Hello All, I am trying to get my head around how the console proxy facility actually works. Documentation seems to be a on the sparse side, and my method for trying to work it out confuses me even more!
Here is how I believe the console proxy works: 1) A client logs into the CloudStack UI on port 8080 and launches the console proxy. 2) This console proxy then frames a https request to https://aaa-bbb-ccc-ddd.realhostip.com/?api=xxxxx (or in my case, my own dns). 3) This will connect to the public IP address for the console proxy on port 443 (I believe) and be authenticated using the SSL certificate that has been configured from the 'Infrastructure' tab within the UI. 4) This proxy then connects over it's management interface to the hyper-visor (vmware in this case) and proxies the request through. Now that seems to make sense to me. However, to try and prove this process, I have found the following: a) When port scanning the Public interface on my ConsoleProxy VM (from both my client and management machines), I can see the only two ports available are 80 and 443. Both of these are closed. b) A wire shark from my client machine to my management server simply has the http traffic to load the frame. c) I can see a wire shark from my client to my ConsoleProxy VM, which tries to connect on 443. This connection is then dropped by the VM. So my two real questions from this are: - Am I correct in the process? - Is the SSL authentication we configure between the Management Server and VM, or the VM and the hyper visor? If this is the case, will I need to install my root certificate on my hyper-visor boxes? Thanks Paul --- Kind Regards Paul Sanders Mail: paul.sander...@googlemail.com
