An administrator has been asked to upgrade an S3-compatible bucket on-premise using Prism Central.

The scenario involves upgrading an S3-compatible bucket (Nutanix Objects) using Prism Central’s Lifecycle Manager (LCM). The LCM upgrade process failed because outbound traffic to the Internet was restricted, and the administrator needs to identify which components require Internet access for a successful upgrade. The correct answer is that theCVM IP address/portmust be provided to the security team, as the Controller Virtual Machines (CVMs) are responsible for downloading upgrade artifacts from Nutanix’s external repositories during an LCM upgrade.

TheNutanix Unified Storage Administration (NUSA)course explains that “LCM upgrades require the CVMs to access external Nutanix repositories to download software and firmware updates, typically over HTTPS (port 443).” The CVMs initiate the download of upgrade packages for components like Nutanix Objects, which includes the S3-compatible bucket infrastructure. The course further notes that “outbound traffic from CVM IP addresses to the Internet must be allowed on ports such as TCP 80 (HTTP) and TCP 443 (HTTPS) for LCM to successfully retrieve upgrade files.”

TheNutanix Certified Professional - Unified Storage (NCP-US)study guide elaborates that “during an LCM upgrade, CVMs communicate with external Nutanix servers (e.g., download.nutanix.com) to fetch upgrade bundles, requiring outbound Internet access from the CVM IP addresses on TCP ports 80 and 443.” Additionally, DNS resolution (TCP/UDP port 53) is needed to resolve the external repository URLs, and NTP (UDP port 123) ensures time synchronization, both of which are already allowed in the outbound traffic configuration provided. However, the failure suggests that the specific outbound traffic from CVMs to the Internet on port 443 (or 80) was blocked, preventing the download of the Nutanix Objects upgrade package.

The other options are incorrect:

Pod network: The pod network (e.g., 10.100.0.0/16) is typically an internal network range for containerized workloads and does not require Internet access for LCM upgrades.

Prism Central IP address/port: While Prism Central orchestrates the LCM upgrade, it is the CVMs that perform the actual download of upgrade artifacts from the Internet. Prism Central communicates with CVMs internally and does not directly access the Internet for this task.

LCM: LCM is a software component, not a network entity with an IP address or port. It runs on Prism Central and relies on CVMs to fetch the necessary files.

To resolve the issue, the administrator should provide the security team with the CVM IP addresses and ensure that outbound traffic to the Internet is allowed on TCP port 443 (HTTPS) and optionally TCP port 80 (HTTP) for accessing Nutanix’s external repositories (e.g., download.nutanix.com). The NUSA course documentation emphasizes that “ensuring CVMs have Internet access on the required ports is critical for LCM upgrades to complete successfully, especially for components like Nutanix Objects.”