realip host changes and cpu sockets changes
[cloudstack-docs.git] / en-US / console-proxy.xml
1 <?xml version='1.0' encoding='utf-8' ?>
2 <!DOCTYPE section PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" "" [
3 <!ENTITY % BOOK_ENTITIES SYSTEM "cloudstack.ent">
5 ]>
7 <!-- Licensed to the Apache Software Foundation (ASF) under one
8 or more contributor license agreements. See the NOTICE file
9 distributed with this work for additional information
10 regarding copyright ownership. The ASF licenses this file
11 to you under the Apache License, Version 2.0 (the
12 "License"); you may not use this file except in compliance
13 with the License. You may obtain a copy of the License at
17 Unless required by applicable law or agreed to in writing,
18 software distributed under the License is distributed on an
20 KIND, either express or implied. See the License for the
21 specific language governing permissions and limitations
22 under the License.
23 -->
24 <section id="console-proxy">
25 <title>Console Proxy</title>
26 <para>The Console Proxy is a type of System Virtual Machine that has a role in presenting a
27 console view via the web UI. It connects the user’s browser to the VNC port made available via
28 the hypervisor for the console of the guest. Both the administrator and end user web UIs offer a
29 console connection.</para>
30 <para>Clicking on a console icon brings up a new window. The AJAX code downloaded into that window
31 refers to the public IP address of a console proxy VM. There is exactly one public IP address
32 allocated per console proxy VM. The AJAX application connects to this IP. The console proxy then
33 proxies the connection to the VNC port for the requested VM on the Host hosting the guest.
34 .</para>
35 <note>
36 <para>The hypervisors will have many ports assigned to VNC usage so that multiple VNC sessions
37 can occur simultaneously.</para>
38 </note>
39 <para/>
40 <para>The VNC traffic never goes through the guest virtual IP, and there is no need to enable VNC
41 within the guest.</para>
42 <para>The console proxy VM will periodically report its active session count to the Management
43 Server. The default reporting interval is five seconds. This can be changed through standard
44 Management Server configuration with the parameter consoleproxy.loadscan.interval.</para>
45 <para>Assignment of guest VM to console proxy is determined by first determining if the guest VM
46 has a previous session associated with a console proxy. If it does, the Management Server will
47 assign the guest VM to the target Console Proxy VM regardless of the load on the proxy VM.
48 Failing that, the first available running Console Proxy VM that has the capacity to handle new
49 sessions is used.</para>
50 <para>Console proxies can be restarted by administrators but this will interrupt existing console
51 sessions for users.</para>
52 <para>Prior to &PRODUCT; version 4.3, the console viewing functionality used a dynamic DNS service
53 under the domain name This domain name assists in providing SSL security to
54 console sessions. A public IP address is assigned to the console proxy. To avoid browser
55 warnings for mismatched SSL certificates, the URL for the new console window was set to the form
56 of Customers viewed this URL during the console session
57 creation. &PRODUCT; included the SSL certificate in the console proxy VM. Because
58 &PRODUCT; cannot know the DNS records of customers' public IPs prior to shipping the software, a
59 dynamic DNS server is run that is authoritative for the domain. It mapped the
60 aaa-bbb-ccc-ddd part of the DNS name to the IP address aaa.bbb.ccc.ddd on lookups. This allowed
61 the browser to correctly connect to the console proxy's public IP, where it then expects and
62 receives a SSL certificate for, and SSL is set up without browser
63 warnings.</para>
64 <para>The domain has now been depreciated. As an alternate, &PRODUCT; provides a
65 new mechanism based on global settings to help administrators set up secure connections across
66 various deployment environments. See <xref linkend="realip-changes"/> for information on setting
67 up own domain, then customize the URL of your console session to reflect your own domain
68 name.</para>
69 <xi:include href="change-console-proxy-ssl-certificate-domain.xml"
70 xmlns:xi=""/>
71 </section>