On 2018-08-17 16:24:21 -0400 (-0400), Jonathan Proulx wrote: [...] > Not sure why Max doesn't but one reason is OpenStack's VNC isn't > really secured except by proxy so if you get bridged into the network > the hypervisors are on you can connect to the VNC consoles directly on > the hyprevisor with no auth. [...]
Not to mention, at least for all the instances I run, a remote serial console already provides 100% of the features I need to perform OOB diagnostics in case I screw up boot options, guest networking, sshd, whatever: https://docs.openstack.org/nova/queens/admin/remote-console-access.html#serial-console I can imagine for some deployments, none of the users might want/need a graphical OOB console for their instances at all so wouldn't want to incur the overhead (especially securing it, as Jonathan so notes.) -- Jeremy Stanley
