Skip to main content

Private Networking with SGA (Public Cloud)

Customers using public cloud infrastructure can create a Frame account using Frame-managed networking, Private Networking with Streaming Gateway Appliance (SGA) so users can access the Frame workload VMs through the SGA. The Internet-accessible SGA serves as a reverse proxy for Frame sessions between the end users and their Frame workload VMs in the private network. The Frame workload VMs only have private IP addresses. For egress from the workload VMs to the Internet, these workload VMs are configured to communicate directly to the Internet through a NAT gateway in the public cloud infrastructure.

If users must access network resources on-premises or in a private network, a private network connection (e.g., VPN, direct connection, SD-WAN, VPC/VNET peering) with the appropriate routing must be implemented.

note

Customers who choose to create a Frame account in their own managed network where users will access the Frame workload VMs from the Internet through an SGA must follow the networking requirements defined below.

FRP8 Networking (SGA 4)

FRP8 is a udp-based protocol for all communication between the end user and the Frame workload VMs.

Public IaaS - Private Networking with SGA 4 (FRP8)

Public IaaS - Private Networking with SGA 4 (FRP8)

The following table describes the required protocols and ports for Frame accounts using Private Networking with SGA 4 and FRP8.

Private Networking (Public Cloud) - Streaming Gateway 4

Source to DestinationSource IP addressDestination FQDN(s)Protocol/port
Workload VMs to Frame PlatformPublic IP address
  • gateway-external-api-prod.frame.nutanix.com
  • prod-kds-5683567dcbd60804cb34.s3.us-east-1.amazonaws.com
  • assets.console.nutanix.com
  • downloads.console.nutanix.com
  • logging.console.nutanix.com
  • download.visualstudio.microsoft.com
tcp/443 (HTTPS)
Workload VMs to Frame PlatformPublic IP address
  • cch.console.nutanix.com
  • messaging.console.nutanix.com
tcp/443 (HTTPS, WSS)
End user to Frame PlatformPublic IP address
  • console.nutanix.com
  • img.frame.nutanix.com
  • img.console.nutanix.com
  • cpanel-backend.console.nutanix.com
  • terminal-prod.frame.nutanix.com
  • logging.console.nutanix.com
  • login.console.nutanix.com (for Frame IdP, if used)
tcp/443 (HTTPS)
End user to Frame PlatformPublic IP address
  • messaging.console.nutanix.com
tcp/443 (HTTPS, WSS)
SGA VMs to Frame PlatformPublic IP address
  • cch.console.nutanix.com
tcp/443 (HTTPS, WSS)
End user to SGA VMPublic IP address
  • SGA VM-specific public IP address
udp/3478 and tcp/3478
SGA VM to End userPublic IP address
  • End user-specific public IP address
udp/49152–65535
SGA VM to Workload VMPrivate IP address
  • Dynamic private IP address within VPC/VNET
udp/4503–4509
Workload VM to SGA VMPrivate IP address
  • SGA VM-specific private IP address
udp/49152–65535

FRP8 Networking (SGA 3)

FRP8 is a udp-based protocol for all communication between the end user and the Frame workload VMs.

Public IaaS - Private Networking with SGA 3 (FRP8)

Public IaaS - Private Networking with SGA 3 (FRP8)

The following table describes the required protocols and ports for Frame accounts using Private Networking with SGA 3 and FRP8.

Private Networking (Public Cloud) - SGA 3

Source to DestinationSource IP addressDestination FQDN(s)Protocol/port
Workload VMs to Frame PlatformPublic IP address
  • gateway-external-api-prod.frame.nutanix.com
  • img.console.nutanix.com
  • img.frame.nutanix.com
  • prod-kds-5683567dcbd60804cb34.s3.us-east-1.amazonaws.com
  • assets.console.nutanix.com
  • downloads.console.nutanix.com
  • logging.console.nutanix.com
  • download.visualstudio.microsoft.com
tcp/443 (HTTPS)
Workload VMs to Frame PlatformPublic IP address
  • cch.console.nutanix.com
  • messaging.console.nutanix.com
tcp/443 (HTTPS, WSS)
End user to Frame PlatformPublic IP address
  • console.nutanix.com
  • img.frame.nutanix.com
  • img.console.nutanix.com
  • cpanel-backend.console.nutanix.com
  • terminal-prod.frame.nutanix.com
  • logging.console.nutanix.com
  • login.console.nutanix.com (for Frame IdP, if used)
tcp/443 (HTTPS)
End user to Frame PlatformPublic IP address
  • messaging.console.nutanix.com
tcp/443 (HTTPS, WSS)
SGA VMs to Frame PlatformPublic IP address
  • cpanel-backend.console.nutanix.com
  • gateway-external-api-prod.frame.nutanix.com
tcp/443 (HTTPS)
SGA VMs to Frame PlatformPublic IP address
  • messaging.console.nutanix.com
tcp/443 (HTTPS, WSS)
SGA VMs to Frame PlatformPublic IP address
  • stun.console.nutanix.com
udp/3478
End user to SGA VMPublic IP address
  • *.CUSTOMER SGA FQDN resolving to public IP (or private IP) address
tcp/443 (HTTPS, WSS), udp/3478, and tcp/3478
SGA VM to End userPublic IP address
  • End user-specific public IP address
udp/49152–65535
SGA VM to Workload VMPrivate IP address
  • Dynamic private IP address within VPC/VNET
udp/4503–4509
Workload VM to SGA VMPrivate IP address
  • SGA VM-specific private IP address
udp/49152–65535

FRP7 Networking End of Life

Warning

FRP7 reached end-of-life (EOL) as of June 30, 2024. Refer to the EOL Announcement of December 18, 2023 for further details.

Click to view FRP7 Networking details
FRP7 Diagram
FRP7 is a tcp-based protocol for all communication between the end user and the Frame workload VMs.
The following table describes the required protocols and ports for Frame accounts using Private Networking with SGA 3 and FRP7.
Source to DestinationSource IP addressDestination FQDN(s)Protocol/port
Workload VMs to Frame PlatformPublic IP address
  • gateway-external-api-prod.frame.nutanix.com
  • img.console.nutanix.com
  • img.frame.nutanix.com
  • prod-kds-5683567dcbd60804cb34.s3.us-east-1.amazonaws.com
  • assets.console.nutanix.com
  • downloads.console.nutanix.com
  • logging.console.nutanix.com
  • download.visualstudio.microsoft.com
  • tcp/443 (HTTPS)
Workload VMs to Frame PlatformPublic IP address
  • cch.console.nutanix.com
  • tcp/443 (HTTPS, WSS)
End user to Frame PlatformPublic IP address
  • console.nutanix.com
  • img.frame.nutanix.com
  • img.console.nutanix.com
  • cpanel-backend.console.nutanix.com
  • terminal-prod.frame.nutanix.com
  • logging.console.nutanix.com
  • login.console.nutanix.com (for Frame IdP, if used)
  • tcp/443 (HTTPS)
End user to Frame PlatformPublic IP address
  • messaging.console.nutanix.com
  • tcp/443 (HTTPS, WSS)
SGA VMs to Frame PlatformPublic IP address
  • cpanel-backend.console.nutanix.com
  • gateway-external-api-prod.frame.nutanix.com
  • tcp/443 (HTTPS)
End user to SGA VMPublic IP address
  • *.<CUSTOMER SGA FQDN> resolving to public IP (or private IP) address
  • tcp/443 (HTTPS, WSS)
SGA VM to Workload VMPrivate IP address
  • Dynamic private IP address within VPC/VNET
  • tcp/443 (HTTPS, WSS)