Private Cloud Consoles

Open Issues

• Combine Console and Gateway object ?
• Should we support more than one gateway chain to a console ? We will have to query ?
• Admin Terminating Console Session(s)
• Persistent Sessions
• Push Sessions -- Compute Resources auto-connecting to the Client
• Session Query and Status -- Do we need to report number of sessions with meta-data (user, Ip Addr, socket) ? This requires a session object ?

Overview

Use Cases

Generalized VM Execution Use Cases

• USE CASE 01 A VM executes on single computer platform with a single or multiple cpu cores.
• USE CASE 02 A VM executes on blade platform with a single or multiple cpu cores.

Generalized IO Console Configuration Use Cases

• USE CASE 03 A single computer platform supports one or more serial ports for console I/O
• USE CASE 04 A single compute platform supports one or more video outputs and one keyboard input
• USE CASE 05 A blade platform supports one or more serial ports for console I/O
• USE CASE 06 A blade platform supports one more video output and one keyboard input

Generalized IO Console Client to IO Console Server Connectivity Use Cases

• USE CASE 07 A blade platform management controller presents blade's video outputs and keyboard inputs via a network protocol including VNC, RDP and XWindows
• USE CASE 08 A blade platform management controller presents blade's serial ports via a network protocol including TELNET and SSH
• USE CASE 09 A KVM device controller presents single computer's video outputs and keyboard inputs via a network protocol including VNC, RDP and XWindows
• USE CASE 10 A Terminal Server presents a single computer's serial ports via a network protocol including TELNET and SSH

Hypervisor Software Use Cases

• USE CASE 11 A Hypervisor Software executing on a single blade presents VM's video outputs and keyboard inputs via a network protocol including VNC, RDP and XWindows
• USE CASE 12 A Hypervisor Software executing on a single blade presents a VM's serial ports via a network protocol including TELNET and SSH
• USE CASE 13 A Hypervisor Software executing on a single blade element presents VM's video outputs and keyboard inputs via a network protocol including VNC, RDP and XWindows
• USE CASE 14 A Hypervisor Software executing on a single blade element presents a VM's serial ports via a network protocol including TELNET and SSH

IO Console Sharing Use Cases

• USE CASE 15 More than one user may access a blade's platform management controller's presented blade's video outputs and keyboard inputs via a network (console instance sharing)
• USE CASE 16 More than one user may access a blade's platform management controller's presented blade's serial ports via a network (console instance sharing)
• USE CASE 17 More than one user may access a Terminal Server's presented single compute serial port via a network (console instance sharing)
• USE CASE 18 More than one user may access a KVM device's presented single compute serial port via a network (console instance sharing)

IO Console Configuration Use Cases

• USE CASE 19 Network Address of Terminal Server's presented single computer's serial port can be set by VM configuration
• USE CASE 20 Network port number of Terminal Server's presented single computer's serial port can be set by VM configuration
• USE CASE 21 Network Address of Terminal Server's presented single computer's serial port can be set by Cloud Provider Administration
• USE CASE 22 Network port number of Terminal Server's presented single computer's serial port can be set by Cloud Provider Administration
• USE CASE 23 Network Address of Terminal Server's presented single computer's serial port can be read by Cloud User(s) though VM configuration
• USE CASE 24 Network port number of Terminal Server's presented single computer's serial port can be read by Cloud Provider Administration though VM configuration
• USE CASE 25 Terminal Server's Network Address presenting a single computer's serial port can be is common across all Terminal Server's serial ports
• USE CASE 26 Network Address of KVM's presented single computer's graphical console can be set by VM configuration
• USE CASE 27 Network port number of KVM's presented single computer's graphical console can be set by VM configuration
• USE CASE 28 Network Address of KVM's presented single computer's graphical console can be set by Private Cloud Administration
• USE CASE 29 Network port number of KVM's presented single computer's graphical console can be set by Cloud Provider Administration
• USE CASE 30 Network Address of KVM's presented single computer's graphical console can be read by Cloud User(s) though VM configuration
• USE CASE 31 Network port number of KVM's presented single computer's graphical console can be read by Cloud Provider Administration though VM configuration
• USE CASE 32 KVM's Network Address presenting a single computer's graphical console can be is common across all Terminal Server's serial ports
• USE CASE 33 Network Address of a blade's platform management controller's presented blade's serial port can be set by VM configuration
• USE CASE 34 Network port number of a blade's platform management controller's presented blade's serial port can be set by VM configuration
• USE CASE 35 Network Address of a blade's platform management controller's presented blade's serial port can be set by Cloud Provider Administration
• USE CASE 36 Network port number of a blade's platform management controller's presented blade's serial port can be set by Cloud Provider Administration
• USE CASE 37 Network Address of a blade's platform management controller's presented blade's serial port can be read by Cloud User(s) though VM configuration
• USE CASE 38 Network port number of a blade's platform management controller's presented blade's serial port can be read by Cloud Provider Administration though VM configuration
• USE CASE 39 Terminal Server's Network Address presenting a blade's serial port can be is common across all a blade's platform management controller's serial ports presented
• USE CASE 40 Network Address of a blade's platform management controller's presented blade's graphical console can be set by VM configuration
• USE CASE 41 Network port number of a blade's platform management controller's presented blade's graphical console can be set by VM configuration
• USE CASE 42 Network Address of a blade's platform management controller's presented blade's graphical console can be set by Cloud Provider Administration
• USE CASE 43 Network port number of a blade's platform management controller's presented blade's graphical console can be set by Cloud Provider Administration
• USE CASE 44 Network Address of a blade's platform management controller's presented blade's graphical console can be read by Cloud User(s) though VM configuration
• USE CASE 45 Network port number of a blade's platform management controller's presented blade's graphical console can be read by Cloud Provider Administration though VM configuration
• USE CASE 46 Terminal Server's Network Address presenting a blade's graphical console can be is common across all a blade's platform management controller's serial ports presented

IO Console Authentication Use Cases

• USE CASE 47 A Terminal Server's presented single compute serial port has only one credential for all Private Cloud Administrators (user/customer) accessing the port
• USE CASE 48 A Terminal Server's presented single compute serial port has only one credential for each Private Cloud Administrator (user/customer) accessing the port
• USE CASE 49 A Terminal Server has only one credential for all Private Cloud Administrators (user/customer) accessing all presented single compute serial ports
• USE CASE 50 Terminal Server's presented single compute serial port's credentials can be set with the VM configuration by the Cloud Provider Administrator
• USE CASE 51 Terminal Server's presented single compute serial port's credentials can be set with the VM configuration by the Private Cloud Administrator (user/customer)
• USE CASE 52 Terminal Server's presented single compute serial port's credentials can be set with a external management application by the Cloud Administrator
• USE CASE 53 Terminal Server's credentials can be set with the VM configuration by the Cloud Provider Administrator
• USE CASE 54 Terminal Server's credentials can be set with the VM configuration by the Private Cloud Administrator (user/customer)
• USE CASE 55 Terminal Server's credentials can be set with a external management application by the Cloud Administrator
• USE CASE 56 A KVM's presented single computer's graphical console has only one credential for all Private Cloud Administrators (user/customer) accessing the port
• USE CASE 57 A KVM's presented single computer's graphical console has only one credential for each Private Cloud Administrator (user/customer) accessing the port
• USE CASE 58 A KVM has only one credential for all users accessing all presented computer's graphical consoles
• USE CASE 59 KVM's presented single computer's graphical console's credentials can be set with the VM configuration by the Cloud Administrator
• USE CASE 60 KVM's presented single computer's graphical console's credentials can be set with the VM configuration by the Private Cloud Administrators (user/customer)
• USE CASE 61 KVM's presented single computer's graphical console's credentials can be set with a external management application by the Cloud Administrator
• USE CASE 62 KVM's credentials can be set with the VM configuration by the Cloud Administrator
• USE CASE 63 KVM's credentials can be set with the VM configuration by the Private Cloud Administrator (user/customer)
• USE CASE 64 KVM's credentials can be set with a external management application by the Cloud Administrator
• USE CASE 65 A blade's platform management controller's presented blade serial ports has only one credential for all Private Cloud Administrators (user/customer) accessing the port
• USE CASE 66 A blade's platform management controller's presented blade serial ports has only one credential for each Private Cloud Administrator (user/customer) accessing the port
• USE CASE 67 A blade's platform management controller has only one credential for all Private Cloud Administrators (user/customer) accessing all presented blade serial ports
• USE CASE 68 A blade's platform management controller's presented blade serial port's credentials can be set with the VM configuration by the Cloud Provider Administrator
• USE CASE 69 A blade's platform management controller's presented blades serial port's credentials can be set with the VM configuration by the Private Cloud Administrator (user/customer)
• USE CASE 70 A blade's platform management controller's presented blade serial port's credentials can be set with a external management application by the Cloud Provider Administrator
• USE CASE 71 A blade's platform management controller's credentials can be set with the VM configuration by the Cloud Provider Administrator
• USE CASE 72 A blade's platform management controller's credentials can be set with the VM configuration by the Private Cloud Administrator (user/customer)
• USE CASE 73 A blade's platform management controller's credentials can be set with a external management application by the Cloud Provider Administrator
• USE CASE 74 A blade's platform management controller's presented blade's graphical console has only one credential for all Private Cloud Administrators (user/customer) accessing the port
• USE CASE 75 A blade's platform management controller's presented blade's graphical console has only one credential for each Private Cloud Administrator (user/customer) accessing the port
• USE CASE 76 A blade's platform management controller has only one credential for all Private Cloud Administrators (user/customer) accessing all presented blade's graphical consoles
• USE CASE 77 A blade's platform management controller's presented blade's graphical console's credentials can be set with the VM configuration by the Cloud Provider Administrator
• USE CASE 78 A blade's platform management controller's presented blade's graphical console's credentials can be set with the VM configuration by the Private Cloud Administrator (user/customer)
• USE CASE 79 A blade's platform management controller's presented blade's graphical console's credentials can be set with a external management application by the Cloud Provider Administrator
• USE CASE 80 A blade's platform management controller's credentials can be set with the VM configuration by the Cloud Provider Administrator
• USE CASE 81 A blade's platform management controller's credentials can be set with the VM configuration by the Private Cloud Administrator (user/customer)
• USE CASE 82 A blade's platform management controller's credentials can be set with a external management application by the Cloud Provider Administrator

Limits

• Desktop Virtualization created by the executing operating system in a VM is not in the scope of this use case model.

OCCI Console Model

A console is a Human Interaction Device (HID) interface to a Compute Resource. The console is responsible for acquiring user input in the form of keyboard actions and optionally mouse actions and availing them to the Compute Resource. The console is also responsible for presenting information from the Compute Resource to the User. Information presented may be in either textural, graphical or text in a graphical context. A compute Resource MAY support more than one Console Resource. Consoles MAY support one or more User sessions simultaneously.

Console information exchanged between the user and the Compute Resource is expected to occur over a network session. The are a wide variety of protocols that may be used for C/U information interchange. This specification only defines the protocols used. The details including the format of the data exchange are out of scope for this specification.

Console

This specification defines two basic models to define the Console Resource; a Graphical Frame Buffer Console and a Serial Console, each are well defined computer architecture components. references needed The primary difference between the models is the method the Compute Resource presents information the the User.

In Graphical Frame Buffer model, the Console Resources is represented as a virtual video card's frame buffer. The Compute Resource is responsible for placing data into the graphical frame buffer area that is transferred to the User.

The Serial Console style Console Resources is represented as a duplex serial port capable of exchanging Compute Resource information with the User.

NOTE: Some console implementation may include support for audio devices. Definition of any Audio device is out of scope of this specification.

The OCCI Console model defines a Console Resource as a a single OCCI category. For the Graphical Frame Buffer Console, the keyboard device, mouse device and Graphical Frame Buffer are represented as a single Console Resource. This also true for the Serial Console, the virtual serial port is represented as a single Console Resource.

Console Gateways

Access to a OCCI Console Resource MAY require a specific routing path though one or more console gateways. The gateways provide routing between the Console Resource and the User or another Console Gateway. Gateways may be organized sequentially (chained) to provide a routing path between the User and the Console Resource. The User is assumed to access the initial gateway though network connectivity. However, subsequent gateways (internal to a chain) do not have the requirement to provide network access, internal gateways only require an addressing scheme to interconnect the Console Resource with the User or interconnect to the next gateway in the chain.

The Console gateways are sequentially bound to the Console Resource via the OCCI link. When a single Gateway is Linked to a Console, the Gateway directly Linked to the Console MUST use the Console's address and port to connect to the Console. When one or more Gateways are Linked to a Console in a chain, the User MUST use the values in the address and selector attributes of the last Gateway in the chain to connect to the Console Resource. Additionally when one or more Gateways are Linked to a Console, a gateway MUST use the values in the address and selector attributes of the next gateway closest to the Console Resource to ensure a communication chain to the Console Resource.

Console Security

OCCI Console Resources SHOULD support an authentication scheme. The specific scheme should be defined by the Interchange Protocol. Specifying the authentication scheme and protocol is considered out of scope for this specification.

If the OCCI Console Resources supports an authentication scheme, OCCI implementers MUST support OCCI Security Credentials. OCCI Console Resources and Console Gateways are associated with OCCI Security Credentials via the category Link. Credentials usage MUST align with OCCI Credential profiles for Single Consumers, Multiple Consumers, Provisioning, Instantiation and Third Party issued credentials. The Use Case Model for the Console is derived from the elements and interactions described in the use cases above.

Console Attributes

The attributes that MUST be exposed by an instance of the I/O Console resource type are as follows:

Gateway Attributes

The attributes that MUST be exposed by an instance of the Console Gateway type are as follows: