Native HTML5 consoles for VMware
vSphere 5.5 introduced support for native HTML5 consoles which is leveraged by the vSphere Web Client. We will refer to this new console type as "WebMKS" and this blueprint is about adding support for WebMKS consoles in the Nova driver.
There are number of problems with the current approach which provides VNC consoles to instances running on VMware hypervisors:
1. Deployment - cloud operators need to open a huge range of ports (5900-6105) in the firewall configuration on each ESXi host. Additionally, they need to create and install a special VIB package for the firewall modifications to persist after reboot. The whole thing creates a huge security risk because we rely only on the fact that all ESXi hosts will run into a private network that will be inaccessible to the cloud users.
2. Scalability - the Nova driver needs to allocate a unique VNC port for each instance and this is done by querying all allocated ports on the vCenter while holding a lock in the driver. Needless to say, this doesn't scale well.
3. Security - we can prevent race conditions for port allocations occurring on the same nova-compute but there is no way to do this between several nova-computes. This creates a possibility for allocating the same VNC port to different instances and if these instances end up on the same ESXi host somehow, one user can hijack the console of another user.
All of the above problems don't stand with WebMKS consoles. The proposal is to add a new API that will return WebMKS connect information similar to how we return connection information for other types of consoles like VNC and RDP. The VMware driver will continue to support VNC consoles for users running vSphere 5.1.
Blueprint information
- Status:
- Complete
- Approver:
- John Garbutt
- Priority:
- Low
- Drafter:
- Radoslav Gerganov
- Direction:
- Approved
- Assignee:
- Radoslav Gerganov
- Definition:
- Approved
- Series goal:
- Accepted for liberty
- Implementation:
- Implemented
- Milestone target:
- 12.0.0
- Started by
- Radoslav Gerganov
- Completed by
- John Garbutt
Related branches
Related bugs
Sprints
Whiteboard
Spec reviews:
Addressed by: https:/
VMware: Native HTML5 consoles for VMware
Addressed by: https:/
Consolidate the APIs for getting consoles
*******
Gerrit topic: https:/
Addressed by: https:/
Add MKS protocol for remote consoles
Addressed by: https:/
Add MKS console support
Addressed by: https:/
VMware: implement get_mks_console()
Standalone proof-of-concept is available here:
https:/
Work Items
Dependency tree
* Blueprints in grey have been implemented.