Native HTML5 consoles for VMware

Registered by Radoslav Gerganov

vSphere 5.5 introduced support for native HTML5 consoles which is leveraged by the vSphere Web Client. We will refer to this new console type as "WebMKS" and this blueprint is about adding support for WebMKS consoles in the Nova driver.

There are number of problems with the current approach which provides VNC consoles to instances running on VMware hypervisors:

1. Deployment - cloud operators need to open a huge range of ports (5900-6105) in the firewall configuration on each ESXi host. Additionally, they need to create and install a special VIB package for the firewall modifications to persist after reboot. The whole thing creates a huge security risk because we rely only on the fact that all ESXi hosts will run into a private network that will be inaccessible to the cloud users.

2. Scalability - the Nova driver needs to allocate a unique VNC port for each instance and this is done by querying all allocated ports on the vCenter while holding a lock in the driver. Needless to say, this doesn't scale well.

3. Security - we can prevent race conditions for port allocations occurring on the same nova-compute but there is no way to do this between several nova-computes. This creates a possibility for allocating the same VNC port to different instances and if these instances end up on the same ESXi host somehow, one user can hijack the console of another user.

All of the above problems don't stand with WebMKS consoles. The proposal is to add a new API that will return WebMKS connect information similar to how we return connection information for other types of consoles like VNC and RDP. The VMware driver will continue to support VNC consoles for users running vSphere 5.1.

Blueprint information

Status:
Complete
Approver:
John Garbutt
Priority:
Low
Drafter:
Radoslav Gerganov
Direction:
Approved
Assignee:
Radoslav Gerganov
Definition:
Approved
Series goal:
Accepted for liberty
Implementation:
Implemented
Milestone target:
milestone icon 12.0.0
Started by
Radoslav Gerganov
Completed by
John Garbutt

Related branches

Sprints

Whiteboard

Spec reviews:
Addressed by: https://review.openstack.org/127283
    VMware: Native HTML5 consoles for VMware
Addressed by: https://review.openstack.org/141065
    Consolidate the APIs for getting consoles

*************************

Gerrit topic: https://review.openstack.org/#q,topic:bp/vmware-webmks-console,n,z

Addressed by: https://review.openstack.org/199129
    Add MKS protocol for remote consoles

Addressed by: https://review.openstack.org/203006
    Add MKS console support

Addressed by: https://review.openstack.org/204059
    VMware: implement get_mks_console()

Standalone proof-of-concept is available here:
https://github.com/rgerganov/mks

(?)

Work Items

Dependency tree

* Blueprints in grey have been implemented.

This blueprint contains Public information 
Everyone can see this information.