Private Networking with SGA (AHV)
Customers using Nutanix AHV infrastructure can create a Frame account using Customer-managed networking, Private Networking with Streaming Gateway Appliance (SGA) so users can access the Frame workload VMs through the public IP address of the SGA VM. The Internet-accessible SGA VM serves as a reverse proxy for Frame sessions between the end users and their Frame workload VMs in the private network. The Frame workload VMs only have private IP addresses. Customers will need to ensure these workload VMs can communicate to the Frame control plane on the Internet.
FRP7 Networking​
FRP7 is a tcp-based protocol for all communication between the end user and the Frame workload VMs.
The following table describes the required protocols and ports for Frame accounts using Private Networking with SGA and FRP7 with the commercial Frame control plane.
| Source to Destination | Source IP address | Destination FQDN(s) | Protocol/port |
|---|---|---|---|
| Cloud Connector Appliance (CCA) to Frame Platform | Public IP address | console.nutanix.com cpanel-backend.console.nutanix.com gateway-external-api.console.nutanix.com | tcp/443 (HTTPS) |
| Cloud Connector Appliance (CCA) to Frame Platform | Public IP address | cch.console.nutanix.com | tcp/443 (HTTPS, WSS) |
| Prism Central to Frame Platform | Public IP address | downloads.console.nutanix.com | tcp/443 (HTTPS) |
| CCA to Prism Central | Private IP address | Prism Central IP address | tcp/443 (HTTPS), tcp/9440 (HTTPS) |
| CCA to Prism Element | Private IP address | Prism Element IP address | tcp/443 (HTTPS), tcp/9440 (HTTPS) |
| Workload VMs to Frame Platform | Public IP address | gateway-external-api-prod.frame.nutanix.com img.console.nutanix.com img.frame.nutanix.com prod-kds-5683567dcbd60804cb34.s3.us-east-1.amazonaws.com assets.console.nutanix.com downloads.console.nutanix.com logging.console.nutanix.com download.visualstudio.microsoft.com | tcp/443 (HTTPS) |
| Workload VMs to Frame Platform | Public IP address | cch.console.nutanix.com | tcp/443 (HTTPS, WSS) |
| End user to Frame Platform | Public IP address | console.nutanix.com img.frame.nutanix.com img.console.nutanix.com cpanel-backend.console.nutanix.com terminal-prod.frame.nutanix.com logging.console.nutanix.com login.console.nutanix.com (for Frame IdP, if used) | tcp/443 (HTTPS) |
| SGA VMs to Frame Platform | Public IP address | cpanel-backend.console.nutanix.com gateway-external-api-prod.frame.nutanix.com | tcp/443 (HTTPS) |
| End user to SGA VM | Public IP address | *.<CUSTOMER SGA FQDN> resolving to public IP (or private IP) address | tcp/443 (HTTPS, WSS) |
| SGA VM to Workload VM | Private IP address | Dynamic private IP address within VPC/VNET | tcp/443 (HTTPS, WSS) |
FRP8 Networking​
FRP8 is a udp-based protocol for all communication between the end user and the Frame workload VMs.
The following table describes the required protocols and ports for Frame accounts using Private Networking with SGA and FRP8 with the commercial Frame control plane.
| Source to Destination | Source IP address | Destination FQDN(s) | Protocol/port |
|---|---|---|---|
| Cloud Connector Appliance (CCA) to Frame Platform | Public IP address | console.nutanix.com cpanel-backend.console.nutanix.com gateway-external-api.console.nutanix.com | tcp/443 (HTTPS) |
| Cloud Connector Appliance (CCA) to Frame Platform | Public IP address | cch.console.nutanix.com | tcp/443 (HTTPS, WSS) |
| Prism Central to Frame Platform | Public IP address | downloads.console.nutanix.com | tcp/443 (HTTPS) |
| CCA to Prism Central | Private IP address | Prism Central IP address | tcp/443 (HTTPS) |
| CCA to Prism Element | Private IP address | Prism Element IP address | tcp/443 (HTTPS) |
| Workload VMs to Frame Platform | Public IP address | gateway-external-api-prod.frame.nutanix.com img.console.nutanix.com img.frame.nutanix.com prod-kds-5683567dcbd60804cb34.s3.us-east-1.amazonaws.com assets.console.nutanix.com downloads.console.nutanix.com logging.console.nutanix.com download.visualstudio.microsoft.com | tcp/443 (HTTPS) |
| Workload VMs to Frame Platform | Public IP address | cch.console.nutanix.com messaging.console.nutanix.com | tcp/443 (HTTPS, WSS) |
| End user to Frame Platform | Public IP address | console.nutanix.com img.frame.nutanix.com img.console.nutanix.com cpanel-backend.console.nutanix.com terminal-prod.frame.nutanix.com logging.console.nutanix.com login.console.nutanix.com (for Frame IdP, if used) | tcp/443 (HTTPS) |
| End user to Frame Platform | Public IP address | messaging.console.nutanix.com | tcp/443 (HTTPS, WSS) |
| SGA VMs to Frame Platform | Public IP address | cpanel-backend.console.nutanix.com gateway-external-api-prod.frame.nutanix.com | tcp/443 (HTTPS) |
| SGA VMs to Frame Platform | Public IP address | messaging.console.nutanix.com | tcp/443 (HTTPS, WSS) |
| SGA VMs to Frame Platform | Public IP address | stun.console.nutanix.com | udp/3478 |
| End user to SGA VM | Public IP address | *.<CUSTOMER SGA FQDN> resolving to public IP (or private IP) address | tcp/443 (HTTPS) |
| End user to SGA VM | Public IP address | SGA VM-specific public IP (or private IP) address | udp/3478 and tcp/3478 (optional) |
| SGA VM to End user | Public IP address | End user-specific public IP address | udp/49152-65535 |
| SGA VM to Workload VM | Private IP address | Dynamic private IP address within VPC/VNET | udp/4503-4509 |
| Workload VM to SGA VM | Private IP address | SGA VM-specific private IP address | udp/49152-65535 |