Save money - and your data with NC2 and Terraform Automation

Introduction: Resiliency automation with Terraform and NC2

Written in cooperation with Stanislas Quastana. Read more on his blog here: https://stanislas.io/

In today’s ever-evolving threat landscape, it’s no longer a question of if something will go wrong but when. Whether you’re dealing with a datacenter outage or a ransomware incident, being able to recover quickly, securely, and cost-effectively is critical. With Nutanix Cloud Clusters (NC2) and Terraform-based automation, you can now take disaster recovery (DR) and cyber resilience to the next level. In this article we explore some practical examples and what options are available for getting started.

Why bother automating in the first place?

Automation isn’t just about convenience but also about survivability and scalability. It is critical in modern enterprise IT for several reasons: Speed: Time and stress are your enemies in DR and ransomware scenarios. Automation turns hours (or days) of manual work into a single command or script.

• Repeatability: Avoid human error by using codified, version-controlled deployments that give you predictable, validated outcomes.

• Cost Efficiency: Standby environments are expensive. With Terraform, you can provision only what you need, when you need it.

• Resilience: Proven, automated runbooks allow even less-experienced personnel to execute complex recovery plans under pressure.

• Auditability & Compliance: Infrastructure-as-Code (IaC) provides a documented trail and aligns with governance best practices.

Automation on Hyperscalers with Terraform

Nutanix Cloud Clusters (NC2) allows you to deploy full Nutanix environments inside AWS or Azure Cloud regions globally. NC2 for GCP is currently in public preview. By combining NC2 with Terraform and NC2 APIs, you can automate:

• Hyperscaler infrastructure setup (VPCs, subnets, security groups) via official Terraform providers for the respective cloud vendors
• NC2 cluster deployment via API or script
• Overlay networking with Nutanix Flow Virtual Networking (FVN) using the official Nutanix Terraform provider
• VM workloads, VM image libraries, etc. via the Nutanix Terraform provider

Terraform providers for major cloud vendors are widely adopted and Nutanix has also released an updated version of the Terraform Provider that supports the latest Nutanix v4 API standard, unlocking even deeper integration and control.

Real-World Scenarios: How Terraform + NC2 can help

Let’s look at two practical scenarios to show where automation really is a differentiator.

Scenario 1: Disaster Recovery with Zero Compute

Problem: Keeping a DR cluster up 24/7 is not cost effective if used exclusively for DR. One way around this is to use the cluster to host some workloads during normal operation and then expand the cluster when failing over workloads from on-premises - this is called Pilot Light. Another alternative is to only run it when required, and for this automation really comes into play.

Solution: Use NC2 with Zero Compute architecture, where only storage is replicated, and compute (i.e., the cluster) is spun up only when needed. This is a perfect scenario for workloads with an RTO of some hours/days. To make this concept a reality, Nutainx developed Multicloud Snapshot Technology (MST). With MST it is possible to create application-centric snapshots which can be distributed in a hybrid-multicloud environment. For short RTO workloads, a Pilot Light deployment will be a better choice.

With Terraform and the NC2 API, you can automate:

• Creation of AWS/Azure/Google infrastructure (Terraform)
• Deployment of a clean NC2 cluster in a region of your choice (NC2 API)
• Creation of overlay networking to match what the backed up VMs expect (Terraform)

Once the cluster is up and all required virtual infrastructure, like networking, has been created, it’s easy to go ahead with recovering the workloads to the new cluster with the following steps:

• Connecting to replicated data in object storage like AWS S3 or Azure Blob Storage
• Restoring critical VMs and workloads from MST backup

Outcome: A highly resilient DR plan at a fraction of the cost of traditional hot-standby DR. Plus, the environment is fresh and free from potential contamination.

Scenario 2: Ransomware recovery with fresh infrastructure

Problem: Ransomware doesn’t just affect VMs, it can also spread to management infrastructure and backups. A compromised environment can’t be trusted and often takes several weeks or months to restore to a working state. Marks & Spencer were hit in April 2025 and Reuters report they hope to be fully back online in August - almost half a year later.

Solution: Use Terraform to spin up a clean, known-good cloud environment in a different region, use the NC2 API via Python to create one or several NC2 cluster(s), then restore your latest clean backup to the fresh cloud environment. Key automation steps include:

• Quickly deploying an isolated hyperscaler environment with Terraform
• Launching one or several NC2 cluster(s) using Python and the NC2 API
• Creating all overlay network infrastructure required by the VMs using the Nutanix Terraform provider

Once the cluster or clusters are ready, proceed to restore the workloads and data from backups:

• Restoring VM data using Nutanix-protected snapshots, object-based backups or 3rd party solutions like Veeam or HYCU
• Bootstrapping services central to running the business, like Active Directory and other systems
• Validating each environment to ensure the data is untainted by ransomware
• When all is validated, run your business on the cloud with NC2

The final step comes after the on-premises environment has been restored to a clean and functioning state - perhaps one or a few months later:

• Fail back from the cloud to on-premises. This can be done using standard Nutanix DR policies and plans
• Alternatively, realize the cloud is actually pretty good for your workloads and leave some or all of them on NC2

Outcome: You recover faster compared to creating all resources manually. Additionally, by doing so you also avoid reintroducing compromised components, and end up with a trusted environment into which to recover your workloads. You reduce the stress and associated human mistakes by using predictable codified assets during recovery.

Best Practices for Automating with NC2

To maximize success and minimize surprises, here are a few best practices:

• Separate Terraform modules for hyperscaler setup and Nutanix deployment. This allows for greater modularity and reuse
• Use variables and workspaces to manage multiple environments (e.g., dev, prod, recovery).
• Always separate the code from the configuration (rule number 3 of the 12-factors app)
• Pre-validate everything: Use terraform plan and dry-runs to avoid surprises during recovery.
• Lint and test your code with tools like TFlint, Checkov or Terrascan
• Estimate the cost of public cost resources deployed with tools like infracost

Secure state management: Store your Terraform state securely using cloud-native backends like Amazon S3 with locking via Amazon DynamoDB

Keep infrastructure code in version control: Git repositories give you traceability and rollback capability Don’t forget to use the .gitignore file to avoid exposing sensitive files (.tfvars, .state, .pem…)

Closing Thoughts

In an age where downtime and data loss can, and frequently do, cripple businesses, automation is your safety net. By combining Terraform with the Nutanix NC2 API, you can:

• Cut infrastructure costs by only running clusters when needed
• Recover from ransomware with clean, known-good infrastructure
• Respond to DR scenarios with the push of a button
• Deploy environments consistently and confidently, across the globe

With the increasing maturity of both public cloud providers and Nutanix’s automation toolsets, there’s never been a better time to integrate these technologies into your DR and security planning.

Ready to Get Started?

Please refer to the following resources to kickstart your automation journey with Nutanix Cloud Clusters:

• Nutanix Terraform Provider examples for NC2 (Nutanix official GitHub)
• Simple landing zone for NC2 on AWS for Flow networking (unofficial GitHub - Stanislas)
• Simple landing zone for NC2 on Azure with RouteServer (unofficial GitHub - Stanislas)
• Simple landing zone for NC2 on Azure with S2S VPN (unofficial Github - Stanislas)
• Nutanix Cloud Clusters Deployment Scripts (unofficial GitHub - Jonas)
• Simple landing zone for NC2 on AWS (unofficial GitHub - Jonas)
• Multi-AZ, Multi-Region landing zones for NC2 on AWS (unofficial GitHub - Jonas)
• Landing zone for NC2 on AWS on Azure (unofficial GitHub - Jonas)