RHEV and network-restricted environments

Latest response

In my lab environment,  there are only a limited number of ports that are open by a firewall external to both the manager and the hypervisors.  This is sufficient to register hypervisors and create and deploy virtual machines.   I can ssh, ping, and access the hosts via http and https.

The problem that I am encountering is that the ports I need to access the consoles via spice or vnc are not open.   I can do very 'hackish' things like create an ssh tunnel forwarding vnc ports from the hypervisor host to the client but this is far less than optimal.  The reality is that the the external firewalls won't be changed without major effort (company policy) so I am wondering what my options are.  I don't think my environment is that unique that this won't be seen elsewhere.

Is there any kind of a proxy that can be setup to enable access to the guests in these environments?  Other solutions?

Responses

Currently, the only workable solution, is to have yout guests on the same VLAN as the display network. That can be done directly, or using VPN. That means you can keep the host networks protected, and leave only one interface in the same VLAN where the users are. 

Thanks for the quick response.
 

Oh well... this will make RHEV more difficult to use in this environment since the firewall limitations are corporate-wide.  There's a segregation of 'server' and 'client' networks.  

You could always make a case of the display network being more related to 'clients' than to 'servers', but indeed, this is the only interface you will need in the client VLAN, and we are working on a proxy-like solution for the future