Abiquo Documentation Cookies Policy

Our Documentation website uses cookies to improve your experience. Please visit our Cookie Policy page for more information about cookies and how we use them.

Abiquo 4.6

Skip to end of metadata
Go to start of metadata

How Abiquo supports remote access to VMs

To connect to a VM, the user clicks the eye button on the VM control panel. The platform opens a connection to the VM using the appropriate protocol, for example, VNC, RDP, or SSH.

By default Abiquo uses Apache Guacamole https://guacamole.incubator.apache.org/ as a remote access server, and it is installed on the Remote Services server. When you configure a datacenter or public cloud region, the platform automatically adds the remote service, and you can share it with other datacenters or providers. Guacamole supports VNC, RDP, and SSH connections using a single solution for all protocols.

When a user requests remote access to a VM:

  1. The platform registers an event with the action name "VIRTUAL_MACHINE_REQUEST_ACCESS". 
  2. The Abiquo Server supplies a link to the VM connection via the Guacamole server. 
  3. The Abiquo UI loads the Guacamole client, which opens the remote access link. 
  4. The platform requests the remote access password

IP for remote access

When you create a physical machine, the IP address for remote access is the Service IP. However, when you add a vCenter cluster as a physical machine, the platform will automatically assign the IP for remote access based on the IPs defined for management traffic. See Abiquo Configuration Properties#esxi for properties to define the networks or IP addresses or request that the platform should detect host IPs used for management traffic. 

Configure the port range for the VNC connection

Each VNC connection to a VM on the hypervisor will require a port. The Abiquo default port range for VNC connections is 5900 to 65534. In general, VNC connections should use ports 5900 to 6000. Review the remote access documentation for your hypervisor. Note that VMware only recommends ports 5900 to 5964 (See VMware Documentation).

To configure the port range, in the Abiquo Configuration Properties, set the properties abiquo.vncport.min and abiquo.vncport.max

Brand the Guacamole client

To brand the Guacamole client:

  1. Copy the stylesheet from theme/default/css/theme_guacamole.css to your theme
  2. Modify it as required

See Branding Guacamole

Configure keyboard settings

When users connect, they can select an on-screen keyboard for use in the Guacamole client.

On ESXi, users can select a keymap to configure in the VM from a list in VM general information

Note that on ESXi for certain locales, when using remote access from a web client, some keystrokes do not translate. See https://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2071245

Disable or enable remote access for the platform

By default, remote access is enabled for the whole platform.

To change the remote access configuration for the platform:

  1. Log in to the Abiquo UI and go to Configuration view → Infrastructure. 
  2. Set the property to "Allow remote access to virtual machines" as required.

The state of remote access will change for VMs that are NOT deployed. Deployed VMs will keep their original state. After you disable remote access, you cannot access deployed VMs through the eye icon but the port is still enabled on the hypervisor, so another client can connect.


To use remote access, users accounts should have an SSH public key, email, and telephone number (cell phone). 

Native VMs

If remote access is enabled and configured:

  • To enable or disable remote access on a VM, users select the VM and edit the configuration on the General tab.
  • The platform automatically generates remote access passwords for connecting to VMs using VNC, see VM general information.
    • Users can create their own password

Captured VMs

The platform captures remote access settings with VMs and users can then reconfigure them. 

  • If there is no password for remote access, the platform disables remote access.
  • If a user releases a VM, any changes made to remote access while the VM was in the platform will be maintained after its release.


  • Administrators can set defaults the default VM SSH user and password
  • With an appropriate template, users can request an initial VM password using guest setup, which will be sent to them by email or SMS