Native HTML5 consoles for VMware

Registered by Radoslav Gerganov

vSphere 5.5 introduced support for native HTML5 consoles which is leveraged by the vSphere Web Client. We will refer to this new console type as "WebMKS" and this blueprint is about adding support for WebMKS consoles in the Nova driver.

There are number of problems with the current approach which provides VNC consoles to instances running on VMware hypervisors:

1. Deployment - cloud operators need to open a huge range of ports (5900-6105) in the firewall configuration on each ESXi host. Additionally, they need to create and install a special VIB package for the firewall modifications to persist after reboot. The whole thing creates a huge security risk because we rely only on the fact that all ESXi hosts will run into a private network that will be inaccessible to the cloud users.

2. Scalability - the Nova driver needs to allocate a unique VNC port for each instance and this is done by querying all allocated ports on the vCenter while holding a lock in the driver. Needless to say, this doesn't scale well.

3. Security - we can prevent race conditions for port allocations occurring on the same nova-compute but there is no way to do this between several nova-computes. This creates a possibility for allocating the same VNC port to different instances and if these instances end up on the same ESXi host somehow, one user can hijack the console of another user.

All of the above problems don't stand with WebMKS consoles. The proposal is to add a new API that will return WebMKS connect information similar to how we return connection information for other types of consoles like VNC and RDP. The VMware driver will continue to support VNC consoles for users running vSphere 5.1.

Blueprint information

John Garbutt
Radoslav Gerganov
Radoslav Gerganov
Series goal:
Accepted for liberty
Milestone target:
milestone icon 12.0.0
Started by
Radoslav Gerganov
Completed by
John Garbutt

Related branches



Spec reviews:
Addressed by:
    VMware: Native HTML5 consoles for VMware
Addressed by:
    Consolidate the APIs for getting consoles


Gerrit topic:,topic:bp/vmware-webmks-console,n,z

Addressed by:
    Add MKS protocol for remote consoles

Addressed by:
    Add MKS console support

Addressed by:
    VMware: implement get_mks_console()

Standalone proof-of-concept is available here:


Work Items

Dependency tree

* Blueprints in grey have been implemented.

This blueprint contains Public information 
Everyone can see this information.