Private Networking (AHV)

Customers using Nutanix AHV infrastructure can create a Frame account using Customer-managed networking, Private Networking so users must access the Frame workload VMs using the private IP addresses of the Frame workload VMs. Since the Frame workload VMs have no public IP addresses, the customer must provide a network path between the end user and the private Frame workload VMs. Customers will also need to ensure these workload VMs and Cloud Connector Appliances (CCAs) can communicate to the Frame control plane on the Internet.

If a customer requires an outbound proxy server for any communication to the Internet, the outbound proxy server must support both HTTPS and Secure WebSocket (WSS) in order for the Frame Guest Agent (FGA) and CCAs to establish HTTPS and WSS connections to Frame Platform.

FRP8 Networking

FRP8 is a udp-based protocol for all communication between the end user and the Frame workload VMs.

The following table describes the required protocols and ports for Frame accounts using Private Networking and FRP8.

Nutanix AHV - Private Networking

Source to Destination	Source IP address	Destination FQDN(s)	Protocol/port
Cloud Connector Appliance (CCA) to Frame Platform	Public IP address	console.nutanix.com cpanel-backend.console.nutanix.com gateway-external-api.console.nutanix.com	tcp/443 (HTTPS)
Cloud Connector Appliance (CCA) to Frame Platform	Public IP address	cch.console.nutanix.com	tcp/443 (HTTPS, WSS)
Prism Central to Frame Platform	Public IP address	downloads.console.nutanix.com	tcp/443 (HTTPS)
CCA to Prism Central	Private IP address	Prism Central IP address	tcp/443 (HTTPS)
CCA to Prism Element	Private IP address	Prism Element IP address	tcp/443 (HTTPS)
Workload VMs to Frame Platform	Public IP address	gateway-external-api-prod.frame.nutanix.com img.console.nutanix.com img.frame.nutanix.com prod-kds-5683567dcbd60804cb34.s3.us-east-1.amazonaws.com assets.console.nutanix.com downloads.console.nutanix.com logging.console.nutanix.com download.visualstudio.microsoft.com	tcp/443 (HTTPS)
Workload VMs to Frame Platform	Public IP address	cch.console.nutanix.com messaging.console.nutanix.com	tcp/443 (HTTPS, WSS)
End user to Frame Platform	Public IP address	console.nutanix.com img.frame.nutanix.com img.console.nutanix.com cpanel-backend.console.nutanix.com terminal-prod.frame.nutanix.com logging.console.nutanix.com login.console.nutanix.com (for Frame IdP, if used)	tcp/443 (HTTPS)
End user to Frame Platform	Public IP address	messaging.console.nutanix.com	tcp/443 (HTTPS, WSS)
End user to Workload VM	Private IP address	.nutanixframe.com or .nutanix-frame.com resolving to a private IP address	udp/4503-4509, tcp/4503-4509 (optional)

FRP8 Networking - EU

The following table describes the required protocols and ports for Frame accounts using Private Networking and FRP8, , specifically for organizations electing to use Dizzion's EU control plane.

DEU: Nutanix AHV - Private Networking

Source to Destination	Source IP address	Destination FQDN(s)	Protocol/port
Cloud Connector Appliance (CCA) to Frame Platform	Public IP address	deu.difr.com api.use.difr.com	tcp/443 (HTTPS)
Cloud Connector Appliance (CCA) to Frame Platform	Public IP address	hub.deu.difr.com	tcp/443 (HTTPS, WSS)
Prism Central to Frame Platform	Public IP address	downloads.difr.com	tcp/443 (HTTPS)
Workload VMs to Frame Platform	Public IP address	api.deu.difr.com downloads.difr.com hub.deu.difr.com logging.deu.difr.com	tcp/443 (HTTPS)
Workload VMs to Frame Platform	Public IP address	hub.deu.difr.com api.deu.difr.com	tcp/443 (HTTPS, WSS)
End user to Frame Platform	Public IP address	deu.difr.com api.deu.difr.com downloads.difr.com assets.deu.difr.com login.deu.difr.com	tcp/443 (HTTPS)
End user to Frame Platform	Public IP address	api.deu.difr.com	tcp/443 (HTTPS, WSS)

Hierarchy

Account Types

Deployment Planning

Operating Systems and Applications

Application Licensing

Microsoft Licensing Guide for Frame

Infrastructure

Cost Management

DaaS Supported Instance Types

Cloud Accounts

Bring Your Own

Amazon Web Services

Microsoft Azure

Google Cloud Platform

IBM Cloud

Nutanix AHV

Amazon Workspaces Core (WSC) Managed Instances (Early Access)

GCP Sole-Tenant Nodes - Windows 11 on GCP

Infrastructure

Cloud Accounts

Amazon Web Services (AWS) Workspaces Core

IBM Cloud VPC

Networking

Requirements

Public Networking (Public Cloud)

Private Networking (Public Cloud)

Private Networking with SGA (Public Cloud)

Private Networking (AHV)

Private Networking with SGA (AHV)

VPN Configurations

Streaming Gateway Appliance

SGA 4

SGA 4 Installation

SGA 4 Upgrade

SGA 4 Management

SGA 3

SGA 3 Installation

SGA 3 Upgrade

SGA 3 Management

Operating System

Bring Your Own

Linux

Windows

Frame Agent Setup Tool (FAST)

Frame Guest Agent Installer

BYO Images on Amazon Web Services

BYO Images on Microsoft Azure

BYO Images on Google Cloud Platform

BYO Images on IBM Cloud

BYO Images on Nutanix AHV

Available Roles

Identity Provider Integrations

Authentication

Basic Authentication

Authorization

Dizzion C3

General SAML2 Integration

Duo

Google Workspace

Microsoft Entra ID

ADFS

Okta

Mass User Creation

Secure Anonymous Tokens

Account Creation

Settings

Organizations

Support Authorization

Administration

Launchpads

Bring-Your-Own Workloads (Early Access)

Sandbox

Install and Onboard Apps

Publishing

Updates

Domain

Domain Controller Prep

AWS IAM Permissions

Azure DNS Configuration

Domain Join Setup