One of the most important aspects that any VDI or DaaS solution needs to address is how to allow users to securely access their virtual desktops and apps when using an external network. This is especially important when addressing work-from-home use cases.
Secure external access is typically achieved through a client VPN, site-to-site VPN, or a reverse proxy solution. The new Frame Streaming Gateway Appliance (SGA) is a reverse proxy solution that removes the need for a VPN. To understand the benefits of the Frame SGA, let’s start with a review of how VPNs evolved.
What is a VPN?
A VPN (virtual private network) is simply the extension of a private network to a remote device or site over a public network. This 25 year old technology was initially popularized by larger organizations looking to provide secure communications and access to corporate resources for employees in remote offices (see Figure 1 below). Over the years, new and different encryption and protocol standards were introduced, as were consumer-oriented VPN solutions in response to data privacy and internet censorship concerns.
Figure 1. Common VPN Deployment Models
Securing a VPN Deployment
Traditionally, organizations would only provide VPN access on an as-needed basis for select use cases where there is an end-to-end trust model in place. Over the years, as mobile, work-from-home, and third-party contractor and vendor access use cases became more prevalent, IT network administrators were being asked to provide more users with external access via their VPN solution. Since each VPN connection was another external ingress point into their organization’s private network, securing and auditing these connections became increasingly important. This is where two-factor and multi-factor authentication, as well as endpoint analysis scanning solutions, became part of the equation in an effort to improve the “trustworthiness” of the connection. However, by that point, the security problem with VPNs was already abundantly clear - it is only as strong as the weakest link.
VPNs in the Era of COVID
With over 40% of the U.S. workforce now working from home full-time due to COVID-19 1, the demand and usage of VPNs has understandably skyrocketed, exacerbating the associated security concerns. What was previously a tool that was granted on an exception basis has now become the standard work-from-home solution for many organizations.
Further compounding the issue is the increased demand to support BYOD, which by definition are untrusted devices.
Rein in your VPN use with Frame Streaming Gateway Appliance!
For many of our customers, VPNs are also how their users externally access their Nutanix Frame workloads when those workload VMs are deployed on private networks.
As an alternative to VPN access, we released our Frame Streaming Gateway Appliance (SGA) last year in Early Access to provide a secure reverse proxy solution for the Frame Remoting Protocol (FRP). Now, with the release of version 2.1.3, we are very excited to announce that the Frame SGA is now officially Generally Available across all supported infrastructure platforms (Nutanix AHV, Azure, AWS, and GCP)!
The Frame SGA is hosted on a virtual Linux appliance and can be deployed in a highly-available setup by leveraging a L2 - L4 load-balancing solution. When deploying to public cloud infrastructure, Frame Accounts can be automatically configured with up to four load-balanced SGAs (see Figure 2 below).
Figure 2. Frame SGA Reference Architecture with Workloads in Public Cloud
By leveraging the Streaming Gateway Appliance, Nutanix Frame customers can significantly reduce (and potentially eliminate) their dependencies on client VPNs. User access to internal apps and data can be decoupled from their physical endpoint device by remotely accessing a VM hosted in their organizations private, hybrid, or public cloud infrastructure, managed by Frame, and delivered securely via FRP through the Streaming Gateway Appliance. This not only improves the overall security posture of an organization, but it also drives agility and flexibility in terms of enabling BYOD initiatives, centralizing OS and app updates, and providing a consistent user experience regardless of whether the user is working from home or in the office.
And the best part of the Frame SGA? Entitlement to use the SGA for any or all of your Frame Accounts are already included with your Frame subscription! There is no additional licensing or subscription cost required.
If you are an existing Nutanix Frame customer and would like to leverage the Frame Streaming Gateway Appliance for your environment, please follow the deployment instructions (as well as sizing and scalability guidelines) available here!
1 May Wong. “Stanford research provides a snapshot of a new working-from-home economy.” Stanford News, 29 Jun. 2020, news.stanford.edu/2020/06/29/snapshot-new-working-home-economy. Accessed 16 Dec. 2020.
© 2020 Nutanix, Inc. All rights reserved. Nutanix, the Nutanix logo, and all Nutanix product and service names are registered trademarks or trademarks of Nutanix, Inc. in the United States and other countries. All other brand names mentioned herein are for identification purposes only and may be the trademarks of their respective holder(s). This post may contain links to external websites that are not part of Nutanix.com. Nutanix does not control these sites and disclaims all responsibility for the content or accuracy of any external site. Our decision to link to an external site should not be considered an endorsement of any content on such a site. Certain information contained in this post may relate to or be based on studies, publications, surveys and other data obtained from third-party sources and our own internal estimates and research. While we believe these third-party studies, publications, surveys and other data are reliable as of the date of this post, they have not independently verified, and we make no representation as to the adequacy, fairness, accuracy, or completeness of any information obtained from third-party sources.