Similar to my vCloud Director article, you can also provide access to the remote console of a virtual machine in a vSphere environment to your end users. This can be accomplished by leveraging both the vSphere and VMRC (Virtual Machine Remote Console) APIs and can be useful if you are building a custom portal for users to access their virtual machines. To use the VMRC API, you can download the latest VMRC 5.1 SDK which provides the following:
Step 1 - Download the VMRC 5.1 SDK and extract the contents to your local desktop.
Step 2 - Open the vmrc-embed-example.html using a web browser located in the docs folder.
Note: In my example, I uploaded both the javascript and html file to a web server and accessed the sample by connecting to the server instead of running it locally on my desktop. This was to show how users could access the custom portal using the VMRC SDK.
Step 3 - At the top of the page where it says "VMRC Modes", make "MKS" is selected in the drop down box and click on the "+" icon to add. Then go ahead and click on the "Start" button to start a VMRC instance and ensure you see a success message on the right hand side of the console box.
Step 4 - To authenticate to VMRC, you will need a session ticket which will be obtained through the use of the vSphere API using the acquireCloneTicket() method provided by the SessionManager managed object. In this example, we will be using the vSphere MOB to quickly retrieve our session ticket, but in a real implementation, you would programamtically retrieve the session ticket along with few othe pieces of information to connect to the VMRC. Open up a new tab in your web browser and connect to the following URL:
Once you have authenticated, go ahead and click on the "Invoke Method" which should generate a session ticket:
Step 5 - Copy the session ticket string and go back to our VMRC sample page. We will now need to fill out the following sections before we can access the remote console of a virtual machine:
The VMRC SDK allows you to use a Web-based application to connect to a vCenter- or vCloud Director-managed virtual machine and access that virtual machine’s console in a browser window. You can interact with the virtual machine console input and screen. You can also use the VMRC SDK to manage virtual and physical device connections on a vCenter-managed virtual machine.The VMRC SDK includes documentation to the API as well as a sample webpage implementing some basic functionality of the VMRC API. I recently received a question on how to get started with the sample as it was not completely intuitive and thought I take you through the required steps to get the sample working.
Step 1 - Download the VMRC 5.1 SDK and extract the contents to your local desktop.
Step 2 - Open the vmrc-embed-example.html using a web browser located in the docs folder.
Note: In my example, I uploaded both the javascript and html file to a web server and accessed the sample by connecting to the server instead of running it locally on my desktop. This was to show how users could access the custom portal using the VMRC SDK.
Step 3 - At the top of the page where it says "VMRC Modes", make "MKS" is selected in the drop down box and click on the "+" icon to add. Then go ahead and click on the "Start" button to start a VMRC instance and ensure you see a success message on the right hand side of the console box.
https://reflex.primp-industries.com/mob/?moid=SessionManager&method=acquireCloneTicketNote: Make sure you substitute in your vCenter Server IP Address/Hostname
Once you have authenticated, go ahead and click on the "Invoke Method" which should generate a session ticket:
- Hostname (IP Address/Hostname of your vCenter Server)
- Allow SSL Validation Errors (Check this if you are using self signed SSL certificates)
- Ticket (Paste the session ticket from the previous step here)
- VM ID (This is the MoRef ID of the VM you wish to connect to the remote console)
William,
ReplyDeleteThanks for the inspiration and tools. Since you released the Perl ticket generator last year, and since the release of the VMRC SDK, I have been planning on putting it all together to make to make a web-based control center for limited access to do: snapshots, power-on, power-off, and console. Essentially, a limited set of tools that a person would need without having to open up vCenter.
np! I'm glad you've found the tools and articles to be useful. Perhaps when you've put everything together, you won't mind sharing what you've built and maybe some lessons learn/tips for others that might be interesting in providing a similar solution. Thanks again for the comments
Deletegreat info William.
ReplyDeleteAnd devides sharing working :)
I want write proxy for console, becouse my vCenter is hidden behind a NAT.
Did You try write console proxy like in vCloud Director?
Or try use haproxy for this.
Hi Willam,
ReplyDeleteIs this tool able to show me a list of thin clients that are in use? We wat to create a connector to the server to look for clients that are available and show them on a screen.
Willem Luijk
@VMBLOG.pl
ReplyDeleteCreating a proxy is not that difficult.
1. Add your ESXi hosts, and vCenter, to your public DNS (split DNS). Meaning your external DNS would have publics IPs while internal DNS would have your private network IPs.
2. Create a VM (or physical machine) with 2 NICs. One NIC to your backend network to access ESXi hosts and One NIC to public IPs used for ESXi and vCenter. vCenter and each ESXi host need a public IP and that public IP is on the proxy host and also what is entered into DNS. A request is made to the public IP and forwarded to the backend ESX host. So when you open a console and vCenter is telling vSphere Client to go to esx02.backend.network.yourdomain.com, external DNS knows that this is actually PU.B.L.IC IP and not 10.10.10.x
3. Port forward each public IP to the proper backend private IP and port.
I have this working with no issues.
You can also do this with MIPs on a firewall, but I find it easier to generate tickets for customer use on an actual server. Ticket is requested, firewall ports are opened for 1 hour, and then the customer's IP is removed without have to edit the configs on a hardware firewall.
I'll trade you a working console proxy for working PHP code that does a soap call for a ticket and generates the console window :)
I want to trade. I have code that is PHP and does a soap call for a ticket and generates a console window. Email me here to trade...
Deletehttp://www.heapsoftware.com/contactus.htm
Hi William,
ReplyDeleteI followed all steps as mentioned and I got the following success message on connect()
onConnectionStateChange - connectionState: 2, host: xx.xxx.xx.xxx, datacenter: , vmId: vm-179, userRequested: true, reason: Connection successful.
But couldn't see the console, it was blank as before. what can be the reason? Also I tried to send other 'SetFullscreen' etc option from page and it throws following error
setScreenSize call failed: undefined
setFullscreen call failed: undefined
sendCAD call failed: undefined
I appreciate your help!
Thanks
Hey Vick886, i had the exact same problem. for me it was because i didnt hit the plus sign next to "MKS".
ReplyDeleteHi... I am currently having issues. I followed the exact same steps mentioned in this post and I am getting the following error:
ReplyDeletestarting VMRC instance: modes: 2, messages: 1
"startup returned "vmrc-ax-t-{9E36E306-0DC9-4D21-983E-AE1962CE249B}"
connect succeeded
onConnectionStateChange - connectionState: 1, host: vc51.democentral.ibm.com, datacenter: , vmId: vm-744, userRequested: true, reason: Cannot complete login due to an incorrect user name or password."
My current environment is:
vCenter Server 5.1 (Windows R2 2008)
VMRC 5.1 (Windows 7 Professional SP1 , also tried with XP)
Internet Explorer 9
vmrc-embed-example.html (example code provided by default)
Are you using an administrator account and are you retrieving the session ticket or passing in username/password?
DeleteWilliam, just saw your comment at the Forum.. So funny!!! Hey.. btw, it is an honor to get your help.
ReplyDeleteYou know... I am such a rookie... I was requesting the ticket as a user a created which is administrator of the system and vmware and was getting the previous errors. I requested the ticket again with the installation user and now connection was successful. Is it because of Single Sign On ??
So... is this the only way to establish a connection ? Because I tried connecting using the same user but I still get the SSL error.
Marco,
DeleteNo problem, glad you got it working. Your issue is not related to SSO, remember SSO is just a authentication broker. The actual permission validation is done on the vCenter Server itself and will highly depend on the privileges assigned to the user you're using.
If you take a look at the vSphere API Reference guide, you will see the required privileges for the method which is System.View, so make sure the user has that and it should work regardless of whether the account was used to install the OS or manage the virtual infrastructure
Hi William,
ReplyDeletefollowed all the steps mentioned in your blog, not able to the get connection,
starting VMRC instance: modes: 2, messages: 1
startup returned "vmrc-ax-t-{7A162615-E8CA-4641-865C-7C2308B14F69}"
connect succeeded
onConnectionStateChange - connectionState: 1, host: xxxxxxxx:902, datacenter: , vmId: 42144feb-b91e-1ed0-c7b6-1ebc8b2492b5, userRequested: true, reason: A secure connection to the server could not be established
The error seems to be related around a secure connection. Did you check the box for Allow SSL Validation Errors?
DeleteI have tried by checking and also by unchecking the Allow SSL Validation Errors checkbox.
DeleteFor both the cases it the error seems to be same.
Hi, I was wondering if someone could post some PHP code to get the AcquireCloneTicket dynamically.
ReplyDeleteThanks,
George