Skip to main content

Private Networking (AHV)

Customers using Nutanix AHV infrastructure can create a Frame account using Customer-managed networking, Private Networking so users must access the Frame workload VMs using the private IP addresses of the Frame workload VMs. Since the Frame workload VMs have no public IP addresses, the customer must provide a network path between the end user and the private Frame workload VMs. Customers will also need to ensure these workload VMs and Cloud Connector Appliances (CCAs) can communicate to the Frame control plane on the Internet.

note

If a customer requires an outbound proxy server for any communication to the Internet, the outbound proxy server must support both HTTPS and Secure WebSocket (WSS) in order for the Frame Guest Agent (FGA) and CCAs to establish HTTPS and WSS connections to Frame Platform.

FRP8 Networking​

FRP8 is a udp-based protocol for all communication between the end user and the Frame workload VMs.

Nutanix AHV - Private Networking (FRP8)

Nutanix AHV - Private Networking (FRP8)

The following table describes the required protocols and ports for Frame accounts using Private Networking and FRP8.

Nutanix AHV - Private Networking

Source to DestinationSource IP addressDestination FQDN(s)Protocol/port
Cloud Connector Appliance (CCA) to Frame PlatformPublic IP address
  • console.nutanix.com
  • cpanel-backend.console.nutanix.com
  • gateway-external-api.console.nutanix.com
tcp/443 (HTTPS)
Cloud Connector Appliance (CCA) to Frame PlatformPublic IP address
  • cch.console.nutanix.com
tcp/443 (HTTPS, WSS)
Prism Central to Frame PlatformPublic IP address
  • downloads.console.nutanix.com
tcp/443 (HTTPS)
CCA to Prism CentralPrivate IP address
  • Prism Central IP address
tcp/443 (HTTPS)
CCA to Prism ElementPrivate IP address
  • Prism Element IP address
tcp/443 (HTTPS)
Workload VMs to Frame PlatformPublic IP address
  • gateway-external-api-prod.frame.nutanix.com
  • img.console.nutanix.com
  • img.frame.nutanix.com
  • prod-kds-5683567dcbd60804cb34.s3.us-east-1.amazonaws.com
  • assets.console.nutanix.com
  • downloads.console.nutanix.com
  • logging.console.nutanix.com
  • download.visualstudio.microsoft.com
tcp/443 (HTTPS)
Workload VMs to Frame PlatformPublic IP address
  • cch.console.nutanix.com
  • messaging.console.nutanix.com
tcp/443 (HTTPS, WSS)
End user to Frame PlatformPublic IP address
  • console.nutanix.com
  • img.frame.nutanix.com
  • img.console.nutanix.com
  • cpanel-backend.console.nutanix.com
  • terminal-prod.frame.nutanix.com
  • logging.console.nutanix.com
  • login.console.nutanix.com (for Frame IdP, if used)
tcp/443 (HTTPS)
End user to Frame PlatformPublic IP address
  • messaging.console.nutanix.com
tcp/443 (HTTPS, WSS)
End user to Workload VMPrivate IP address
  • *.nutanixframe.com or *.nutanix-frame.com resolving to a private IP address
udp/4503-4509, tcp/4503-4509 (optional)

FRP8 Networking - EU​

The following table describes the required protocols and ports for Frame accounts using Private Networking and FRP8, , specifically for organizations electing to use Dizzion's EU control plane.

DEU: Nutanix AHV - Private Networking

Source to DestinationSource IP addressDestination FQDN(s)Protocol/port
Cloud Connector Appliance (CCA) to Frame PlatformPublic IP address
  • deu.difr.com
  • api.use.difr.com
tcp/443 (HTTPS)
Cloud Connector Appliance (CCA) to Frame PlatformPublic IP address
  • hub.deu.difr.com
tcp/443 (HTTPS, WSS)
Prism Central to Frame PlatformPublic IP address
  • downloads.difr.com
tcp/443 (HTTPS)
Workload VMs to Frame PlatformPublic IP address
  • api.deu.difr.com
  • downloads.difr.com
  • hub.deu.difr.com
  • logging.deu.difr.com
tcp/443 (HTTPS)
Workload VMs to Frame PlatformPublic IP address
  • hub.deu.difr.com
  • api.deu.difr.com
tcp/443 (HTTPS, WSS)
End user to Frame PlatformPublic IP address
  • deu.difr.com
  • api.deu.difr.com
  • downloads.difr.com
  • assets.deu.difr.com
  • login.deu.difr.com
tcp/443 (HTTPS)
End user to Frame PlatformPublic IP address
  • api.deu.difr.com
tcp/443 (HTTPS, WSS)

FRP7 Networking End of Life​

Warning

FRP7 reached end-of-life (EOL) as of June 30, 2024. Refer to the EOL Announcement of December 18, 2023 for further details.

Click to view FRP7 Networking details
FRP7 Diagram

FRP7 is a tcp-based protocol for all communication between the end user and the Frame workload VMs.
The following table describes the required protocols and ports for Frame accounts using Private Networking and FRP7.

Source to DestinationSource IP addressDestination FQDN(s)Protocol/port
Cloud Connector Appliance (CCA) to Frame PlatformPublic IP address

console.nutanix.com
cpanel-backend.console.nutanix.com
gateway-external-api.console.nutanix.com

tcp/443 (HTTPS)
Cloud Connector Appliance (CCA) to Frame PlatformPublic IP addresscch.console.nutanix.comtcp/443 (HTTPS, WSS)
Prism Central to Frame PlatformPublic IP addressdownloads.console.nutanix.comtcp/443 (HTTPS)
CCA to Prism CentralPrivate IP addressPrism Central IP addresstcp/443 (HTTPS), tcp/9440 (HTTPS)
CCA to Prism ElementPrivate IP addressPrism Element IP addresstcp/443 (HTTPS), tcp/9440 (HTTPS)
Workload VMs to Frame PlatformPublic IP address

gateway-external-api-prod.frame.nutanix.com
img.console.nutanix.com
img.frame.nutanix.com
prod-kds-5683567dcbd60804cb34.s3.us-east-1.amazonaws.com
assets.console.nutanix.com
downloads.console.nutanix.com
logging.console.nutanix.com
download.visualstudio.microsoft.com

tcp/443 (HTTPS)
Workload VMs to Frame PlatformPublic IP addresscch.console.nutanix.comtcp/443 (HTTPS, WSS)
End user to Frame PlatformPublic IP address

console.nutanix.com
img.frame.nutanix.com
img.console.nutanix.com
cpanel-backend.console.nutanix.com
terminal-prod.frame.nutanix.com
logging.console.nutanix.com
login.console.nutanix.com (for Frame IdP, if used)

tcp/443 (HTTPS)
End user to Workload VMPublic IP address

*.nutanixframe.com or *.nutanix-frame.com resolving to a private IP address

tcp/443 (HTTPS, WSS)