Listen to Phil Ditzel, Sales Specialist at Nutanix discuss how to implement a work from home environment in a timely, effective, and secure manner with Nutanix's desktop as a service (DaaS), Xi Frame.
Speaker 1: On behalf of Nutanix and Carahsoft, we would like to welcome you to today's podcast, focused around working from home with Nutanix, where Phil Ditzel, sales specialist at Nutanix, will discuss how to implement a work-from-home environment in a timely, effective, and secure manner with Nutanix's Desktop-as-a-Service Xi Frame.
Phil Ditzel: Good morning, good afternoon, everybody. This is Phil Ditzel from Nutanix. I run our Frame Public Sector sales. Frame is Nutanix's offering for desktop application Delivery-as-a-Service that has exploded, frankly, since COVID-19 work-from-home in all different sectors of commercial, state, local and government, for sure.
So, to step back from Frame for a second, let's talk about virtual desktop infrastructure and Nutanix. A lot of our early business is tied to traditional steady-state VDI platforms, broker Citrix and Horizon View. We've built, in the early days, into our core HCI platform, methods to mitigate things like Boot Storm with Horizon View, Citrix supports Nutanix AAG hypervisor, a tier one hypervisor. With Citrix on top of our core platform, you can run AGs, vSphere, Hyper-V. So steady-state traditional all of the capacity behind your firewall. A lot of management of the stack on that side.
Where we're going is Nutanix Xi Frame. It is our platform to deliver against desktops applications. The core tenant of our platform is a control plane in the cloud that is part broker, part automation, and part management suite. With Frame, you can enable the true multi-hybrid clouds to deliver desktops and service to your customers and clients. The background of Frame, Nutanix purchased Mainframe2 about two years ago. Prior to the acquisition, Mainframe2 had three year work stream from an organization called In-Q-Tel, so they were doing a lot of work with the IT community frame on essentially CQS.
So, what is Nutanix Xi Frame? It's a platform that detects runs 24 hours a day, seven days a week, to help deliver Windows desktops, Windows applications, Linux desktops. The end point in the bulk of the case, it becomes largely irrelevant. Most folks just need an HTML5 web browser to consume and have a live interactive video beam to it for a desktop and application. There are cases where folks need [captive 00:02:44] authentication. We have a Windows app that helps with a captive.
So, there's two parts to Frame, two versions of Frame. There's one in commercial cloud that follow this on support. There a separate version of the Frame control plane in GovCloud. That version in GovCloud is FedRAMP moderate, and sponsored by the CIO of U.S. Patent and Trade. The package is available in the FedRAMP marketplace. The federal government can request the package, leverage the ATO JPAL audits, and system design assertion documents.
So, we have sent you the ability to support commercial and GovCloud resources. So, Frame does turn on a true MultiAd cloud. We support Microsoft Azure, Amazon, AWS, Google Cloud platform, GCP, and Nutanix HCI. It's behind the firewall, with the YouConnect AAG hypervisor running. So, you can select the best location to deliver the desktops burst, spit up in the cloud quickly, but play steady state folks on prime.
On the cloud side, we support from the GovCloud control plane, AWS gov, Azure gov, GCP, actually all of their regions CONUS. The control plane is in an ITAR region in GovCloud. It's actually technically AWS US West. So, there's all kind of controls and administrations in place for the control plane, for sure. The choice in the public and private cloud, Schultz has spun up Frame, use Frame for spin up desktops for quick remote access. Burst, States, GPU back workloads. Spinning Frame up aiding the graphics intensive applications on GPS in the cloud is actually a pretty easy process. Frame leverages what's called instance types, in all the cloud providers, all the instance types such as GPU back machine type. And an admin can essentially swipe right or left, and turn on or turn off the use of those instance types, which is really easily done.
If you need to deploy desktops that are geographically disperse, CONUS, you absolutely can do such from a GovCloud control plane. You can actually also deploy new tanks to HCI or CONUS and tie Frame into that capacity. The commercial side, we support roughly 72 data centers or regions. CONUS and OCONUS to deliver desktops and applications. Frame tie to tanks on-prem, that box on the left, really turns out things like data locality, making sure that the desktops and user data are as close as possible, maybe deploy for steady state folks, people are on for eight hours a day, or kind of security concerns.
Either way, Frame will essentially... One control plane will allow you to tie in on both cloud and on-prem capacity. I have one easy to use interface, one unified view to manage the desktop and application delivery. And really the most powerful thing of Frame is that the control plane abstracts the cloud capacity that Nutanix on-prem, so everything looks exactly the same from the admin perspectives, that we won't have to do different interfaces.
There's actually a rendering of what's called Dashboard, the backend of Frames control plane to manage an account or pool. Everything for Frame has been rendered as slights, sliders or up and down arrows. You don't need to have a PhD in end-user computing to run Frame by any means. So from this view, you can onboard applications as you power on what we call a sandbox. It's the gold image. Ron, application installers in the sandbox VM, MXI's or EXE's frame the text when a new application has been installed in the sandbox, and t just pops up the icon, the list on the right side, which you can see in this rendering, those applications. You can customize the image any way you need to. When it's time to push out the new image, you hit the publish button. Frames' automation kicks in, it will tell the cloud provider or Frames tied into, or Nutanix HCI on prem, to start stamping out new copies of the base machine.
Frame could be put into modes, deliver non-persistent desktops, more of a churn and burn state. When a user logs off, the machine will get snapped back to the gold state. You can place pools into persistent mode when you need to update those persistent desktops, you'll just do a discreet management of each machine as you normally would with patch tools. For non-persistent mode, you actually pass the sandbox and hit publish. You can toss it in your Windows update scripts or whatever else, whatever tools you're using to that one machine. And it's a one-stop shop. We also have a mode that can have non-persistent desktops with layered profile persona disc. You really have best of both worlds. People can set their customized settings, and have that non-persistent image.
Frame was built for the public cloud first and we added on-prem later. And so, all of the capacity controls are set up to help you control cloud spin. You don't want to have IO resources running 24/7. If you get that Frame to burst, and power up capacity as you just start connecting, you get that time of day rules, and you can set the fall capacity off hours based on each instance type, for maximum flexibility for sure. So on the user perspective, Frames or protocol, the way we deliver a live interactive video to a user's browser by default is actually built to encode drone feeds a long time ago, and deploy them to folks downrange, over satellite links. The protocol can be more thought of is like Netflix as a service, where we are essentially coding and delivering a live active video stream to the browser, an HTML 5 browser for... Since Max eases of use for sure.
So, the remoted protocol auto magically adjust to each user's particular network configuration and situation. It'll detect bandwidth, latency, and adjust to each user's conditions. And admin can set guardrails on a pool to maybe turn down the amount of frames per second, or bandwidth used. But in reality, the remoted protocol has been tested, and use over long haul links. Folks sitting CONUS connected to desktops, OCOHONUS with very high industry to applications and the experience is fantastic.
So, with Frame there is a customer choice at each step to onboard. It is a bit of a pick your adventure to be fair. And you can pivot at each choice. You're not locked into one direction, which is a very powerful thing. So again, Frame turns on the true multi-hybrid cloud. Step one is pick your infrastructure. We have folks that are timeframe into the public cloud, and on-prem, a couple of public cloud accounts. You have max flexibility, tying into the cloud is actually a pretty trivial process. Once Frame is tied into your cloud account, AWS account, Azure subscription, or GCP project, or to tax AGI. We spin out a machine called a sandbox that base image.
That's who is authorization of users, Frame supports a protocol called SAML too, to the standard on the internet for federated identity providers. So, you can turn on things like multifactor authentication, at your identity provider, is active support. We support active directory, federated services, Azure AD, Okta, Duo, Centrify. One customer coming up with SAML provider. So, anything that supports that all we can tie into. So, it's a one-stop shop for your users, so their username and password. So again, the two factor authentication. You will see all past fail attempts, and Frame will receive what's called a SAML assertion, which you can configure to send attributes of a user.
Inside the Frame control plane, you can write a little rules engine to evaluate attributes, and grant users access to what we call launch pads. Launch pads are that experience of the user, either full desktops or particular applications. Step three is bring images in certain cases and applications of licenses, in all cases. One Frame is tied to AHV. You can run Windows 10. When Frame is tied to Azure, Windows 10 do a Microsoft compliance. AWS and GCP are Windows server images.
Frame has a notion of what's called the utility server. So, you could spin up a steady state virtual machines that are co-located in the same virtual private cloud as the desktops. You can use it as a license server or application server. Step four is a pretty important thing for end-user computing. That would be, we allow or have native support for OneDrive, Box Google Drive. You can also do domain join desktops, and tie in SIPS SMB shares for sure.
And last up is delivery of the experience to users, so by default, everybody uses HTML5 web browsers. In the case of CIV or DOD, is a Frame app that can pass through [Keckpiz 00:12:35] cards, do the sessions, or email signing and authorizations of web services. So, on the commercial control plane, Frame can tie into 72 plus data centers or regions, CONUS and OCOHONUS GovCloud ties to the GovCloud regions. All OCOHONUS GCP has done some work to federate moderate some of their regions OCOHONUS. But you have actually flexibility in delivering the experience for sure. And have desktops geographically close to mission if that's necessary.
On the security front, I mentioned the GovCloud control plane is FedRAMP moderate today. And you've got to get and request the package from the FedRAMP marketplace. Part of the FedRAMP, We turn on FIPs 140/2 mode, or data rest encryption. It's actually done on the cloud side and on-prem. The remoting protocol to deliver the experience between a user's browser, and a virtual desktop in the cloud on prem is secured by GLS1.3, which is actually above the standard for FedRAMP moderate. Is it point to point connection between the user's browser and the end machine. We do not intercept or trombone the remoting protocol session. So, a user is that you have in direct connects, which drives down latency and gives you the experience.
The control plane and the multi-tenant environment in particular customer's tenant, is role-based access control. You can essentially grant access to particular folks at each level, either user or admin, all roles go from North South. There's no traversal East West. And again, the control plane in GovCloud can tie into AWS Gov, Azure Gov, GCP, FedRAMP regions.
Let's see a description of the platform hierarchy. So again, the control plane is a multi-tenant environment. We subscribed to the service. You are configured as a customer in the apex of your tenant. And below that customer, you can create your own multi-tenant environment. The customer has essentially super admins. First is just the person receiving the initial invite once the subscription's transacted, and that person can invite other super admins to the customer level.
Below that is organization, which could be business units. It could be missions, it could be the developers, whatever you need to split out. Grant discrete access is admin or a user level for the org. And below that is a notion of account, it's actually capacity, cloud, or on-prem, a sandbox users and associated desktops. An org can have multiple accounts provisioned in, multiple images in the cloud, or on prem, or a mixture of cloud and on-prem capacity. Scaling is actually a really trivial process. It is the notion of adding another cloud account and Frame looks at spinning up the resources if necessary. So, you can start small and certain linearly scaling your cloud or on-prem capacity with Frame, really drives down the complexity of delivering end user computing experience for work from home for sure.
Speaker 1: Thanks for listening. If you would like more information on how Carahsoft or Nutanix can assist your government organization, please visit http://www.carahsoft.com or email us at nutanix@carahsoft.com. Thanks again for listening and have a great day.