Feature pages are design documents that developers have created while collaborating on oVirt.

Most of them are outdated , but provide historical design context.

They are not user documentation and should not be treated as such.

Documentation is available here.

Smartcard Support

Summary

  • Support pass through of Smartcard attached to client to a virtual machine
  • Allow the VM owner or administrator to specify if a virtual machine should support smartcard
  • Allow the VM user (on portal) to be able to disable this setting.
  • Support configuring this option via web admin, Power user portal, REST API and CLI

Owner

Current status

Pending review: finished

Requirements

Should be supported on ActiveX and Linux/XPI client

  • on client
    • spice-xpi-2.7-20 or higher
    • console type spice
    • does not work with spice-activex-win browser plugin
  • on guest
    • coolkey-1.1.0-20.el6 or higher
    • esc-1.1.0-24.el6_2.2 or higher

Detailed Description

Webadmin/Power User Portal

Affected dialogs:

  • new/edit VM dialog
  • new/edit Pool dialog
  • edit template dialog contains in console
  • console options in (Power) User Portal
  • VM details part in User Portal

Changes:

  • on new/edit dialogs in console side tab a new checkbox with label "Smartcard enabled" has been added.
  • on console options dialog a new checkbox "Disable smartcard" has been added
  • a visual indication that the smartcard will be enabled has been added

Behavior:

  • The "Smartcard enabled" checkbox is enabled only for the Spice client, it is visible but disabled for VNC.
  • if the checkbox is checked and the user starts a VM, engine sends the smartcardEnable as true to the VDSM (please refer to the VDSM part of this document for it's meaning)
  • if the checkbox is checked (e.g. smartcard is enabled) and the user clicks the console button (e.g. connects to guest), the application sets the Smartcard property on the spice-xpi plugin to true which has the same effect than calling the spicec –smartcard
    • Should also be supported for ActiveX
  • In "Console options" dialog within the user portal the end user has the option to override this setting and not pass the enable smart card option to the spice client
    • If the smartcard option is enabled for the virtual machine then a "Disable smartcard" option is presented in the console options
    • If the smartcard option is not enabled for the virtual machine then "Disable smartcard" checkbox does NOT appear in the console options
    • Note the user is only able to disable this option.
  • The user portal provides a visual indication that the smart card will be enabled (in the User Portal the Vm details part contains "Spice with Smartcard" instead of Spice in the Console line)

REST API

  • the display now contains a new optional property smartcard_enabled.
  • if not set, the default value is false
  • example of creating a VM with smartcard enabled:

        vm2     Virtual Machine 2     desktop     536870912              Default                      <boot dev="hd"/>                   true     

     

VDSM

  • When VDSM receives a device named smartcard it adds to the libvirt configuration to the devices part the following:

    <smartcard mode="passthrough" type="spicevmc"/>  

Documentation / External references