 05](/images/hosted-private-cloud/nutanix-on-ovhcloud/28-flow/modifycategory05.png)
Click `New value
`.
![Create Isolation Rule 06](/images/hosted-private-cloud/nutanix-on-ovhcloud/28-flow/modifycategory06.png)
Enter another value in the **Value** column and click the validation icon.

![Create Isolation Rule 07](/images/hosted-private-cloud/nutanix-on-ovhcloud/28-flow/modifycategory07.png)
Click `Save
` to commit the category change.
![Create Isolation Rule 08](/images/hosted-private-cloud/nutanix-on-ovhcloud/28-flow/modifycategory08.png)
The category is visible in the category dashboard with these two new values.

![Create Isolation Rule 09](/images/hosted-private-cloud/nutanix-on-ovhcloud/28-flow/modifycategory09.png)
#### Assigning a Category to a Virtual Machine

In the main menu, click `VMs
` under `Compute & Storage.`

![Add VM to Category 01](/images/hosted-private-cloud/nutanix-on-ovhcloud/28-flow/addvmtocategory01.png)
Select the virtual machine by ticking on the left.

![Add VM to Category 02](/images/hosted-private-cloud/nutanix-on-ovhcloud/28-flow/addvmtocategory02.png)
Click `Actions
`, then click `Manage Categories
`.
![Add VM to Category 03](/images/hosted-private-cloud/nutanix-on-ovhcloud/28-flow/addvmtocategory03.png)
Type `categoryName:value`
 and click the `\+
` sign.
![Add VM to Category 04](/images/hosted-private-cloud/nutanix-on-ovhcloud/28-flow/addvmtocategory04.png)
Click `Save
` to save the virtual machine to a category.
![Add VM to Category 05](/images/hosted-private-cloud/nutanix-on-ovhcloud/28-flow/addvmtocategory05.png)
#### Assigning a category to multiple VMs

Select three virtual machines using the `check
` boxes on the left.
![Add category to multi VMs 01](/images/hosted-private-cloud/nutanix-on-ovhcloud/28-flow/multivmcategorychange01.png)
Click the `Actions
` menu and select `Manage Categories
`.
![Add category to multi VMs 02](/images/hosted-private-cloud/nutanix-on-ovhcloud/28-flow/multivmcategorychange02.png)
Type `categoryName:value`
 and click `\+
`.
![Add category to multi VMs 03](/images/hosted-private-cloud/nutanix-on-ovhcloud/28-flow/multivmcategorychange03.png)
Click `Save
`.
![Add category to multi VMs 04](/images/hosted-private-cloud/nutanix-on-ovhcloud/28-flow/multivmcategorychange04.png)
#### Assigning a Category to Subnets

From the main menu, click `Subnets
` under `Network & Security`
.
![Add Category to subnet 01](/images/hosted-private-cloud/nutanix-on-ovhcloud/28-flow/addcategorytosubnet01.png)
Select the subnets by checking their left.

![Add Category to subnet 02](/images/hosted-private-cloud/nutanix-on-ovhcloud/28-flow/addcategorytosubnet02.png)
Click the `Actions
` menu and select `Manage Categories
`.
![Add Category to subnet 03](/images/hosted-private-cloud/nutanix-on-ovhcloud/28-flow/addcategorytosubnet03.png)
Type `categoryName:value`
 and click `\+
`.
![Add Category to subnet 04](/images/hosted-private-cloud/nutanix-on-ovhcloud/28-flow/addcategorytosubnet04.png)
Click `Save
`.
![Add Category to subnet 05](/images/hosted-private-cloud/nutanix-on-ovhcloud/28-flow/addcategorytosubnet05.png)
### Network quarantine management

Network quarantine allows you to isolate a virtual machine from the entire network, or allow it restricted access to certain repair tools that are on the network.

#### VM quarantine

In the main menu, click `VMs
` under `Compute & Storage.`

![Add VM to Quarantine 01](/images/hosted-private-cloud/nutanix-on-ovhcloud/28-flow/addvmtoquarantine01.png)
Select the virtual machine by ticking on the left.

![Add VM to Quarantine 02](/images/hosted-private-cloud/nutanix-on-ovhcloud/28-flow/addvmtoquarantine02.png)
Click `Actions
` and choose `Quarantine VMs
` from the menu.
![Add VM to Quarantine 03](/images/hosted-private-cloud/nutanix-on-ovhcloud/28-flow/addvmtoquarantine03.png)
Select `Forensic
` in `Quarantine Method`
 and click `Quarantine
`.
![Add VM to Quarantine 04](/images/hosted-private-cloud/nutanix-on-ovhcloud/28-flow/addvmtoquarantine04.png)
The virtual machine is now in quarantine.

#### Customising the network quarantine.

There are currently no blockages affecting the quarantined virtual machine. Follow these instructions to configure the quarantine.

From the main menu, click `Security Policies
` in the `Network & Security`
 submenu.
![Configure Quarantine 01](/images/hosted-private-cloud/nutanix-on-ovhcloud/28-flow/configurequarantinerule01.png)
Click the number next to `Quarantined` to view the quarantined virtual machines.

![Configure Quarantine 02](/images/hosted-private-cloud/nutanix-on-ovhcloud/28-flow/configurequarantinerule02.png)
The list of quarantined VMs appears in the **Name**
 column. Click `Close
` to return to the previous menu.
![Configure Quarantine 03](/images/hosted-private-cloud/nutanix-on-ovhcloud/28-flow/configurequarantinerule03.png)
Click `Quarantine
` below the **Name**
 column to edit the rule.
![Configure Quarantine 04](/images/hosted-private-cloud/nutanix-on-ovhcloud/28-flow/configurequarantinerule04.png)
The rule status is in `monitoring` mode, as shown in the top left-hand corner.

Traffic is not blocked but monitored. Connections between the quarantined VMs and the rest of the network are represented by orange lines attached to rectangles representing the IP address of the source or destination.

Click `Enforce
` in the top right-hand corner to switch from **Monitoring**
 mode to **Enforcing**
 mode with traffic blocking.
![Configure Quarantine 05](/images/hosted-private-cloud/nutanix-on-ovhcloud/28-flow/configurequarantinerule05.png)
Type `ENFORCE
` and click `Confirm
`.
![Configure Quarantine 06](/images/hosted-private-cloud/nutanix-on-ovhcloud/28-flow/configurequarantinerule06.png)
The rule status is now on `Enforced`.

Traffic is blocked. We see attempts to access VMs in quarantines via red dotted lines to blocks containing the IP address of the VM.

Click `Update
` in the top right-hand corner to edit the rule to allow certain network streams.
![Configure Quarantine 07](/images/hosted-private-cloud/nutanix-on-ovhcloud/28-flow/configurequarantinerule07.png)
Click `Next
`.
![Configure Quarantine 08](/images/hosted-private-cloud/nutanix-on-ovhcloud/28-flow/configurequarantinerule08.png)
Move your mouse over an incoming connection attempt and click `Allow Traffic
`
![Configure Quarantine 09](/images/hosted-private-cloud/nutanix-on-ovhcloud/28-flow/configurequarantinerule09.png)
Select the checkbox to the left of the **Source**
 to select the incoming discovered traffic, then click `Allow 1 Discovered Traffic
` to allow only the discovered traffic, such as ICMP below.
![Configure Quarantine 10](/images/hosted-private-cloud/nutanix-on-ovhcloud/28-flow/configurequarantinerule10.png)
Move your mouse over an outgoing connection attempt and click `Allow Traffic
`.
![Configure Quarantine 11](/images/hosted-private-cloud/nutanix-on-ovhcloud/28-flow/configurequarantinerule11.png)
Select the checkbox to the left of the **Source**
 to select the outbound discovered traffic, then click `Allow 1 Discovered Traffic
` to allow only the discovered traffic.
![Configure Quarantine 12](/images/hosted-private-cloud/nutanix-on-ovhcloud/28-flow/configurequarantinerule12.png)
The authorised traffic is now visible via grey lines, while the blocked traffic is in red.

To create a rule manually without going through network discovery, left-click `Add Source
` to allow an incoming connection to the quarantine.
![Configure Quarantine 13](/images/hosted-private-cloud/nutanix-on-ovhcloud/28-flow/configurequarantinerule13.png)
Enter the category name and its value in `Add source by: Category`
, then click `Add
`.
![Configure Quarantine 14](/images/hosted-private-cloud/nutanix-on-ovhcloud/28-flow/configurequarantinerule14.png)
The source appears in `Configured`.

Click `\+
` to the left of **Quarantine: Forensics**
.
![Configure Quarantine 15](/images/hosted-private-cloud/nutanix-on-ovhcloud/28-flow/configurequarantinerule15.png)
Allow all traffic and click `Save
`.
![Configure Quarantine 16](/images/hosted-private-cloud/nutanix-on-ovhcloud/28-flow/configurequarantinerule16.png)
Right-click `Add Destination
` to allow an outgoing rule from quarantine.
![Configure Quarantine 17](/images/hosted-private-cloud/nutanix-on-ovhcloud/28-flow/configurequarantinerule17.png)
Enter the category name and its value in `Add source by: Category`
, and then click `Add
`.
![Configure Quarantine 18](/images/hosted-private-cloud/nutanix-on-ovhcloud/28-flow/configurequarantinerule18.png)
Click `\+
` to the right of **Quarantine: Forensics**
.
![Configure Quarantine 19](/images/hosted-private-cloud/nutanix-on-ovhcloud/28-flow/configurequarantinerule19.png)
Allow all traffic and click `Save
`.
![Configure Quarantine 20](/images/hosted-private-cloud/nutanix-on-ovhcloud/28-flow/configurequarantinerule20.png)
Click `Next
`.
![Configure Quarantine 21](/images/hosted-private-cloud/nutanix-on-ovhcloud/28-flow/configurequarantinerule21.png)
Click `Save and Enforce
` to apply the quarantine rule changes.
![Configure Quarantine 22](/images/hosted-private-cloud/nutanix-on-ovhcloud/28-flow/configurequarantinerule22.png)
Click `Quarantine
` to view quarantine rule details.
![Configure Quarantine 23](/images/hosted-private-cloud/nutanix-on-ovhcloud/28-flow/configurequarantinerule23.png)
The rule status is on `Enforced`, the **Forensic** mode has been customised.

A virtual machine in **Strict** mode will be completely isolated from the network, while in **Forensic** mode it will have access to the areas defined in the quarantine rule.

![Configure Quarantine 24](/images/hosted-private-cloud/nutanix-on-ovhcloud/28-flow/configurequarantinerule24.png)
### Creating an isolation rule

An isolation rule allows blocking of network communications between two categories (virtual machines or subnets).

For more information about managing categories, see the [Setting up categories](#gocategoriesemanage) section in this guide.

From the main menu, click `Securities Policies
` in the `Network & Security`
 submenu.
![Create Isolation Rule 03](/images/hosted-private-cloud/nutanix-on-ovhcloud/28-flow/createisolationrule03.png)
Click `Create Security Policy
`.
![Create Isolation Rule 04](/images/hosted-private-cloud/nutanix-on-ovhcloud/28-flow/createisolationrule04.png)
Select `Isolation Policy
` and click `Create
`.
![Create Isolation Rule 05](/images/hosted-private-cloud/nutanix-on-ovhcloud/28-flow/createisolationrule05.png)
Type the rule name in `Name
` and then add a comment in `Purpose
`, choose a category in `Isolate this category
`, followed by another category in `From this category
`.
Select `Enforce`
 in **Select a Policy mode**
, then click `Save and Enforce
`.
![Create Isolation Rule 06](/images/hosted-private-cloud/nutanix-on-ovhcloud/28-flow/createisolationrule06.png)
The rule is active in the list of security rules.

Click `The rule
` name below the **Name**
 column to view details.
![Create Isolation Rule 07](/images/hosted-private-cloud/nutanix-on-ovhcloud/28-flow/createisolationrule07.png)
The status of the rule indicates `Enforced`, and you can see that no connection attempt between the two zones is detected, as this message indicates: **No Traffic between them has been discovered**.

![Create Isolation Rule 08](/images/hosted-private-cloud/nutanix-on-ovhcloud/28-flow/createisolationrule08.png)
If a network connection attempt is detected between these two zones, the message changes to **Traffic between them has been discovered**.

![Create Isolation Rule 09](/images/hosted-private-cloud/nutanix-on-ovhcloud/28-flow/createisolationrule09.png)
### Setting up an application rule.

An application rule limits access to certain ports, protocols, or services for members of a category from another category.

This rule can only be used with a category named **Applications** that can be edited but not deleted.

For more information about managing categories, see the [Setting up categories](#gocategoriesemanage) section in this guide.

From the main menu, click `Security Policies
` in the `Network & Security`
 submenu.
![Create Application Rule 01](/images/hosted-private-cloud/nutanix-on-ovhcloud/28-flow/createapplicationrule01.png)
Click `Create Security Policy
`.
![Create Application Rule 02](/images/hosted-private-cloud/nutanix-on-ovhcloud/28-flow/createapplicationrule02.png)
Select `Secure Application (App Policy)
` and click `Create
`.
![Create Application Rule 03](/images/hosted-private-cloud/nutanix-on-ovhcloud/28-flow/createapplicationrule03.png)
Enter the **Name**
 fields for the rule name, **Purpose**
 for comment, **Secure this App**
 by choosing an existing application category, and click `Next
`.
![Create Application Rule 04](/images/hosted-private-cloud/nutanix-on-ovhcloud/28-flow/createapplicationrule04.png)
Click `Add Source
` on the left.
![Create Application Rule 05](/images/hosted-private-cloud/nutanix-on-ovhcloud/28-flow/createapplicationrule05.png)
Choose the `category`
 for the VLAN and click `Add
`.
![Create Application Rule 06](/images/hosted-private-cloud/nutanix-on-ovhcloud/28-flow/createapplicationrule06.png)
Click `\+
` to connect the application to the source.
![Create Application Rule 07](/images/hosted-private-cloud/nutanix-on-ovhcloud/28-flow/createapplicationrule07.png)
Select `Select a Service
`, choose the category in **Protocol/Service**
, search for the service name in **Port/Service Details**
, and click `Save
`.
![Create Application Rule 08](/images/hosted-private-cloud/nutanix-on-ovhcloud/28-flow/createapplicationrule08.png)
Click `Next
`.
![Create Application Rule 09](/images/hosted-private-cloud/nutanix-on-ovhcloud/28-flow/createapplicationrule09.png)
Select `Enforce
` and click `Save and Enforce
` to enable this rule.
![Create Application Rule 10](/images/hosted-private-cloud/nutanix-on-ovhcloud/28-flow/createapplicationrule10.png)
The rule you created is in the list of rules.

![Create Application Rule 11](/images/hosted-private-cloud/nutanix-on-ovhcloud/28-flow/createapplicationrule11.png)
## Go further [](#)
[Hyperconvergenza Nutanix (EN)](/it/guides/hosted-private-cloud/nutanix-on-ovhcloud/nutanix-hci.md)

[Presentation of Nutanix FLOW](https://portal.nutanix.com/page/documents/solutions/details?targetId=TN-2094-Flow:TN-2094-Flow)

[Nutanix FLOW security rules](https://portal.nutanix.com/page/documents/details?)

[Categories in Nutanix](https://portal.nutanix.com/page/documents/details?targetId=Prism-Central-Guide-Prism-vpc_2022_1:ssp-ssp-categories-manage-pc-c.html)

If you need training or technical assistance to implement our solutions, contact your sales representative or click on [this link](https://www.ovhcloud.com/it/professional-services/) to get a quote and ask our Professional Services experts for assisting you on your specific use case of your project.

Join our [community of users](https://community.ovhcloud.com/).