Note: Please go to to access the current RightScale documentation set. Also, feel free to Chat with us!
Home > Clouds > VMware > FAQs > How secure is a websocket tunnel?

How secure is a websocket tunnel?

Table of Contents
Background Information

The RightScale platform communicates with the RCA-V in your vSphere environment using a secure WebSocket tunnel connection. 




  • A WebSocket connection begins as an HTTP handshake and then upgrades in-place to speak the WebSocket wire protocol.  As such, many existing HTTP security mechanisms also apply to a WebSocket connection.
  • The RCA-V Websocket tunnel is configured over TLS/SSL HTTPS port 443 and enables bi-directional communications.
  • The Websocket tunnel does not require enterprises to open additional ports in their firewalls.
  • The WebSocket endpoint is defined by a URL, which means origin-based security can be applied.
  • Client-to-server masking – Each WebSocket frame, with a frame containing a message, is automatically masked to prevent old or badly-implemented intermediaries ("man-in-the-middle" scenarios) from accidentally or deliberately causing issues based on bytes in the payload. Each frame contains the masking key so WebSocket-aware intermediaries can unmask the messages for protocol or packet inspection, or to enforce security policies, etc.
You must to post a comment.
Last modified
16:21, 21 Apr 2014



This page has no classifications.



© 2006-2014 RightScale, Inc. All rights reserved.
RightScale is a registered trademark of RightScale, Inc. All other products and services may be trademarks or servicemarks of their respective owners.