This week we added support for the jail and zone console along with VNC for KVMs in FiFo.cloud. While that is interesting, there are some other fascinating aspects to it. One of the primary goals is allowing to run FiFo.cloud agents everywhere. No matter if your server is at home sitting under your desk, in a data center or a virtual machine at a cloud provider. We want you to be able to connect it to FiFo.cloud.
With console support, this means you can reach your zones and jails from everywhere that has internet access and a browser. That aside let’s talk a bit about how we do that.
For this networking is the most significant issue. We know that inbound connections are complicated at best and impossible at worst. So that was not an option. Instead, we decided to do the least invasive thing possible. Each fifo-agent opens a single TCP/TLS connection.
Then again being restricted to a single outgoing connection comes with its own problems especially when you require multiple bidirectional connections. To work around this limitation, we multiplex channels over the TLS connection we establish. This method allows us to have a bidirectional command channel along with multiple channels for consoles at the same time.