cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Paul Sanders <paul.sander...@gmail.com>
Subject Console Proxy - How does it work?
Date Fri, 01 Mar 2013 13:47:54 GMT
Hello All,

I am trying to get my head around how the console proxy facility actually
works. Documentation seems to be a on the sparse side, and my method for
trying to work it out confuses me even more!

Here is how I believe the console proxy works:

1) A client logs into the CloudStack UI on port 8080 and launches the
console proxy.

2) This console proxy then frames a https request to
https://aaa-bbb-ccc-ddd.realhostip.com/?api=xxxxx (or in my case, my own
dns).

3) This will connect to the public IP address for the console proxy on port
443 (I believe) and be authenticated using the SSL certificate that has
been configured from the 'Infrastructure' tab within the UI.

4) This proxy then connects over it's management interface to the
hyper-visor (vmware in this case) and proxies the request through.

Now that seems to make sense to me. However, to try and prove this process,
I have found the following:

a) When port scanning the Public interface on my ConsoleProxy VM (from both
my client and management machines), I can see the only two ports available
are 80 and 443. Both of these are closed.

b) A wire shark from my client machine to my management server simply has
the http traffic to load the frame.

c) I can see a wire shark from my client to my ConsoleProxy VM, which tries
to connect on 443. This connection is then dropped by the VM.

So my two real questions from this are:

- Am I correct in the process?
- Is the SSL authentication we configure between the Management Server and
VM, or the VM and the hyper visor? If this is the case, will I need to
install my root certificate on my hyper-visor boxes?

Thanks

Paul
---
Kind Regards

Paul Sanders
Mail: paul.sanders87@googlemail.com

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message