Hi, Are you using the novnc-server included in OpenNebula? This component uses a websocket proxy, so that you don't have to expose the VNC socket to your users, and it will take care of the different tcp sockets.
Cheers On 6 February 2015 at 12:50, Nico Schottelius < nico-opennebula....@schottelius.org> wrote: > Good day, > > we are about to setup our fourth hosting plattform in the next weeks, > based on opennebula 4.10.2, ubuntu 14.0 and gluster 3.x (x ~= 4..6). > > In our tests the VNC socket of the VMs has been exposed on the hosts > directly accessible on 0.0.0.0 -> for everyone. Given that sunstone > will be usable by our customers and VMs will be running on hosts other > than the one running sunstone, what is the default & secure alternative > in opennebula? > > Do you support vnc / ssh tunneling like described on [0]? > > This process is pretty neat, because you don't need to expose VNC at all > and not care about numbering of tcp sockets. > > I guess a combination of ssh unix socket tunneling plus spice on the > frontend is probably the safest solution - what are your opinions? > > How do you configure VNC access at the moment? > > [0] > http://www.nico.schottelius.org/blog/tunneling-qemu-kvm-unix-socket-via-ssh/ > > -- > New PGP key: 659B 0D91 E86E 7E24 FD15 69D0 C729 21A1 293F 2D24 > _______________________________________________ > Users mailing list > Users@lists.opennebula.org > http://lists.opennebula.org/listinfo.cgi/users-opennebula.org > -- -- Daniel Molina Project Engineer OpenNebula - Flexible Enterprise Cloud Made Simple www.OpenNebula.org | dmol...@opennebula.org | @OpenNebula
_______________________________________________ Users mailing list Users@lists.opennebula.org http://lists.opennebula.org/listinfo.cgi/users-opennebula.org