Preferred way to give customer access to VMs
Hi. Just for an introduction, I'm a junior staff working on a way to deploy a KVM cluster to provision VMs to our customer. Before this, we're using VMware ESXi and connect it to OpenNebula as the console that we give to customers. We're moving to KVM due to VMware licensing cost. I've successfully deployed an oVirt cluster and currently able to access it remotely via a VPN that I've setup on a virtualized pfSense VM inside the cluster. My question is, what is the best way to give customer console access to the VMs that we provisioned for them? Surely we doesn't want to give them access to our VPN for security reasons. I can't seems to find a way to connect OpenNebula with oVirt and I do believe it isn't possible since both are basically virtualization manager, managing the KVM instances. Thanks for the responses and ideas given ☺️
On Fri, Jan 13, 2023 at 9:51 AM <hanisirfan.work@gmail.com> wrote:
Hi. Just for an introduction, I'm a junior staff working on a way to deploy a KVM cluster to provision VMs to our customer. Before this, we're using VMware ESXi and connect it to OpenNebula as the console that we give to customers.
We're moving to KVM due to VMware licensing cost. I've successfully deployed an oVirt cluster and currently able to access it remotely via a VPN that I've setup on a virtualized pfSense VM inside the cluster.
My question is, what is the best way to give customer console access to the VMs that we provisioned for them? Surely we doesn't want to give them access to our VPN for security reasons.
You can try running ovirt-websocket-proxy on a separate machine. You can also use independent tools - e.g. squid/varnish/apache httpd/nginx - as reverse proxies. I think you can find on the net examples showing how to do that with oVirt. Best regards, -- Didi
participants (2)
-
hanisirfan.work@gmail.com -
Yedidyah Bar David