In a high availability (HA) Nutanix Database Service (NDB) environment, custom SSL certificates are used to secure communication between clients (e.g., NDB GUI, API calls) and the NDB control plane. The HA Proxy VMs serve as the entry point for all external traffic, load balancing requests across the NDB API server VMs and providing secure SSL termination. When configuring custom SSL certificates, they must be updated on all HA Proxy VMs to ensure consistent and secure communication across the HA environment. Updating only a subset of servers or other components (like API or Repository VMs) would lead to inconsistencies or SSL handshake failures.
Option A (All API server VMs) is incorrect because the API servers do not directly handle external SSL termination; this is managed by the HA Proxy layer.
Option B (All HA Proxy VMs) is correct as these VMs are responsible for SSL termination and load balancing in an HA setup, requiring the custom certificates to be applied uniformly.
Option C (The API and Repository VMs running on the primary cluster) is incorrect because Repository VMs do not handle client-facing traffic, and the API servers rely on HA Proxy for SSL handling.
Option D (The primary API, Repository, and HA Proxy servers) is incorrect because it implies a single "primary" server focus, whereas in an HA setup, all HA Proxy VMs (not just a primary one) must be updated.
This aligns with NDB’s HA architecture, where HA Proxy VMs are the critical components for SSL certificate management.
References
Nutanix Database Service (NDB) User Guide, Chapter 3: Configuring an NDB Environment, Section: Configuring High Availability and SSL Certificates
Nutanix Support & Insights, Knowledge Base Article: "Configuring Custom SSL Certificates in NDB HA Environments"
Nutanix Certified Professional - Database Automation (NCP-DB) v6.5 Blueprint, Section 3: Configure an NDB Environment
