Network Configuration Requirements

Public Cloud

Default

With the default public cloud networking (using an Infrastructure-as-a-Service provider), users access virtualized applications/desktops from the Internet. These virtualized applications/desktops communicate directly to the Internet for publicly-accessible resources. Administrators wishing to grant users access to private network resources must use a VPN or direct connection between the public cloud network and private network.

Souce to Destination Source IP Address Destination FQDN(s) Protocol: Port
▴ Frame Platform to Workload VMs 18.214.119.1/32 18.232.236.200/32 35.173.64.151/32
  • Public IP address
  • tcp/443
  • tcp/8112 (HTTPS)
▴ Workload VMs to Frame Platform Public IP address
  • gateway-external-api-prod.frame.nutanix.com
  • img.frame.nutanix.com
  • prod-kds-5683567dcbd60804cb34.s3.us-east-1.amazonaws.com
  • prod-sup-5683567dcbd60804cb34.s3.us-east-1.amazonaws.com
  • logs-01.loggly.com (for event logging)
  • tcp/443 (HTTPS)
  • tcp/443 (HTTPS)
  • tcp/443 (HTTPS)
  • tcp/443 (HTTPS)
  • tcp/6514 (TLS)
▴ End user to Frame Platform Public IP address
  • frame.nutanix.com
  • img.frame.nutanix.com
  • All tcp/443 (HTTPS)
▴ End user to Workload VM Public IP address
  • Public IP address
  • tcp/443 (HTTPS, Secure Web Socket)

Note

The table above includes all protocols/ports needed for Frame-managed workloads on AWS, Azure, or GCP. Items with the ▴ symbol identify communication paths that traverse the public-private network boundary.

Public Cloud with Private Networking

Private Networking allows users to access virtualized applications/desktops from the corporate network. Virtualized applications/desktops must be routed through the corporate network to reach the Internet. With Private Networking, there is no direct Internet access to/from workload VMs.

IaaS, Private Networking
Source to Destination Source IP Address Destination FQDN(s) Protocol: Port
▴ Workload Cloud Connector Appliance (WCCA) to Frame Platform Public IP address (NAT from private IP address), as seen by Frame Platform
  • frame.nutanix.com
  • cpanel-backend-prod.frame.nutanix.com
  • gateway-external-api-prod.frame.nutanix.com
  • ccc-bridge-external-prod.frame.nutanix.com
  • ccc-prod.frame.nutanix.com
  • tcp/443 (HTTPS)
  • tcp/443 (HTTPS)
  • tcp/443 (HTTPS)
  • tcp/443 (HTTPS, Secure Web Socket)
WCCA to Workload VMs (Sandbox VM, Production VMs) Private IP address within VPC/VNET
  • Private IP addresses within VPC/VNET
  • tcp/8112 (HTTPS)
▴ Workload VMs to Frame Platform Public IP address (NAT from private IP address), from perspective of Frame Platform
  • gateway-external-api-prod.frame.nutanix.com
  • img.frame.nutanix.com
  • prod-kds-5683567dcbd60804cb34.s3.us-east-1.amazonaws.com
  • prod-sup-5683567dcbd60804cb34.s3.us-east-1.amazonaws.com
  • logs-01.loggly.com (for event logging)
  • tcp/443 (HTTPS)
  • tcp/443 (HTTPS)
  • tcp/443 (HTTPS)
  • tcp/443 (HTTPS)
  • tcp/6514 (TLS)
▴ End user to Frame Platform Public IP address (NAT from private IP address if end user in private network), from perspective of Frame Platform
  • frame.nutanix.com
  • img.frame.nutanix.com
  • logs-01.loggly.com (for event logging)
  • tcp/443 (HTTPS)
  • tcp/443 (HTTPS)
  • tcp/6514 (TLS)
End user to Workload VM Private IP address
  • Private IP address within VPC/VNET
  • tcp/443 (HTTPS, Secure Web Socket)

Note

Items with the ▴ symbol identify communication paths that traverse the public-private network boundary.

Default Frame Account on Public Cloud with Private Networking Topology

../_images/default_public.png

Frame on AHV

AHV using Private Networking with or without SGA

Xi Frame on AHV
Source to Destination Source IP Address Destination FQDN(s) Protocol: Port
▴ Cloud Connector Appliance (CCA) to Frame Platform and/or Workload Cloud Connector Appliance (WCCA) to Frame Platform Public IP address (NAT from private IP address), as seen by Frame Platform
  • frame.nutanix.com
  • cpanel-backend-prod.frame.nutanix.com
  • gateway-external-api-prod.frame.nutanix.com
  • ccc-bridge-external-prod.frame.nutanix.com
  • ccc-prod.frame.nutanix.com
  • tcp/443 (HTTPS)
  • tcp/443 (HTTPS)
  • tcp/443 (HTTPS)
  • tcp/443 (HTTPS, Secure Web Socket)
WCCA to Workload VMs (Sandbox VM, Production VMs) Private IP address within VLAN
  • Private IP addresses within VLAN
  • tcp/8112 (HTTPS)
CCA to Prism Central Private IP address or static private IP address
  • Prism Central IP address
  • tcp/443 (HTTPS)
CCA to Prism Element (on node where profile and personal disks are used) Private IP address
  • Prism Element IP address
  • tcp/443 (HTTPS)
▴ Workload VMs to Frame Platform Public IP address (NAT from private IP address), from perspective of Frame Platform
  • gateway-external-api-prod.frame.nutanix.com
  • img.frame.nutanix.com
  • prod-kds-5683567dcbd60804cb34.s3.us-east-1.amazonaws.com
  • prod-sup-5683567dcbd60804cb34.s3.us-east-1.amazonaws.com
  • logs-01.loggly.com (for event logging)
  • tcp/443 (HTTPS)
  • tcp/443 (HTTPS)
  • tcp/443 (HTTPS)
  • tcp/443 (HTTPS)
  • tcp/6514 (TLS)
▴ End user to Frame Platform Public IP address (NAT from private IP address if end user in private network), from perspective of Frame Platform
  • frame.nutanix.com
  • img.frame.nutanix.com
  • logs-01.loggly.com (for event logging)
  • tcp/443 (HTTPS)
  • tcp/443 (HTTPS)
  • tcp/6514 (TLS)
▴ Streaming Gateway Appliance (SGA) to Frame Platform Public IP address (NAT from private IP address), as seen by Frame Platform
  • cpanel-backend-prod.frame.nutanix.com
  • gateway-external-api-prod.frame.nutanix.com
  • tcp/443 (HTTPS)
  • tcp/443 (HTTPS)
▴ End user to Workload VM Private or public IP (if SGA used) address
  • Private IP address within VLAN
  • Public IP address (if SGA used)
  • tcp/443 (HTTPS, Secure Web Socket)
SGA to Workload VM Private IP address
  • Dynamic private IP addresses within VPC/VNET
  • tcp/443 (HTTPS, Secure Web Socket)

Note

Items with the ▴ symbol identify communication paths that traverse the public-private network boundary.