[Spice-devel] Protocol extensions

David Jaša djasa at redhat.com
Tue Apr 19 07:51:12 UTC 2016 

Hi Thomas,

Spice supports proxying over HTTP CONNECT method to achieve connecting
to spice servers in DMZs or with private addresses from general
internet. The spice client has to know the internal name/IP of the host
system so you can use .vv file to abstract users from these details.
Connection to oVirt VMs work this way. The scheme is then

"Dispatcher"
   |
   | .vv file
   |
   v                  internet     private network
client (remote-viewer) -----> proxy ------------> host1
                                                  host2

If you use single host, you can also use SSH tunnelling by libvirt
(pointing virt-viewer or virt-manager to qemu+ssh:// URI).

HTH,

David

On So, 2016-04-16 at 23:09 +0000, thkerle at bluewin.ch wrote:
> Hi all,
> 
> I have studied the protocol that a spice client sends to a spice
> server.
> 
> If I have a socket listening on a specific port (in spice for example
> the port 5900). I get on the socket listener a RED_LINK message. From
> this message I cannot
> get additional parameters like for example
> spice://myhost.com:5900/hosteddomain/jack where
> - myhost.com is the public IP to connect
> - hosteddomain is for example a identifier for a subscriber of a VM
> (Vitual Machine) cluster
> - jack is the end user or some abstract path for a location in the
> internal net 
> 
> The usage is simple. For example I assume to host seven VM all running
> some Linux distribution for a university or a company.
> 
> Internally I like to make some redirection of the spice request.
> - say it's a server at myhost.com listening to port 5900.
> - It parses the connection string and looks up in a IP table of the
> internal network where the VM's are located for the hosteddomain. With
> the additional identifier jack I know
> to which VM cluster I have to connect. On each host for VM's are for
> example 4 VM's. 
> 
> spice client  --- spice dispatcher  --- (hosteddomain1:192.168.1.20)
> 
> 
> jack --->         192.168.1.30            ---> spice-server (using
> port 9500)    -->connection to VM001
> 
> anna -->         192.168.1.30            ---> spice-server (using port
> 9502)                     
> 
>                                                      ---
> (hosteddomain2:192.168.2.40)                               
> 
>  fred -->         192.168.2.59            ---> spice-server (using
> port 9500)
>                  
> 
>  Such a spice dispatcher is relativ easely to program for an
> administrator.
>      
> 
> The protocol on the website is in the draft release.
> 
> My questions:
> - Is there a way to already achieve this?
> - Or are there planned steps forwarding in this direction?
> 
> Best regards
> 
> Thomas
> 
> 
> 
> 
> 
> 
> _______________________________________________
> Spice-devel mailing list
> Spice-devel at lists.freedesktop.org
> https://lists.freedesktop.org/mailman/listinfo/spice-devel

More information about the Spice-devel mailing list