Deployment Planning
Customers who wish to deliver virtualized applications and/or desktops to their end users should carefully consider the topics discussed below when planning the implementation of a Frame solution. The design and implementation of their unique Frame Platform solution will vary depending on the customer's use case requirements. The required roles and skill sets for the design, implementation, and operation of their solution are dictated by the customer's business, technical, and operational requirements. Additionally, customers will need to decide on how they will provide end user training, ensure end user adoption (based on what their end users are familiar with), and transition end users from their current environment to the Frame Platform.
This document outlines the key topics that should be considered during the planning phase before designing, implementing, and rolling out a Frame solution. The Deployment Planning document is intended to provide a basis for planning your Frame implementation. It does not provide every design consideration and tradeoff. Should you have questions, please contact your Dizzion account manager or customer success manager for additional assistance.
Download and complete our Frame Discovery Workbook below to summarize the high-level requirements for your use case(s). This workbook helps customers summarize their answers to the questions below and prepare for design and deployment activities.
End User Experience
As a best practice, customers planning their Frame implementation should start by clearly establishing their desired end user experience. End user experience is defined by:
- How users will reach their virtualized applications and/or desktops through Frame
- What the users will be able to do while in the Frame session
Clearly defining your end user experience goals before getting started helps to ensure successful implementation and adoption of Frame.
Accessing Frame
Part of defining the end user experience is determining how your users will access their virtual applications or desktop in Frame. The following table identifies the key questions you will want to answer.
| Topic | Question | References |
|---|---|---|
| Authentication | Will your users need to authenticate to an Identity Provider (IdP) before reaching Frame? | Authentication |
| Authorization | How will you manage entitlements (e.g., role-based access control)? | Authorization |
| Integration | Will the users be accessing Frame from a web page you manage or will you simply give them a URL? | |
| Integration | Will the users access a Launchpad URL, a PWA, a Launch Link, or a custom JavaScript-based web integration? | Launchpad, PWA, Launch Link, Frame Session API |
Frame Session Experience
Next, use the questions below to determine what you would like your users to be able to do during and after their Frame session.
| Topic | Question | References |
|---|---|---|
| Authentication | Will you require your users to authenticate to a Windows domain controller once they reach a Windows OS VM? | Domain |
| Application Access | Are you providing your users with desktop environments or limiting their access to only specific applications? | Install and Onboard Apps, Launchpad |
| Persistence | Will users need non-persistent VMs or persistent desktop environments? | Account Types |
| Profiles | Would you like your users to be able to persist their application profiles across sessions while using non-persistent VMs? | Profiles |
| Data Storage | Will users need to be able to access/save their files with cloud storage providers or need a personal drive within the Frame account? | Personal Drives, Cloud Integrations |
| Applications | What specific applications will your users need access to within their Frame session? Do any of these applications require a GPU? | |
| Features | Will users be able to copy/paste between their device and the Frame session? What features will you allow them to have? | Clipboard Integration, Session Features |
| Session Lifecycle | How long can the users stay in their Frame session? | Time Limits |
| Session Lifecycle | Once the user's Frame session ends, what is the user allowed to do? Start a new session? Forced to re-authenticate to your identity provider? Redirected to a web page? |
End User Devices
A consistent user experience requires an understanding of what user devices are to be used to access a Frame session and the peripherals your users need.
| Topic | Question | References |
|---|---|---|
| Configuration | What devices are your users expected to use with Frame? | System Requirements |
| Configuration | What are the minimum configurations for these devices? | System Requirements |
| Configuration | Will your users be expecting to use more than one monitor? | Multiple Monitors |
| Peripherals | What peripherals (besides keyboard and mouse) will your users need? | USB Human Interface Device |
| Management | Do you manage your user's devices or are they allowed to bring their own devices? |
Infrastructure
You will need to determine what infrastructure(s) you will be using to host your workload VMs and where these workload VMs are geographically, in relation to your end users.
| Topic | Question | References |
|---|---|---|
| Infrastructure | What infrastructure(s) have you selected to host your workload VMs? | Infrastructure |
| Infrastructure | Where will your workload VMs be geographically located? | Infrastructure |
Networking
To ensure the best user experience, users must have the best network possible between their device and the workload VM selected for their application usage needs. Additionally, customer administrators must decide, from a networking standpoint, how their users will reach the workload VMs and what resources are available to the users from their workload VMs.
| Topic | Question | References |
|---|---|---|
| Network Architecture | How do you want the users reach your workload VMs? | Networking |
| Network Architecture | Once the users are in their Frame sessions, what can the workload VMs access on the network? What are users not allowed to reach from the workload VMs? | Networking |
| Network Quality | What is the maximum latency, minimum bandwidth, and maximum packet loss between the end user devices and the workload VMs? | Network Requirements |
| Network Management | Are you able to apply QoS or prioritize Frame session traffic higher than other forms of traffic on your network? | |
| Data Center Network Quality | If you are using Nutanix AHV clusters on-premises and your users are accessing the workload VMs from the Internet, what is the network bandwidth between the Internet and your data center? Do you have sufficient bandwidth for the expected number of concurrent Frame sessions? |
Operating System
Your choice of infrastructure and required applications will determine what operating system(s) you will use.
| Topic | Question | References |
|---|---|---|
| BYO or Frame-provided | If you are using public cloud infrastructure, will you bring your own operating system images or start with Frame-provided images? | Operating System |
| Windows Domain | If you require your users to use Windows domain-joined workload VMs, what computer/user GPOs do you require? | Domain |
Security
Infrastructure, network, operating system, and Frame configuration must be evaluated based on your use case requirements. The following key questions are important for ensuring a secure design, implementation, and operation of a Frame solution.
| Topic | Question | References |
|---|---|---|
| Anti-malware | What anti-virus/anti-malware solutions do you require in the workload VMs? | Security Basics |
| Anti-malware | What anti-virus/anti-malware solutions do you require on end user devices? | |
| Firewall | Do you restrict outbound access from your private network to the Internet? | Network Requirements |
| Firewall | Do you restrict inbound and outbound UDP traffic in your network or between end users and the workload VMs? | Network Requirements |
| Firewall | Do you implement any SSL "break and inspect" solutions for inbound or outbound connections to your private network? | SSL Break and Inspect |
| Proxy Server | Do you require traffic from the network to the Internet where the workload VMs reside to go through an outbound proxy server? For what protocols? | Proxy Server |
Recommended Resources
The following table outlines the key roles and associated responsibilities needed for a successful design and implementation of a typical Frame solution. Additional roles are needed to leverage Frame Admin API endpoints for automation and create custom Frame integrations with existing websites.
| Role | Responsibilities |
|---|---|
| Business Sponsor | Defines business requirements, including business success criteria, and provides budget for the project. |
| End User / Use Case Owner | Expert on the desired end user experience(s) / use case(s). Defines the end user success criteria, requirements, and end user test plan. Serves as the “voice of the end user experience”. |
| Project Manager | Organizes and coordinates customer resources, tasks, reports on progress, and identifies / mitigate execution risks. |
| Solution Architect or Cloud Architect | Defines the technical requirements based on the business requirements, including technical success criteria, and responsible for overall solution design. |
| Network Engineer | Manages the customer’s network. Assigns CIDR block for the network containing Frame-managed workloads, manages routing between private network and Internet and from workloads to company’s network-accessible resources. |
| Information Security | Manages company firewalls and endpoint protection solutions (anti-virus/anti-malware) that will be used within the Frame-managed workloads. |
| Identity Provider Administrator | Manages and configures the customer’s SAML2 identity provider. Registers Frame Platform as a SAML2 Service Provider for federated authentication and configures their identity provider to generate SAML2 assertions to enforce role-based access control within Frame. |
| Windows Domain Administrator | Manages the customer’s Windows domain infrastructure and creates the domain service account for use in the Frame-managed workloads. |
| Application Administrator | Installs and configures customer’s applications for use by end users. Typically, this person is the first Frame “Customer Administrator”. For some organizations, this role maintains the template image(s) with the OS and applications. Understands application requirements, configuration, and dependencies (e.g., required file servers, data storage services, licensing servers, etc.). |
| Endpoint Administrator | Deploys and manages the end user endpoints (e.g., desktops, laptops, thin clients, mobile devices) to be used to access Frame-managed workloads. |
| End User Application/Desktop Tester | Verifies, from an end user's perspective, that the solution meets the needs of the end users. |