# Introduction and requirements

## Introduction

This guide is intended to help customers or partners deploy a virtual Brain appliance in Nutanix environments. A Nutanix Brain appliance can be used in Vectra AI Platform deployments that use either the Respond UX or the Quadrant UX. The Respond UX is served from Vectra’s cloud and the Quadrant UX is served locally from the Brain appliance. For more detail on Respond UX vs Quadrant UX please see [Vectra Analyst User Experiences (Respond vs Quadrant)](https://docs.vectra.ai/deployment/getting-started/analyst-ux-options-rux-vs-qux).

This guide will cover basic background information, connectivity requirements (firewall rules that may be needed in your environment), licensing, deployment, and next steps. One of the below guides should be the starting point for your overall Vectra deployment:

* [Vectra Respond UX Deployment Guide](https://docs.vectra.ai/deployment/getting-started/respond-ux-deployment-guide)
* [Vectra Quadrant UX Deployment Guide](https://docs.vectra.ai/deployment/getting-started/quadrant-ux-deployment)

## General Requirements

* An open Proof of Value (Proof of Concept or Trial) that you are working with Vectra or a Vectra partner or a valid entitlement to Vectra NDR through purchase.
  * The licensing system cannot provide licenses for customers who are not currently entitled to a license through a trial or purchase.
* Current login to a fully approved Vectra Support Portal account.
  * Accounts that are self-registered and not fully approved on the Vectra Support Portal will not have the license request option enabled.
* IP address, subnet mask, default gateway, and hostname for the Management interface of the Brain (DHCP is also supported).
  * If DHCP is used, a reservation should be created to keep the IP consistent for Sensors that may pair via IP instead of Hostname.
* DNS server addresses.
* Nutanix Prism Central with v3 API accessible to the user who will perform the deployment. The specific permissions required are:
  * Cluster – View Cluster
  * OVA – View OVA
  * Subnet – View Subnet
  * AHV VM – Create Virtual Machine

## About Nutanix Brain Images

The `.zip` file that contains the `.ova` image and deployment script used to deploy a Brain in Nutanix is made available on the [Vectra Customer Portal](https://support.vectra.ai/vectra/login) which is part of [Vectra Support](https://support.vectra.ai/vectra/). Vectra periodically updates the base image used for VMware Brain deployment. 

{% hint style="info" %}
It is a best practice to always download the latest image from the Vectra Customer Portal prior to deployment of a new Nutanix Brain.
{% endhint %}

Brains that are connected to Vectra are updated automatically according to the settings on that Brain. Offline updates are also possible for Quadrant UX deployments only. Please see [Offline Updates](https://docs.vectra.ai/operations/readme-1/offline-updates-v89) for instructions on how to apply offline updates.

## Nutanix Brain Resource Requirements and Throughput

**Nutanix Versions Supported:** AOS 6.8.1 and higher with Prism Central (and v3 API) available

**For use in Respond UX or Quadrant UX deployments:**

<table data-header-hidden><thead><tr><th width="195.1640625"></th><th></th><th></th><th></th></tr></thead><tbody><tr><td><strong>Performance</strong><sup>1</sup></td><td>Coming Soon</td><td>Coming Soon</td><td>10 Gbps</td></tr><tr><td><strong>CPU</strong></td><td>8 Cores</td><td>16 Cores</td><td>32 Cores</td></tr><tr><td><strong>Memory</strong></td><td>64 GB RAM</td><td>128 GB RAM</td><td>256 GB RAM</td></tr><tr><td><strong>Drive (OS, Data) Requires 260 MB/s</strong></td><td>128 GB, 512 GB</td><td>128 GB, 512 GB</td><td>128 GB, 512 GB</td></tr><tr><td><strong>Max Paired Sensors</strong></td><td>Coming Soon</td><td>Coming Soon</td><td>100</td></tr><tr><td><strong>Max Simultaneous Tracked Hosts</strong><sup>2</sup></td><td>Coming Soon</td><td>Coming Soon</td><td>150,000</td></tr></tbody></table>

**For use ONLY in Respond UX for Network deployments:**

* A Respond UX for Network deployment means using network Sensors with the Respond UX.

<table data-header-hidden><thead><tr><th width="314.77734375"></th><th></th><th></th></tr></thead><tbody><tr><td><strong>Performance</strong><sup>1</sup></td><td>Coming Soon</td><td>Coming Soon</td></tr><tr><td><strong>CPU</strong></td><td>4 Cores</td><td>6 Cores</td></tr><tr><td><strong>Memory</strong></td><td>48 GB RAM</td><td>48 GB RAM</td></tr><tr><td><strong>Drive (OS, Data) Requires 260 MB/s</strong></td><td>128 GB, 512 GB</td><td>128 GB, 512 GB</td></tr><tr><td><strong>Max Paired Sensors</strong></td><td>Coming Soon</td><td>Coming Soon</td></tr><tr><td><strong>Max Simultaneous Tracked Hosts</strong><sup>2</sup></td><td>Coming Soon</td><td>Coming Soon</td></tr></tbody></table>

{% hint style="info" %}
**Please Note:**

At the initial availability of the Nutanix Brain image, only the 32-core version is supported by Vectra. Vectra plans to make the other sizes (greyed out in the chart) available in the future.
{% endhint %}

**Footnotes:**

<sup>1</sup> Performance represents the aggregate bandwidth observed on the capture interfaces of any Sensors that are paired to the Brain. Guidance is for average traffic mixes. Traffic mixes that skew toward larger flows (like file transfers) will perform better than traffic mixes that skew towards smaller flows (like DNS) as they produce more metadata.

<sup>2</sup> Refers to how many hosts the Brain can track simultaneously (open host sessions). Brains retain and display data for larger numbers of hosts, this only refers to how many hosts the system can process metadata for simultaneously.

{% hint style="info" %}
**Please Note:**

* The **virtual CPU** **MUST** support the pdpe1gb cpu flag (1GB Large Pages) – [More information](https://www.intel.com/content/www/us/en/support/articles/000090980/processors.html), and a minimum SSE instruction level of 4.2, and must support the POPCNT (population count) instruction. This requires the hypervisor host to be running one of the following processors or later:
  * Intel Nehalem (2008) processors and newer
  * AMD Bulldozer (2011) processors and newer
* Vectra Nutanix based Brains do not support Mixed Mode deployment. They can only be used in Brain mode.
* Vectra Nutanix based Brains support running in FIPS mode. Note that the underlying hardware must also be FIPS compliant (it must support the RDRAND CPU instruction). To configure FIPS mode once deployed login to the CLI of the Brain and use the following commands to enable/disable FIPS mode.
  * `set security-mode fips`
  * `set security-mode default`
  * For full details please see [FIPS mode enabling and disabling](https://docs.vectra.ai/deployment/appliance-operations/fips-mode-enabling-and-disabling).
* Vectra Nutanix based Brains do not support Direct PCI or SR-IOV passthrough.
* Vectra Nutanix based Brains do support paravirtualized NICs. Vectra uses a VirtIO NIC for the Nutanix Brain.
* Vectra recommends that Brains are configured to use storage local to the hypervisor and are not stored on a SAN. Vectra Brains require extremely high throughput from their disk storage and this throughput cannot normally be sustained by SAN systems without impact to other SAN users.
* Live Migration is not explicity supported by Vectra.
  * If you do use Live Migration and encounter any issues, support from Vectra will be best effort only.
  * It is a best practice to set VM-Host affinity to pin the Brain to a node with adequate resources where satisfactory Brain performance test results (details in [Post Deployment Guidance](https://docs.vectra.ai/deployment/ndr-virtual-cloud-appliances/nutanix-brain/post-deployment-guidance)) are achieved.
    {% endhint %}