Leading Provider of Hyper-converged Systems Relies on WSO2 Identity Server to Enhance User Experiences
Simplicity, scalability and reliability are hallmarks of the hyper-converged systems from Nutanix, which natively integrate compute, storage and virtualization resources into appliances that enterprise IT professionals can get up and running within an hour. Capable of scaling to thousands of nodes, the systems provide efficient, web-scale infrastructure for an enterprise’s applications to run on-premises as well as in cloud and hybrid cloud environments.
Nutanix, which was positioned by Gartner in the Leaders quadrant of the 2016 “Magic Quadrant for Integrated Systems,” is now the infrastructure provider of choice for some of the world’s largest companies—including retailers, automakers, hospitals, aviation companies, and technology and telecommunications firms, among others.
To support its customers and partners, Nutanix offers various portals where authorized users can access resources and engage with the community. Since 2015, the company has relied on WSO2 Identity Server to provide single sign-on (SSO) user authentication for these portals. In the first year of deployment, Nutanix has achieved 100% availability with WSO2 Identity Server even as its user base has grown tenfold.
Simplifying Access to Multiple Portals
Nutanix maintains multiple web portals for customer support, partner support, the community, and its own employees. In many cases, users require access to two or more portals.
“One of our priorities is making the user experience as simple and seamless as possible,” said Manoj Thirutheri, Nutanix director of tools engineering. “However, requiring users to log in multiple times was at odds with this priority, inconveniencing users and reducing their productivity. We realized that we needed to create a more seamless sign-on experience for our portals if we wanted to maintain our industry leadership.”
Nutanix decided that the best solution would be to implement a single sign-on system for all of its internal and external portal web properties. This would allow users to enter their credentials once to get onto any of the portals they were authorized to access.
Evaluating Identity and Access Management Solutions
In late 2014, Nutanix began evaluating providers of identity and access management (IAM) software. As part of its review process, the company identified several key requirements.
“Because more users connect to our portals via mobile phones and tablets, we looked for IAM products that could support multiple devices as well as multiple authentication schemes,” Thirutheri recalled.
Nutanix also needed a product that would support multiple protocols, most notably two widely adopted open standards: the Security Assertion Markup Language (SAML) and OAuth. SAML, a product of the OASIS Security Services Technical Committee, provides a data format for exchanging authentication and authorization data between identity providers and service providers. Meanwhile, the OAuth authentication protocol allows users to approve web, mobile and desktop applications to act on their behalf without sharing their password.
“Our evaluation led us to select WSO2 Identity Server, which proved to be a really flexible solution that allowed for easy customization,” Thirutheri said. “An important factor was WSO2’s support for multiple protocols, such as OAuth 2.0 and SAML.”
Additionally, Thirutheri noted, “We really liked that WSO2 was open source software, which meant that it was backed by a community, and we could access the source code. Equally attractive was WSO2’s straightforward and transparent pricing; there’s no per-instance license.”
Fast Track from POC to Production
Having decided to proceed with WSO2 Identity Server, Nutanix first employed WSO2’s QuickStart program for three weeks to develop the proof of concept (POC) for the implementation. The company then enlisted WSO2’s development support and production support services to help with the SSO implementation across its different web portal properties.
“WSO2’s support was instrumental in enabling us to implement our SSO solution in just three months,” Thirutheri observed.
In production since February 2015, WSO2 Identity Server sits behind Nutanix’s portals to serve as the central backbone for managing users’ access, whether they are connecting in from their desktops, smartphones or tablets.
Figure 1: Nutanix provides single sign-on to its multiple portals using WSO2 Identity Server with support for the widely adopted OAuth 2.0 and SAML authentication standards.
When users sign onto MyNutanix for the first time, their information is sent to WSO2 Identity Server running behind the scenes. WSO2 Identity Server then confirms their identity through a database that Nutanix has deployed as the backend data store for all user information. Based on their identities and roles, users are then given access to all portals for which they are authorized.
“By default, all registered users get free access to our community portal,” Thirutheri explains. “Then, based on whether they are customers, partners or employees, WSO2 Identity Server will automatically sign them into the appropriate portals, saving time and increasing productivity.”
Managing Identities for a Growing User Base
In the first year, since implementing WSO2 Identity Server as Nutanix’s identity management solution, the company has grown its user base tenfold while achieving 100% availability.
Initially Nutanix managed the implementation in-house. However, it recently has turned to WSO2 to provide the WSO2 Identity Server solution as a managed cloud deployment. As a result, WSO2 now handles the production support, upgrades, management and maintenance, so that Nutanix can focus resources on new innovations for its users.
“We have been pleased at how WSO2 Identity Server has provided reliable, secure management of user identities while ensuring continuous availability and improving the overall user experience,” Thirutheri said. “Now with WSO2 Identity Server supported through WSO2’s managed cloud service, we are even more strongly positioned to support the rapid global adoption of our systems.”
Nutanix and the Nutanix logo are trademarks of Nutanix, Inc., registered or pending registration in the United States and other countries.