cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Background Information

The RightScale platform communicates with the RCA-V in your vSphere environment using a secure WebSocket tunnel connection.

Answer

  • A WebSocket connection begins as an HTTP handshake and then upgrades in-place to speak the WebSocket wire protocol. As such, many existing HTTP security mechanisms also apply to a WebSocket connection. https://tools.ietf.org/html/rfc64550
  • The RCA-V Websocket tunnel is configured over TLS/SSL HTTPS port 443 and enables bi-directional communications.
  • The Websocket tunnel does not require enterprises to open additional ports in their firewalls.
  • The WebSocket endpoint is defined by a URL, which means origin-based security can be applied.
  • Client-to-server masking – Each WebSocket frame, with a frame containing a message, is automatically masked to prevent old or badly-implemented intermediaries (man-in-the-middle scenarios) from accidentally or deliberately causing issues based on bytes in the payload. Each frame contains the masking key so WebSocket-aware intermediaries can unmask the messages for protocol or packet inspection, or to enforce security policies, etc
Was this article helpful? Yes No
No ratings
Version history
Last update:
‎Jun 17, 2019 09:45 AM
Updated by: