Implement Remote KVM feature on Intel vPro platforms to support Redfish APIs #830
Description
Is your feature request related to a problem? Please describe.
The Remote KVM diagnostic feature provided on vPro platforms is implemented today using DMTF DASH protocol and WS-MAN APIs. DMTF has now developed the RedFish protocol with REST APIs, which the ecosystem is widely adopting and bringing it into various in-band manageability solutions be it proprietary or open-source. Intel vPro platforms are not compatible with the Redfish protocol today. Partners and Customers need a single pane of glass manageability interface from edge to cloud where Redfish plays a crucial role and the server (cloud/data center) world has adopted this through discrete OOB manageability silicon like BMC. The customers now want to work with Intel client platforms with integrated OOB silicon and perform extensive diagnosis with user friendly features like remote KVM, etc. using the Redfish protocol & REST APIs.
Today, remote KVM on vPro platforms is not implemented with Redfish APIs and makes it difficult to integrate with customers Redfish based in-band solutions.
Describe the solution you'd like
Remote KVM in a BMC is implemented by using Redfish to negotiate session tokens and discover endpoint URIs, which then initiate a separate, high-performance websocket or VNC connection for real-time video streaming and input redirection. The BMC acts as a server, capturing video output and inputting keyboard/mouse events, while the Redfish API handles authentication and configuration
Key Aspects of Implementation:
Protocol: While Redfish defines the management, the actual KVM traffic often uses VNC (Virtual Network Computing) or WebSocket-based protocols to handle continuous, low-latency data streams.
Session Negotiation: A client uses Redfish to POST to a sessions resource, obtaining a token to authenticate the KVM session.
Launch Mechanism: The KVM session is usually launched by navigating to a specific URI discovered via the Manager or ComputerSystem Redfish resources.
Security: The session utilizes HTTPS for initial connection and standard WebSockets/VNC for the video feed, often requiring session authentication.
Integration: In frameworks like OpenBMC, the {Link: bmcweb https://github.com/openbmc/bmcweb} handles the translation between Redfish REST requests and the underlying D-Bus objects that control the KVM.
Redfish & KVM Workflow:
Discover: The client queries the Systems or Managers resource to find the RemoteConsole property.
Authenticate: The client sends a POST request to create a session and receive a token.
Launch: The client uses the token to initiate a WebSocket or VNC connection to the KVM endpoint, enabling remote mouse/keyboard/video access.
Manage: The KVM session remains active independently of the REST API connection.
For this implementation, the Redfish APIs need to be intercepted by the DMT console, and get the KVM endpoint using the DASH WS-MAN APIs and facilitate the Websocket or VNC connection to enable remote KVM.
Describe alternatives you've considered
OpenBMC at the silicon FW level was considered as an option.
Additional context
Add any other context or screenshots about the feature request here.