How does Virtual Machine VNC console work in Parallels Cloud Infrastructure environment?
Starting from POA 5.5 and PCS 6.0 update 4, customers have the ability to open VM console directly in their control panel. This console establishes a remote SSL connection to the VNC server, running on the PCS node, and the port, assigned to the VM.
How it looks like from the PCS server backend:
VM is configured to serve VNC on specific port
[root@HWN ~]# prlctl list --info $VM_NAME | grep display Remote display: mode=auto port=5803 address=0.0.0.0 Remote display state: running
On VM start, there two processes appear and start listening for incoming connections:
prl_vncserver, responsible for processing the VNC connection itself, and
stunnel, which encrypts the communication between the server and the client and listens on the port, assigned to the VM:
[root@HWN ~]# netstat -ntpl | grep 580 tcp 0 0 0.0.0.0:5800 0.0.0.0:* LISTEN 223587/prl_vncserver tcp 0 0 0.0.0.0:5803 0.0.0.0:* LISTEN 223614/stunnel
When a PCS node gets registered in PACI, the Parallels Dispatcher service receives the certificate that is used for the SSL connection and stores it inside its internal structures.
NOTE: Outside of the PACI environment, the VNC connection is non-encrypted by default, and the VNC port is being listened by the
prl_vncserver process itself.