Bug Reference
CLOUDSTACK-10025
-
Getting issue details...
STATUS
Introduction
There are many VNC clients available, differing in their capabilities and operating system support. noVNC is a cross-platform VNC client, VNC platform independent clients can be Java-based VNC clients like RealVNC or TightVNC, or web-based VNC clients like noVNC. noVNC is an HTML5 based remote desktop web client which can communicate with a remote VNC server via WebSockets. VNC server in qemu doesn't support WebSockets and there must be a WebSocket proxy placed between the client and VNC server. This is done by the Console Proxy server acting as a generic WebSockets to TCP bridge.
Why noVNC for Cloudstack ?
- noVNC uses websocket connections, so we avoid the continuous polling.
- Its has a better UI than the current console.
- In addition to basic console support provided by the current console, it also provides additional features like copy/paste.
- Compatible with all the modern browsers ( not IE 10 ).
- Secure communication is ensured by using TLS.
Goals
- Adding noVNC support to cloudstack Console Proxy server.
- Adding SSL/TLS support.
- Creating new SystemVm.iso which will include the noVNC support
References
Document History
Version | Author | Date | Changes |
---|
V1.0 | Sachin Patil | 01-Aug-2017 | Initial Draft |
Functional Requirements
- Users should be able to access the host via noVNC
Architecture and Design description
Design
- Step 1 :
- Added an extra parameter ( websocketconsole=true ) to the console access url which will trigger noVNC console instead of the current console.
- Step 2 :
- The Server replies with the Console Proxy server IP with context /novnc and a encrypted token containing information regarding the host IP, port and password.
- Step 3, 4 :
- The Client sends the console proxy server a request with the encrypted token.
- The server responds with the noVNC resources , refer NoVncConsoleHandler.
- Step 5 :
- noVNC initiates a websocket connection with the console proxy server with the token, included in class.
- Step 6 :
- CPVM decrypts the token verifies it establishes a sockets connection with the host.
- Handshake process : The host running the VNC server responds with the RFB protocol version ( we support 3.x) to the CPVM and CPVM replies to the client ( browser ) with the same version.
- Authentication Process : server is initialised normally with the password provided by the token. noVNC is initialised by sending parameters for noauth connection by the ConsoleProxy server.
- Step 7 :
- After both the browser and VNC server on host are authenticated correctly we start proxying everything from browser to VNC server and vice versa.
Additional Changes
- Created a new SystemVM with noVNC support added to it
- Started a new jetty server for Console proxy server with websocket and SSL/TLS support enabled
Working Model Sample
- Trying to access Host QEMU ( v-14-VM ) with enccrypted connection to domain the consoleProxy domain ( gsocsachin.com )
Link to Pull Request