Private Networking (Public Cloud)

Customers using public cloud infrastructure can create a Frame account using Frame-managed networking, Private Networking so users must access the Frame workload VMs using the private IP addresses of the Frame workload VMs. Since the Frame workload VMs have no public IP addresses, the customer must provide a network path between the end user and the private Frame workload VMs. For egress to the Internet, these workload VMs communicate directly to the Internet through a NAT gateway in the public cloud infrastructure. 

   Customers who choose to create a Frame account in their own managed network where all users access the Frame                  workload VMs within their private network must follow the networking requirements defined below. 

 If users must access network resources on-premises or in a private network, a private network connection (e.g., VPN, direct connection, SD-WAN, VPC/VNET peering) with the appropriate routing must be implemented. 

   To ensure proper network communication to the Frame Platform there are two Backends available depending on which one    should be used for the connection for services and VMs please refer to the corresponding networking requirements: 

 USE  (located in the United states- Location AWS Datacenter  Virginia)  

 DEU  ( located in European Union - Location AWS Datacenter Frankfurt) 

 FRP8 Networking 

 FRP8 is a udp-based protocol for all communication between the end user and the Frame workload VMs. 

 

 

 Public IaaS - Private Networking (FRP8) 

 

 The following table describes the required protocols and ports for Frame accounts using Private Networking and FRP8. 

 

   Dizzion is in the process of migrating from *.nutanix.com to *.difr.com domain. For the   time being, the additional   difr.com domain s will need to be whitelisted   in addition to   the   existing nutanix.com domains. At a later   time , once Dizzion has confirmed there is no   dependencies on the nutanix.com domains, we will send out a communication notifying   customers that all nutanix .com domains can be safely removed from your whitelist   configurations. 

   IMPORTANT: For IMG Domains, Customers can whitelist new IMG difr domains but   should NOT change SAML 2 configurations to use new difr.com domains. SAML 2   configurations should continue to use img.console.nutanix.com and   img.frame.nutanix.com until further direction from Dizzion. 

 USE: Private Networking (Public Cloud) 

 

 

 

 

 

 Source to Destination 

 Source IP address 

 Destination FQDN(s) 

 Protocol/port 

 

 

 

 

 Workload VMs to Frame Platform 

 Public IP address 

 

 

 api.use.difr.com   

 hub.deu.difr.com   

 logging.use.difr.com   

 downloads.difr.com   

 download.visualstudio.microsoft.com   

 gateway-external-api-prod.frame.nutanix.com 

 downloads.console.nutanix.com   

 logging.console.nutanix.com   

 cch.console.nutanix.com   

 

 

 tcp/443 (HTTPS) 

 

 

 Workload VMs to Frame Platform 

 Public IP address 

 

 

 hub.use.difr.com   

 logging. use .difr.com   

 api.use.difr.com   

 cch.console.nutanix.com   

 logging.console.nutanix.com   

 messaging.console.nutanix.com   

 

 

 tcp/443 (HTTPS, WSS) 

 

 

 End user to Frame Platform 

 Public IP address 

 

 

 use.difr.com   

 api.use.difr.com   

 img.use.difr.com   

 assets.use.difr.com   

 login.use.difr.com   

 logging.use.difr.com   

 downloads.difr.com   

 c onsole.nutanix .com   

 img.frame.nutanix.com   

 img.console.nutanix.com   

 cpanel-backend.console.nutanix.com   

 terminal-prod.frame.nutanix.com   

 logging.console.nutanix.com   

 login.console.nutanix.com (for Frame IdP, if used)   

 

   

   

 

 tcp/443 (HTTPS) 

 

 

 End user to Frame Platform 

 Public IP address 

 

 

 api.use.difr.com   

 messaging.console.nutanix.com   

 

 

 tcp/443 (HTTPS, WSS) 

 

 

 End user to Workload VM 

 Private IP address 

 

 

 Workload’s dynamic private IP address within VPC/VNET   

 

 

 udp/4503-4509, tcp/4503-4509 (optional) 

 

 

 

 

 

 FRP8 Networking - EU 

 The following table lists the required protocols and ports for Frame accounts using Private Networking and FRP8, specifically for organizations electing to use Dizzion's EU control plane. 

 DEU: Private Networking (Public Cloud) 

 

 

 

 

 

 Source to Destination 

 Source IP address 

 Destination FQDN(s) 

 Protocol/port 

 

 

 

 

 Workload VMs to Frame Platform 

 Public IP address 

 

 

 api.deu.difr.com   

 hub.deu.difr.com   

 logging.deu.difr.com   

 downloads.difr.com   

 download.visualstudio.microsoft.com   

 

 

 tcp/443 (HTTPS) 

 

 

 Workload VMs to Frame Platform 

 Public IP address 

 

 

 hub.deu.difr.com   

 logging.deu.difr.com   

 api.deu.difr.com   

 

 

 tcp/443 (HTTPS, WSS) 

 

 

 End user to Frame Platform 

 Public IP address 

 

 

 deu.difr.com   

 api.deu.difr.com   

 img .deu.difr.com   

 assets.deu.difr.com   

 login .deu.difr.com   

 logging .deu.difr.com   

 downloads.difr.com   

 

 

 tcp/443 (HTTPS) 

 

 

 End user to Frame Platform 

 Public IP address 

 

 

   api.deu.difr.com   

 

 

 tcp/443 (HTTPS, WSS) 

 

 

 End user to Workload VM 

 Private IP address 

 

 

 Workload’s dynamic private IP address within VPC/VNET   

 

 

 udp/4503-4509, tcp/4503-4509 (optional) 

 

 

 

 

 

 FRP7 Networking  End of Life 

 

 Warning 

 

 FRP7 reached end-of-life (EOL) as of June 30, 2024. Refer to the  EOL Announcement of December 18, 2023 for further details.