[Spice-devel] are there any new spice protocol document?
Marc-André Lureau
mlureau at redhat.com
Mon Apr 20 02:52:18 PDT 2015
Hi Dennis
----- Original Message -----
> Hi, Christophe
> Thanks for the reply. I will read the information that you shared.
>
> We are developing a cloud solution, the back-end is openstack.
> We tried spice-html5 console by embedding openstack console page and found
> the performance is not good.
> We think using the native client might be faster than html5 and has more
> features, however, we can't find any secure way to let native client connect
> to internal VM (spice server).
> (Say spice:// 192.168.1.2:5900 is a VM's internal connection url, 192.168.1.2
> is internal, should't be public, and 5900 is also too simple to be guessed
> by another user that another VM is 5901, or 5902 )
>
> I am trying to write a spice-proxy to provide client to connect with a
> dynamic password (a token, with timeout, created by our system when user
> acquires console connection ).
> Then by the valid password(token) , the spice-proxy gets the VM (spice
> server) connection host-port, and channeling between client and internal VM.
Have you looked at this openstack blueprint (with patches):
https://blueprints.launchpad.net/nova/+spec/spice-http-proxy
This is offering an http "connect" proxy for spice VM, validating the client
tokens and proxying the connections (similar to vnc websocket proxy).
It used to work, but it might need some refresh today.
More information about the Spice-devel
mailing list