cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1258
Views
0
Helpful
2
Replies

ciac 3/3.1 remote console

tonimaatta12
Level 1
Level 1

Many customer's complain about CIAC that there's no remote console possibility at all ? Has anyone created a button for console or any

other workarounds ? IMHO, that should be added there, since if you lose a connection to your server you have no way to check server's status.

eg. vmware remote console plugin could solve this ?

// Toni

2 Replies 2

derevan
Level 4
Level 4

This is something we have implemented for both vCloud Director (via VMRC) and OpenStack (via noVNC) in the Multi-Cloud solution accelerator (see http://cs.co/cloudcommunity). The "My Servers" portlets were modified with a nice console button associated with the appropriate URL populated in a new property of the Virtual Server Service Item when the server is first created. Although not part of the Multi-Cloud content itself, this could be extended to cover vCenter virtual servers via one of the extension points where the Console URL can be set. The simplest method is to calculate the vCenter URL (an example can be found in the vCloud "Get VM Details" activity, which returns a Console URL). That atomic activity is in the vCloud Director TAP, which you can download from the solution accelerator community--be sure to enable viewing atomics in your PO console).

When you use the vCenter console URL, users will be asked to provide vCenter credentials before the console is loaded (and they will have to do a one-time install of the VMRC plugin for their browser). Some customers did not like having the added logon, so we devised a backdoor method that provides generic credentials behind the scenes via an IIS javascript plugin. I have an example of that and if there is enough interest I can publish to the design center.

There are some security concerns regarding use of VMRC. One is that if users do not log out of their console, any user with access to the URL would be able to gain access (if they had vCenter credentials). Some of this can be mitigated through the use of vCenter's console role and VM access ownership. The IIS passthrough method is the least secure in that it allows anyone access to any console (if they have credentials for that server), and, this is especially problematic if the console remains logged in after disconnect. I have not explored whether there is ant option for automatically logging off after disconnect.It would also be possible to modify the simple passthrough method using a generic account to do something more elaborate including some sort of SSO implementation (not something we have yet attempted).

There are other lower level security concerns, but I will allow others to comment on those.

This is definitely an area where we are sorely lacking best practices, so those who have a need for this type of functionality are encouraged to help contribute to evolve solutions in support of console access, perhaps based on the preliminary work that we have already done, or some alternative method.

Hello,         

Any update about the console for the VM in the next 4.0 Version? Is there a solution for vCenter (without vCloud Director)

Thanks,

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: