7 posts tagged with "sga"

In my previous blog posts I have outlined how the Frame™ Bring Your Own (BYO) Networking capability in Amazon Web Services (AWS) could be used to deploy a Frame account in a manner that would allow Frame-managed workload VMs to be connected to an existing private network. Recent addition of Frame Remoting Protocol (FRP) 8 has adjusted some of the ports and protocols used for workload connectivity. In this blog, I will update how the Frame Streaming Gateway Appliance (SGA) interacts with the new FRP8 networking environment.

Nutanix Frame® Desktop-as-a-Service (DaaS) has long supported private network workloads via the implementation of a Streaming Gateway Appliance (SGA). On public cloud infrastructure, this capability can be automatically deployed upon account creation. As a part of this process, the Frame platform creates a Network Address Translation (NAT) Gateway to ensure that the workloads have a way to communicate back to the Frame control plane residing on the Internet. When deployed, this NAT GW does not provide network administrators the ability to control or restrict the outbound web traffic of the workloads. By combining an autodeployed SGA with Amazon® Web Service's (AWS) Network Firewall solution, a network administrator can get fine grained control of the outbound web traffic for Frame-managed workloads and still allow them to contact the Frame control plane. This blog will demonstrate how this can be done.

Today, we are witnessing a number of companies building or moving their infrastructure to the public cloud. In one of our previous blog posts, my colleague David Horvath explained how you can “Bring Your Own Azure Network to Frame.” With BYO Networking, the Nutanix Frame® DaaS solution provisions Frame-managed workloads in your designated Microsoft Azure® VNet. Access to the workloads in that VNet remains within your private network.

For customers who want their users to access these workloads from the Internet without a VPN, Nutanix provides the Frame Streaming Gateway Appliance (SGA), a secure reverse proxy that supports the Frame Remoting Protocol (FRP) 7 (Secure WebSocket-based) and 8 (WebRTC-based). The SGA allows you to securely grant users access to virtualized applications and/or desktops running in the Azure private VNet without a VPN.

Nutanix Frame™ Desktop as a Service (DaaS) solution supports multiple networking models. One of the more popular networking models for enterprises is the Frame Private networking model. This model allows the Frame workload VMs to have private IP addresses on the enterprise private network and access private networking resources and it is the simplest way to inherit existing network security processes.

However, remote users still need a way to connect to these private networks. The traditional way of implementing this access is to deploy a VPN, but that requires implementing and maintaining software on the user endpoint devices and VPN connections can overload security products like firewalls.

Frame offers a Streaming Gateway Appliance (SGA) to meet this need, but some enterprises may wish to take advantage of the “security as a service” model offered by Zscaler, Inc. Zscaler offers a “DMZ as a service” solution that can provide DMZ type functionality without the complication involved in many DMZ deployments. The Zscaler® service maintains many certifications required by government agencies and it meets the rigorous standards required by the most security conscious organizations.

In this blog you will learn how Zscaler Private Access (ZPA) and Frame DaaS can work together to provide a remote access solution to a private cloud with a simplified administrative model while maintaining a high level of security.

In my previous blog, I outlined how the Nutanix Frame™ Bring Your Own (BYO) Networking capability in Amazon Web Services (AWS) could be used to deploy a Frame account in a manner that would allow it to be connected to an existing private network. In that post, I deployed a RDP bastion server so that I could access those private Frame workloads from an internet based machine since I had no private network.

In this blog, I will demonstrate how the Frame automated Streaming Gateway Appliance (SGA) deployment capability can be used to grant internet access to those same private workloads so that I no longer need the RDP bastion server to access the private network.

One of the most important aspects that any VDI or DaaS solution needs to address is how to allow users to securely access their virtual desktops and apps when using an external network. This is especially important when addressing work-from-home use cases.

Secure external access is typically achieved through a client VPN, site-to-site VPN, or a reverse proxy solution. The new Frame Streaming Gateway Appliance (SGA) is a reverse proxy solution that removes the need for a VPN. To understand the benefits of the Frame SGA, let's start with a review of how VPNs evolved.

One of the most important aspects that any VDI or DaaS solution needs to address is how to allow users to securely access their virtual desktops and apps when using an external network. This is especially important when addressing work-from-home use cases.

Secure external access is typically achieved through a client VPN, site-to-site VPN, or a reverse proxy solution. The new Frame Streaming Gateway Appliance (SGA) is a reverse proxy solution that removes the need for a VPN. To understand the benefits of the Frame SGA, let’s start with a review of how VPNs evolved.