On Út, 2014-09-16 at 11:13 -0400, Maurice James wrote: > So I only need to make sure that the users on the other side of the WAN can > connect on the spice ports?
Yes, that's all you need. David > > ----- Original Message ----- > From: "David Jaša" <dj...@redhat.com> > To: "Maurice James" <mja...@media-node.com> > Cc: "users" <users@ovirt.org> > Sent: Tuesday, September 16, 2014 10:48:27 AM > Subject: Re: [ovirt-users] Spice client with engine portal > > On Út, 2014-09-16 at 16:02 +0200, Gianluca Cecchi wrote: > > On Tue, Sep 16, 2014 at 3:50 PM, Maurice James <mja...@media-node.com> > > wrote: > > How do I get the spice client to connect to a VM through the > > portal instead of attempting to connect directly to the VM? > > For example. I allow access to the engine portal over our WAN > > to a NATed IP address. The users on the other side of the WAN > > do not have access to the real VM IP addresses. > > Please note that the client is actually connecting to _host_ IP, not to > VM IP address. The VM may be configured with no NIC (so w/o any network > connectivity) and you'll still be able to connect to it using Spice (or > VNC). Only RDP needs connectivity to the VM. > > > When they click on the console access button, they are unable > > to connect to the VM. I believe this is because it using > > attempting a direct connection instead of proxying through the > > portal. > > > > > > > > > > see: > > http://www.ovirt.org/Features/Spice_Proxy > > > > > > > > more tech details also from rhev docs: > > https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Virtualization/3.4/html/Administration_Guide/chap-Proxies.html#sect-SPICE_Proxy > > > > > > > > I don't remember if it is ok and works to set up the squid part on > > engine itself.... > > In principle, there's no reason why it shouldn't work. ovirt-engine & > friends don't care about squid and squid doesn't care about the rest of > the system as long as the machine has enough power/bandwidth to run > both. > > > but I think it would be cleaner design to put it on another dedicated > > infrastructure host, perhaps already existing in your infra for > > similar reasons. > > Agreed. > > David > > > > > > > Gianluca > > _______________________________________________ > > Users mailing list > > Users@ovirt.org > > http://lists.ovirt.org/mailman/listinfo/users > > > _______________________________________________ > Users mailing list > Users@ovirt.org > http://lists.ovirt.org/mailman/listinfo/users _______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users