Private Networking (AHV)

Customers using Nutanix AHV infrastructure can create a Frame account using Customer-managed networking, Private Networking so users must access the Frame workload VMs using the private IP addresses of the Frame workload VMs. Since the Frame workload VMs have no public IP addresses, the customer must provide a network path between the end user and the private Frame workload VMs. Customers will also need to ensure these workload VMs and Cloud Connector Appliances (CCAs) can communicate to the Frame control plane on the Internet.

note

If a customer requires an outbound proxy server for any communication to the Internet, the outbound proxy server must support both HTTPS and Secure WebSocket (WSS) in order for the Frame Guest Agent (FGA) and CCAs to establish HTTPS and WSS connections to Frame Platform.

FRP8 Networking

FRP8 is a udp-based protocol for all communication between the end user and the Frame workload VMs.

Nutanix AHV - Private Networking (FRP8)

The following table describes the required protocols and ports for Frame accounts using Private Networking and FRP8.

Nutanix AHV - Private Networking

Source to Destination	Source IP address	Destination FQDN(s)	Protocol/port
Cloud Connector Appliance (CCA) to Frame Platform	Public IP address	----[ US Backplane ]---- use.difr.com api.use.difr.com ----[ EU Backplane ]---- deu.difr.com api.deu.difr.com ----[ Legacy Backplane ]---- console.nutanix.com cpanel-backend.console.nutanix.com gateway-external-api.console.nutanix.com	tcp/443 (HTTPS)
Cloud Connector Appliance (CCA) to Frame Platform	Public IP address	----[ US Backplane ]---- hub.use.difr.com ----[ EU Backplane ]---- hub.deu.difr.com ----[ Legacy Backplane ]---- cch.console.nutanix.com	tcp/443 (HTTPS, WSS)
Prism Central to Frame Platform	Public IP address	----[ US Backplane ]---- downloads.difr.com ----[ EU Backplane ]---- downloads.difr.com ----[ Legacy Backplane ]---- downloads.console.nutanix.com	tcp/443 (HTTPS)
CCA to Prism Central	Private IP address	Prism Central IP address	tcp/443 (HTTPS)
CCA to Prism Element	Private IP address	Prism Element IP address	tcp/443 (HTTPS)
Workload VMs to Frame Platform	Public IP address	----[ US Backplane ]---- api.use.difr.com assets.use.difr.com img.use.difr.com logging.use.difr.com downloads.difr.com ----[ EU Backplane ]---- api.deu.difr.com hub.deu.difr.com logging.use.difr.com downloads.difr.com ----[ Legacy Backplane ]---- gateway-external-api-prod.frame.nutanix.com img.console.nutanix.com img.frame.nutanix.com prod-kds-5683567dcbd60804cb34.s3.us-east-1.amazonaws.com assets.console.nutanix.com downloads.console.nutanix.com logging.console.nutanix.com download.visualstudio.microsoft.com	tcp/443 (HTTPS)
Workload VMs to Frame Platform	Public IP address	----[ US Backplane ]---- hub.use.difr.com api.use.difr.com ----[ EU Backplane ]---- hub.deu.difr.com api.deu.difr.com ----[ Legacy Backplane ]---- cch.console.nutanix.com messaging.console.nutanix.com	tcp/443 (HTTPS, WSS)
End user to Frame Platform	Public IP address	----[ US Backplane ]---- use.difr.com api.use.difr.com img.use.difr.com login.use.difr.com logging.use.difr.com downloads.difr.com ----[ EU Backplane ]---- deu.difr.com api.deu.difr.com assets.deu.difr.com login.deu.difr.com downloads.difr.com ----[ Legacy Backplane ]---- console.nutanix.com img.frame.nutanix.com img.console.nutanix.com cpanel-backend.console.nutanix.com terminal-prod.frame.nutanix.com logging.console.nutanix.com login.console.nutanix.com (for Frame IdP, if used)	tcp/443 (HTTPS)
End user to Frame Platform	Public IP address	----[ US Backplane ]---- api.use.difr.com ----[ US Backplane ]---- api.deu.difr.com ----[ Legacy Backplane ]---- messaging.console.nutanix.com	tcp/443 (HTTPS, WSS)
End user to Workload VM	Private IP address	*.nutanixframe.com or *.nutanix-frame.com resolving to a private IP address	udp/4503-4509, tcp/4503-4509 (optional)