Nutanix: How WSO2’s Identity Server Enhanced Customer Experience

Nutanix is a leader in hyper converged systems with a mission to make infrastructure invisible by delivering an enterprise cloud platform that enables you to focus on the applications and services that power your business. At WSO2Con USA 2017, Director of SaaS and Tools Engineering at Nutanix Manoj Thirutheri explored how WSO2 Identity Server helped them enhance their customer experience to stay competitive against large vendors like HP, Microsoft and Cisco.

Nutanix provides over 4450 customers across the globe with a hyperconvergence appliance that has storage, virtualization and network components overlaid by an intelligent software layer in order to minimize the need for infrastructure. “Customer experience is the last mile of digital transformation,” Manoj said while stressing on the importance of creating an integrated ecosystem of customers and partners to be successful. They currently maintain multiple web portals for customer support, partner support, and the community. One of their top priorities is to make customer experiences as simple and seamless as possible. They needed to create a more seamless sign-on experience for their portals and mobile apps to maintain growth.

Because of the speed at which Nutanix was growing, many identity silos existed, which meant the same customer was identified in multiple ways. They had non-standard and insecure authentication and authorization mechanisms in place which made them vulnerable and hindered their user experience. Furthermore, their ability to be agile and innovate fast was deterred by the proprietary technology they used, which was not open or extendable. “The bottom line is, we didn’t know what our customers or partners were doing. We were lost,” notes Manoj. Having a 360 view of their customers’ activities and keeping track of them across the different portals were key requirements of their solution to these challenges.

As shown in the diagram below, Nutanix used WSO2 Identity Server to overcome their major identity and access management challenges. Manoj then explained the architecture from the bottom up. The highly available WSO2 Identity Server cluster is load balanced across multiple regions for high redundancy. Next, they built an intelligent API layer, which exposed all the APIs including user management, tenant management, service provider and identity provider APIs. By doing so they avoided vendor lock-in and didn’t couple their functionality to any technology, be it open source or proprietary. The third layer consisted of their own entitlement system called My Nutanix where customers and partners register and access the service providers. The green boxes at the top depict the service providers including the following:

  • The customer portal enables customers to access the services offered in My Nutanix.
  • The partner portal allows partners to perform deal registrations among other things.
  • The community portal is open source and can be used by anyone. Here, they use WSO2 Identity Server to authenticate the users through basic OAuth over Transport Layer Security (TLS), which allows them to track the users and gain new customer prospects.
  • They also have the educational and training portal in addition to many other service providers that are still in development.

Nutanix currently uses many industry standards for authentication including OAuth 2.0, OpenID Connect, and SAML 2.0, which are all supported out-of-the-box by WSO2 Identity Server. They also use WSO2 Identity Server for Just-in-Time (JIT) provisioning of users. Nutanix performs SMS-based multi-factor authentication (MFA) by using WSO2 Identity Server connectors to integrate with Twilio, which allows you to programmatically send and receive text messages using its web service APIs. In addition, they integrate with their partners through the Active Directory Federation Services (ADFS) provided by WSO2 Identity Server.

Apart from these implemented features, Nutanix is working on leveraging more capabilities of WSO2 Identity Server. They will soon bring in multi-tenancy because every customer has their own tenant with their own isolated roles. They will also experiment with a service-based authentication, a fairly new concept to them, which uses certificates to authenticate the user and creates the service accounts within WSO2 Identity Server. As Manoj states, “Two services, no human interaction”.

Having a product that is open source, supported multiple security protocols, and can scale was key. WSO2 Identity Server met all these requirements. WSO2 Identity Server helped create a seamless single sign-on experience for their customers, partners and prospects, while keeping track of all their actions. A key advantage that helped sustain Nutanix’s rapid growth was WSO2 Identity Server’s high scalability and availability and its ability to support a rapid increase in the number of users from 1000 to 100,000 in just two years. It met all of Nutanix’s requirements including out-of-the-box support for many standard protocols, multi-factor authentication (both SMS-based and Google authenticator), identity federation, multi-tenancy and tenant management. Furthermore, Nutanix also used WSO2 Managed Cloud, which provides excellent support.

“We now have a bunch of happy customers and partners. We ourselves are also very happy with WSO2 Identity Server,” Manoj added.To learn more about how Nutanix leveraged WSO2 watch Manoj’s talk at WSO2Con USA 2017.