The console technology doesn’t really matter. The encryption is the part of 
concern. You have two choices:

* Shared secret: set up a crypto password in advance, get it onto the CPVM and 
browser in some secure manner. Basically, however you do this you’re 
compromised once somebody sniffs the connection and gets the 
token/password/whatever.
* Public/private key: This is what ACS uses, and as long as you don’t share the 
private key across the internet in a code repository, self sign the key, or use 
a CA authority that’s somewhat competent.

Folks may think this isn’t that big a deal for an internal cloud, but if that 
cloud is running production systems and you’re even vaguely concerned about 
their security, then securing that proxy should be on your mind.

John


On Mar 11, 2014, at 2:32 AM, Paul Angus 
<paul.an...@shapeblue.com<mailto:paul.an...@shapeblue.com>> wrote:

Just thinking out loud;

Would using a secure vnc connection over http achieve the same result as using 
a secure http session - the authentication token is in the initial url anyway..

Regards,

Paul Angus
Cloud Architect
S: +44 20 3603 0540 | M: +447711418784 | T: @CloudyAngus
paul.an...@shapeblue.com<mailto:paul.an...@shapeblue.com>


Need Enterprise Grade Support for Apache CloudStack?
Our CloudStack Infrastructure 
Support<http://shapeblue.com/cloudstack-infrastructure-support/> offers the 
best 24/7 SLA for CloudStack Environments.

Apache CloudStack Bootcamp training courses

**NEW!** CloudStack 4.2.1 training<http://shapeblue.com/cloudstack-training/>
18th-19th February 2014, Brazil. 
Classroom<http://shapeblue.com/cloudstack-training/>
17th-23rd March 2014, Region A. Instructor led, 
On-line<http://shapeblue.com/cloudstack-training/>
24th-28th March 2014, Region B. Instructor led, 
On-line<http://shapeblue.com/cloudstack-training/>
16th-20th June 2014, Region A. Instructor led, 
On-line<http://shapeblue.com/cloudstack-training/>
23rd-27th June 2014, Region B. Instructor led, 
On-line<http://shapeblue.com/cloudstack-training/>

This email and any attachments to it may be confidential and are intended 
solely for the use of the individual to whom it is addressed. Any views or 
opinions expressed are solely those of the author and do not necessarily 
represent those of Shape Blue Ltd or related companies. If you are not the 
intended recipient of this email, you must neither take any action based upon 
its contents, nor copy or show it to anyone. Please contact the sender if you 
believe you have received this email in error. Shape Blue Ltd is a company 
incorporated in England & Wales. ShapeBlue Services India LLP is a company 
incorporated in India and is operated under license from Shape Blue Ltd. Shape 
Blue Brasil Consultoria Ltda is a company incorporated in Brasil and is 
operated under license from Shape Blue Ltd. ShapeBlue is a registered trademark.

Stratosec<http://stratosec.co/> - Compliance as a Service
o: 415.315.9385
@johnlkinsella<http://twitter.com/johnlkinsella>

Reply via email to