Re: are there any new spice protocol document?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi, Marc
Yes, we originally embed the openstack's console(spice-html5) page and it works, but has performance/screen size concern. 
So we try to use native-client to connect through the proxy.
By the way, The spice source code did help. I am studying now. :).

2015-04-20 17:52 GMT+08:00 Marc-André Lureau <mlureau@xxxxxxxxxx>:
Hi Dennis

----- Original Message -----
> Hi, Christophe
> Thanks for the reply. I will read the information that you shared.
>
> We are developing a cloud solution, the back-end is openstack.
> We tried spice-html5 console by embedding openstack console page and found
> the performance is not good.
> We think using the native client might be faster than html5 and has more
> features, however, we can't find any secure way to let native client connect
> to internal VM (spice server).
> (Say spice:// 192.168.1.2:5900 is a VM's internal connection url, 192.168.1.2
> is internal, should't be public, and 5900 is also too simple to be guessed
> by another user that another VM is 5901, or 5902 )
>
> I am trying to write a spice-proxy to provide client to connect with a
> dynamic password (a token, with timeout, created by our system when user
> acquires console connection ).
> Then by the valid password(token) , the spice-proxy gets the VM (spice
> server) connection host-port, and channeling between client and internal VM.

Have you looked at this openstack blueprint (with patches):
https://blueprints.launchpad.net/nova/+spec/spice-http-proxy

This is offering an http "connect" proxy for spice VM, validating the client
tokens and proxying the connections (similar to vnc websocket proxy).
It used to work, but it might need some refresh today.



_______________________________________________
Spice-devel mailing list
Spice-devel@xxxxxxxxxxxxxxxxxxxxx
http://lists.freedesktop.org/mailman/listinfo/spice-devel

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]     [Monitors]