Cloud Management

Self-Service

Based on: PC 7.3 | AOS 7.3 | Self Service 4.2.0

» Download this section as PDF (opens in a new tab/window)

In the following sections we will cover the key features of Nutanix Self-Service. In particular:

Capabilities Summary

NCM Self-Service is a multi-cloud management framework that offers the following key benefits.

Blueprint-centric Application Design

NCM Self-Service’s blueprint- and infrastructure-centric application design allows automation and deployment administrators to quickly prototype and deploy infrastructure and applications of any design. Within NCM Self-Service blueprints, two blueprint types are available:

Deployment Locations

NCM Self-Service blueprints support deployment to various on-premises and cloud locations:

Blueprint Example

The diagram shows an example of a Multi VM/Pod Blueprint. Specifically, the following configuration items are visible:

VM hardware configuration within an NCM Self-Service blueprint

Tasks

NCM Self-Service blueprints carry out deployment activities via tasks. A task contains individual steps and actions required to complete a deployment or, in the case of day-2 operations, steps and actions to customize an existing deployment. Tasks can be executed either sequentially or in parallel, depending on the application’s requirements.

For example, a typical VM deployment includes a “Package Install” step, containing tasks that run in order to customize the VM’s configuration. These tasks run after the VM’s base operating system has been deployed and after VM customization with Cloud-Init (Linux) or Sysprep (Windows) has completed.

The example shown here is the same VM in the above screenshot; during the Package Install step, two scripts will be run:

Package Install step that will execute two VM-specific tasks during deployment

Looking deeper into this example, observe the task details that allow selection of where the script will run (endpoint), the task type (Execute), the script type (Shell) and the credential that will be used to run the script (admin).

Package Install step to configure the example VM's firewall

Blueprint task scripts can be easily saved to the built-in Self-Service Library, allowing quick and easy re-use across multiple blueprints.

Brownfield Applications

In the context of NCM Self-Service, a brownfield application is a collection of services (e.g. VMs) that are not yet managed by Self-Service. Before Self-Service can communicate with those services, the application must be imported into Self-Service as a brownfield application.

Brownfield application key points:

See Brownfield Apps in Self-Service for detailed information.

Runbook Automation

NCM Self-Service supports manual- and trigger-based activity via Runbooks. In the concept of NCM Self-Service, a Runbook is defined as a set of steps that can be executed sequentially in order to achieve a specific goal. For example, a manually-executed runbook could be created to complete the following steps:

This real-world runbook is an example of steps that could be run in response to Nutanix X-Play detecting the creation of a new virtual machine. By combining these two features, the manual input required to create an authentication and authorization scheme can be significantly reduced.

The example shown below is this exact runbook, with the addition of a final testing step that verifies all previous steps were successful.

NCM Self-Service runbook to complete all steps listed above

As an additional example, the runbook shown here completes the same steps as above but with an additional first task. Specifically, this runbook will retrieve the identifier of our “Super Admin” role but will then carry out a check to make sure that role was found. If the role was not found, the runbook gracefully exits without making any changes. If the role was found, the runbook steps through the remaining tasks as designed.

NCM Self-Service advanced runbook to complete all steps listed above

Endpoints

Each step within an NCM Self-Service runbook can be associated with a specific endpoint. In the context of running specific steps within a runbook execution, this enables the runbook designer to run specific steps on different systems.

For example, a step that sends a REST API request could send the initial request to Prism Central instance “a”, save the results of that request into output variables, then run subsequent steps on Prism Central instance “b”. This allows a runbook to operate in environments with a single Prism Central instance, in environments with multiple Prism Central instances or in environments with arbitrary/user-configured endpoints. There is no restriction on the type of endpoint that can be configured, provided NCM Self-Service can login to that endpoint.

Additional examples can include running a PowerShell or Python script on a jump host in environments where security posture dictate script execution must take place on specific hosts only.

As with NCM Self-Service blueprints, scripts can be quickly saved to the NCM Self-Service Library for easy re-use, and loaded directly from the library when a pre-written script is required.

Marketplace Application Deployment

Single and Multi VM blueprints allow the creation of highly-customized applications based on specific criteria. However, when an application design is complete it can then be made available to deployment administrators via the NCM Self-Service Marketplace.

The NCM Self-Service Marketplace is a way of deploying pre-configured applications complete with deployment approval requests, analysis of a deployment’s procedures before any changes are made and, when necessary, the ability to deny a deployment request when appropriate.

Out-of-the-box, a number of pre-packaged marketplace applications are available based on best-practice deployment methodologies. These include familiar and popular applications such as LAMP Stack (Linux, Apache, MySQL, PHP), Jenkins, GitLab and many others. All applications i.e. both built-in and custom are version-controlled to ensure a deployed application meets an environment’s criteria before any changes are made.

The built-in LAMP Stack application is shown here, including a description of some of the included actions. In the context of an NCM application or blueprint, an action is either a step that runs during deployment or a post-deployment step that can be executed on-demand or based on a specific trigger.

Built-in LAMP Stack application

Depending on the permissions given to the user requesting the deployment, the application install will either proceed as normal or be queued for approval by an authorized user.

All NCM Self-Service blueprints, including Single VM Blueprints, can be published to the NCM Self-Service marketplace. This allows extensive customisation of IT-managed applications, during both test/development and production deployment phases. As part of the publication process, the approval chain is included; an application must be approved for publication to the marketplace before any user can request its deployment.

The following screenshot shows the ability to monitor a blueprint deployment directly from the NCM Self-Service UI. This deployment view is available in both manual application launch from the blueprint designer and the audit tab for marketplace-launched applications.

NCM Self-Service Blueprint Deployment

Built-in Application Blueprints

Some of the built-in, pre-built applications available are:

All Self-Service Marketplace administrative operations, including approvals, are carried out via the Marketplace Manager (shown below).

NCM Self-Service Marketplace Manager

Self-Service integration with Prism Central Projects

NCM Self-Service makes extensive use of Prism Central Projects. A project is a collection of components and configurations that define how and where a VM or application can be deployed. For example:

The following screenshot demonstrates the selection of infrastructure during project configuration. By making these selections during project creation or edit, an administrator can restrict deployments to specific clusters and connections to the specific subnets in that cluster.

Self-Service project integration, infrastructure selection

The integration of Prism Central projects into NCM Self-Service provides the ability to control which users are permitted to carry out specific tasks, where those tasks can be carried out and limits of the number of resources a user’s deployment may consume. This approach to quota management provides a robust and highly configurable approach to tenant management within an NCM environment.

Project Analysis

Because of this deep integration between NCM Self-Service and Prism Central projects, analysis of workload allocations within a project is easily visible. A user can quickly see resource utilization of a deployed application within a project, the number of deployed VMs for a specific project as well as quota consumption for that project.

The following screenshots demonstrate a) the top workloads for the selected project and b) the workload summary in terms of VM deployments vs deployed applications, respectively.

NCM Self-Service Top Workloads view

NCM Self-Service Workload Summary

Self-Service Policies

NCM Self-Service provides various policy-based capabilities. A scheduler policy allows Self-Service administrators to create scheduled tasks. For example, a scheduled task to stop an application at a certain time after hours and restart the application the following business day. A scheduled task can also be used to run an NCM Self-Service Runbook, allowing administrators to complete a defined set of steps on a chosen endpoint at a specific time of day.

Self-Service policy capabilities also provide detailed control over application approvals. This level of governance ties directly into the Self-Service Marketplace feature outlined above and defines which applications or actions require approval before being run.

Combinations of scheduler and approvals policies can help prevent cost-associated issues, especially relating to infrastructure resources running in environments with time-based charges.

All NCM Self-Service policies are managed through the Policy Engine, handled directly within the NCM Self-Service UI.

The following screenshots show an example of approval policy creation. In this example, approval must be completed by all selected users (“administrator”) whenever an application named “CustomApp” is launched.

Approval policy creation, part 1

Approval policy creation, part 2

Approval policy creation, part 3

Similarly, the following screenshots demonstrate the execution of an application action at a specific time of day. Whilst this example shows a single-run, the same interface is used for recurring schedules.

Scheduler policy creation, part 1

Scheduler policy creation, part 2

Scheduler policy creation, part 3

NCM Self-Service DSL (Domain Specific Language)

In addition to the extensive management capabilities available in the Self-Service UI, NCM Self-Service provides an extremely broad, developer friendly DSL. A DSL, or Domain Specific Language allows developers and scripting administrators to leverage Self-Service using standard programmatic approaches. The NCM Self-Service DSL specifically is an open-source Python language enabling the programmatic control of Self-Service features directly from your Python scripts.

Some Self-Service DSL highlights include:

©2025 Nutanix, Inc. All rights reserved. Nutanix, the Nutanix logo and all Nutanix product and service names mentioned are registered trademarks or trademarks of Nutanix, Inc. in the United States and other countries. All other brand names mentioned are for identification purposes only and may be the trademarks of their respective holder(s).