OpenStack ManualsOpenStack Cloud Administrator Guide  - current

  Atom feed of this document
  
 

 VNC console proxy

About nova-consoleauth
Typical deployment
VNC configuration options
nova-novncproxy (noVNC)
Frequently asked questions about VNC access to virtual machines

The VNC proxy is an OpenStack component that enables compute service users to access their instances through VNC clients.

The VNC console connection works as follows:

  1. A user connects to the API and gets an access_url such as, http://ip:port/?token=xyz.

  2. The user pastes the URL in a browser or uses it as a client parameter.

  3. The browser or client connects to the proxy.

  4. The proxy talks to nova-consoleauth to authorize the token for the user, and maps the token to the private host and port of the VNC server for an instance.

    The compute host specifies the address that the proxy should use to connect through the nova.conf file option, vncserver_proxyclient_address. In this way, the VNC proxy works as a bridge between the public network and private host network.

  5. The proxy initiates the connection to VNC server and continues to proxy until the session ends.

The proxy also tunnels the VNC protocol over WebSockets so that the noVNC client can talk to VNC servers. In general, the VNC proxy:

  • Bridges between the public network where the clients live and the private network where VNC servers live.

  • Mediates token authentication.

  • Transparently deals with hypervisor-specific connection details to provide a uniform client experience.

     

    Figure 4.7. noVNC process


Questions? Discuss on ask.openstack.org
Found an error? Report a bug against this page
Legal notices
loading table of contents...