Atom feed of this document
 

 VNC console proxy

The VNC proxy is an OpenStack component that enables compute service users to access their instances through VNC clients.

The VNC console connection works as follows:

  1. A user connects to the API and gets an access_url such as, http://ip:port/?token=xyz.

  2. The user pastes the URL in a browser or uses it as a client parameter.

  3. The browser or client connects to the proxy.

  4. The proxy talks to nova-consoleauth to authorize the token for the user, and maps the token to the private host and port of the VNC server for an instance.

    The compute host specifies the address that the proxy should use to connect through the nova.conf file option, vncserver_proxyclient_address. In this way, the VNC proxy works as a bridge between the public network and private host network.

  5. The proxy initiates the connection to VNC server and continues to proxy until the session ends.

The proxy also tunnels the VNC protocol over WebSockets so that the noVNC client can talk VNC.

In general, the VNC proxy:

  • Bridges between the public network where the clients live and the private network where vncservers live.

  • Mediates token authentication.

  • Transparently deals with hypervisor-specific connection details to provide a uniform client experience.

     

    Figure 2.3. noVNC process


Log a bug against this page

loading table of contents...