Re: [ovirt-users] Spice client with engine portal
On Út, 2014-09-16 at 11:13 -0400, Maurice James wrote: So I only need to make sure that the users on the other side of the WAN can connect on the spice ports? Yes, that's all you need. David - Original Message - From: David Jaša dj...@redhat.com To: Maurice James mja...@media-node.com Cc: users users@ovirt.org Sent: Tuesday, September 16, 2014 10:48:27 AM Subject: Re: [ovirt-users] Spice client with engine portal On Út, 2014-09-16 at 16:02 +0200, Gianluca Cecchi wrote: On Tue, Sep 16, 2014 at 3:50 PM, Maurice James mja...@media-node.com wrote: How do I get the spice client to connect to a VM through the portal instead of attempting to connect directly to the VM? For example. I allow access to the engine portal over our WAN to a NATed IP address. The users on the other side of the WAN do not have access to the real VM IP addresses. Please note that the client is actually connecting to _host_ IP, not to VM IP address. The VM may be configured with no NIC (so w/o any network connectivity) and you'll still be able to connect to it using Spice (or VNC). Only RDP needs connectivity to the VM. When they click on the console access button, they are unable to connect to the VM. I believe this is because it using attempting a direct connection instead of proxying through the portal. see: http://www.ovirt.org/Features/Spice_Proxy more tech details also from rhev docs: https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Virtualization/3.4/html/Administration_Guide/chap-Proxies.html#sect-SPICE_Proxy I don't remember if it is ok and works to set up the squid part on engine itself In principle, there's no reason why it shouldn't work. ovirt-engine friends don't care about squid and squid doesn't care about the rest of the system as long as the machine has enough power/bandwidth to run both. but I think it would be cleaner design to put it on another dedicated infrastructure host, perhaps already existing in your infra for similar reasons. Agreed. David Gianluca ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] Spice client with engine portal
On Tue, Sep 16, 2014 at 3:50 PM, Maurice James mja...@media-node.com wrote: How do I get the spice client to connect to a VM through the portal instead of attempting to connect directly to the VM? For example. I allow access to the engine portal over our WAN to a NATed IP address. The users on the other side of the WAN do not have access to the real VM IP addresses. When they click on the console access button, they are unable to connect to the VM. I believe this is because it using attempting a direct connection instead of proxying through the portal. see: http://www.ovirt.org/Features/Spice_Proxy more tech details also from rhev docs: https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Virtualization/3.4/html/Administration_Guide/chap-Proxies.html#sect-SPICE_Proxy I don't remember if it is ok and works to set up the squid part on engine itself but I think it would be cleaner design to put it on another dedicated infrastructure host, perhaps already existing in your infra for similar reasons. Gianluca ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] Spice client with engine portal
On Út, 2014-09-16 at 16:02 +0200, Gianluca Cecchi wrote: On Tue, Sep 16, 2014 at 3:50 PM, Maurice James mja...@media-node.com wrote: How do I get the spice client to connect to a VM through the portal instead of attempting to connect directly to the VM? For example. I allow access to the engine portal over our WAN to a NATed IP address. The users on the other side of the WAN do not have access to the real VM IP addresses. Please note that the client is actually connecting to _host_ IP, not to VM IP address. The VM may be configured with no NIC (so w/o any network connectivity) and you'll still be able to connect to it using Spice (or VNC). Only RDP needs connectivity to the VM. When they click on the console access button, they are unable to connect to the VM. I believe this is because it using attempting a direct connection instead of proxying through the portal. see: http://www.ovirt.org/Features/Spice_Proxy more tech details also from rhev docs: https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Virtualization/3.4/html/Administration_Guide/chap-Proxies.html#sect-SPICE_Proxy I don't remember if it is ok and works to set up the squid part on engine itself In principle, there's no reason why it shouldn't work. ovirt-engine friends don't care about squid and squid doesn't care about the rest of the system as long as the machine has enough power/bandwidth to run both. but I think it would be cleaner design to put it on another dedicated infrastructure host, perhaps already existing in your infra for similar reasons. Agreed. David Gianluca ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users