Remote console access to virtual machines¶
MOSK provides a number of different methods to interact
with OpenStack virtual machines including VNC (default) and SPICE remote
consoles. This section outlines how you can configure these different
console services through the OpenStackDeployment custom resource.
noVNC-based VNC remote console¶
The noVNC client provides remote control or remote desktop access to guest virtual machines through the Virtual Network Computing (VNC) system. The MOSK Compute service users can access their instances using the noVNC clients through the noVNC proxy server.
The VNC remote console is enabled by default in MOSK.
To disable VNC remote console through the OpenStackDeployment custom
resource, set spec:features:nova:console:novnc to false:
spec:
features:
nova:
console:
novnc:
enabled: false
Encryption of data transfer for the noVNC client¶
Available since MOSK 23.1
MOSK uses TLS to secure public-facing VNC access on networks between a noVNC client and noVNC proxy server.
The features:nova:console:novnc:tls:enabled ensures that the data
transferred between the instance and the noVNC proxy server is encrypted.
Both servers use the VeNCrypt authentication scheme for the data
encryption.
To enable the encrypted data transfer for noVNC, use the following
structure in the OpenStackDeployment custom resource:
kind: OpenStackDeployment
spec:
features:
nova:
console:
novnc:
tls:
enabled: true
SPICE remote console¶
TechPreview Available since MOSK 24.1
The VNC protocol has its limitations, such as the lack of support for multiple monitors, bi-directional audio, reliable cut-and-paste, video streaming, and others. The SPICE protocol aims to overcome these limitations and deliver a robust remote desktop support.
The SPICE remote console is disabled by default in MOSK.
To enable SPICE remote console through the OpenStackDeployment custom
resource, set spec:features:nova:console:spice:enabled to true:
spec:
features:
nova:
console:
spice:
enabled: true