SlideShare uma empresa Scribd logo

VM Console Enhancements

ShapeBlue
ShapeBlue

In this talk, Nicolas introduces a new model for console access to instances in CloudStack. He explains both “how” and “why” CloudStack has moved from an embedded HTML client iframe to an API-driven generated console. He also delves into recent enhancements to the security and access to the console, including an extra security client validation approach. Nicolas Vazquez is a Senior Software Engineer at ShapeBlue and is a PMC member of the Apache CloudStack project. He spends his time designing and implementing features in Apache CloudStack and can be seen acting as a release manager also. Nicolas is based in Uruguay and is a father of a young girl. He is a fan of sports, enjoys playing tennis and football. In his free time, he also enjoys reading and listening to economic and political materials. ----------------------------------------- CloudStack Collaboration Conference 2022 took place on 14th-16th November in Sofia, Bulgaria and virtually. The day saw a hybrid get-together of the global CloudStack community hosting 370 attendees. The event hosted 43 sessions from leading CloudStack experts, users and skilful engineers from the open-source world, which included: technical talks, user stories, new features and integrations presentations and more.

Tecnologia
1 de 28
Baixar para ler offline
Agenda • Introduction • History • AJAXbased client • noVNC introduction • New API: createConsoleEndpoint • Extra security validation • Secure websockettraffic port • VM console connection security • Summary 1
About Me • Senior Software Engineer at ShapeBlue • Apache CloudStack Committer & PMC member • Dad, husband, tennis and football (soccer) fan 2
VNC (Virtual Network Computing) • Client-server model • VNC uses the RFB protocol (Remote Frame Buffer) to remotely control another server. RFC-6143 • VNC transmits the keyboard and mouse input from one computer to another, relaying the graphical-screen updates, over a network. • Supported for the major hypervisors (KVM, Vmware, Xen, XCP) 3 VNC Server VNC Client RFB protocol
Console Proxy VM CloudStack VM Console Access • The Console Proxy VM handles the access to VMs console • Proxies the traffic between the web client and the VNC server • Acts as: • Server for the HTTP client (browser/CloudStack UI) • Client for the VNC server (TCP socket connection) 4 HTTP Server TCP Client VNC Server Web Client Proxy HTTP RFB (TCP connection)
CloudStack VM Console Access Evolution 5
Console Proxy VM CloudStack VM Console Access (Legacy) • AJAX-based console: • Polling every 2-3 seconds for new data • Lagging • Only one session per VM limitation 6 AJAX VNC client Cloud service VNC Server Web Client HTTP RFB over TCP
Console Proxy VM • noVNC integration: • 2017: Initial work as a GSOC project • 2021: Introduced into 4.15.0 as the default console • Opensource Javascript based VNC client • Uses websockets replacing polling 7 CloudStack VM Console Access (Current) noVNC Websocket server VNC Server Web Client HTTP RFB over TCP
8 AJAX VNC Client
9 noVNC Client
10 VM Console Internals • CloudStack manages a group of appliances dedicated to console proxy services (CPVM) • Each console proxy sets a mTLS connection to the CloudStack Management service to communicateactive session details and handling • VM Console access request from an authenticated user: • CloudStack assigns a console proxy VM to the client, along with a token to be used for the session • The client opens a session to the console proxy, passing the token • A console session is then established between the proxy and the backend hypervisor host, and proxied to the client’s browser
11 VM Console Internals CloudStack Management Server User 1) Request VM Console access: <CS_IP>/client/console&command=access&vm=<VM_ID> 2) Return HTML page with iframe pointingto console proxy CPVM Hypervisor 3) Client’sbrowser connects to the webpage 4) CPVM connects to the host’s VM console
12 VM Console Internals CloudStack Management Server User 1) CloudStackAPI: createConsoleEndpoint 2) API response includes the webpage and token CPVM Hypervisor 3) Client’sbrowser connects to the webpage 4) CPVM connects to the host’s VM console External Service (optional)
13 CreateConsoleEndpoint API • New API: createConsoleEndpoint,parameters: • virtualmachineid: the VM id • token (optional): extra security token • Response: • result (true/false): indicates the success of the console access operation • details – in case result=false, provides a description of the error • url – the default web URL to be used to connect to the console • websocket: (nested object that provides information for websocket connections) • host: the websocket host IP • port: the websocket port • path: the websocket path • token: the websocket token • extra: (only if the extra validation has been enabled) the extra security token to be validated by the console proxy)
14 CreateConsoleEndpoint API • API response example: { "consoleendpoint": { "success": true, "url": "http://10.0.58.222/resource/noVNC/vnc.html?autoconnect=true&port=8080&token=7hqEeMjVwJC0zaBuhPuCciiJvQzHc M7nWxO3h-g072WgmMozp_ANPfQuH7F61ouJe4lvoLiCEQjtoRXnjZ1AjnShXc_sj2qWFlR-KDVoJwf-MfsPfU397cRS- WUAU3VqXSBbm8AwDjgfrmq63nltU0Orq9rXdk5cCmXHiATCxonznt-zWWL4VIdTjmJ-NaKEsPalfLlAkKL9GNDx8TbtBsSOA- 9AXPqWAw9iVcUdeo-HDUXicZGytMQ4HpvB0q3fDVo_TYpXtlSTKlWJX9ApA_SX1LPLaHnbZjwhYk7rByZuQyu_BIjZV- jKXHYNtKSyNp8wMoXeoWwQ620x_jS1dA", "websocket": { "host": "10.0.58.222", "path": "websockify", "port": "8080", "token": "7hqEeMjVwJC0zaBuhPuCciiJvQzHcM7nWxO3h- g072WgmMozp_ANPfQuH7F61ouJe4lvoLiCEQjtoRXnjZ1AjnShXc_sj2qWFlR-KDVoJwf-MfsPfU397cRS- WUAU3VqXSBbm8AwDjgfrmq63nltU0Orq9rXdk5cCmXHiATCxonznt-zWWL4VIdTjmJ-NaKEsPalfLlAkKL9GNDx8TbtBsSOA- 9AXPqWAw9iVcUdeo-HDUXicZGytMQ4HpvB0q3fDVo_TYpXtlSTKlWJX9ApA_SX1LPLaHnbZjwhYk7rByZuQyu_BIjZV- jKXHYNtKSyNp8wMoXeoWwQ620x_jS1dA" } } }
15 CreateConsoleEndpoint API • The url field is used by the CloudStack UI to access the VMs console. This is the default use case for the API: once an HTML based client access the URL then a websocket connection is performed to the console proxy server to start getting the VM console. • The websocket nested object provides the information to generate websocket connections to the console proxy server, and not depending on the default UI implementation, allowing users to generate the access URL via the information retrieved by the ‘createConsoleEndpoint’ API output. • The API issues a one-time token to avoid replay attacks • The generated URL will be only usable once per session, ensuring that other users that may intercept the generated URL will not be available to access the VM console once the token has been authenticated on a session
16 Extra security validation • Demo time! • Generate console endpoint for VM • Try reusing the URL -> replication attack avoid • Generate console endpoint for VM with extra token validation • Pass a different token for validation -> FAILURE
17 Extra security validation
18 Extra security validation
19 Secure websocket traffic port • Switch between secure/unsecure ports: 8443/8080 for the websocket traffic • Port 8080 remains the default websockettraffic port • To switch the port to 8443: • Set ‘consoleproxy.sslEnabled’ to ‘true’ • Provide a URL domain for the console proxy and provide a valid certificate • Destroy/regenerate the console proxy VMs. • To switch the port to 8080: • Do not meet all the requirements above for secure access • Destroy/regenerate the console proxy VMs
20 Secure websocket traffic port
21 VM Console Connection Security • The connection between the CPVM to the VM Console is unencrypted and password protected • Proposed solution: KVM only • Using the CA framework pre-existing CPVM and KVM hosts certificates, establish a TLS connection between the CPVM and the VM Console on the host • Enable TLS on libvirt: https://wiki.libvirt.org/page/VNCTLSSetup • Requirement: vnc_tls = 1 on the /etc/libvirt/qemu.conf file • Set private key and TLS server certificates for QEMU access • Restart libvirtd service
22 VM Console Connection Security
23 VM Console Connection Security • Limitation: RFB protocol version 3.3 does not offer TLS security on the handshake • The security-type may only take the value 0, 1 or 2. • A value of 0 means that the connection has failed • 1=None • 2=VNC Authentication (password authentication) • RFB version 3.7 and onwards offer more security types (including Vencrypt) • RFB protocol RFC: RFC-6143
24 RFB Protocol - Handshaking Version 3.3: Client Server ProtocolVersion(Ej: RFB 003.003) ProtocolVersionfrom client Server decides the security type (0,1,2) Version 3.8: Client Server ProtocolVersion(Ej: RFB 003.008) ProtocolVersionfrom client Server sends the list of security types Server sends the number of security types Client chooses security type
25 RFB Protocol - Handshaking • When enabling TLS on libvirt, the Vencrypt security type is offered by the server • The Vencrypt security type is a generic authentication method which encapsultes multiple authentication subtypes: Code Name Description 256 Plain Plain authentication (should be never used) 257 TLSNone TLS encryption with no authentication 258 TLSVnc TLS encryption with VNC authentication 259 TLSPlain TLS encryption with Plain authentication 260 X509None X509 encryption with no authentication 261 X509Vnc X509 encryption with VNC authentication 262 X509Plain X509 encryption with Plain authentication 263 TLSSASL TLS encryption with SASL authentication 264 X509SASL X509 encryption with SASL authentication
26 VM Console Connection Security • The X509 client certificates are verified to be issued by CloudStack to allow the VM Console access • Once the X509 validation passes, the handshake and connection continues encrypted (VNC authentication and future messages are encrypted) • Only supported by KVM – targeted for the next CloudStack LTS release
27 Summary • Coming on CloudStack 4.18 : • New API for VM console access, extending the console access • Optional security validation for the console proxy access • Websocket traffic port encryption • Targeting for 4.18: • CPVM internals: RFB protocol supported from 3.3 to 3.8 • KVM only: VM console connection security • Vencrypt + X509Vnc security security type supported
Thanks! NicolasVazquez nicolas.vazquez@shapeblue.com nvazquez@apache.org @nvazquezuy nvazquez

Recomendados

VXLAN Integration with CloudStack Advanced Zone
VXLAN Integration with CloudStack Advanced ZoneVXLAN Integration with CloudStack Advanced Zone
VXLAN Integration with CloudStack Advanced Zone
Yoshikazu Nojima
 
VM Job Queues in CloudStack
VM Job Queues in CloudStackVM Job Queues in CloudStack
VM Job Queues in CloudStack
ShapeBlue
 
News And Development Update Of The CloudStack Tungsten Fabric SDN Plug-in
News And Development Update Of The CloudStack Tungsten Fabric SDN Plug-inNews And Development Update Of The CloudStack Tungsten Fabric SDN Plug-in
News And Development Update Of The CloudStack Tungsten Fabric SDN Plug-in
ShapeBlue
 
HA Deployment Architecture with HAProxy and Keepalived
HA Deployment Architecture with HAProxy and KeepalivedHA Deployment Architecture with HAProxy and Keepalived
HA Deployment Architecture with HAProxy and Keepalived
Ganapathi Kandaswamy
 
[OpenStack 스터디] OpenStack With Contrail
[OpenStack 스터디] OpenStack With Contrail[OpenStack 스터디] OpenStack With Contrail
[OpenStack 스터디] OpenStack With Contrail
OpenStack Korea Community
 
Backup and Restore VMs Based on KVM
Backup and Restore VMs Based on KVMBackup and Restore VMs Based on KVM
Backup and Restore VMs Based on KVM
ShapeBlue
 
Type of DDoS attacks with hping3 example
Type of DDoS attacks with hping3 exampleType of DDoS attacks with hping3 example
Type of DDoS attacks with hping3 example
Himani Singh
 
Deploying IPv6 on OpenStack
Deploying IPv6 on OpenStackDeploying IPv6 on OpenStack
Deploying IPv6 on OpenStack
Vietnam Open Infrastructure User Group
 

Recomendados

VXLAN Integration with CloudStack Advanced Zone
VXLAN Integration with CloudStack Advanced ZoneVXLAN Integration with CloudStack Advanced Zone
VXLAN Integration with CloudStack Advanced Zone
Yoshikazu Nojima
 
VM Job Queues in CloudStack
VM Job Queues in CloudStackVM Job Queues in CloudStack
VM Job Queues in CloudStack
ShapeBlue
 
News And Development Update Of The CloudStack Tungsten Fabric SDN Plug-in
News And Development Update Of The CloudStack Tungsten Fabric SDN Plug-inNews And Development Update Of The CloudStack Tungsten Fabric SDN Plug-in
News And Development Update Of The CloudStack Tungsten Fabric SDN Plug-in
ShapeBlue
 
HA Deployment Architecture with HAProxy and Keepalived
HA Deployment Architecture with HAProxy and KeepalivedHA Deployment Architecture with HAProxy and Keepalived
HA Deployment Architecture with HAProxy and Keepalived
Ganapathi Kandaswamy
 
[OpenStack 스터디] OpenStack With Contrail
[OpenStack 스터디] OpenStack With Contrail[OpenStack 스터디] OpenStack With Contrail
[OpenStack 스터디] OpenStack With Contrail
OpenStack Korea Community
 
Backup and Restore VMs Based on KVM
Backup and Restore VMs Based on KVMBackup and Restore VMs Based on KVM
Backup and Restore VMs Based on KVM
ShapeBlue
 
Type of DDoS attacks with hping3 example
Type of DDoS attacks with hping3 exampleType of DDoS attacks with hping3 example
Type of DDoS attacks with hping3 example
Himani Singh
 
Deploying IPv6 on OpenStack
Deploying IPv6 on OpenStackDeploying IPv6 on OpenStack
Deploying IPv6 on OpenStack
Vietnam Open Infrastructure User Group
 
Automated CloudStack Deployment
Automated CloudStack DeploymentAutomated CloudStack Deployment
Automated CloudStack Deployment
ShapeBlue
 
VM Autoscaling With CloudStack VR As Network Provider
VM Autoscaling With CloudStack VR As Network ProviderVM Autoscaling With CloudStack VR As Network Provider
VM Autoscaling With CloudStack VR As Network Provider
ShapeBlue
 
Volume Encryption In CloudStack
Volume Encryption In CloudStackVolume Encryption In CloudStack
Volume Encryption In CloudStack
ShapeBlue
 
VNF Integration and Support in CloudStack - Wei Zhou - ShapeBlue
VNF Integration and Support in CloudStack - Wei Zhou - ShapeBlueVNF Integration and Support in CloudStack - Wei Zhou - ShapeBlue
VNF Integration and Support in CloudStack - Wei Zhou - ShapeBlue
ShapeBlue
 
[오픈소스컨설팅] Open Stack Ceph, Neutron, HA, Multi-Region
[오픈소스컨설팅] Open Stack Ceph, Neutron, HA, Multi-Region[오픈소스컨설팅] Open Stack Ceph, Neutron, HA, Multi-Region
[오픈소스컨설팅] Open Stack Ceph, Neutron, HA, Multi-Region
Ji-Woong Choi
 
CSW2017 Qinghao tang+Xinlei ying vmware_escape_final
CSW2017 Qinghao tang+Xinlei ying vmware_escape_finalCSW2017 Qinghao tang+Xinlei ying vmware_escape_final
CSW2017 Qinghao tang+Xinlei ying vmware_escape_final
CanSecWest
 
CloudStack Networking
CloudStack NetworkingCloudStack Networking
CloudStack Networking
CloudStack - Open Source Cloud Computing Project
 
OAuth 2.0
OAuth 2.0OAuth 2.0
OAuth 2.0
Uwe Friedrichsen
 
[네이버오픈소스세미나] Maglev Hashing Scheduler in IPVS, Linux Kernel - 송인주
[네이버오픈소스세미나] Maglev Hashing Scheduler in IPVS, Linux Kernel - 송인주[네이버오픈소스세미나] Maglev Hashing Scheduler in IPVS, Linux Kernel - 송인주
[네이버오픈소스세미나] Maglev Hashing Scheduler in IPVS, Linux Kernel - 송인주
NAVER Engineering
 
Query logging with proxysql
Query logging with proxysqlQuery logging with proxysql
Query logging with proxysql
YoungHeon (Roy) Kim
 
ProxySQL High Avalability and Configuration Management Overview
ProxySQL High Avalability and Configuration Management OverviewProxySQL High Avalability and Configuration Management Overview
ProxySQL High Avalability and Configuration Management Overview
René Cannaò
 
Scouter와 influx db – grafana 연동 가이드
Scouter와 influx db – grafana 연동 가이드Scouter와 influx db – grafana 연동 가이드
Scouter와 influx db – grafana 연동 가이드
Ji-Woong Choi
 
Delivering High-Availability Web Services with NGINX Plus on AWS
Delivering High-Availability Web Services with NGINX Plus on AWSDelivering High-Availability Web Services with NGINX Plus on AWS
Delivering High-Availability Web Services with NGINX Plus on AWS
NGINX, Inc.
 
Intro to CloudStack API
Intro to CloudStack APIIntro to CloudStack API
Intro to CloudStack API
Sebastien Goasguen
 
CloudFlare vs Incapsula vs ModSecurity
CloudFlare vs Incapsula vs ModSecurityCloudFlare vs Incapsula vs ModSecurity
CloudFlare vs Incapsula vs ModSecurity
Zero Science Lab
 
Backroll: Production Grade KVM Backup Solution Integrated in CloudStack
Backroll: Production Grade KVM Backup Solution Integrated in CloudStackBackroll: Production Grade KVM Backup Solution Integrated in CloudStack
Backroll: Production Grade KVM Backup Solution Integrated in CloudStack
ShapeBlue
 
Virtualization security and threat
Virtualization security and threatVirtualization security and threat
Virtualization security and threat
Ammarit Thongthua ,CISSP CISM GXPN CSSLP CCNP
 
VMware Advance Troubleshooting Workshop - Day 3
VMware Advance Troubleshooting Workshop - Day 3VMware Advance Troubleshooting Workshop - Day 3
VMware Advance Troubleshooting Workshop - Day 3
Vepsun Technologies
 
Open vSwitch 패킷 처리 구조
Open vSwitch 패킷 처리 구조Open vSwitch 패킷 처리 구조
Open vSwitch 패킷 처리 구조
Seung-Hoon Baek
 
Ceph issue 해결 사례
Ceph issue 해결 사례Ceph issue 해결 사례
Ceph issue 해결 사례
Open Source Consulting
 
Cohesive Networks Support Docs: VNS3 Configuration Guide
Cohesive Networks Support Docs: VNS3 Configuration Guide Cohesive Networks Support Docs: VNS3 Configuration Guide
Cohesive Networks Support Docs: VNS3 Configuration Guide
Cohesive Networks
 
Creating Your Virtual Data Center: VPC Fundamentals and Connectivity Options
Creating Your Virtual Data Center: VPC Fundamentals and Connectivity OptionsCreating Your Virtual Data Center: VPC Fundamentals and Connectivity Options
Creating Your Virtual Data Center: VPC Fundamentals and Connectivity Options
Amazon Web Services
 

Mais conteúdo relacionado

Mais procurados

Automated CloudStack Deployment
Automated CloudStack DeploymentAutomated CloudStack Deployment
Automated CloudStack Deployment
ShapeBlue
 
VM Autoscaling With CloudStack VR As Network Provider
VM Autoscaling With CloudStack VR As Network ProviderVM Autoscaling With CloudStack VR As Network Provider
VM Autoscaling With CloudStack VR As Network Provider
ShapeBlue
 
Volume Encryption In CloudStack
Volume Encryption In CloudStackVolume Encryption In CloudStack
Volume Encryption In CloudStack
ShapeBlue
 
VNF Integration and Support in CloudStack - Wei Zhou - ShapeBlue
VNF Integration and Support in CloudStack - Wei Zhou - ShapeBlueVNF Integration and Support in CloudStack - Wei Zhou - ShapeBlue
VNF Integration and Support in CloudStack - Wei Zhou - ShapeBlue
ShapeBlue
 
CSW2017 Qinghao tang+Xinlei ying vmware_escape_final
CSW2017 Qinghao tang+Xinlei ying vmware_escape_finalCSW2017 Qinghao tang+Xinlei ying vmware_escape_final
CSW2017 Qinghao tang+Xinlei ying vmware_escape_final
CanSecWest
 
Backroll: Production Grade KVM Backup Solution Integrated in CloudStack
Backroll: Production Grade KVM Backup Solution Integrated in CloudStackBackroll: Production Grade KVM Backup Solution Integrated in CloudStack
Backroll: Production Grade KVM Backup Solution Integrated in CloudStack
ShapeBlue
 

Mais procurados (20)

Automated CloudStack Deployment
Automated CloudStack DeploymentAutomated CloudStack Deployment
Automated CloudStack Deployment
 
VM Autoscaling With CloudStack VR As Network Provider
VM Autoscaling With CloudStack VR As Network ProviderVM Autoscaling With CloudStack VR As Network Provider
VM Autoscaling With CloudStack VR As Network Provider
 
Volume Encryption In CloudStack
Volume Encryption In CloudStackVolume Encryption In CloudStack
Volume Encryption In CloudStack
 
VNF Integration and Support in CloudStack - Wei Zhou - ShapeBlue
VNF Integration and Support in CloudStack - Wei Zhou - ShapeBlueVNF Integration and Support in CloudStack - Wei Zhou - ShapeBlue
VNF Integration and Support in CloudStack - Wei Zhou - ShapeBlue
 
[오픈소스컨설팅] Open Stack Ceph, Neutron, HA, Multi-Region
[오픈소스컨설팅] Open Stack Ceph, Neutron, HA, Multi-Region[오픈소스컨설팅] Open Stack Ceph, Neutron, HA, Multi-Region
[오픈소스컨설팅] Open Stack Ceph, Neutron, HA, Multi-Region
 
CSW2017 Qinghao tang+Xinlei ying vmware_escape_final
CSW2017 Qinghao tang+Xinlei ying vmware_escape_finalCSW2017 Qinghao tang+Xinlei ying vmware_escape_final
CSW2017 Qinghao tang+Xinlei ying vmware_escape_final
 
CloudStack Networking
CloudStack NetworkingCloudStack Networking
CloudStack Networking
 
OAuth 2.0
OAuth 2.0OAuth 2.0
OAuth 2.0
 
[네이버오픈소스세미나] Maglev Hashing Scheduler in IPVS, Linux Kernel - 송인주
[네이버오픈소스세미나] Maglev Hashing Scheduler in IPVS, Linux Kernel - 송인주[네이버오픈소스세미나] Maglev Hashing Scheduler in IPVS, Linux Kernel - 송인주
[네이버오픈소스세미나] Maglev Hashing Scheduler in IPVS, Linux Kernel - 송인주
 
Query logging with proxysql
Query logging with proxysqlQuery logging with proxysql
Query logging with proxysql
 
ProxySQL High Avalability and Configuration Management Overview
ProxySQL High Avalability and Configuration Management OverviewProxySQL High Avalability and Configuration Management Overview
ProxySQL High Avalability and Configuration Management Overview
 
Scouter와 influx db – grafana 연동 가이드
Scouter와 influx db – grafana 연동 가이드Scouter와 influx db – grafana 연동 가이드
Scouter와 influx db – grafana 연동 가이드
 
Delivering High-Availability Web Services with NGINX Plus on AWS
Delivering High-Availability Web Services with NGINX Plus on AWSDelivering High-Availability Web Services with NGINX Plus on AWS
Delivering High-Availability Web Services with NGINX Plus on AWS
 
Intro to CloudStack API
Intro to CloudStack APIIntro to CloudStack API
Intro to CloudStack API
 
CloudFlare vs Incapsula vs ModSecurity
CloudFlare vs Incapsula vs ModSecurityCloudFlare vs Incapsula vs ModSecurity
CloudFlare vs Incapsula vs ModSecurity
 
Backroll: Production Grade KVM Backup Solution Integrated in CloudStack
Backroll: Production Grade KVM Backup Solution Integrated in CloudStackBackroll: Production Grade KVM Backup Solution Integrated in CloudStack
Backroll: Production Grade KVM Backup Solution Integrated in CloudStack
 
Virtualization security and threat
Virtualization security and threatVirtualization security and threat
Virtualization security and threat
 
VMware Advance Troubleshooting Workshop - Day 3
VMware Advance Troubleshooting Workshop - Day 3VMware Advance Troubleshooting Workshop - Day 3
VMware Advance Troubleshooting Workshop - Day 3
 
Open vSwitch 패킷 처리 구조
Open vSwitch 패킷 처리 구조Open vSwitch 패킷 처리 구조
Open vSwitch 패킷 처리 구조
 
Ceph issue 해결 사례
Ceph issue 해결 사례Ceph issue 해결 사례
Ceph issue 해결 사례
 

Semelhante a VM Console Enhancements

Creating Your Virtual Data Center: VPC Fundamentals and Connectivity Options
Creating Your Virtual Data Center: VPC Fundamentals and Connectivity OptionsCreating Your Virtual Data Center: VPC Fundamentals and Connectivity Options
Creating Your Virtual Data Center: VPC Fundamentals and Connectivity Options
Amazon Web Services
 
VPC Fundamentals & Connectivity - Pop-up Loft Tel Aviv
VPC Fundamentals & Connectivity - Pop-up Loft Tel AvivVPC Fundamentals & Connectivity - Pop-up Loft Tel Aviv
VPC Fundamentals & Connectivity - Pop-up Loft Tel Aviv
Amazon Web Services
 
Creating Your Virtual Data Center: Amazon VPC Fundamentals and Connectivity O...
Creating Your Virtual Data Center: Amazon VPC Fundamentals and Connectivity O...Creating Your Virtual Data Center: Amazon VPC Fundamentals and Connectivity O...
Creating Your Virtual Data Center: Amazon VPC Fundamentals and Connectivity O...
Amazon Web Services
 
vCenter and ESXi network port communications
vCenter and ESXi network port communicationsvCenter and ESXi network port communications
vCenter and ESXi network port communications
Animesh Dixit
 
Creating Your Virtual Data Center
Creating Your Virtual Data CenterCreating Your Virtual Data Center
Creating Your Virtual Data Center
Monica Trantow
 
Cohesive Networks Support Docs: VNS3 Configuration for GCE
Cohesive Networks Support Docs: VNS3 Configuration for GCE Cohesive Networks Support Docs: VNS3 Configuration for GCE
Cohesive Networks Support Docs: VNS3 Configuration for GCE
Cohesive Networks
 
Cohesive Networks Support Docs: VNS3 Configuration for AWS EC2 Classic
Cohesive Networks Support Docs: VNS3 Configuration for AWS EC2 ClassicCohesive Networks Support Docs: VNS3 Configuration for AWS EC2 Classic
Cohesive Networks Support Docs: VNS3 Configuration for AWS EC2 Classic
Cohesive Networks
 
Creating Your Virtual Data Center: VPC Fundamentals and Connectivity Options
Creating Your Virtual Data Center: VPC Fundamentals and Connectivity OptionsCreating Your Virtual Data Center: VPC Fundamentals and Connectivity Options
Creating Your Virtual Data Center: VPC Fundamentals and Connectivity Options
Amazon Web Services
 
PLNOG 17 - Tomasz Stachlewski - Infrastruktura sieciowa w chmurze AWS
PLNOG 17 - Tomasz Stachlewski - Infrastruktura sieciowa w chmurze AWSPLNOG 17 - Tomasz Stachlewski - Infrastruktura sieciowa w chmurze AWS
PLNOG 17 - Tomasz Stachlewski - Infrastruktura sieciowa w chmurze AWS
PROIDEA
 
Creating Your Virtual Data Center: VPC Fundamentals and Connectivity
Creating Your Virtual Data Center: VPC Fundamentals and ConnectivityCreating Your Virtual Data Center: VPC Fundamentals and Connectivity
Creating Your Virtual Data Center: VPC Fundamentals and Connectivity
Amazon Web Services
 
Creating Your Virtual Data Center: VPC Fundamentals
Creating Your Virtual Data Center: VPC FundamentalsCreating Your Virtual Data Center: VPC Fundamentals
Creating Your Virtual Data Center: VPC Fundamentals
Amazon Web Services
 

Semelhante a VM Console Enhancements (20)

Cohesive Networks Support Docs: VNS3 Configuration Guide
Cohesive Networks Support Docs: VNS3 Configuration Guide Cohesive Networks Support Docs: VNS3 Configuration Guide
Cohesive Networks Support Docs: VNS3 Configuration Guide
 
Creating Your Virtual Data Center: VPC Fundamentals and Connectivity Options
Creating Your Virtual Data Center: VPC Fundamentals and Connectivity OptionsCreating Your Virtual Data Center: VPC Fundamentals and Connectivity Options
Creating Your Virtual Data Center: VPC Fundamentals and Connectivity Options
 
Voxeo Summit Day 2 -Voxeo APIs and SDKs
Voxeo Summit Day 2 -Voxeo APIs and SDKsVoxeo Summit Day 2 -Voxeo APIs and SDKs
Voxeo Summit Day 2 -Voxeo APIs and SDKs
 
Creando una estrategia en el Cloud y acelerar los resultados
Creando una estrategia en el Cloud y acelerar los resultadosCreando una estrategia en el Cloud y acelerar los resultados
Creando una estrategia en el Cloud y acelerar los resultados
 
Crear un centro de datos virtual en AWS
Crear un centro de datos virtual en AWSCrear un centro de datos virtual en AWS
Crear un centro de datos virtual en AWS
 
DDD Melbourne 2014 security in ASP.Net Web API 2
DDD Melbourne 2014 security in ASP.Net Web API 2DDD Melbourne 2014 security in ASP.Net Web API 2
DDD Melbourne 2014 security in ASP.Net Web API 2
 
VPC Fundamentals & Connectivity - Pop-up Loft Tel Aviv
VPC Fundamentals & Connectivity - Pop-up Loft Tel AvivVPC Fundamentals & Connectivity - Pop-up Loft Tel Aviv
VPC Fundamentals & Connectivity - Pop-up Loft Tel Aviv
 
Creating Your Virtual Data Center: Amazon VPC Fundamentals and Connectivity O...
Creating Your Virtual Data Center: Amazon VPC Fundamentals and Connectivity O...Creating Your Virtual Data Center: Amazon VPC Fundamentals and Connectivity O...
Creating Your Virtual Data Center: Amazon VPC Fundamentals and Connectivity O...
 
vCenter and ESXi network port communications
vCenter and ESXi network port communicationsvCenter and ESXi network port communications
vCenter and ESXi network port communications
 
Creating your virtual data center - Toronto
Creating your virtual data center - TorontoCreating your virtual data center - Toronto
Creating your virtual data center - Toronto
 
VMworld 2013: How to Exchange Status Message Between Guest and Host Using RPC
VMworld 2013: How to Exchange Status Message Between Guest and Host Using RPC VMworld 2013: How to Exchange Status Message Between Guest and Host Using RPC
VMworld 2013: How to Exchange Status Message Between Guest and Host Using RPC
 
Creating Your Virtual Data Center
Creating Your Virtual Data CenterCreating Your Virtual Data Center
Creating Your Virtual Data Center
 
Creating a Virtual Data Center
Creating a Virtual Data CenterCreating a Virtual Data Center
Creating a Virtual Data Center
 
Cohesive Networks Support Docs: VNS3 Configuration for GCE
Cohesive Networks Support Docs: VNS3 Configuration for GCE Cohesive Networks Support Docs: VNS3 Configuration for GCE
Cohesive Networks Support Docs: VNS3 Configuration for GCE
 
Cohesive Networks Support Docs: VNS3 Configuration for AWS EC2 Classic
Cohesive Networks Support Docs: VNS3 Configuration for AWS EC2 ClassicCohesive Networks Support Docs: VNS3 Configuration for AWS EC2 Classic
Cohesive Networks Support Docs: VNS3 Configuration for AWS EC2 Classic
 
Creating Your Virtual Data Center: VPC Fundamentals and Connectivity Options
Creating Your Virtual Data Center: VPC Fundamentals and Connectivity OptionsCreating Your Virtual Data Center: VPC Fundamentals and Connectivity Options
Creating Your Virtual Data Center: VPC Fundamentals and Connectivity Options
 
PLNOG 17 - Tomasz Stachlewski - Infrastruktura sieciowa w chmurze AWS
PLNOG 17 - Tomasz Stachlewski - Infrastruktura sieciowa w chmurze AWSPLNOG 17 - Tomasz Stachlewski - Infrastruktura sieciowa w chmurze AWS
PLNOG 17 - Tomasz Stachlewski - Infrastruktura sieciowa w chmurze AWS
 
Creating Your Virtual Data Center: VPC Fundamentals and Connectivity
Creating Your Virtual Data Center: VPC Fundamentals and ConnectivityCreating Your Virtual Data Center: VPC Fundamentals and Connectivity
Creating Your Virtual Data Center: VPC Fundamentals and Connectivity
 
CRYPTOGRAPHY AND NETWORK SECURITY- Transport-level Security
CRYPTOGRAPHY AND NETWORK SECURITY- Transport-level SecurityCRYPTOGRAPHY AND NETWORK SECURITY- Transport-level Security
CRYPTOGRAPHY AND NETWORK SECURITY- Transport-level Security
 
Creating Your Virtual Data Center: VPC Fundamentals
Creating Your Virtual Data Center: VPC FundamentalsCreating Your Virtual Data Center: VPC Fundamentals
Creating Your Virtual Data Center: VPC Fundamentals
 

Mais de ShapeBlue

CloudStack Authentication Methods – Harikrishna Patnala, ShapeBlue
CloudStack Authentication Methods – Harikrishna Patnala, ShapeBlueCloudStack Authentication Methods – Harikrishna Patnala, ShapeBlue
CloudStack Authentication Methods – Harikrishna Patnala, ShapeBlue
ShapeBlue
 
What’s New in CloudStack 4.19, Abhishek Kumar, Release Manager Apache CloudSt...
What’s New in CloudStack 4.19, Abhishek Kumar, Release Manager Apache CloudSt...What’s New in CloudStack 4.19, Abhishek Kumar, Release Manager Apache CloudSt...
What’s New in CloudStack 4.19, Abhishek Kumar, Release Manager Apache CloudSt...
ShapeBlue
 
Enabling DPU Hardware Accelerators in XCP-ng Cloud Platform Environment - And...
Enabling DPU Hardware Accelerators in XCP-ng Cloud Platform Environment - And...Enabling DPU Hardware Accelerators in XCP-ng Cloud Platform Environment - And...
Enabling DPU Hardware Accelerators in XCP-ng Cloud Platform Environment - And...
ShapeBlue
 
Zero to Cloud Hero: Crafting a Private Cloud from Scratch with XCP-ng, Xen Or...
Zero to Cloud Hero: Crafting a Private Cloud from Scratch with XCP-ng, Xen Or...Zero to Cloud Hero: Crafting a Private Cloud from Scratch with XCP-ng, Xen Or...
Zero to Cloud Hero: Crafting a Private Cloud from Scratch with XCP-ng, Xen Or...
ShapeBlue
 
KVM Security Groups Under the Hood - Wido den Hollander - Your.Online
KVM Security Groups Under the Hood - Wido den Hollander - Your.OnlineKVM Security Groups Under the Hood - Wido den Hollander - Your.Online
KVM Security Groups Under the Hood - Wido den Hollander - Your.Online
ShapeBlue
 
Use Existing Assets to Build a Powerful In-house Cloud Solution - Magali Perv...
Use Existing Assets to Build a Powerful In-house Cloud Solution - Magali Perv...Use Existing Assets to Build a Powerful In-house Cloud Solution - Magali Perv...
Use Existing Assets to Build a Powerful In-house Cloud Solution - Magali Perv...
ShapeBlue
 
DRaaS using Snapshot copy and destination selection (DRaaS) - Alexandre Matti...
DRaaS using Snapshot copy and destination selection (DRaaS) - Alexandre Matti...DRaaS using Snapshot copy and destination selection (DRaaS) - Alexandre Matti...
DRaaS using Snapshot copy and destination selection (DRaaS) - Alexandre Matti...
ShapeBlue
 
Elevating Privacy and Security in CloudStack - Boris Stoyanov - ShapeBlue
Elevating Privacy and Security in CloudStack - Boris Stoyanov - ShapeBlueElevating Privacy and Security in CloudStack - Boris Stoyanov - ShapeBlue
Elevating Privacy and Security in CloudStack - Boris Stoyanov - ShapeBlue
ShapeBlue
 
Transitioning from VMware vCloud to Apache CloudStack: A Path to Profitabilit...
Transitioning from VMware vCloud to Apache CloudStack: A Path to Profitabilit...Transitioning from VMware vCloud to Apache CloudStack: A Path to Profitabilit...
Transitioning from VMware vCloud to Apache CloudStack: A Path to Profitabilit...
ShapeBlue
 
Hypervisor Agnostic DRS in CloudStack - Brief overview & demo - Vishesh Jinda...
Hypervisor Agnostic DRS in CloudStack - Brief overview & demo - Vishesh Jinda...Hypervisor Agnostic DRS in CloudStack - Brief overview & demo - Vishesh Jinda...
Hypervisor Agnostic DRS in CloudStack - Brief overview & demo - Vishesh Jinda...
ShapeBlue
 
What’s New in CloudStack 4.19 - Abhishek Kumar - ShapeBlue
What’s New in CloudStack 4.19 - Abhishek Kumar - ShapeBlueWhat’s New in CloudStack 4.19 - Abhishek Kumar - ShapeBlue
What’s New in CloudStack 4.19 - Abhishek Kumar - ShapeBlue
ShapeBlue
 

Mais de ShapeBlue (20)

CloudStack Authentication Methods – Harikrishna Patnala, ShapeBlue
CloudStack Authentication Methods – Harikrishna Patnala, ShapeBlueCloudStack Authentication Methods – Harikrishna Patnala, ShapeBlue
CloudStack Authentication Methods – Harikrishna Patnala, ShapeBlue
 
CloudStack Tooling Ecosystem – Kiran Chavala, ShapeBlue
CloudStack Tooling Ecosystem – Kiran Chavala, ShapeBlueCloudStack Tooling Ecosystem – Kiran Chavala, ShapeBlue
CloudStack Tooling Ecosystem – Kiran Chavala, ShapeBlue
 
Elevating Cloud Infrastructure with Object Storage, DRS, VM Scheduling, and D...
Elevating Cloud Infrastructure with Object Storage, DRS, VM Scheduling, and D...Elevating Cloud Infrastructure with Object Storage, DRS, VM Scheduling, and D...
Elevating Cloud Infrastructure with Object Storage, DRS, VM Scheduling, and D...
 
VM Migration from VMware to CloudStack and KVM – Suresh Anaparti, ShapeBlue
VM Migration from VMware to CloudStack and KVM – Suresh Anaparti, ShapeBlueVM Migration from VMware to CloudStack and KVM – Suresh Anaparti, ShapeBlue
VM Migration from VMware to CloudStack and KVM – Suresh Anaparti, ShapeBlue
 
How We Grew Up with CloudStack and its Journey – Dilip Singh, DataHub
How We Grew Up with CloudStack and its Journey – Dilip Singh, DataHubHow We Grew Up with CloudStack and its Journey – Dilip Singh, DataHub
How We Grew Up with CloudStack and its Journey – Dilip Singh, DataHub
 
What’s New in CloudStack 4.19, Abhishek Kumar, Release Manager Apache CloudSt...
What’s New in CloudStack 4.19, Abhishek Kumar, Release Manager Apache CloudSt...What’s New in CloudStack 4.19, Abhishek Kumar, Release Manager Apache CloudSt...
What’s New in CloudStack 4.19, Abhishek Kumar, Release Manager Apache CloudSt...
 
CloudStack 101: The Best Way to Build Your Private Cloud – Rohit Yadav, VP Ap...
CloudStack 101: The Best Way to Build Your Private Cloud – Rohit Yadav, VP Ap...CloudStack 101: The Best Way to Build Your Private Cloud – Rohit Yadav, VP Ap...
CloudStack 101: The Best Way to Build Your Private Cloud – Rohit Yadav, VP Ap...
 
How We Use CloudStack to Provide Managed Hosting - Swen Brüseke - proIO
How We Use CloudStack to Provide Managed Hosting - Swen Brüseke - proIOHow We Use CloudStack to Provide Managed Hosting - Swen Brüseke - proIO
How We Use CloudStack to Provide Managed Hosting - Swen Brüseke - proIO
 
Enabling DPU Hardware Accelerators in XCP-ng Cloud Platform Environment - And...
Enabling DPU Hardware Accelerators in XCP-ng Cloud Platform Environment - And...Enabling DPU Hardware Accelerators in XCP-ng Cloud Platform Environment - And...
Enabling DPU Hardware Accelerators in XCP-ng Cloud Platform Environment - And...
 
Zero to Cloud Hero: Crafting a Private Cloud from Scratch with XCP-ng, Xen Or...
Zero to Cloud Hero: Crafting a Private Cloud from Scratch with XCP-ng, Xen Or...Zero to Cloud Hero: Crafting a Private Cloud from Scratch with XCP-ng, Xen Or...
Zero to Cloud Hero: Crafting a Private Cloud from Scratch with XCP-ng, Xen Or...
 
KVM Security Groups Under the Hood - Wido den Hollander - Your.Online
KVM Security Groups Under the Hood - Wido den Hollander - Your.OnlineKVM Security Groups Under the Hood - Wido den Hollander - Your.Online
KVM Security Groups Under the Hood - Wido den Hollander - Your.Online
 
How to Re-use Old Hardware with CloudStack. Saving Money and the Environment ...
How to Re-use Old Hardware with CloudStack. Saving Money and the Environment ...How to Re-use Old Hardware with CloudStack. Saving Money and the Environment ...
How to Re-use Old Hardware with CloudStack. Saving Money and the Environment ...
 
Use Existing Assets to Build a Powerful In-house Cloud Solution - Magali Perv...
Use Existing Assets to Build a Powerful In-house Cloud Solution - Magali Perv...Use Existing Assets to Build a Powerful In-house Cloud Solution - Magali Perv...
Use Existing Assets to Build a Powerful In-house Cloud Solution - Magali Perv...
 
Import Export Virtual Machine for KVM Hypervisor - Ayush Pandey - University ...
Import Export Virtual Machine for KVM Hypervisor - Ayush Pandey - University ...Import Export Virtual Machine for KVM Hypervisor - Ayush Pandey - University ...
Import Export Virtual Machine for KVM Hypervisor - Ayush Pandey - University ...
 
DRaaS using Snapshot copy and destination selection (DRaaS) - Alexandre Matti...
DRaaS using Snapshot copy and destination selection (DRaaS) - Alexandre Matti...DRaaS using Snapshot copy and destination selection (DRaaS) - Alexandre Matti...
DRaaS using Snapshot copy and destination selection (DRaaS) - Alexandre Matti...
 
Mitigating Common CloudStack Instance Deployment Failures - Jithin Raju - Sha...
Mitigating Common CloudStack Instance Deployment Failures - Jithin Raju - Sha...Mitigating Common CloudStack Instance Deployment Failures - Jithin Raju - Sha...
Mitigating Common CloudStack Instance Deployment Failures - Jithin Raju - Sha...
 
Elevating Privacy and Security in CloudStack - Boris Stoyanov - ShapeBlue
Elevating Privacy and Security in CloudStack - Boris Stoyanov - ShapeBlueElevating Privacy and Security in CloudStack - Boris Stoyanov - ShapeBlue
Elevating Privacy and Security in CloudStack - Boris Stoyanov - ShapeBlue
 
Transitioning from VMware vCloud to Apache CloudStack: A Path to Profitabilit...
Transitioning from VMware vCloud to Apache CloudStack: A Path to Profitabilit...Transitioning from VMware vCloud to Apache CloudStack: A Path to Profitabilit...
Transitioning from VMware vCloud to Apache CloudStack: A Path to Profitabilit...
 
Hypervisor Agnostic DRS in CloudStack - Brief overview & demo - Vishesh Jinda...
Hypervisor Agnostic DRS in CloudStack - Brief overview & demo - Vishesh Jinda...Hypervisor Agnostic DRS in CloudStack - Brief overview & demo - Vishesh Jinda...
Hypervisor Agnostic DRS in CloudStack - Brief overview & demo - Vishesh Jinda...
 
What’s New in CloudStack 4.19 - Abhishek Kumar - ShapeBlue
What’s New in CloudStack 4.19 - Abhishek Kumar - ShapeBlueWhat’s New in CloudStack 4.19 - Abhishek Kumar - ShapeBlue
What’s New in CloudStack 4.19 - Abhishek Kumar - ShapeBlue
 

Último

+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Principled Technologies
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 

Último (20)

+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 

VM Console Enhancements

  • 1. Agenda • Introduction • History • AJAXbased client • noVNC introduction • New API: createConsoleEndpoint • Extra security validation • Secure websockettraffic port • VM console connection security • Summary 1
  • 2. About Me • Senior Software Engineer at ShapeBlue • Apache CloudStack Committer & PMC member • Dad, husband, tennis and football (soccer) fan 2
  • 3. VNC (Virtual Network Computing) • Client-server model • VNC uses the RFB protocol (Remote Frame Buffer) to remotely control another server. RFC-6143 • VNC transmits the keyboard and mouse input from one computer to another, relaying the graphical-screen updates, over a network. • Supported for the major hypervisors (KVM, Vmware, Xen, XCP) 3 VNC Server VNC Client RFB protocol
  • 4. Console Proxy VM CloudStack VM Console Access • The Console Proxy VM handles the access to VMs console • Proxies the traffic between the web client and the VNC server • Acts as: • Server for the HTTP client (browser/CloudStack UI) • Client for the VNC server (TCP socket connection) 4 HTTP Server TCP Client VNC Server Web Client Proxy HTTP RFB (TCP connection)
  • 5. CloudStack VM Console Access Evolution 5
  • 6. Console Proxy VM CloudStack VM Console Access (Legacy) • AJAX-based console: • Polling every 2-3 seconds for new data • Lagging • Only one session per VM limitation 6 AJAX VNC client Cloud service VNC Server Web Client HTTP RFB over TCP
  • 7. Console Proxy VM • noVNC integration: • 2017: Initial work as a GSOC project • 2021: Introduced into 4.15.0 as the default console • Opensource Javascript based VNC client • Uses websockets replacing polling 7 CloudStack VM Console Access (Current) noVNC Websocket server VNC Server Web Client HTTP RFB over TCP
  • 10. 10 VM Console Internals • CloudStack manages a group of appliances dedicated to console proxy services (CPVM) • Each console proxy sets a mTLS connection to the CloudStack Management service to communicateactive session details and handling • VM Console access request from an authenticated user: • CloudStack assigns a console proxy VM to the client, along with a token to be used for the session • The client opens a session to the console proxy, passing the token • A console session is then established between the proxy and the backend hypervisor host, and proxied to the client’s browser
  • 11. 11 VM Console Internals CloudStack Management Server User 1) Request VM Console access: <CS_IP>/client/console&command=access&vm=<VM_ID> 2) Return HTML page with iframe pointingto console proxy CPVM Hypervisor 3) Client’sbrowser connects to the webpage 4) CPVM connects to the host’s VM console
  • 12. 12 VM Console Internals CloudStack Management Server User 1) CloudStackAPI: createConsoleEndpoint 2) API response includes the webpage and token CPVM Hypervisor 3) Client’sbrowser connects to the webpage 4) CPVM connects to the host’s VM console External Service (optional)
  • 13. 13 CreateConsoleEndpoint API • New API: createConsoleEndpoint,parameters: • virtualmachineid: the VM id • token (optional): extra security token • Response: • result (true/false): indicates the success of the console access operation • details – in case result=false, provides a description of the error • url – the default web URL to be used to connect to the console • websocket: (nested object that provides information for websocket connections) • host: the websocket host IP • port: the websocket port • path: the websocket path • token: the websocket token • extra: (only if the extra validation has been enabled) the extra security token to be validated by the console proxy)
  • 14. 14 CreateConsoleEndpoint API • API response example: { "consoleendpoint": { "success": true, "url": "http://10.0.58.222/resource/noVNC/vnc.html?autoconnect=true&port=8080&token=7hqEeMjVwJC0zaBuhPuCciiJvQzHc M7nWxO3h-g072WgmMozp_ANPfQuH7F61ouJe4lvoLiCEQjtoRXnjZ1AjnShXc_sj2qWFlR-KDVoJwf-MfsPfU397cRS- WUAU3VqXSBbm8AwDjgfrmq63nltU0Orq9rXdk5cCmXHiATCxonznt-zWWL4VIdTjmJ-NaKEsPalfLlAkKL9GNDx8TbtBsSOA- 9AXPqWAw9iVcUdeo-HDUXicZGytMQ4HpvB0q3fDVo_TYpXtlSTKlWJX9ApA_SX1LPLaHnbZjwhYk7rByZuQyu_BIjZV- jKXHYNtKSyNp8wMoXeoWwQ620x_jS1dA", "websocket": { "host": "10.0.58.222", "path": "websockify", "port": "8080", "token": "7hqEeMjVwJC0zaBuhPuCciiJvQzHcM7nWxO3h- g072WgmMozp_ANPfQuH7F61ouJe4lvoLiCEQjtoRXnjZ1AjnShXc_sj2qWFlR-KDVoJwf-MfsPfU397cRS- WUAU3VqXSBbm8AwDjgfrmq63nltU0Orq9rXdk5cCmXHiATCxonznt-zWWL4VIdTjmJ-NaKEsPalfLlAkKL9GNDx8TbtBsSOA- 9AXPqWAw9iVcUdeo-HDUXicZGytMQ4HpvB0q3fDVo_TYpXtlSTKlWJX9ApA_SX1LPLaHnbZjwhYk7rByZuQyu_BIjZV- jKXHYNtKSyNp8wMoXeoWwQ620x_jS1dA" } } }
  • 15. 15 CreateConsoleEndpoint API • The url field is used by the CloudStack UI to access the VMs console. This is the default use case for the API: once an HTML based client access the URL then a websocket connection is performed to the console proxy server to start getting the VM console. • The websocket nested object provides the information to generate websocket connections to the console proxy server, and not depending on the default UI implementation, allowing users to generate the access URL via the information retrieved by the ‘createConsoleEndpoint’ API output. • The API issues a one-time token to avoid replay attacks • The generated URL will be only usable once per session, ensuring that other users that may intercept the generated URL will not be available to access the VM console once the token has been authenticated on a session
  • 16. 16 Extra security validation • Demo time! • Generate console endpoint for VM • Try reusing the URL -> replication attack avoid • Generate console endpoint for VM with extra token validation • Pass a different token for validation -> FAILURE
  • 19. 19 Secure websocket traffic port • Switch between secure/unsecure ports: 8443/8080 for the websocket traffic • Port 8080 remains the default websockettraffic port • To switch the port to 8443: • Set ‘consoleproxy.sslEnabled’ to ‘true’ • Provide a URL domain for the console proxy and provide a valid certificate • Destroy/regenerate the console proxy VMs. • To switch the port to 8080: • Do not meet all the requirements above for secure access • Destroy/regenerate the console proxy VMs
  • 21. 21 VM Console Connection Security • The connection between the CPVM to the VM Console is unencrypted and password protected • Proposed solution: KVM only • Using the CA framework pre-existing CPVM and KVM hosts certificates, establish a TLS connection between the CPVM and the VM Console on the host • Enable TLS on libvirt: https://wiki.libvirt.org/page/VNCTLSSetup • Requirement: vnc_tls = 1 on the /etc/libvirt/qemu.conf file • Set private key and TLS server certificates for QEMU access • Restart libvirtd service
  • 23. 23 VM Console Connection Security • Limitation: RFB protocol version 3.3 does not offer TLS security on the handshake • The security-type may only take the value 0, 1 or 2. • A value of 0 means that the connection has failed • 1=None • 2=VNC Authentication (password authentication) • RFB version 3.7 and onwards offer more security types (including Vencrypt) • RFB protocol RFC: RFC-6143
  • 24. 24 RFB Protocol - Handshaking Version 3.3: Client Server ProtocolVersion(Ej: RFB 003.003) ProtocolVersionfrom client Server decides the security type (0,1,2) Version 3.8: Client Server ProtocolVersion(Ej: RFB 003.008) ProtocolVersionfrom client Server sends the list of security types Server sends the number of security types Client chooses security type
  • 25. 25 RFB Protocol - Handshaking • When enabling TLS on libvirt, the Vencrypt security type is offered by the server • The Vencrypt security type is a generic authentication method which encapsultes multiple authentication subtypes: Code Name Description 256 Plain Plain authentication (should be never used) 257 TLSNone TLS encryption with no authentication 258 TLSVnc TLS encryption with VNC authentication 259 TLSPlain TLS encryption with Plain authentication 260 X509None X509 encryption with no authentication 261 X509Vnc X509 encryption with VNC authentication 262 X509Plain X509 encryption with Plain authentication 263 TLSSASL TLS encryption with SASL authentication 264 X509SASL X509 encryption with SASL authentication
  • 26. 26 VM Console Connection Security • The X509 client certificates are verified to be issued by CloudStack to allow the VM Console access • Once the X509 validation passes, the handshake and connection continues encrypted (VNC authentication and future messages are encrypted) • Only supported by KVM – targeted for the next CloudStack LTS release
  • 27. 27 Summary • Coming on CloudStack 4.18 : • New API for VM console access, extending the console access • Optional security validation for the console proxy access • Websocket traffic port encryption • Targeting for 4.18: • CPVM internals: RFB protocol supported from 3.3 to 3.8 • KVM only: VM console connection security • Vencrypt + X509Vnc security security type supported