In the evolving landscape of cloud infrastructure, managing federated environments efficiently is becoming increasingly crucial. With the upcoming OpenNebula 7.0 release, a groundbreaking feature is set to transform how administrators and end-users interact with virtual machines across multiple zones: VM Console Access through VNC. This new functionality is designed to enhance the user experience in federated OpenNebula environments, making it easier than ever to manage and access VMs regardless of their location.

Understanding OpenNebula Federation

Before diving into the new VM Console Access feature, it’s important to grasp the concept of an OpenNebula Federation.

In simple terms, an OpenNebula Federation integrates multiple OpenNebula instances (referred to as Zones) into a cohesive system. Each Zone in the Federation shares user accounts, groups, and permissions, enabling a unified experience. Federation allows for flexible access policies, where users can be restricted to specific Zones or Clusters within a Zone. This topology consists of a master Front-end and several slave Front-ends, creating a seamless integration of resources across different locations. A user logged into the Sunstone web interface of a Zone just needs to select the Zone where he or she wants to work.

The Role of Guacamole and FireEdge

To fully appreciate the new VM Console Access feature, let’s clarify some key components:

• Sunstone: the web interface for OpenNebula.
• FireEdge: the backend service that supports Sunstone. 
• Guacamole: an external tool integrated with OpenNebula, enabling graphical access to virtual machines.

For virtual machine management, each Zone must have the opennebula, opennebula-guacamole and opennebula-fireedge services properly configured. 

FireEdge facilitates WebSocket connections from the browser through Guacamole to the host machine, providing all the necessary data (host, port, type) to create the channels for accessing the VM console from a browser.

Historically, connecting to a VM console across different Zones was challenging due to network configuration limitations, which prevented access to hosts outside the originating Zone.

Introducing VM Console Access Across Zones

The upcoming OpenNebula 7.0 release introduces a game-changing feature: VM Console Access across different Zones. This enhancement addresses the previous limitations by enabling seamless access to VM consoles in other Zones through a proxy mechanism.

Here’s how it works: each Zone’s FireEdge can now act as a proxy for accessing VM consoles in other Zones. For instance, if you’re operating from Zone 2 and need to access a VM in Zone 1, FireEdge in Zone 2 will serve as a proxy. It forwards the WebSocket request to the FireEdge in Zone 1, allowing you to view and interact with the VM’s Guacamole window as if you were directly connected.

This innovative feature is set to debut in the next major OpenNebula 7.0 release, significantly improving the flexibility and efficiency of managing federated cloud infrastructures. By simplifying VM console access across Zones, OpenNebula enhances the overall user experience and supports more dynamic, federation-oriented architectures.

Looking Ahead

The introduction of VM Console Access in OpenNebula 7.0 marks an important milestone in cloud infrastructure management. As federated and disaggregated cloud environments become more prevalent, this feature will prove invaluable for administrators and users, streamlining operations and improving accessibility across complex setups.

Stay tuned for the OpenNebula 7.0 release to experience these advancements firsthand and explore how they can benefit your cloud infrastructure.

🇪🇺 Part of the new functionality has been funded by ONENextGen (Grant Agreement UNICO IPCEI-2023-003), supported by the Spanish Ministry for Digital Transformation and Civil Service through the UNICO IPCEI Program, co-funded by the European Union–NextGenerationEU through the Recovery and Resilience Facility (RRF).