Skip to main content

Private Networking with SGA (AHV)

Customers using Nutanix AHV infrastructure can create a Frame account using Customer-managed networking, Private Networking with Streaming Gateway Appliance (SGA) so users can access the Frame workload VMs through the public IP address of the SGA VM. The Internet-accessible SGA VM serves as a reverse proxy for Frame sessions between the end users and their Frame workload VMs in the private network. The Frame workload VMs only have private IP addresses. Customers will also need to ensure these workload VMs, Cloud Connector Appliances (CCAs), and Streaming Gateway Appliances (SGAs) can communicate to the Frame control plane on the Internet.

note

If a customer requires an outbound proxy server for any communication to the Internet, the outbound proxy server must support both HTTPS and Secure WebSocket (WSS) in order for the Frame Guest Agent (FGA), CCAs, and SGAs to establish HTTPS and WSS connections to Frame Platform.

FRP8 Networking (SGA 4)​

FRP8 is a udp-based protocol for all communication between the end user and the Frame workload VMs.

Nutanix AHV - Private Networking with SGA (FRP8)

Nutanix AHV - Private Networking with SGA (FRP8)

The following table describes the required protocols and ports for Frame accounts using Private Networking with SGA 4 and FRP8.

Nutanix AHV - Private Networking with Streaming Gateway 4

Source to DestinationSource IP addressDestination FQDN(s)Protocol/port
Cloud Connector Appliance (CCA) to Frame PlatformPublic IP address
  • ----[ US Backplane ]----
  • use.difr.com
  • api.use.difr.com
  • ----[ EU Backplane ]----
  • deu.difr.com
  • api.deu.difr.com
  • ----[ Legacy Backplane ]----
  • console.nutanix.com
  • cpanel-backend.console.nutanix.com
  • gateway-external-api.console.nutanix.com
tcp/443 (HTTPS)
Cloud Connector Appliance (CCA) to Frame PlatformPublic IP address
  • ----[ US Backplane ]----
  • hub.use.difr.com
  • ----[ EU Backplane ]----
  • hub.deu.difr.com
  • ----[ Legacy Backplane ]----
  • cch.console.nutanix.com
tcp/443 (HTTPS, WSS)
Prism Central to Frame Platform (not required starting with PC 2023.4)Public IP address
  • ----[ US Backplane ]----
  • downloads.difr.com
  • ----[ EU Backplane ]----
  • downloads.difr.com
  • ----[ Legacy Backplane ]----
  • downloads.console.nutanix.com
tcp/443 (HTTPS)
CCA to Prism CentralPrivate IP address
  • Prism Central IP address
tcp/443 (HTTPS)
CCA to Prism ElementPrivate IP address
  • Prism Element IP address
tcp/443 (HTTPS)
Workload VMs to Frame PlatformPublic IP address
  • ----[ US Backplane ]----
  • api.use.difr.com
  • assets.use.difr.com
  • logging.use.difr.com
  • downloads.difr.com
  • download.visualstudio.microsoft.com
  • ----[ EU Backplane ]----
  • api.deu.difr.com
  • hub.deu.difr.com
  • logging.deu.difr.com
  • downloads.difr.com
  • download.visualstudio.microsoft.com
  • ----[ Legacy Backplane ]----
  • gateway-external-api-prod.frame.nutanix.com
  • prod-kds-5683567dcbd60804cb34.s3.us-east-1.amazonaws.com
  • assets.console.nutanix.com
  • downloads.console.nutanix.com
  • logging.console.nutanix.com
  • download.visualstudio.microsoft.com
tcp/443 (HTTPS)
Workload VMs to Frame PlatformPublic IP address
  • ----[ US Backplane ]----
  • hub.use.difr.com
  • api.use.difr.com
  • ----[ EU Backplane ]----
  • hub.deu.difr.com
  • api.deu.difr.com
  • ----[ Legacy Backplane ]----
  • cch.console.nutanix.com
  • messaging.console.nutanix.com
tcp/443 (HTTPS, WSS)
End user to Frame PlatformPublic IP address
  • ----[ US Backplane ]----
  • use.difr.com
  • api.use.difr.com
  • img.use.difr.com
  • login.use.difr.com
  • logging.use.difr.com
  • ----[ EU Backplane ]----
  • deu.difr.com
  • api.deu.difr.com
  • assets.use.difr.com
  • login.use.difr.com
  • downloads.difr.com
  • ----[ Legacy Backplane ]----
  • console.nutanix.com
  • img.frame.nutanix.com
  • img.console.nutanix.com
  • cpanel-backend.console.nutanix.com
  • terminal-prod.frame.nutanix.com
  • logging.console.nutanix.com
  • login.console.nutanix.com (for Frame IdP, if used)
tcp/443 (HTTPS)
End user to Frame PlatformPublic IP address
  • ----[ US Backplane ]----
  • api.use.difr.com
  • ----[ EU Backplane ]----
  • api.deu.difr.com
  • ----[ Legacy Backplane ]----
  • messaging.console.nutanix.com
tcp/443 (HTTPS, WSS)
SGA VMs to Frame PlatformPublic IP address
  • ----[ US Backplane ]----
  • hub.use.difr.com
  • ----[ EU Backplane ]----
  • hub.deu.difr.com
  • ----[ Legacy Backplane ]----
  • cch.console.nutanix.com
tcp/443 (HTTPS)
End user to SGA VMPublic IP address
  • SGA VM-specific public IP address
udp/3478 and tcp/3478
SGA VM to End userPublic IP address
  • End user-specific public IP address
udp/49152–65535
SGA VM to Workload VMPrivate IP address
  • Dynamic private IP address within VPC/VNET
udp/4503–4509
Workload VM to SGA VMPrivate IP address
  • SGA VM-specific private IP address
udp/49152–65535