Xen Orchestra 4.5

XO 4.5 is out, 2 weeks after 4.4: we're back to our high release rate! And it doesn't mean we made only few things. Check the changelog: it's not bad at all ;)

Hide non-authorized controls

This was a very popular request: if a user does NOT have the right to do an action (e.g: Remove the VM), we should hide this button in the interface.

Despite that's seems trivial, it is not: because xo-server centralize all the permissions, xo-web can't guess if it's authorized before sending the request.

Two solutions:

  • re-write the ACLs in the xo-web side: it will duplicate the rules and leads to bugs in the long run
  • write a lib centralizing the ACLs, accessible from both xo-server and xo-web.

For this release, we choose to hide quickly what's really needed in the first place (in the VM view). But as soon the external ACLs lib is out, we'll switch to the better solution. It will be totally transparent on your side.

Before, for a "Viewer" only, you can see everything, even if you don't have the right to really make the action (like "Stop"):

before hide buttons

After, for the same user:

before hide buttons

We also hide where the VM is running if the user hasn't any right on the host/pool.

For sure, we'll make a UI review to have a nicer UI when we hide buttons (planned for the 4.6 in 15 days).

ACLs on networks

You can now authorize users to see networks to create VIFs in their VMs:

Plus, if you don't give any permission on the network, a user can't view any of your network in its own VM:

Faster consoles

We no longer use the ws-proxy piece of code existing in XenServer, but we are connecting directly to the console in RAW HTTP. Results: consoles are displayed faster:

You can read this blog post for more details.

GitHub sign-on

After a generic SSO SAML provider available in 4.4, it's time to allow people with a GitHub account to access Xen Orchestra. This is great for our admins delegating VMs to their developers (or a contractor), without creating a account somewhere else.

GitHub icon

You just have to create an app in GitHub and provide the credentials given there. Then modify the configuration of xo-server:

    clientID: xxxxxxxxxxxxxxxx
    clientSecret: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Parallel coordinates graph

This kind of graph is useful to discriminate what is the "main" type of VM in your infrastructure from your "special" VMs (i.e: VMs with a configuration very different from others). But also filter to find a specific set of VMs.


Parcords example

You can learn more about it in a previous post.

Heatmap improvements

You can use consolidated values for CPUs in your host or VM (note the "All CPUs" in the 2nd select field):

heatmap CPU consolidated

Or you can aggregate hosts or VMs for a better global view. You want to see all network upload for a specific set of VM? Piece of cake:

heatmap multiple VMs

Consolidated valued for 3 VMs

In this video, consolidated heatmap for all my hosts in two clicks:

Neat eh?

VM scheduled exports only with meta data

Want to export a VM without its disks? (only the configuration). It's now possible. Just select this checkbox:

Checkbox metadata


  1. Already a XOA user? Just use the updater for a smooth experience, and start to use 4.5 right now! Don't forget to refresh your browser after the update.
  2. Or download it in your member zone and make the update :)

What's next

The 4.6 milestone is almost established, with:

  • XO plugin configuration in the web interface (configure SSO, LDAP and other plugin directly in the web interface, avoiding the "YAML nightmare" effect)
  • XenServer tags management
  • Google as an external login provider
  • A page to change its own password (for non-SSO users)
  • Auto ACL hierarchy and better UI
  • A brand new (and very nice) new visualization :)
  • First draft of the VM creation self service (for beta tests only)

All of this in the next 15 days!