Skip to main content

Private Networking with SGA (AHV)

Customers using Nutanix AHV infrastructure can create a Frame account using Customer-managed networking, Private Networking with Streaming Gateway Appliance (SGA) so users can access the Frame workload VMs through the public IP address of the SGA VM. The Internet-accessible SGA VM serves as a reverse proxy for Frame sessions between the end users and their Frame workload VMs in the private network. The Frame workload VMs only have private IP addresses. Customers will also need to ensure these workload VMs, Cloud Connector Appliances (CCAs), and Streaming Gateway Appliances (SGAs) can communicate to the Frame control plane on the Internet.

note

If a customer requires an outbound proxy server for any communication to the Internet, the outbound proxy server must support both HTTPS and Secure WebSocket (WSS) in order for the Frame Guest Agent (FGA), CCAs, and SGAs to establish HTTPS and WSS connections to Frame Platform.

FRP8 Networking (SGA 4)

FRP8 is a udp-based protocol for all communication between the end user and the Frame workload VMs.

Nutanix AHV - Private Networking with SGA (FRP8)

Nutanix AHV - Private Networking with SGA (FRP8)

The following table describes the required protocols and ports for Frame accounts using Private Networking with SGA 4 and FRP8.

Nutanix AHV - Private Networking with Streaming Gateway 4

Source to DestinationSource IP addressDestination FQDN(s)Protocol/port
Cloud Connector Appliance (CCA) to Frame PlatformPublic IP address
  • console.nutanix.com
  • cpanel-backend.console.nutanix.com
  • gateway-external-api.console.nutanix.com
tcp/443 (HTTPS)
Cloud Connector Appliance (CCA) to Frame PlatformPublic IP address
  • cch.console.nutanix.com
tcp/443 (HTTPS, WSS)
Prism Central to Frame Platform (not required starting with PC 2023.4)Public IP address
  • downloads.console.nutanix.com
tcp/443 (HTTPS)
CCA to Prism CentralPrivate IP address
  • Prism Central IP address
tcp/443 (HTTPS)
CCA to Prism ElementPrivate IP address
  • Prism Element IP address
tcp/443 (HTTPS)
Workload VMs to Frame PlatformPublic IP address
  • gateway-external-api-prod.frame.nutanix.com
  • prod-kds-5683567dcbd60804cb34.s3.us-east-1.amazonaws.com
  • assets.console.nutanix.com
  • downloads.console.nutanix.com
  • logging.console.nutanix.com
  • download.visualstudio.microsoft.com
tcp/443 (HTTPS)
Workload VMs to Frame PlatformPublic IP address
  • cch.console.nutanix.com
  • messaging.console.nutanix.com
tcp/443 (HTTPS, WSS)
End user to Frame PlatformPublic IP address
  • console.nutanix.com
  • img.frame.nutanix.com
  • img.console.nutanix.com
  • cpanel-backend.console.nutanix.com
  • terminal-prod.frame.nutanix.com
  • logging.console.nutanix.com
  • login.console.nutanix.com (for Frame IdP, if used)
tcp/443 (HTTPS)
End user to Frame PlatformPublic IP address
  • messaging.console.nutanix.com
tcp/443 (HTTPS, WSS)
SGA VMs to Frame PlatformPublic IP address
  • cch.console.nutanix.com
tcp/443 (HTTPS)
End user to SGA VMPublic IP address
  • SGA VM-specific public IP address
udp/3478 and tcp/3478
SGA VM to End userPublic IP address
  • End user-specific public IP address
udp/49152–65535
SGA VM to Workload VMPrivate IP address
  • Dynamic private IP address within VPC/VNET
udp/4503–4509
Workload VM to SGA VMPrivate IP address
  • SGA VM-specific private IP address
udp/49152–65535

FRP8 Networking (SGA 3)

FRP8 is a udp-based protocol for all communication between the end user and the Frame workload VMs.

Nutanix AHV - Private Networking with SGA (FRP8)

Nutanix AHV - Private Networking with SGA (FRP8)

The following table describes the required protocols and ports for Frame accounts using Private Networking with SGA 3 and FRP8.

Nutanix AHV - Private Networking with SGA 3

Source to DestinationSource IP addressDestination FQDN(s)Protocol/port
Cloud Connector Appliance (CCA) to Frame PlatformPublic IP address
  • console.nutanix.com
  • cpanel-backend.console.nutanix.com
  • gateway-external-api.console.nutanix.com
tcp/443 (HTTPS)
Cloud Connector Appliance (CCA) to Frame PlatformPublic IP address
  • cch.console.nutanix.com
tcp/443 (HTTPS, WSS)
Prism Central to Frame PlatformPublic IP address
  • downloads.console.nutanix.com
tcp/443 (HTTPS)
CCA to Prism CentralPrivate IP address
  • Prism Central IP address
tcp/443 (HTTPS)
CCA to Prism ElementPrivate IP address
  • Prism Element IP address
tcp/443 (HTTPS)
Workload VMs to Frame PlatformPublic IP address
  • gateway-external-api-prod.frame.nutanix.com
  • img.console.nutanix.com
  • img.frame.nutanix.com
  • prod-kds-5683567dcbd60804cb34.s3.us-east-1.amazonaws.com
  • assets.console.nutanix.com
  • downloads.console.nutanix.com
  • logging.console.nutanix.com
  • download.visualstudio.microsoft.com
tcp/443 (HTTPS)
Workload VMs to Frame PlatformPublic IP address
  • cch.console.nutanix.com
  • messaging.console.nutanix.com
tcp/443 (HTTPS, WSS)
End user to Frame PlatformPublic IP address
  • console.nutanix.com
  • img.frame.nutanix.com
  • img.console.nutanix.com
  • cpanel-backend.console.nutanix.com
  • terminal-prod.frame.nutanix.com
  • logging.console.nutanix.com
  • login.console.nutanix.com (for Frame IdP, if used)
tcp/443 (HTTPS)
End user to Frame PlatformPublic IP address
  • messaging.console.nutanix.com
tcp/443 (HTTPS, WSS)
SGA VMs to Frame PlatformPublic IP address
  • cpanel-backend.console.nutanix.com
  • gateway-external-api-prod.frame.nutanix.com
tcp/443 (HTTPS)
SGA VMs to Frame PlatformPublic IP address
  • messaging.console.nutanix.com
tcp/443 (HTTPS, WSS)
SGA VMs to Frame PlatformPublic IP address
  • stun.console.nutanix.com
udp/3478
End user to SGA VMPublic IP address
  • *.CUSTOMER SGA FQDN resolving to public IP (or private IP) address
tcp/443 (HTTPS, WSS)
End user to SGA VMPublic IP address
  • SGA VM-specific public IP (or private IP) address
udp/3478 and tcp/3478
SGA VM to End userPublic IP address
  • End user-specific public IP address
udp/49152–65535
SGA VM to Workload VMPrivate IP address
  • Dynamic private IP address within VPC/VNET
udp/4503–4509
Workload VM to SGA VMPrivate IP address
  • SGA VM-specific private IP address
udp/49152–65535

FRP7 Networking End of Life

Warning

FRP7 reached end-of-life (EOL) on June 30, 2024. Refer to the EOL Announcement of December 18, 2023 for further details.

Click to view FRP7 Networking details
FRP7 Diagram
FRP7 is a tcp-based protocol for all communication between the end user and the Frame workload VMs.
The following table describes the required protocols and ports for Frame accounts using Private Networking with SGA 3 and FRP7.
Source to DestinationSource IP addressDestination FQDN(s)Protocol/port
Cloud Connector Appliance (CCA) to Frame PlatformPublic IP addressconsole.nutanix.com
cpanel-backend.console.nutanix.com
gateway-external-api.console.nutanix.com		tcp/443 (HTTPS)
Cloud Connector Appliance (CCA) to Frame PlatformPublic IP addresscch.console.nutanix.comtcp/443 (HTTPS, WSS)
Prism Central to Frame PlatformPublic IP addressdownloads.console.nutanix.comtcp/443 (HTTPS)
CCA to Prism CentralPrivate IP addressPrism Central IP addresstcp/443 (HTTPS), tcp/9440 (HTTPS)
CCA to Prism ElementPrivate IP addressPrism Element IP addresstcp/443 (HTTPS), tcp/9440 (HTTPS)
Workload VMs to Frame PlatformPublic IP addressgateway-external-api-prod.frame.nutanix.com
img.console.nutanix.com
img.frame.nutanix.com
prod-kds-5683567dcbd60804cb34.s3.us-east-1.amazonaws.com
assets.console.nutanix.com
downloads.console.nutanix.com
logging.console.nutanix.com
download.visualstudio.microsoft.com		tcp/443 (HTTPS)
Workload VMs to Frame PlatformPublic IP addresscch.console.nutanix.comtcp/443 (HTTPS, WSS)
End user to Frame PlatformPublic IP addressconsole.nutanix.com
img.frame.nutanix.com
img.console.nutanix.com
cpanel-backend.console.nutanix.com
terminal-prod.frame.nutanix.com
logging.console.nutanix.com
login.console.nutanix.com (for Frame IdP, if used)		tcp/443 (HTTPS)
SGA VMs to Frame PlatformPublic IP addresscpanel-backend.console.nutanix.com
gateway-external-api-prod.frame.nutanix.com		tcp/443 (HTTPS)
End user to SGA VMPublic IP address*.<CUSTOMER SGA FQDN> resolving to public IP (or private IP) addresstcp/443 (HTTPS, WSS)
SGA VM to Workload VMPrivate IP addressDynamic private IP address within VPC/VNETtcp/443 (HTTPS, WSS)