Adding docs for noVNC

davidjumani · davidjumani · commit 692aa559bec1 · 2020-09-18T16:47:22.000+05:30
diff --git a/source/adminguide/systemvm.rst b/source/adminguide/systemvm.rst
@@ -57,7 +57,7 @@ of memory.
    the following location:
 
    .. cssclass:: table-striped table-bordered table-hover
-   
+
    ==========  ================================================================================================
    Hypervisor  Download Location
    ==========  ================================================================================================
@@ -112,15 +112,23 @@ to the VNC port made available via the hypervisor for the console of the
 guest. Both the administrator and end user web UIs offer a console
 connection.
 
-Clicking a console icon brings up a new window. The AJAX code downloaded
+Clicking a console icon brings up a new window. The console viewer
 into that window refers to the public IP address of a console proxy VM.
 There is exactly one public IP address allocated per console proxy VM.
-The AJAX application connects to this IP. The console proxy then proxies
+The viewer application connects to this IP. The console proxy then proxies
 the connection to the VNC port for the requested VM on the Host hosting
 the guest.
 
-.. note:: 
-   The hypervisors will have many ports assigned to VNC usage so that 
+Since 4.15, noVNC has been integrated into the console proxy and is the
+default viewer. It inherently supports multiple keyboard layouts configured
+in the guest virtual machine. Additionally, it can scale the display as
+well as paste into the console.
+
+noVNC is set as the default console viewer which be changed via the
+"novnc.console.default" global setting, which is set to true by default.
+
+.. note::
+   The hypervisors will have many ports assigned to VNC usage so that
    multiple VNC sessions can occur simultaneously.
 
 There is never any traffic to the guest virtual IP, and there is no need
@@ -145,37 +153,37 @@ interrupt existing console sessions for users.
 Using a SSL Certificate for the Console Proxy
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
-By default, the console viewing functionality uses plaintext HTTP. In 
+By default, the console viewing functionality uses plaintext HTTP. In
 any production environment, the console proxy connection should be
 encrypted via SSL at the mininum.
 
 A CloudStack administrator has 2 ways to secure the console proxy
 communication with SSL:
 
 -  Set up a SSL wild-card certificate and domain name resolution
-   
+
 -  Set up SSL certificate for specific FQDN and configure load-balancer
 
 
 Changing the Console Proxy SSL Certificate and Domain
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
-The administrator can configure SSL encryption  by selecting a domain 
-and uploading a new SSL certificate and private key. The domain must 
-run a DNS service that is capable of resolving queries for addresses 
+The administrator can configure SSL encryption  by selecting a domain
+and uploading a new SSL certificate and private key. The domain must
+run a DNS service that is capable of resolving queries for addresses
 of the form aaa-bbb-ccc-ddd.your.domain to an IPv4 IP address in the
-form aaa.bbb.ccc.ddd, for example, 202.8.44.1. To change the console 
+form aaa.bbb.ccc.ddd, for example, 202.8.44.1. To change the console
 proxy domain, SSL certificate, and private key:
 
 #. Set up dynamic name resolution or populate all possible DNS names in
    your public IP range into your existing DNS server with the format
    aaa-bbb-ccc-ddd.consoleproxy.company.com -> aaa.bbb.ccc.ddd.
 
    .. note::
-      In these steps you will notice *consoleproxy.company.com* -For 
-      security best practices, we recommend creating a wildcard SSL 
-      certificate on a separate subdomain so in the event that the 
-      certificate is compromised, a malicious user cannot impersonate 
+      In these steps you will notice *consoleproxy.company.com* -For
+      security best practices, we recommend creating a wildcard SSL
+      certificate on a separate subdomain so in the event that the
+      certificate is compromised, a malicious user cannot impersonate
       a company.com domain.
 
 #. Generate the private key and certificate signing request (CSR). When
@@ -189,7 +197,7 @@ proxy domain, SSL certificate, and private key:
 
          openssl genrsa -des3 -out yourprivate.key 2048
 
-   #. Generate a new certificate CSR. Ensure the creation of a wildcard 
+   #. Generate a new certificate CSR. Ensure the creation of a wildcard
       certificate, eg ``*.consoleproxy.company.com``
 
       .. code:: bash
@@ -229,8 +237,8 @@ proxy domain, SSL certificate, and private key:
    interruption in console availability.
 
 The Management Server generates URLs of the form
-"aaa-bbb-ccc-ddd.consoleproxy.company.com" after this change is made. 
-The new console requests will be served with the new DNS domain name, 
+"aaa-bbb-ccc-ddd.consoleproxy.company.com" after this change is made.
+The new console requests will be served with the new DNS domain name,
 certificate, and key.
 
 Uploading ROOT CA and Intermediate CA
@@ -270,12 +278,12 @@ so the new SSVM and CPVM with new certificates are created.
 
 Load-balancing Console Proxies
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-An alternative to using dynamic DNS or creating a range of DNS entries 
+An alternative to using dynamic DNS or creating a range of DNS entries
 as described in the last section would be to create a SSL certificate
 for a specific domain name, configure CloudStack to use that particular
 FQDN, and then configure a load balancer to load balance the console
-proxy's IP address behind the FQDN. As the functionality for this is 
-still new, please see 
+proxy's IP address behind the FQDN. As the functionality for this is
+still new, please see
 https://cwiki.apache.org/confluence/display/CLOUDSTACK/Realhost+IP+changes
 for more details.
 
@@ -322,26 +330,26 @@ Upgrading a Virtual Router with System Service Offerings
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 When CloudStack creates a virtual router, it uses default settings which
-are defined in a default system service offering. See `“System Service 
+are defined in a default system service offering. See `“System Service
 Offerings” <#system-service-offerings>`_. All the
 virtual routers in a single guest network use the same system service
 offering. You can upgrade the capabilities of the virtual router by
 creating and applying a custom system service offering.
 
-#. Define your custom system service offering. 
-   See `“Creating a New System Service Offering” 
-   <#creating-a-new-system-service-offering>`_. 
+#. Define your custom system service offering.
+   See `“Creating a New System Service Offering”
+   <#creating-a-new-system-service-offering>`_.
    In System VM Type, choose Domain Router.
 
 #. Associate the system service offering with a network offering. See
-   `“Creating a New Network Offering” 
+   `“Creating a New Network Offering”
    <networking.html#creating-a-new-network-offering>`_.
 
 #. Apply the network offering to the network where you want the virtual
    routers to use the new system service offering. If this is a new
    network, follow the steps in Adding an Additional Guest Network on
    page 66. To change the service offering for existing virtual routers,
-   follow the steps in `“Changing the Network Offering on a Guest Network” 
+   follow the steps in `“Changing the Network Offering on a Guest Network”
    <networking2.html#changing-the-network-offering-on-a-guest-network>`_.
 
 
@@ -352,26 +360,26 @@ Best Practices for Virtual Routers
    deletes all the iptables rules. To work around this issue, stop the
    virtual router and start it from the CloudStack UI.
 
--  .. warning:: 
-      Do not use the destroyRouter API when only one router is available 
-      in the network, because restartNetwork API with the cleanup=false 
-      parameter can't recreate it later. If you want to destroy and 
-      recreate the single router available in the network, use the 
+-  .. warning::
+      Do not use the destroyRouter API when only one router is available
+      in the network, because restartNetwork API with the cleanup=false
+      parameter can't recreate it later. If you want to destroy and
+      recreate the single router available in the network, use the
       restartNetwork API with the cleanup=true parameter.
 
 
 Service Monitoring Tool for Virtual Router
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
-Various services running on the CloudStack virtual routers can be 
+Various services running on the CloudStack virtual routers can be
 monitored by using a Service Monitoring tool. The tool ensures that
-services are successfully running until CloudStack deliberately disables 
-them. If a service goes down, the tool automatically restarts the 
-service, and if that does not help bringing up the service, an alert as 
-well as an event is generated indicating the failure. A new global 
-parameter, ``network.router.enableservicemonitoring``, has been 
-introduced to control this feature. The default value is false, implies, 
-monitoring is disabled. When you enable, ensure that the Management 
+services are successfully running until CloudStack deliberately disables
+them. If a service goes down, the tool automatically restarts the
+service, and if that does not help bringing up the service, an alert as
+well as an event is generated indicating the failure. A new global
+parameter, ``network.router.enableservicemonitoring``, has been
+introduced to control this feature. The default value is false, implies,
+monitoring is disabled. When you enable, ensure that the Management
 Server and the router are restarted.
 
 Monitoring tool can help to start a VR service, which is crashed due to
@@ -382,9 +390,9 @@ an unexpected reason. For example:
 -  The services that are terminated by the OS when memory or CPU is not
    sufficiently available for the service.
 
-.. note:: 
-   Only those services with daemons are monitored. The services that are 
-   failed due to errors in the service/daemon configuration file cannot 
+.. note::
+   Only those services with daemons are monitored. The services that are
+   failed due to errors in the service/daemon configuration file cannot
    be restarted by the Monitoring tool. VPC networks are not supported.
 
 The following services are monitored in a VR:
@@ -593,3 +601,4 @@ in an immediate termination of the command and report back to the operator that
 
 
 
+
