BYO GCP Account

Bring Your Own GCP Subscription to Frame

Frame provides two options for using Google Cloud Platform (GCP) infrastructure. You can “Bring Your Own” (BYO) GCP subscription that you own and manage yourself or purchase Nutanix IaaS credits to use Nutanix-managed GCP subscription. When you bring your own (BYO) GCP subscription, you pay Google directly for infrastructure (your VMs, storage, networking, etc.) and only pay Nutanix for using Frame.

Common reasons why you would bring your own GCP subscription are:

  • You wish to take advantage of existing billing arrangements with GCP for convenience and/or pricing. For example, your organization may already have certain GCP consumption commitments or pre-payments – you can use Frame to consume those resources on your own GCP account.

  • You want to have additional administrative control over your Frame workloads for more detailed monitoring and metrics.

  • You want to configure other network integrations (VPN gateways, Interconnects) which you can’t do using Nutanix-managed GCP subscription.

  • You must meet industry-specific compliance regimes (e.g., HIPAA) that require you to fully manage and control your cloud resources.


  • In order to register your GCP project with Frame, you need to ensure that the principal who will run the script has the role of “Owner” or has sufficient permissions to bind the following permissions to the Frame Platform service user. Once the script is executed, the principal who executed the script is no longer needed for Frame.

  • The script will bind the following roles to the Frame service account (in the form in order for Frame Platform to orchestrate GCP resources in the registered Google project. The Frame service account will need to the following roles:

    • compute.instanceAdmin

    • compute.networkAdmin

    • compute.securityAdmin

    • compute.storageAdmin

    • dns.admin

  • Your GCP Account ID is the only piece of information required to integrate with the Frame Platform, which can be found by going to the Dashboard of your GCP console.

Shared VPC

For customers who wish to use GCP Shared VPCs, you will need to register both your GCP Host and Service Projects in Frame.

  • GCP Host Project: After the GCP Host Project has been added as a Cloud Account in Frame, the GCP Administrator can remove assigned roles described above and assign the Compute Network User role.

  • GCP Service Project: The GCP Service Project which will use the Shared VPC and specific subnets within the Shared VPC must then be added as a second Cloud Account in Frame.

Once you have registered the two GCP projects, contact Nutanix Support who will assist you with associating your Shared VPC subnets with your GCP Service Project Cloud Account.

Adding your GCP Cloud Account

BYO cloud accounts can be created either at the “customer” or “organization” tiers of Frame’s logical hierarchy. More information about Frame’s hierarchy concepts can be referenced here.

A BYO cloud account created at the “customer” (highest) tier will be accessible to all hierarchical children (“organizations” and their accounts). If you choose to add the BYO cloud account at the “organization” tier, the BYO cloud account will only be available to the chosen organization and any accounts underneath it. Customer Administrators can add a BYO cloud account at the Customer or Organization level while Organization Administrators may only add a BYO cloud account at the Organization tier.


A particular cloud subscription can only be associated with a single entity on the Frame platform. If you associate your cloud subscription to one Organization, it cannot be associated with another Organization or Customer. If your use case requires that multiple Organizations will have access to your Azure subscription, you must associate the cloud account to your Customer entity.

GCP Cloud Account Registration Procedure

  1. Navigate to your Google Cloud Platform console by going to

  2. Locate and copy the Project ID found in your GCP console Dashboard.

  3. In a separate tab, navigate to your Frame platform account. You can configure a new cloud provider on either the Org or Customer entity level. For this example, we will be configuring the GCP Cloud Account on the Organization level. Click the ellipsis listed to the right of the Org and select “Edit.”

  4. Navigate to the “Cloud Accounts” tab and click “Add Cloud Account” in the upper right corner of the screen.

  5. A new window will appear prompting you for the following information:

    • Cloud provider: Select the GCP icon.

    • Name: Enter the desired name of your cloud service.

    • Google Project ID: Paste the Project ID you copied earlier from your GCP Console into the “Project ID” field.

  6. Next, click the “Prepare account with GCP Cloud Shell” button. A new tab will open, taking you to your GCP console.

  7. A prompt will appear asking you to confirm that you trust the repo. Select the Trust checkbox and click “Confirm.”

  8. After the Cloud Shell has initialized, paste the deployment command into the cloud shell and press “Enter.” You will be asked to authorize the use of your credentials to make a GCP API call. Once the command has completed successfully, you can close the Google Cloud Shell tab.

  9. Navigate back to your browser tab containing your Add new Frame cloud account configuration window and click the “Verify” button. Once verified, a message will appear below the button informing you that the cloud account setup has been verified.

  10. Select your desired datacenters.

  11. Click the check box once you have read through the disclaimer, and then click “Create.”

Now that your GCP Cloud Account is created and accessible within Frame, you will be able to create Frame accounts using this BYO cloud account.

Resources Created During BYO GCP Cloud Account Creation

Frame will immediately create multiple roles comprised of the minimum required permissions for Frame’s backend communication and orchestration. Frame also enables Google’s Compute Engine and Cloud DNS APIs.

GCP Service Limits

By default, a newly created GCP account will impose certain service limits on available resources. Depending on the number of the Frame workload VMs required of a given machine type (e.g., number of concurrent users on n1-standard-4-GPU-P4-Windows), how the Frame account is created (e.g., Frame networking with or without an SGA), and whether you use Publish or Quick Publish, you will likely need to adjust the default limits imposed on the GCP account. If these limits are set to values that are lower than what is required by the Frame platform, you can expect certain functions to either fail, or be substantially delayed. The requirements by Frame for these service limits depends on the desired workload and required resources. The recommended service limit increases include the following:


The following steps may not be necessary for smaller production environments or trial accounts.

Recommended GCP Resource Quota Limits

GCP Resource


CPUs and Machine Types

GCP has quota metrics on the total number of CPUs and number of CPUs for specific machine types, on a per-location basis. We recommend you first determine the expected max number of instances by machine type (per Frame account) for your needs. Next, calculate the total number of CPUs based on the expected max number of instances and the required number of CPUs for a specific machine type. If you use Publish, set your CPU quota to 2.2 times the required number of CPUs and specific machine type quotas to 2.2 times your expected max number of instances. The additional 20% will accommodate any additional resources such as Sandboxes, Utility servers, etc. If you use Quick Publish, you can use a minimum factor of 1.X times to calculate the required number of CPUs and the max instances. X is computed as the “Number of production instances created on publish” divided by expected max instances. By default, the “Number of production instances created on publish” value is configured to be 10 VMs. A factor of 1.3-1.5 should be sufficient to account for typical Quick Publishes and overhead.

Persistent Disk SSD

Frame provisions Persistent Disks for all workload VMs. These persistent disks are zonal SSDs. Typically, this resource does not need to be modified. To estimate total disk storage consumption, multiply the total number of VMs you expect to provision by the size of the Sandbox VM (e.g., 80 GiB) across all Frame accounts you plan to provision. Number and size of any utility servers, number of Sandbox image backups, number and size of personal drives, and number and size of enterprise profile disks would be additional storage to consider.

GPU-backed Instances

If you plan to use GPU-backed instances, you will need to increase the specific Virtual Workstation GPU (e.g., “NVIDIA T4 Virtual Workstation GPUs”) quota to the maximum number of workload VMs that will be provisioned. As was discussed in the CPU recommendation, make sure to account for the temporary increase of GPU VMs during a Publish or Quick Publish when the new production VMs with attached GPUs are created and before the old production VMs with attached GPUs are terminated.

IP Addresses

You will need 1 ephemeral external IP address and 1 internal IP address for each powered on VM for Frame accounts created with Frame networking (default). If the Frame account is created using Frame networking, private network with Streaming Gateway Appliance (SGA), then you will need 1 ephemeral external IP address for each SGA VM and 1 private IP address for each of the SGA VM and workload VMs (production, Sandbox, and Utility Server(s)). You will also need to account for the temporary increase of in-use IP addresses during a Publish or Quick Publish when the new production VMs are created and before the old production VMs are terminated.


If Frame networking (default) or Frame networking (private networking) is used to create Frame accounts, the number of VPC networks equals the number of Frame accounts. If Frame networking (private networking with SGA) is used to create Frame accounts, the required number of VPC networks is two times the number of Frame accounts. For BYO networking, no new networks are created.


If Frame networking is used to create Frame accounts, the number of subnetworks equals the number of Frame accounts. For BYO networking, no new subnetworks are created.

To review all of your quota metrics and current usage on your GCP account, you will need to click on the “IAM & Admin” link in the navigation panel on the left of the GCP console and select “Quotas” at the bottom of the IAM & Admin navigation panel.

GCP Instance Types

Each IaaS provider has a unique naming scheme for their instance types. GCP names their instance types (or “machine types”) based on the “machine type families” they have created for specific workload use cases. More information about machine types and machine type families can be found in GCP’s official documentation.

For the latest GCP instances supported by Frame, refer to Nutanix Frame Pricing Page. Note that since you are bringing your own GCP account, your pricing may be different from that shown in the table.