Bug 1573289 - [RFE] provide a means for proxied virtual machine consoles
Summary: [RFE] provide a means for proxied virtual machine consoles
Alias: None
Product: Red Hat CloudForms Management Engine
Classification: Red Hat
Component: Appliance
Version: 5.8.0
Hardware: All
OS: All
Target Milestone: GA
: cfme-future
Assignee: Martin Povolny
QA Contact: Dave Johnson
Depends On:
TreeView+ depends on / blocked
Reported: 2018-04-30 18:52 UTC by Greg Scott
Modified: 2019-09-18 02:11 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Last Closed: 2019-09-18 02:11:27 UTC
Category: Feature
Cloudforms Team: CFME Core
Target Upstream Version:

Attachments (Terms of Use)

Description Greg Scott 2018-04-30 18:52:04 UTC
Some large customers use separate Cloudforms UI and worker appliances and put firewalls between the UI and workers.  The firewalls have rules allowing communication between the UI and worker appliances, but not directly between UI appliances and providers, such as VMware ESXi hosts. Since UI appliances provide VM console service, but UI appliances cannot directly access hypervisor hosts in such topologies, this means console service breaks when customers put UI appliances and worker appliances on opposite sides of a firewall.

Why position UI appliances and worker appliances on opposite sides of a firewall?  Some believe good security practice separates the user interface from worker back ends.

This RFE asks to put together an optional console proxy service to run on worker appliances.  With this option, worker appliances would handle the console interaction with VMs, and UI appliances would interact with worker appliances (instead of directly with hypervisors) to deliver console service to people.

Note You need to log in before you can comment on or make changes to this bug.