Create Accounts

Frame Customer and Organization Administrators can create and manage multiple accounts from their Admin view. Each account is created:

  • With an AHV, AWS, Azure, or GCP (Infrastructure as a Service, IaaS) cloud account,

  • In an on-premises datacenter (if created with an AHV Cloud Account) or a public cloud region (if created with an IaaS Cloud Account),

  • In a virtual network (VLAN, VPC, or VNET), and

  • Having its own gold master image, unique set of applications, URLs, application and/or desktop Launchpads, and properties.

Note

Before creating a Frame account, be sure to review and understand the network configuration requirements discussed in further detail in Network Configuration Requirements.

Public Cloud

When creating a Frame account in public cloud, the Customer or Organization Administrator may choose from one of four different network deployments. The links below will take you to account creation instructions based on your networking setup:

  1. Frame networking (Public network) - all workload VMs have public IP addresses. Frame Platform creates the VNET or VPC.

  2. Frame networking (Private network) - all workload VMs have private IP addresses. Frame Platform creates the VNET or VPC.

  3. Frame networking (Private network with Streaming Gateway Appliance (SGA)) - all workload VMs have private IP addresses with one public IP address. Frame Platform creates the two VNETs or VPCs (one for the workload VMs and the second for up to 4 SGA VMs).

  4. BYO networking - all workload VMs have private IP addresses. The customer is solely responsible for configuring and managing the network containing the Frame account workload VMs.

AHV Infrastructure

When creating a Frame account on AHV infrastructure, the Customer or Organization Administrator creates the Frame account in an existing VLAN in the registered AHV Cloud Account. If the customer requires the SGA to support users accessing the workload VMs from the Internet without a VPN, they will deploy the SGA VM(s) independently in a DMZ LAN.

Creating New Frame Accounts

Public Network

Customers who wish to rapidly create a Frame account on the public cloud infrastructure for users accessing the virtualized applications/desktops from the Internet can choose this option. This procedure will provision a Frame account with the network requirements and architecture as defined in Public Cloud (Default) Network Requirements. All workload VMs will have public IP addresses.

  1. Customer/Organization Administrators can create new accounts by navigating to the Admin page and selecting the “Accounts” page listed on the left side of the console.

    ../_images/accountslist.png
  2. Click the “Create Account” link located on the upper right portion of the screen. The first set of parameters to specify will determine the infrastructure, location, and networking option for the Frame account.

    ../_images/createaccount0.png
    • Organization: Select or search for the the top level organization the account will reside under.

    • Account Name: Frame automatically generates an account name for you, but you can edit this field if desired. The account name will be displayed in the account Dashboard and Launchpad.

    • Account URL: This editable field designates the unique identifier of the URL for users to access the login page. The format for the string referenced above would appear as:

      https://console.nutanix.com/frame/customer/org/frame-networking-default
      
    • Cloud Provider: Select the desired cloud or IaaS (Infrastructure-as-a-Service) provider for your account.

    • Region: Specify the desired datacenter you would like the account to be created in.

    • Networking: Select Frame networking.

    • Network type: Select Public networking.

    • Customize VPC settings: For Frame networking, select this checkbox to specify a specific VPC/VNET CIDR. This is important to ensure you do not have overlapping CIDRs, if you plan to connect this network to another network through a peer, VPN, or other private connection. Be sure to specify the value in CIDR notation (e.g., 10.0.0.0/20, 192.168.0.0/24). The VPC/VNET CIDR can be changed after the Frame account is created under Dashboard, Settings, Networking, as long as there are no customer-provsioned network resources (e.g., peers, VPNs, gateways, etc.) attached to the Frame-provisioned VPC/VNET.

  3. After selecting the “Next” button, you will be asked to specify the Frame account configuration.

    ../_images/createaccount1.png
    • Base image: Select the base server type/version (AMI) for the account. The options for image family vary depending on the cloud provider.

    • Sandbox instance type: Select the system type of the Sandbox upon account creation. The system type can be modified at a later time from the Dashboard of the account.

    • Disk size: Use the slider or the editable field next to it to specify the initial Sandbox disk capacity upon account creation. We recommend you start with the smallest disk size since you can always increase the Sandbox disk size in the Dashboard.

    • Persistent Desktop: This toggle will enable “Persistent Desktops” for your account.

  4. Review the configuration you have specified in the first two steps of the account creation wizard and click “Create” in the bottom right corner of the window. Once the operation is complete, the new account will populate in the accounts list.

    ../_images/createaccount2.png

Private network

Customers who wish to create a Frame account on the public cloud infrastructure for users accessing the virtualized applications/desktops through a private network can choose this option. This procedure will provision a Frame account with the network requirements and architecture as defined in Public Cloud with Private Networking. All workload VMs will only have private IP addresses.

Attention

Until the customer configures networking and routing to reach these workload VMs, the customer will not be able to access the Sandbox, Utility Servers, or production VMs.

The procedure for creating this type of account is the same as New Account (Public network) except for Step 2 where you specify:

../_images/createaccount0_private.png
  • Network type: Select Private networking.

The Customer or Organization Administrator can specify a specific VPC/VNET CIDR in CIDR notation by selecting Customize VPC settings.

Private network with Streaming Gateway Appliance

Customers who wish to create a Frame account on the public cloud infrastructure for users accessing the virtualized applications/desktops through a single public IP address can choose this option. This procedure will provision a Frame account with the network requirements and architecture as defined in Public Cloud with Private Networking and SGA. All workload VMs will only have private IP addresses.

Note

Before creating your first Frame account with private networking and SGA, be sure to accept the CentOS 7.x User Agreement, if required by the public IaaS provider, so that Frame Platform can provision CentOS 7.x VMs for the SGAs.

The procedure for creating this type of account is the same as New Account (Public network) except for Step 2 where you specify:

../_images/createaccount0_private_sga.png
  • Network type: Select Private networking with SGA.

Once the Network type is set to Private networking with SGA, the administrator can define the number of SGA instances for Frame to provision and specify the workload VPC and SGA VPC CIDRs.

../_images/createaccount0_private_sga1.png
  • Number of SGA instances: If 2 or more SGA instances are requested, Frame will automatically provision a load balancer in front of the SGA VMs. These SGA VMs will run 24x7x365.

  • VPC CIDR: Specify the workload VPC/VNET CIDR in CIDR notation.

  • SGA CIDR: Specify the SGA VPC/VNET CIDR in CIDR notation.

Frame Platform will provision SGA VM(s) on the following instance/machine types. These VMs will run 24x7 since users need to be able to access the workload VMs at any time.

  • AWS: c5.xlarge

  • Azure: D4 v3

  • GCP: e2-standard-4

BYO (Bring Your Own Network)

Customers who wish to create a Frame account on the public cloud infrastructure in an existing network (VPC or VNET) can choose this option. The existing VPC or VNET must comply with the network requirements and architecture as defined in Public Cloud with Private Networking. All workload VMs will only have private IP addresses.

Attention

Until the customer configures networking, security groups, and routing to reach these workload VMs, the customer will not be able to access the Sandbox, Utility Servers, or production VMs.

The procedure for creating this type of account is the same as New Account (Public network) except for Step 2 where you specify:

../_images/createaccount0_byonetwork.png
  • Networking: Select BYO networking.

  • Virtual Private Network (VPC): Specify the desired VPC/VNET from the list of the existing VPCs/VNETs in the registered public cloud account.

  • Workload Subnet: Pick the subnet(s) from the list of subnets in the specified VPC or VNET within the registered public cloud account.

  • Security groups (AWS): Pick the security group(s) from the list of security groups in the registered AWS cloud account.

  • Security rules (GCP): Pick the security rule(s) from the list of security rules in the registered GCP cloud account.

Note

For Azure, while an Azure security group is not required in the above Frame account creation workflow, an Azure security group must be provisioned on the VNET/subnet before Frame account creation. Specific inbound/outbound rules will be dependent on how the Frame trarffic is routed, as defined in Public Cloud with Private Networking.

AHV

Customers who wish to create a Frame account on the AHV infrastructure must choose this option. The AHV cluster and VLAN configuration comply with the network requirements and architecture as defined in Frame on AHV. All workload VMs will only have private IP addresses.

../_images/createaccount0_ahv.png
  • Virtual Network: Specify the desired VLAN from the list of the existing VLANs in the registered AHV Cloud Account.

With Frame accounts on AHV, the CIDR block is defined in Prism Central/Prism Element and not within Frame.

Common Issues Encountered when Creating Accounts

When creating new accounts, the Frame platform automatically provisions new resources on the underlying infrastructure of your cloud account. It is important to understand this process in order to effectively debug issues such as these:

Long Provisioning Time for Sandbox on New Account

  • The typical time required to create a new instance (for the Sandbox on a new account) is 10-15 minutes for public cloud. This time is necessary as the Sandbox image is being created from the Frame-provided base image. After creation, updates are applied incrementally and there may be a reboot required for an update – this can extend the provisioning time for the Sandbox to over 15 minutes.

  • In some cases, if there is a problem with provisioning the first Sandbox, the system may go into a recovery process that will terminate the original instance and start over with a new Sandbox which could result in a provisioning time closer to 30 minutes.

  • If the above process takes between 30 minutes to an hour, there could be a problem with a lack of capacity in your AHV cluster or service limits with your IaaS cloud subscription. For example, provisioning can’t proceed when a virtual machine limit is reached with the request by Frame Platform for a new instance. In this case, you should check your IaaS service/quota limits.

Instance and Storage Limits Reached per IaaS Region

  • When publishing to provision instances with storage volumes (especially GPU-backed instances), there is a possibility that the instance and/or storage limit can be reached in the given region (e.g. the default limits for GPU instances on new IaaS accounts are typically very low per region).

  • If instance storage limits in a given region are hit, provisioning of the Sandbox for the new account will fail.

VPC/VNET Limit Reached

  • For each account, a new VPC/VNET is required when creating an account using Frame networking. IaaS providers limit the number of VPC’s or VNET’s that can be created.

  • If an issue is encountered when creating VPCs or VNETs due to the limit being hit, the account creation will fail.

Unable to Access Sandbox on New Account

If a Frame account using Frame Networking (Private Networking) or BYO Networking is created, the Sandbox may not be created successfully or accessible from the Internet. The Administrator must verify that the network configuration requirements are satisfied. These two issues may be caused by the inability for the Workload Cloud Connector Appliance (WCCA) to connect to Frame Platform via the Internet or the end user’s browser has no ability to access the privately-accessible workload VMs from the Internet.

Process to Increase IaaS Capacity Limits

In general, when provisioning accounts, the IaaS cloud account must have sufficient capacity/limits to support the instance, storage, VPC/VNET and networking demands. If limits are reached, the owner of the IaaS account must request limit increases by submitting a support ticket with their IaaS provider.