Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.

Table of Contents

Bug Reference

serverASF JIRA


There are many VNC clients available, differing in their capabilities and operating system support. noVNC is a cross-platform VNC client, VNC platform independent clients can be Java-based VNC clients like RealVNC or TightVNC, or web-based VNC clients like noVNC. noVNC is an HTML5 based remote desktop web client which can communicate with a remote VNC server via WebSockets. VNC server in qemu doesn't support WebSockets and there must be a WebSocket proxy placed between the client and VNC server. This is done by the Console Proxy server acting as a generic WebSockets to TCP bridge.

Why noVNC for Cloudstack ?

  • noVNC uses websocket connections, so we avoid the continuous polling.
  • Its has a better UI than the current console.
  • In addition to basic console support provided by the current console, it also provides additional features like copy/paste.
  • Compatible with all the modern browsers ( not IE 10 ).
  • Secure communication is ensured by using TLS.


  1. Adding noVNC support to cloudstack Console Proxy server.
  2. Adding SSL/TLS support.
  3. Creating new SystemVm.iso which will include the noVNC support


Document History

V1.0Sachin Patil01-Aug-2017Initial Draft

Functional Requirements

  1. Users should be able to access the host via noVNC

Architecture and Design description


  • Step 1 : 
    1. Added an extra parameter ( websocketconsole=true ) to the console access url which will trigger noVNC console instead of the current console.

  • Step 2 :
    1. The Server replies with the Console Proxy server IP with context /novnc  and a encrypted token containing information regarding the host IP, port and password.

  • Step 3, 4 :
    1. The Client sends the console proxy server a request with the encrypted token.
    2. The server responds with the noVNC resources , refer  NoVncConsoleHandler

  • Step 5 :
    1. noVNC initiates a websocket connection with the console proxy server with the token, included in class. 

  • Step 6 :
    1. CPVM decrypts the token verifies it establishes a sockets connection with the host.
    2. Handshake process : The host running the VNC server responds with the RFB protocol version ( we support 3.x) to the CPVM and CPVM replies to the client ( browser ) with the same version.
    3. Authentication Process : server is initialised normally with the password provided by the token. noVNC is initialised by sending parameters for noauth connection by the ConsoleProxy server.

  • Step 7 : 
    1. After both the browser and VNC server on host are authenticated correctly we start proxying everything from browser to VNC server and vice versa.

Additional Changes 

  • Created a new SystemVM with noVNC support added to it
  • Started a new jetty server for Console proxy server with websocket and SSL/TLS support enabled

Working Model Sample

  • Trying to access Host QEMU ( v-14-VM ) with enccrypted connection to domain the consoleProxy domain ( )



Link to Pull Request