Resources

Arrow Image

Blog & News

Arrow Image

Eliminate Your VPN Access to Frame

Eliminate Your VPN Access to Frame

One of the most important aspects that any VDI or DaaS solution needs to address is how to allow users to securely access their virtual desktops and apps when using an external network. This is especially important when addressing work-from-home use cases.

News & Blog

WRITTEN BY

Yangzhi Zhao

VP of Product & Marketing, Dizzion

January 3, 2021

TABLE OF CONTENT

Secure external access is typically achieved through a client VPN, site-to-site VPN, or a reverse proxy solution. The new Frame Streaming Gateway Appliance (SGA) is a reverse proxy solution that removes the need for a VPN. To understand the benefits of the Frame SGA, let's start with a review of how VPNs evolved.

What is a VPN?

A VPN (virtual private network) is simply the extension of a private network to a remote device or site over a public network. This 25 year old technology was initially popularized by larger organizations looking to provide secure communications and access to corporate resources for employees in remote offices (see Figure 1 below). Over the years, new and different encryption and protocol standards were introduced, as were consumer-oriented VPN solutions in response to data privacy and internet censorship concerns.

Figure 1. Common VPN Deployment Models
Figure 1. Common VPN Deployment Models

Securing a VPN Deployment

Traditionally, organizations would only provide VPN access on an as-needed basis for select use cases where there is an end-to-end trust model in place. Over the years, as mobile, work-from-home, and third-party contractor and vendor access use cases became more prevalent, IT network administrators were being asked to provide more users with external access via their VPN solution. Since each VPN connection was another external ingress point into their organization's private network, securing and auditing these connections became increasingly important. This is where two-factor and multi-factor authentication, as well as endpoint analysis scanning solutions, became part of the equation in an effort to improve the “trustworthiness” of the connection. However, by that point, the security problem with VPNs was already abundantly clear - it is only as strong as the weakest link.

VPNs in the Era of COVID

With over 40% of the U.S. workforce now working from home full-time due to COVID-191, the demand and usage of VPNs has understandably skyrocketed, exacerbating the associated security concerns. What was previously a tool that was granted on an exception basis has now become the standard work-from-home solution for many organizations.

Further compounding the issue is the increased demand to support BYOD, which by definition are untrusted devices.

Rein in your VPN use with Frame Streaming Gateway Appliance!

For many of our customers, VPNs are also how their users externally access their Nutanix Frame workloads when those workload VMs are deployed on private networks.

As an alternative to VPN access, we released our Frame Streaming Gateway Appliance (SGA) last year in Early Access to provide a secure reverse proxy solution for the Frame Remoting Protocol (FRP). Now, with the release of version 2.1.3, we are very excited to announce that the Frame SGA is now officially Generally Available across all supported infrastructure platforms (Nutanix AHV, Azure, AWS, and GCP)!

The Frame SGA is hosted on a virtual Linux appliance and can be deployed in a highly-available setup by leveraging a L2 - L4 load-balancing solution. When deploying to public cloud infrastructure, Frame Accounts can be automatically configured with up to four load-balanced SGAs (see Figure 2 below).

Figure 2. Frame SGA Reference Architecture with Workloads in Public Cloud
Figure 2. Frame SGA Reference Architecture with Workloads in Public Cloud

By leveraging the Streaming Gateway Appliance, Nutanix Frame customers can significantly reduce (and potentially eliminate) their dependencies on client VPNs. User access to internal apps and data can be decoupled from their physical endpoint device by remotely accessing a VM hosted in their organizations private, hybrid, or public cloud infrastructure, managed by Frame, and delivered securely via FRP through the Streaming Gateway Appliance. This not only improves the overall security posture of an organization, but it also drives agility and flexibility in terms of enabling BYOD initiatives, centralizing OS and app updates, and providing a consistent user experience regardless of whether the user is working from home or in the office.

And the best part of the Frame SGA? Entitlement to use the SGA for any or all of your Frame Accounts are already included with your Frame subscription! There is no additional licensing or subscription cost required.

If you are an existing Nutanix Frame customer and would like to leverage the Frame Streaming Gateway Appliance for your environment, please follow the deployment instructions (as well as sizing and scalability guidelines) available here!

Of course if you haven't tried Frame yet, take Frame for a spin today via Test Drive or sign-up for a free 30-day trial at My Nutanix.

About the Author

Dizzion

Dizzion was founded in 2011 with a visionary mission to redefine the way the world works.

In an era of legacy Virtual Desktop Infrastructure (VDI), Dizzion set out to challenge the status quo by making it simple for all customers to transform their workspace experience. By building a powerful automation and services platform on top of the VMware stack, Dizzion delivered virtual desktops as a service before Desktop as a Service (DaaS) even existed.

Yangzhi Zhao

VP of Product & Marketing, Dizzion

Yangzhi 'Z' Zhao is the VP of Product & Marketing at Dizzion responsible for product management, product marketing, product enablement, and GTM strategy. With over 15 years in the end-user computing (EUC) industry, Z started his career at Citrix. There, within the consulting service organization, he supported hundreds of clients with their Citrix deployments as a Field Architect. After leaving Citrix, Z served as SVP of Business Development at Cloud Nine, a NYC-based consulting firm specializing in EUC. Prior to joining Dizzion in June 2023 (as part of the acquisition and merger with Frame), he was the Director of Product for Frame at Nutanix. An alumnus of the University of Michigan, Z currently lives in the Metro Detroit area with his wife and son.

More about the author

Subscribe to our newsletter

Register for our newsletter now to unlock the full potential of Dizzion's Resource Library. Don't miss out on the latest industry insights – sign up today!