Abiquo 5.3

Skip to end of metadata
Go to start of metadata

How Abiquo supports remote access to VMs

To connect to a VM, the user clicks the console button on the VM control panel.

The platform opens a connection to the VM using the appropriate protocol, for example, VNC, RDP, SSH, or WebMKS.

The platform's default remote access server is Apache Guacamole https://guacamole.incubator.apache.org/, which runs on the Remote Services server. Guacamole supports VNC, RDP, and SSH connections using a single solution for all protocols. When you configure a datacenter or public cloud region, the platform automatically adds the remote service, and you can share the remote service with other datacenters or providers. 

When a user requests remote access to a VM where the environment uses VNC, SSH, or RDP:

  1. The platform registers an event with the action name "VIRTUAL_MACHINE_REQUEST_ACCESS". 
  2. The Abiquo Server supplies a link to the VM connection via the Guacamole server. 
  3. The Abiquo UI loads the Guacamole client, which opens the remote access link. 
  4. The platform requests the remote access password and/or SSH key

For VMware, Abiquo supports WebMKS.

  • vCloud Director uses WebMKS only
  • vCenter uses WebMKS with WebMKS proxy, as an alternative to VNC via Guacamole
  • vSphere 7.0+ uses WebMKS only

User clicks the console button Platform registers aVIRTUAL_MACHINE_REQUEST_ACCESS event Abiquo server supplies link toVM connection via Guacamole server Abiquo UI loads Guacamole client,which opens remote access link The platform requests the remote accesspassword or SSH private key Allow WebMKS connection Abiquo server requests vCenterticket for VM remote access VM connection through WebMKS proxy Error VNC, RDP, or SSH? Yes :-) vCenter hosts or clusters withWebMKS enabled in Abiquo Yes User is VM owner andhas appropriate privileges Yes :-) No No

Brand the Guacamole client

To brand the Guacamole client:

  1. Copy the stylesheet from theme/default/css/theme_guacamole.css to your theme
  2. Modify it as required

For more details, see Abiquo Branding Guide

Configure remote access in private cloud

The following configuration applies to private cloud and non-WebMKS access:

  1. For vCenter clusters added as physical machines, optionally set properties to define how the platform should detect host IPs used for management traffic to assign host IPs for remote access. See Abiquo Configuration Properties#esxi. See Add VMware vCenter clusters as servers
    • com.abiquo.esxi.discovery.networkinterface.networks
    • com.abiquo.esxi.discovery.networkinterface.onlymanagementip

  2. Optionally configure the port range for VNC if you would like to modify the platform default of 5900 to 65534. In general, VNC connections should use ports 5900 to 6000. VMware only recommends ports 5900 to 5964. See VMware Documentation
    • abiquo.vncport.min
    • abiquo.vncport.max
  3. Optionally configure keymaps for ESXi. To set a default keymap value for the platform, Abiquo Configuration Properties#vnc

Disable or enable remote access for the platform

These instructions apply to remote access from the console button using Guacamole. Remote access using WebMKS is always enabled

By default, remote access is enabled for the whole platform.

To change the remote access configuration for the platform:

  1. Log in to the Abiquo UI and go to Configuration → Infrastructure
  2. Set the property to Allow remote access to virtual machines as required.

The state of remote access will change for VMs that are NOT deployed. Deployed VMs will keep their original state.

  • After you disable remote access for VMs on hypervisors, users cannot access deployed VMs through the console button but the port is still enabled, so users can connect with another client.

Configure VM templates for remote access

For VM templates:

  • Administrators can set a default VM user and password for SSH connections. 
  • With a compatible template, users can request an initial VM password using guest setup, which will be sent to them by email or SMS. See Guest setup

Configure user accounts for remote access

To enable remote access, user accounts should have the following:

  • SSH public key
  • Email address
  • Telephone number (cell phone)

For public cloud, users must assign the following to their VMs:

  • A public IP
  • A firewall that allows the appropriate type of connection for the VM (for example, SSH connections to Linux VMs and RDP connections to Windows VMs)

VM settings for remote access

WebMKS for vCenter

If remote access to VMs is enabled to use VNC, you can change it to use WebMKS.

To configure WebMKS for vCenter do these steps:

  1. Install WebMKS proxy
  2. Optionally brand WebMKS. See Branding WMKS
  3. Enable WebMKS for vCenter