How Abiquo supports remote access to VMs
To connect to a VM, the user clicks the eye button on the VM control panel. The platform opens a connection to the VM using the appropriate protocol, for example, VNC, RDP, or SSH.
By default Abiquo uses Apache Guacamole https://guacamole.incubator.apache.org/ as a remote access server, and it is installed on the Remote Services server. When you configure a datacenter or public cloud region, the platform automatically adds the remote service, and you can share it with other datacenters or providers. Guacamole supports VNC, RDP, and SSH connections using a single solution for all protocols.
When a user requests remote access to a VM:
- The platform registers an event with the action name "VIRTUAL_MACHINE_REQUEST_ACCESS".
- The Abiquo Server supplies a link to the VM connection via the Guacamole server.
- The Abiquo UI loads the Guacamole client, which opens the remote access link.
- The platform requests the remote access password or SSH key
In addition to Guacamole, Abiquo also supports WebMKS for remote access to VMs on:
- vCloud via WebMKS only
- vCenter via WebMKS in addition to VNC via Guacamole. This allows hot reconfigure of remote access on captured VMs in ESXi 6.5+. See #Enable WebMKS for vCenter
Private cloud remote access configuration
The following configuration applies to private cloud and non-WebMKS access:
- For vCenter clusters added as physical machines, optionally set properties to define how the platform should detect host IPs used for management traffic to assign host IPs for remote access. See Abiquo Configuration Properties#esxi
- Optionally configure the port range for VNC if you would like to modify the platform default of 5900 to 65534. In general, VNC connections should use ports 5900 to 6000. VMware only recommends ports 5900 to 5964. See VMware Documentation
- Optionally configure keymaps for ESXi. To set a default keymap value for the platform, Abiquo Configuration Properties#vnc
Brand the Guacamole client
To brand the Guacamole client:
- Copy the stylesheet from theme/default/css/theme_guacamole.css to your theme
- Modify it as required
Disable or enable remote access for the platform
By default, remote access is enabled for the whole platform.
To change the remote access configuration for the platform:
- Log in to the Abiquo UI and go to Configuration view → Infrastructure.
- Set the property to "Allow remote access to virtual machines" as required.
The state of remote access will change for VMs that are NOT deployed. Deployed VMs will keep their original state.
- After you disable remote access for VMs on hypervisors, you cannot access deployed VMs through the eye icon but the port is still enabled, so users can connect with another client.
For VM templates:
- Administrators can set a default VM user and password for SSH connections.
- With a compatible template, users can request an initial VM password using guest setup, which will be sent to them by email or SMS. See Guest setup
To enable remote access, user accounts should have the following:
- SSH public key
- Email address
- Telephone number (cell phone)
For public cloud and OpenStack, users must assign the following to their VMs:
- A public IP
- A firewall that allows SSH connections to Linux VMs and RDP connections to Windows VMs
Enable WebMKS for vCenter
Before you begin, brand the WebMKS interface as required. See Branding WMKS.
For VMs captured in a powered on state with Abiquo 4.6.3+ and vCenter 6.5+, the administrator can manually remove the VNC configuration from the VM definition file on the hypervisor to allow remote access without reconfiguring the VM.
To activate the WebMKS functionality for remote access to vCenter VMs:
- Edit the abiquo.properties file. See Abiquo Configuration Properties
- Set the com.abiquo.esxi.webmks property to "true".
- This will automatically enable remote access to all VMs on vCenter via WebMKS, except for VMs with existing VNC configuration, which can still use VNC
- Do not modify VNC configurations when WebMKS is activated because this will trigger an error
- To force the use of WebMKS, which will delete existing VNC configurations from VMs, set the com.abiquo.esxi.webmks.force property to "true".
- After you capture VMs, you can now hot reconfigure them to enable remote access
- Users will now be able to access VM console via WebMKS when:
The VNC user and password are not valid for WebMKS
- They are the VM owner
- They have the privileges to Access virtual datacenters view and Manage virtual appliances. By default the standard user has these privileges
For more details of the WebMKS properties, see Abiquo Configuration Properties#esxi.