Private Networking (AHV)

Customers using Nutanix AHV infrastructure can create a Frame account using Customer-managed networking, Private Networking so users must access the Frame workload VMs using the private IP addresses of the Frame workload VMs. Since the Frame workload VMs have no public IP addresses, the customer must provide a network path between the end user and the private Frame workload VMs. Customers will also need to ensure these workload VMs and Cloud Connector Appliances (CCAs) can communicate to the Frame control plane on the Internet.

If a customer requires an outbound proxy server for any communication to the Internet, the outbound proxy server must support both HTTPS and Secure WebSocket (WSS) in order for the Frame Guest Agent (FGA) and CCAs to establish HTTPS and WSS connections to Frame Platform.

To ensure proper network communication to the Frame Platform there are two Backends available depending on which one should be used for the connection for services and VMs please refer to the corresponding networking requirements:
USE (located in the United states- Location AWS Datacenter Virginia)
DEU ( located in European Union - Location AWS Datacenter Frankfurt)

FRP8 Networking

FRP8 is a udp-based protocol for all communication between the end user and the Frame workload VMs.

The following table describes the required protocols and ports for Frame accounts using Private Networking and FRP8.

Dizzion is in the process of migrating from *.nutanix.com to *.difr.com domain. For the
time being, the additional difr.com domains will need to be whitelisted in addition to the
existing nutanix.com domains. At a later time, once Dizzion has confirmed there is no
dependencies on the nutanix.com domains, we will send out a communication notifying
customers that all nutanix.com domains can be safely removed from your whitelist
configurations.

IMPORTANT: For IMG Domains, Customers can whitelist new IMG difr domains but
should NOT change SAML 2 configurations to use new difr.com domains. SAML 2
configurations should continue to use img.console.nutanix.com and
img.frame.nutanix.com until further direction from Dizzion

USE: Nutanix AHV - Private Networking

Source to Destination	Source IP address	Destination FQDN(s)	Protocol/port
Cloud Connector Appliance (CCA) to Frame Platform	Public IP address	use.difr.com api.use.difr.com console.nutanix.com cpanel-backend.console.nutanix.com gateway-external-api.console.nutanix.com	tcp/443 (HTTPS)
Cloud Connector Appliance (CCA) to Frame Platform	Public IP address	hub.use.difr.com cch.console.nutanix.com	tcp/443 (HTTPS, WSS)
Prism Central to Frame Platform	Public IP address	downloads.difr.com downloads.console.nutanix.com	tcp/443 (HTTPS)
CCA to Prism Central	Private IP address	Prism Central IP address	tcp/443 (HTTPS)
CCA to Prism Element	Private IP address	Prism Element IP address	tcp/443 (HTTPS)
Workload VMs to Frame Platform	Public IP address	api.use.difr.com hub.deu.difr.com logging.use.difr.com downloads.difr.com download.visualstudio.microsoft.com gateway-external-api-prod.frame.nutanix.com downloads.console.nutanix.com logging.console.nutanix.com cch.console.nutanix.com download.visualstudio.microsoft.com	tcp/443 (HTTPS)
Workload VMs to Frame Platform	Public IP address	hub.use.difr.com logging.use.difr.com api.use.difr.com cch.console.nutanix.com	tcp/443 (HTTPS, WSS)
End user to Frame Platform	Public IP address	use.difr.com api.use.difr.com img.use.difr.com assets. use.difr.com login.use.difr.com logging.use.difr.com downloads.difr.com console.nutanix.com img.frame.nutanix.com img.console.nutanix.com cpanel-backend.console.nutanix.com terminal-prod.frame.nutanix.com logging.console.nutanix.com login.console.nutanix.com (for Frame IdP, if used)	tcp/443 (HTTPS)
End user to Frame Platform	Public IP address	api.use.difr.com	tcp/443 (HTTPS, WSS)
End user to Workload VM	Private IP address	Workload’s dynamic private IP address within VPC/VNET	udp/4503-4509, tcp/4503-4509 (optional)

FRP8 Networking

The following table describes the required protocols and ports for Frame accounts using Private Networking and FRP8, , specifically for organizations electing to use Dizzion's EU control plane.

DEU: Nutanix AHV - Private Networking

Source to Destination	Source IP address	Destination FQDN(s)	Protocol/port
Cloud Connector Appliance (CCA) to Frame Platform	Public IP address	deu.difr.com api.use.difr.com	tcp/443 (HTTPS)
Cloud Connector Appliance (CCA) to Frame Platform	Public IP address	hub.deu.difr.com	tcp/443 (HTTPS, WSS)
Prism Central to Frame Platform	Public IP address	downloads.difr.com	tcp/443 (HTTPS)
Workload VMs to Frame Platform	Public IP address	api.deu.difr.com hub.deu.difr.com logging.deu.difr.com downloads.difr.com download.visualstudio.microsoft.com	tcp/443 (HTTPS)
Workload VMs to Frame Platform	Public IP address	hub.deu.difr.com logging.deu.difr.com api.deu.difr.com	tcp/443 (HTTPS, WSS)
End user to Frame Platform	Public IP address	deu.difr.com api.deu.difr.com img. deu.difr.com assets. deu.difr.com login. deu.difr.com logging. deu.difr.com downloads.difr.com	tcp/443 (HTTPS)
End user to Frame Platform	Public IP address	api.deu.difr.com	tcp/443 (HTTPS, WSS)
End user to Workload VM	Private IP address	Workload’s dynamic private IP address within VPC/VNET	udp/4503-4509, tcp/4503-4509 (optional)

Hierarchy

Account Types

Deployment Planning

Operating Systems and Applications

Application Licensing

Microsoft Licensing Guide for Frame

Infrastructure

Cost Management

DaaS Supported Instance Types

Cloud Accounts

Bring Your Own

Amazon Web Services

Microsoft Azure

Google Cloud Platform

IBM Cloud

Nutanix AHV

Amazon Workspaces Core (WSC) Managed Instances (Early Access)

GCP Sole-Tenant Nodes - Windows 11 on GCP

Infrastructure

Cloud Accounts

Amazon Web Services (AWS) Workspaces Core

IBM Cloud VPC

Networking

Requirements

Public Networking (Public Cloud)

Private Networking (Public Cloud)

Private Networking with SGA (Public Cloud)

Private Networking (AHV)

Private Networking with SGA (AHV)

VPN Configurations

Streaming Gateway Appliance

SGA 4

SGA 4 Installation

SGA 4 Upgrade

SGA 4 Management

Operating System

Bring Your Own

Linux

Windows

Frame Agent Setup Tool (FAST)

BYO Images on Amazon Web Services

BYO Images on Microsoft Azure

BYO Images on Google Cloud Platform

BYO Images on IBM Cloud

BYO Images on Nutanix AHV

Available Roles

Identity Provider Integrations

Authentication

Basic Authentication

Authorization

Dizzion C3

General SAML2 Integration

Duo

Google Workspace

Microsoft Entra ID

ADFS

Okta

Mass User Creation

Secure Anonymous Tokens

Account Creation

Settings

Organizations

Support Authorization

Administration

Launchpads

Bring-Your-Own Workloads (Early Access)

Sandbox

Install and Onboard Apps

Publishing

Updates

Domain

Domain Controller Prep

AWS IAM Permissions

Azure DNS Configuration

Domain Join Setup

Frame Single Sign-On

Stale AD Object Cleanup

Linux with Windows AD LDAP

Nutanix AHV

Azure