When whole world is working from home so its mandatory to ensure that your internal infra is safe from your own internal users. You can save your internal VLANs via micro-segmentation.
Nutanix Flow is very good choice for micro-segmentation. I configured Nutanix Flow for Citrix Virtual desktops and its working perfectly. With Nutanix flow we can restrict the internal IP subnet ranges which don't have any firewall in-between. For example my VDI subnet range is 10.68.200.X and my Critical Application servers DNS, AD or infra servers are on 10.68.100.X and there is no firewall in between so micro segmentation is a good solution to protect my internal servers from VDI users.
There are few things I want to highlight for Nutanix Flow.
Pros: 1. Explicit block all the network traffic for inbound and outbound traffic for some set of VDI/Servers and then whitelist according to your choice. 2. We can restrict the communication of the VDIs or servers in same APP tier. For example We have 10 VDIs for HR and we dont want any communication between those 10 machines then their is a very easy option available to block that. 3. Monitor the network traffic before you plan your security policy. Cons/Area of improvement: 1. There is no option to block certain ports. The option is only to explicit block and then whitelist. 2. Creation of App tier and addition of VMs in App Tier is a manual process and you can't add more than 60 VMs at a time. 3. Security policy creation process is Manual and their is a room of improvement and development. There is no option to add a tag or description for Manual whitelisted destinations.
Allover Nutanix Flow is a very good product for VDI restrictions. I find it very useful. Kindly share your feedback and experiences below