[ovirt-users] Spice client with engine portal

Maurice James mjames at media-node.com
Tue Sep 16 15:13:12 UTC 2014 

So I only need to make sure that the users on the other side of the WAN can connect on the spice ports?

----- Original Message -----
From: "David Jaša" <djasa at redhat.com>
To: "Maurice James" <mjames at media-node.com>
Cc: "users" <users at ovirt.org>
Sent: Tuesday, September 16, 2014 10:48:27 AM
Subject: Re: [ovirt-users] Spice client with engine portal

On Út, 2014-09-16 at 16:02 +0200, Gianluca Cecchi wrote:
> On Tue, Sep 16, 2014 at 3:50 PM, Maurice James <mjames at media-node.com>
> wrote:
>         How do I get the spice client to connect to a VM through the
>         portal instead of attempting to connect directly to the VM?
>         For example. I allow access to the engine portal over our WAN
>         to a NATed IP address. The users on the other side of the WAN
>         do not have access to the real VM IP addresses. 

Please note that the client is actually connecting to _host_ IP, not to
VM IP address. The VM may be configured with no NIC (so w/o any network
connectivity) and you'll still be able to connect to it using Spice (or
VNC). Only RDP needs connectivity to the VM.

>         When they click on the console access button, they are unable
>         to connect to the VM. I believe this is because it using
>         attempting a direct connection instead of proxying through the
>         portal.
>         
>         
> 
> 
> see:
> http://www.ovirt.org/Features/Spice_Proxy
> 
> 
> 
> more tech details also from rhev docs:
> https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Virtualization/3.4/html/Administration_Guide/chap-Proxies.html#sect-SPICE_Proxy
> 
> 
> 
> I don't remember if it is ok and works to set up the squid part on
> engine itself.... 

In principle, there's no reason why it shouldn't work. ovirt-engine &
friends don't care about squid and squid doesn't care about the rest of
the system as long as the machine has enough power/bandwidth to run
both.

> but I think it would be cleaner design to put it on another dedicated
> infrastructure host, perhaps already existing in your infra for
> similar reasons.

Agreed.

David

> 
> 
> Gianluca
> _______________________________________________
> Users mailing list
> Users at ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users

More information about the Users mailing list