Hey Daniel, thanks for following up - I will lock down vnc ports to to only allow access from the frontend to this a try today!
Cheers, Nico Daniel Molina [Fri, Feb 13, 2015 at 09:17:55AM +0100]: > The novnc-server will translate WebSockets traffic to normal socket > traffic, therefore you don't have to expose the host IP to the final user, > she will interact with the proxy. > > Cheers > > On 10 February 2015 at 11:33, Nico Schottelius < > nico-opennebula....@schottelius.org> wrote: > > > Hey, > > > > I think I haven't (at least I didn't enable it explicitly). > > > > If the novnc-server is enabled, how do I configure the templates? > > Because at the moment, vnc listens to 0.0.0.0 and is accessible if > > someone knows the IP and port. > > > > Cheers, > > > > Nico > > > > Daniel Molina [Tue, Feb 10, 2015 at 10:54:36AM +0100]: > > > Hi, > > > > > > Are you using the novnc-server included in OpenNebula? This component > > uses > > > a websocket proxy, so that you don't have to expose the VNC socket to > > your > > > users, and it will take care of the different tcp sockets. > > > > > > Cheers > > > > > > On 6 February 2015 at 12:50, Nico Schottelius < > > > nico-opennebula....@schottelius.org> wrote: > > > > > > > Good day, > > > > > > > > we are about to setup our fourth hosting plattform in the next weeks, > > > > based on opennebula 4.10.2, ubuntu 14.0 and gluster 3.x (x ~= 4..6). > > > > > > > > In our tests the VNC socket of the VMs has been exposed on the hosts > > > > directly accessible on 0.0.0.0 -> for everyone. Given that sunstone > > > > will be usable by our customers and VMs will be running on hosts other > > > > than the one running sunstone, what is the default & secure alternative > > > > in opennebula? > > > > > > > > Do you support vnc / ssh tunneling like described on [0]? > > > > > > > > This process is pretty neat, because you don't need to expose VNC at > > all > > > > and not care about numbering of tcp sockets. > > > > > > > > I guess a combination of ssh unix socket tunneling plus spice on the > > > > frontend is probably the safest solution - what are your opinions? > > > > > > > > How do you configure VNC access at the moment? > > > > > > > > [0] > > > > > > http://www.nico.schottelius.org/blog/tunneling-qemu-kvm-unix-socket-via-ssh/ > > > > > > > > -- > > > > New PGP key: 659B 0D91 E86E 7E24 FD15 69D0 C729 21A1 293F 2D24 > > > > _______________________________________________ > > > > Users mailing list > > > > Users@lists.opennebula.org > > > > http://lists.opennebula.org/listinfo.cgi/users-opennebula.org > > > > > > > > > > > > > > > > -- > > > -- > > > Daniel Molina > > > Project Engineer > > > OpenNebula - Flexible Enterprise Cloud Made Simple > > > www.OpenNebula.org | dmol...@opennebula.org | @OpenNebula > > > > -- > > New PGP key: 659B 0D91 E86E 7E24 FD15 69D0 C729 21A1 293F 2D24 > > > > > > -- > -- > Daniel Molina > Project Engineer > OpenNebula - Flexible Enterprise Cloud Made Simple > www.OpenNebula.org | dmol...@opennebula.org | @OpenNebula -- New PGP key: 659B 0D91 E86E 7E24 FD15 69D0 C729 21A1 293F 2D24 _______________________________________________ Users mailing list Users@lists.opennebula.org http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
