Private Networking (AHV)
Customers using Nutanix AHV infrastructure can create a Frame account using Customer-managed networking, Private Networking so users must access the Frame workload VMs using the private IP addresses of the Frame workload VMs. Since the Frame workload VMs have no public IP addresses, the customer must provide a network path between the end user and the private Frame workload VMs. Customers will also need to ensure these workload VMs and Cloud Connector Appliances (CCAs) can communicate to the Frame control plane on the Internet.
If a customer requires an outbound proxy server for any communication to the Internet, the outbound proxy server must support both HTTPS and Secure WebSocket (WSS) in order for the Frame Guest Agent (FGA) and CCAs to establish HTTPS and WSS connections to Frame Platform.
FRP8 Networking
FRP8 is a udp-based protocol for all communication between the end user and the Frame workload VMs.
The following table describes the required protocols and ports for Frame accounts using Private Networking and FRP8.
Nutanix AHV - Private Networking
| Source to Destination | Source IP address | Destination FQDN(s) | Protocol/port |
|---|---|---|---|
| Cloud Connector Appliance (CCA) to Frame Platform | Public IP address |
| tcp/443 (HTTPS) |
| Cloud Connector Appliance (CCA) to Frame Platform | Public IP address |
| tcp/443 (HTTPS, WSS) |
| Prism Central to Frame Platform | Public IP address |
| tcp/443 (HTTPS) |
| CCA to Prism Central | Private IP address |
| tcp/443 (HTTPS) |
| CCA to Prism Element | Private IP address |
| tcp/443 (HTTPS) |
| Workload VMs to Frame Platform | Public IP address |
| tcp/443 (HTTPS) |
| Workload VMs to Frame Platform | Public IP address |
| tcp/443 (HTTPS, WSS) |
| End user to Frame Platform | Public IP address |
| tcp/443 (HTTPS) |
| End user to Frame Platform | Public IP address |
| tcp/443 (HTTPS, WSS) |
| End user to Workload VM | Private IP address |
| udp/4503-4509, tcp/4503-4509 (optional) |
FRP7 Networking End of Life
FRP7 reached end-of-life (EOL) as of June 30, 2024. Refer to the EOL Announcement of December 18, 2023 for further details.
Click to view FRP7 Networking details
FRP7 is a tcp-based protocol for all communication between the end user and the Frame workload VMs.
The following table describes the required protocols and ports for Frame accounts using Private Networking and FRP7.
| Source to Destination | Source IP address | Destination FQDN(s) | Protocol/port |
|---|---|---|---|
| Cloud Connector Appliance (CCA) to Frame Platform | Public IP address | console.nutanix.com cpanel-backend.console.nutanix.com gateway-external-api.console.nutanix.com | tcp/443 (HTTPS) |
| Cloud Connector Appliance (CCA) to Frame Platform | Public IP address | cch.console.nutanix.com | tcp/443 (HTTPS, WSS) |
| Prism Central to Frame Platform | Public IP address | downloads.console.nutanix.com | tcp/443 (HTTPS) |
| CCA to Prism Central | Private IP address | Prism Central IP address | tcp/443 (HTTPS), tcp/9440 (HTTPS) |
| CCA to Prism Element | Private IP address | Prism Element IP address | tcp/443 (HTTPS), tcp/9440 (HTTPS) |
| Workload VMs to Frame Platform | Public IP address | gateway-external-api-prod.frame.nutanix.com img.console.nutanix.com img.frame.nutanix.com prod-kds-5683567dcbd60804cb34.s3.us-east-1.amazonaws.com assets.console.nutanix.com downloads.console.nutanix.com logging.console.nutanix.com download.visualstudio.microsoft.com | tcp/443 (HTTPS) |
| Workload VMs to Frame Platform | Public IP address | cch.console.nutanix.com | tcp/443 (HTTPS, WSS) |
| End user to Frame Platform | Public IP address | console.nutanix.com img.frame.nutanix.com img.console.nutanix.com cpanel-backend.console.nutanix.com terminal-prod.frame.nutanix.com logging.console.nutanix.com login.console.nutanix.com (for Frame IdP, if used) | tcp/443 (HTTPS) |
| End user to Workload VM | Public IP address | *.nutanixframe.com or *.nutanix-frame.com resolving to a private IP address | tcp/443 (HTTPS, WSS) |