Abiquo Documentation Cookies Policy

Our Documentation website uses cookies to improve your experience. Please visit our Cookie Policy page for more information about cookies and how we use them.

Abiquo 4.6

Skip to end of metadata
Go to start of metadata

How Abiquo supports remote access to VMs

To connect to a VM, the user clicks the eye button on the VM control panel. The platform opens a connection to the VM using the appropriate protocol, for example, VNC, RDP, or SSH.

By default Abiquo uses Apache Guacamole https://guacamole.incubator.apache.org/ as a remote access server, and it is installed on the Remote Services server. When you configure a datacenter or public cloud region, the platform automatically adds the remote service, and you can share it with other datacenters or providers. Guacamole supports VNC, RDP, and SSH connections using a single solution for all protocols.

When a user requests remote access to a VM:

  1. The platform registers an event with the action name "VIRTUAL_MACHINE_REQUEST_ACCESS". 
  2. The Abiquo Server supplies a link to the VM connection via the Guacamole server. 
  3. The Abiquo UI loads the Guacamole client, which opens the remote access link. 
  4. The platform requests the remote access password

Private cloud

The following configuration applies to private cloud

VMware host IPs for remote access

When you create a physical machine, the IP address for remote access is generally the Service IP. When you add a vCenter cluster as a physical machine, the platform will assign a host IP for remote access based on the IPs defined for management traffic. See Abiquo Configuration Properties#esxi for properties to define the networks or IP addresses or request that the platform should detect host IPs used for management traffic. 

Configure the port range for the VNC connection

Each VNC connection to a VM on the hypervisor will require a port. The Abiquo default port range for VNC connections is 5900 to 65534. In general, VNC connections should use ports 5900 to 6000. Review the remote access documentation for your hypervisor. Note that VMware only recommends ports 5900 to 5964 (See VMware Documentation).

To configure the port range, in the Abiquo Configuration Properties, set the properties abiquo.vncport.min and abiquo.vncport.max

Configure keymaps for ESXi

To set a default ESXi keymap value for the platform, see Abiquo Configuration Properties#vnc

To set default ESXi keymap and pulldown values for VMs in the UI, see Configure Abiquo UI

Note that on ESXi for certain locales, when using remote access from a web client, some keystrokes do not translate. See https://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2071245

Brand the Guacamole client

To brand the Guacamole client:

  1. Copy the stylesheet from theme/default/css/theme_guacamole.css to your theme
  2. Modify it as required

See Branding Guacamole

Disable or enable remote access for the platform

By default, remote access is enabled for the whole platform.

To change the remote access configuration for the platform:

  1. Log in to the Abiquo UI and go to Configuration view → Infrastructure. 
  2. Set the property to "Allow remote access to virtual machines" as required.

The state of remote access will change for VMs that are NOT deployed. Deployed VMs will keep their original state. After you disable remote access, you cannot access deployed VMs through the eye icon but the port is still enabled on the hypervisor, so another client can connect.


For VM templates, administrators can set a default VM user and password for SSH connections. With a compatible template, users can request an initial VM password using guest setup, which will be sent to them by email or SMS. See Guest setup


For remote access, user accounts should have an SSH public key, email, and telephone number (cell phone).

VM settings

For native VM settings, see VM general information, which includes enable/disable, ESXi keymap, and password.

For settings for VMs captured from hypervisors, see Import and Capture Virtual Machines.

Public cloud

For public cloud and private clouds such as OpenStack, in addition to the SSH public key in their account, users must have a public IP on the VM, and the firewall must allow access to an appropriate port for direct SSH connection to Linux guests and direct RDP connection to Windows VMs.