Private / Exclusive console (virtual lab)

J

jebailie

New Member
Jun 29, 2017
2
0
1
54
Hello:

We'd like to use PVE in an education environment where each student would have access to their own VM.

The question is, after logging in (via LDAP), is it possible once a user opens a console on a particular VM (either SPICE or noVNC) that now that VM is 'off limits' to any other 'casual' user, that is, no other authenticated user would be able to view the console ?

Thanks!
- Jerry
 
Not sure if that's possible. I have built a Ruby on Rails front end app to manage the user interaction with proxmox. In fact no one really knows it's proxmox at the backend (Sorry guys! :)

This way I can tightly control who can perform what actions. I also use nginx reverse proxy for access to clients web servers, and guacamole for access to VNC, RDP, SSH to the VM as well. This way I only expose a single IP address and port 443 for the users to gain access to everything then need.
 
jebailie said:
The question is, after logging in (via LDAP), is it possible once a user opens a console on a particular VM (either SPICE or noVNC) that now that VM is 'off limits' to any other 'casual' user, that is, no other authenticated user would be able to view the console ?
Click to expand...

I don't think that this can happen "on access". I'd create the user, clone or provision the machine to this user and set the VM permissions accordingly. Then, only the user (and all other users like admins if they have the permission) can access the machine. This is possible with the GUI and also via CLI via ordinary, built-in rulesets.
 
Guy said:
This way I can tightly control who can perform what actions. I also use nginx reverse proxy for access to clients web servers, and guacamole for access to VNC, RDP, SSH to the VM as well. This way I only expose a single IP address and port 443 for the users to gain access to everything then need.
Click to expand...

Thank you @Guy for bringing guacamole to my attention! Deep in my head I knew that it existed, but you pulled it back out. Thanks!
 
Thanks for the input! I'm going to take a hard look at guacamole...

We're using X2GO now, would like to move beyond the client into strictly a browser.
 
You must log in or register to reply here.
Top Bottom