GENERAL NUTANIX FRAME REQUIREMENT
Nutanix Frame is VDI solution from Nutanix and work as a desktop-as-a -service, allow to access your app from any location anytime from the web browsers or client.
There are several key differences:
- Unlike traditional VDI brokers (e.g., Citrix, VMware), Frame is built for the cloud, web scale, and multi-tenancy from the start.
- Frame is a service; it can not run workloads that are not connected to the hosted service.
- Citrix Cloud and Horizon Cloud implementations require complicated setup and are hard to deploy. They also have significant overhead on each cluster.
- Frame can manage all your desktops, hosted on private and public infrastructure, from a single administrative user interface.

1) IP Requirement :
Sr.No | VM | Private | Public |
1 | CCA | Y | N |
2 | Sandbox | Y | N |
3 | SGA | Y | Y |
For SGA : NATING needs to be done with private IP and Public IP so end user should reach to SGA upon sending request via Subdomain on tcp/443
2) Subdomain Requirement :
Customer need to create one subdomain and corresponding public IP address for SGA.Customer adds the SGA subdomain as Wildcard DNS entry with Corresponding public IP address to their public DNS server.
3) SSL Certificate Requirement :
Customer obtains SGA public key certificate.
From Public Certificate we need below details to update YAML configuration file (attached sample YAML File),
• The Certificate (Trusted Root, Intermediate and Wildcard Certificate)• The Private Key• The public Fully Qualified Domain Name of the SGA that resolves in public DNS. (Example: sga.company.com)• The WORKLOAD CIDR from (Classless Inter-Domain Routing) the Frame Account (Example: 172.31.21.0/24)
4) Firewall Requirement
For external users to reach the SGA and therefore the workload VMs in the private VLAN customer firewall need to forward port 443 from SGA Public IP to Private IP of SGA.
A) If SGA is in seperate/different VLAN then SGA must forward port 443 from SGA to Workload VLAN (Containing Sandbox,CCA)B) If SGA, Sandbox and CCA is in same VLAN then everyone should communicate with each other.
5) FQDN :
1) Confirm customer DNS can resolve Frame control plane FQDNs per network protocol/port requirements
Xi Frame (Commercial)
● cpanel-backend-prod.frame.nutanix.com
● gateway-external-api-prod.frame.nutanix.com
● ccc-bridge-external-prod.frame.nutanix.com
● ccc-prod.frame.nutanix.com
● nutanixframe.com
2) Confirm CCA can reach Frame Platform per network protocol/port requirements.The following FQDNs are required via tcp/443 and Secure Web Sockets:
Xi Frame (Commercial)
● frame.nutanix.com
● cpanel-backend-prod.frame.nutanix.com
● gateway-external-api-prod.frame.nutanix.com
● ccc-bridge-external-prod.frame.nutanix.com
● ccc-prod.frame.nutanix.com
Reference :-