You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@guacamole.apache.org by Stephen Young <st...@gmail.com> on 2023/04/27 21:54:59 UTC
ESXi VNC over websocket connection
Hi all,
In ESXi 7.0, VMWare has removed TCP access to the bundled VNC server built
into their ESXi hypervisor. Instead the VNC protocol is tunneled over a
websocket. Are there any plans to support VNC over websockets to facilitate
connections in cases like this? I noticed that there was interest in
https://issues.apache.org/jira/browse/GUACAMOLE-1641 but that seems
stalled.
Does anyone have any advice or experience connecting guacd to the ESXi
bundled VNC server over websockets? I wondered if using a TCP to websocket
proxy/bridge like unwebsockify would be possible.
Regards and thanks
Re: ESXi VNC over websocket connection
Posted by Rasmus Haslund <ra...@veeam.com.INVALID>.
This is super interesting! I would love to use this instead of RDP.
With best regards,
Rasmus Haslund
Principal Technologist & VMCT Program Manager | Veeam Software | Phone: +40 372 821 972 | Twitter: @haslund
From: Lukáš Raška <lu...@raska.me>
Reply to: "user@guacamole.apache.org" <us...@guacamole.apache.org>
Date: Friday, 28 April 2023 at 08.10
To: "user@guacamole.apache.org" <us...@guacamole.apache.org>
Subject: Re: ESXi VNC over websocket connection
This is the first time you've received an email from this sender lukas @ raska.me, please exercise caution when clicking on links or opening attachments.
Hi,
I've done implementation of WebMKS (that's now VMware calls it) using that kind of approach - create raw WS connection and just tunnel the VNC connection inside that tunnel via UNIX sockets. That works fine and I can actually connect to the remote console, however there are few caveats when it comes to providing as additional Guacamole-supported protocol.
Based on the VMware WebMKS architecture, https://vdc-download.vmware.com/vmwb-repository/dcr-public/8c1815ce-2f69-4b0b-a50c-ed8b305c22c0/e01e3448-99e8-4b7c-b26b-f0f02c45fb91/GUID-635B3A9F-C62E-4A97-9FAB-FBCAA3914FDA.html for example, you first need to obtain a ticket from vSphere / vCloud Director, which is short lived. With that token you actually get an URL you can use with the WS-VNC connection. So using that within some integrated product (that just provides the valid data to Guacamole) is fine and works, but implementing UI where you could easily connect to any VM console means, you need to have access to vSphere API to acquire the WebMKS ticket and then guacd needs to have connection to every possible ESXi server.
Thanks,
Lukas
pá 28. 4. 2023 v 2:19 odesílatel Stephen Young <st...@gmail.com>> napsal:
Thanks for the replies. I’ll have a look at using libwebsockets.
Yes, ‘stalled’ was a poor choice of words :)
- Stephen
> On Apr 27, 2023, at 5:12 PM, Nick Couchman <vn...@apache.org>> wrote:
>
> On Thu, Apr 27, 2023 at 6:02 PM Michael Jumper <mj...@apache.org>> wrote:
>>
>>> On Thu, Apr 27, 2023, 2:55 PM Stephen Young <st...@gmail.com>> wrote:
>>>
>>> Hi all,
>>>
>>> In ESXi 7.0, VMWare has removed TCP access to the bundled VNC server built into their ESXi hypervisor. Instead the VNC protocol is tunneled over a websocket. Are there any plans to support VNC over websockets to facilitate connections in cases like this? I noticed that there was interest in https://issues.apache.org/jira/browse/GUACAMOLE-1641 but that seems stalled.
>>> Does anyone have any advice or experience connecting guacd to the ESXi bundled VNC server over websockets? I wondered if using a TCP to websocket proxy/bridge like unwebsockify would be possible.
>>
>>
>> libwebsockets is already used within guacamole-server for accessing Kubernetes. The same could probably be done as an alternative backend connection mode for VNC, though I'm not sure whether libvncclient has the necessary support for plugging in arbitrary transports.
>>
>
> I've done some work recently on support for tunneling the various
> protocols over SSH, and, assuming libwebsockets can open a standard
> UNIX socket, this should work.
>
> Also, it's hard to categorize this issue as "stalled" - it was
> entered, but hasn't really had any serious activity at all, and also
> isn't that old :-).
>
> -Nick
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@guacamole.apache.org<ma...@guacamole.apache.org>
> For additional commands, e-mail: user-help@guacamole.apache.org<ma...@guacamole.apache.org>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@guacamole.apache.org<ma...@guacamole.apache.org>
For additional commands, e-mail: user-help@guacamole.apache.org<ma...@guacamole.apache.org>
--
Best Regards
Lukáš Raška
Re: ESXi VNC over websocket connection
Posted by Stephen Young <st...@gmail.com>.
Hi Lukas,
Thanks for your response. I'm working on an application that is (now) able
to use the vSphere API to get a WebMKS ticket token and URL for the WS-VNC
connection for any VMs that have been provisioned.
My experience with UNIX sockets is very limited so any more guidance you
can give me on how you managed to tunnel VNC inside the raw WS tunnel would
be greatly appreciated.
Thanks and regards,
Stephen
On Fri, Apr 28, 2023 at 12:09 AM Lukáš Raška <lu...@raska.me> wrote:
> Hi,
> I've done implementation of WebMKS (that's now VMware calls it) using that
> kind of approach - create raw WS connection and just tunnel the VNC
> connection inside that tunnel via UNIX sockets. That works fine and I can
> actually connect to the remote console, however there are few caveats when
> it comes to providing as additional Guacamole-supported protocol.
>
> Based on the VMware WebMKS architecture,
> https://vdc-download.vmware.com/vmwb-repository/dcr-public/8c1815ce-2f69-4b0b-a50c-ed8b305c22c0/e01e3448-99e8-4b7c-b26b-f0f02c45fb91/GUID-635B3A9F-C62E-4A97-9FAB-FBCAA3914FDA.html
> for example, you first need to obtain a ticket from vSphere / vCloud
> Director, which is short lived. With that token you actually get an URL you
> can use with the WS-VNC connection. So using that within some integrated
> product (that just provides the valid data to Guacamole) is fine and works,
> but implementing UI where you could easily connect to any VM console means,
> you need to have access to vSphere API to acquire the WebMKS ticket and
> then guacd needs to have connection to every possible ESXi server.
>
>
> Thanks,
> Lukas
>
>
> pá 28. 4. 2023 v 2:19 odesílatel Stephen Young <
> stephenryoungster@gmail.com> napsal:
>
>> Thanks for the replies. I’ll have a look at using libwebsockets.
>>
>> Yes, ‘stalled’ was a poor choice of words :)
>>
>> - Stephen
>>
>> > On Apr 27, 2023, at 5:12 PM, Nick Couchman <vn...@apache.org> wrote:
>> >
>> > On Thu, Apr 27, 2023 at 6:02 PM Michael Jumper <mj...@apache.org>
>> wrote:
>> >>
>> >>> On Thu, Apr 27, 2023, 2:55 PM Stephen Young <
>> stephenryoungster@gmail.com> wrote:
>> >>>
>> >>> Hi all,
>> >>>
>> >>> In ESXi 7.0, VMWare has removed TCP access to the bundled VNC server
>> built into their ESXi hypervisor. Instead the VNC protocol is tunneled over
>> a websocket. Are there any plans to support VNC over websockets to
>> facilitate connections in cases like this? I noticed that there was
>> interest in https://issues.apache.org/jira/browse/GUACAMOLE-1641 but
>> that seems stalled.
>> >>> Does anyone have any advice or experience connecting guacd to the
>> ESXi bundled VNC server over websockets? I wondered if using a TCP to
>> websocket proxy/bridge like unwebsockify would be possible.
>> >>
>> >>
>> >> libwebsockets is already used within guacamole-server for accessing
>> Kubernetes. The same could probably be done as an alternative backend
>> connection mode for VNC, though I'm not sure whether libvncclient has the
>> necessary support for plugging in arbitrary transports.
>> >>
>> >
>> > I've done some work recently on support for tunneling the various
>> > protocols over SSH, and, assuming libwebsockets can open a standard
>> > UNIX socket, this should work.
>> >
>> > Also, it's hard to categorize this issue as "stalled" - it was
>> > entered, but hasn't really had any serious activity at all, and also
>> > isn't that old :-).
>> >
>> > -Nick
>> >
>> > ---------------------------------------------------------------------
>> > To unsubscribe, e-mail: user-unsubscribe@guacamole.apache.org
>> > For additional commands, e-mail: user-help@guacamole.apache.org
>> >
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: user-unsubscribe@guacamole.apache.org
>> For additional commands, e-mail: user-help@guacamole.apache.org
>>
>>
>
> --
> Best Regards
>
> Lukáš Raška
>
Re: ESXi VNC over websocket connection
Posted by Lukáš Raška <lu...@raska.me>.
Hi,
I've done implementation of WebMKS (that's now VMware calls it) using that
kind of approach - create raw WS connection and just tunnel the VNC
connection inside that tunnel via UNIX sockets. That works fine and I can
actually connect to the remote console, however there are few caveats when
it comes to providing as additional Guacamole-supported protocol.
Based on the VMware WebMKS architecture,
https://vdc-download.vmware.com/vmwb-repository/dcr-public/8c1815ce-2f69-4b0b-a50c-ed8b305c22c0/e01e3448-99e8-4b7c-b26b-f0f02c45fb91/GUID-635B3A9F-C62E-4A97-9FAB-FBCAA3914FDA.html
for example, you first need to obtain a ticket from vSphere / vCloud
Director, which is short lived. With that token you actually get an URL you
can use with the WS-VNC connection. So using that within some integrated
product (that just provides the valid data to Guacamole) is fine and works,
but implementing UI where you could easily connect to any VM console means,
you need to have access to vSphere API to acquire the WebMKS ticket and
then guacd needs to have connection to every possible ESXi server.
Thanks,
Lukas
pá 28. 4. 2023 v 2:19 odesílatel Stephen Young <st...@gmail.com>
napsal:
> Thanks for the replies. I’ll have a look at using libwebsockets.
>
> Yes, ‘stalled’ was a poor choice of words :)
>
> - Stephen
>
> > On Apr 27, 2023, at 5:12 PM, Nick Couchman <vn...@apache.org> wrote:
> >
> > On Thu, Apr 27, 2023 at 6:02 PM Michael Jumper <mj...@apache.org>
> wrote:
> >>
> >>> On Thu, Apr 27, 2023, 2:55 PM Stephen Young <
> stephenryoungster@gmail.com> wrote:
> >>>
> >>> Hi all,
> >>>
> >>> In ESXi 7.0, VMWare has removed TCP access to the bundled VNC server
> built into their ESXi hypervisor. Instead the VNC protocol is tunneled over
> a websocket. Are there any plans to support VNC over websockets to
> facilitate connections in cases like this? I noticed that there was
> interest in https://issues.apache.org/jira/browse/GUACAMOLE-1641 but that
> seems stalled.
> >>> Does anyone have any advice or experience connecting guacd to the ESXi
> bundled VNC server over websockets? I wondered if using a TCP to websocket
> proxy/bridge like unwebsockify would be possible.
> >>
> >>
> >> libwebsockets is already used within guacamole-server for accessing
> Kubernetes. The same could probably be done as an alternative backend
> connection mode for VNC, though I'm not sure whether libvncclient has the
> necessary support for plugging in arbitrary transports.
> >>
> >
> > I've done some work recently on support for tunneling the various
> > protocols over SSH, and, assuming libwebsockets can open a standard
> > UNIX socket, this should work.
> >
> > Also, it's hard to categorize this issue as "stalled" - it was
> > entered, but hasn't really had any serious activity at all, and also
> > isn't that old :-).
> >
> > -Nick
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: user-unsubscribe@guacamole.apache.org
> > For additional commands, e-mail: user-help@guacamole.apache.org
> >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@guacamole.apache.org
> For additional commands, e-mail: user-help@guacamole.apache.org
>
>
--
Best Regards
Lukáš Raška
Re: ESXi VNC over websocket connection
Posted by Stephen Young <st...@gmail.com>.
Thanks for the replies. I’ll have a look at using libwebsockets.
Yes, ‘stalled’ was a poor choice of words :)
- Stephen
> On Apr 27, 2023, at 5:12 PM, Nick Couchman <vn...@apache.org> wrote:
>
> On Thu, Apr 27, 2023 at 6:02 PM Michael Jumper <mj...@apache.org> wrote:
>>
>>> On Thu, Apr 27, 2023, 2:55 PM Stephen Young <st...@gmail.com> wrote:
>>>
>>> Hi all,
>>>
>>> In ESXi 7.0, VMWare has removed TCP access to the bundled VNC server built into their ESXi hypervisor. Instead the VNC protocol is tunneled over a websocket. Are there any plans to support VNC over websockets to facilitate connections in cases like this? I noticed that there was interest in https://issues.apache.org/jira/browse/GUACAMOLE-1641 but that seems stalled.
>>> Does anyone have any advice or experience connecting guacd to the ESXi bundled VNC server over websockets? I wondered if using a TCP to websocket proxy/bridge like unwebsockify would be possible.
>>
>>
>> libwebsockets is already used within guacamole-server for accessing Kubernetes. The same could probably be done as an alternative backend connection mode for VNC, though I'm not sure whether libvncclient has the necessary support for plugging in arbitrary transports.
>>
>
> I've done some work recently on support for tunneling the various
> protocols over SSH, and, assuming libwebsockets can open a standard
> UNIX socket, this should work.
>
> Also, it's hard to categorize this issue as "stalled" - it was
> entered, but hasn't really had any serious activity at all, and also
> isn't that old :-).
>
> -Nick
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@guacamole.apache.org
> For additional commands, e-mail: user-help@guacamole.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@guacamole.apache.org
For additional commands, e-mail: user-help@guacamole.apache.org
Re: ESXi VNC over websocket connection
Posted by Nick Couchman <vn...@apache.org>.
On Thu, Apr 27, 2023 at 6:02 PM Michael Jumper <mj...@apache.org> wrote:
>
> On Thu, Apr 27, 2023, 2:55 PM Stephen Young <st...@gmail.com> wrote:
>>
>> Hi all,
>>
>> In ESXi 7.0, VMWare has removed TCP access to the bundled VNC server built into their ESXi hypervisor. Instead the VNC protocol is tunneled over a websocket. Are there any plans to support VNC over websockets to facilitate connections in cases like this? I noticed that there was interest in https://issues.apache.org/jira/browse/GUACAMOLE-1641 but that seems stalled.
>> Does anyone have any advice or experience connecting guacd to the ESXi bundled VNC server over websockets? I wondered if using a TCP to websocket proxy/bridge like unwebsockify would be possible.
>
>
> libwebsockets is already used within guacamole-server for accessing Kubernetes. The same could probably be done as an alternative backend connection mode for VNC, though I'm not sure whether libvncclient has the necessary support for plugging in arbitrary transports.
>
I've done some work recently on support for tunneling the various
protocols over SSH, and, assuming libwebsockets can open a standard
UNIX socket, this should work.
Also, it's hard to categorize this issue as "stalled" - it was
entered, but hasn't really had any serious activity at all, and also
isn't that old :-).
-Nick
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@guacamole.apache.org
For additional commands, e-mail: user-help@guacamole.apache.org
Re: ESXi VNC over websocket connection
Posted by Michael Jumper <mj...@apache.org>.
On Thu, Apr 27, 2023, 2:55 PM Stephen Young <st...@gmail.com>
wrote:
> Hi all,
>
> In ESXi 7.0, VMWare has removed TCP access to the bundled VNC server built
> into their ESXi hypervisor. Instead the VNC protocol is tunneled over a
> websocket. Are there any plans to support VNC over websockets to facilitate
> connections in cases like this? I noticed that there was interest in
> https://issues.apache.org/jira/browse/GUACAMOLE-1641 but that seems
> stalled.
> Does anyone have any advice or experience connecting guacd to the ESXi
> bundled VNC server over websockets? I wondered if using a TCP to websocket
> proxy/bridge like unwebsockify would be possible.
>
libwebsockets is already used within guacamole-server for accessing
Kubernetes. The same could probably be done as an alternative backend
connection mode for VNC, though I'm not sure whether libvncclient has the
necessary support for plugging in arbitrary transports.
- Mike