10.5 Configuring Remote Console Access to Workloads

The Cloud Manager console provides remote console access to business service workloads via an embedded Flash VNC application. The application can connect to workloads either directly or through a VNC repeater (proxy).

By default, the Cloud Manager console is configured to use the VNC repeater included with the Cloud Manager Application Server. Alternately, you can set up an external VNC repeater or configure the VNC application to connect directly to workloads. Each solution has advantages and disadvantages

Solution

Advantages

Disadvantages

Built-In Repeater

  • Minimal setup

  • Supports NAT and firewalls

  • If used with NAT or a firewall, use can be limited to Cloud Manager users

  • VNC traffic flows through Cloud Manager Application Server, increasing workload on a single server

External Repeater

  • Supports NAT and firewalls

  • Offloads VNC traffic from the Cloud Manager Application Server

  • Scalable by clustering the repeater

  • Increased setup

  • VNC requests are not authenticated through Cloud Manager

Direct Connection

  • Most scalable

  • Each workload must include a VNC server

  • No support for NAT or firewalls

  • VNC requests are not authenticated through Cloud Manager

The following sections provide instructions for configuring each of the remote console access solutions:

10.5.1 Disabling Remote Console Access

Roles that Can Perform This Task: Cloud Administrator

If you don’t want users to be able to access workloads through the Cloud Manager console, you can disable remote console access. This disables remote console access to all workloads through the Cloud Manager console only. It does not disable VNC on the host or the workload.

  1. On the main navigation bar, click Configuration, then click Remote Console.

  2. In the Connection field, select Disable.

  3. Click OK.

10.5.2 Setting Up the Built-In VNC Repeater

Roles that Can Perform This Task: Cloud Administrator

To have the Cloud Manager console use the built-in VNC repeater:

  1. On the main navigation bar, click Configuration, then click Remote Console.

  2. In the Connection field, select Use built-in VNC repeater.

  3. If the VNC repeater requires a static port for reasons such as firewall support, specify the port in the Repeater Port field. Otherwise, leave the field blank so that the VNC repeater dynamically selects an available port when it starts.

  4. Click OK.

10.5.3 Setting Up an External VNC Repeater

Roles that Can Perform This Task: Cloud Administrator

To have the Cloud Manager console use an external VNC repeater:

  1. Install the VNC repeater by using the product’s documentation.

  2. Configure the repeater to respond to both Flash policy requests and VNC proxy requests.

  3. In the Cloud Manager console, configure the remote console to use the external repeater:

    1. On the main navigation bar, click Configuration, then click Remote Console.

    2. In the Connection field, select Use external VNC repeater.

    3. In the Repeater Address field, specify the DNS or IP address of the VNC repeater’s server.

    4. In the Repeater Port field, specify the port assigned to the repeater.

    5. Click OK.

10.5.4 Setting Up Direct Connections

Roles that Can Perform This Task: Cloud Administrator

To have the Cloud Manager console connect directly to workloads:

  1. Make sure that each VM host or VM is configured with a VNC Server.

    Depending on the hypervisor, the VM host might handle the VNC requests for the VM or the VM might handle the requests. Refer to your hypervisor documentation for information about how your hypervisor handles VNC requests to VMs.

  2. Configure the VNC Server to respond to Flash policy requests.

  3. In the Cloud Manager console, configure the remote console to use a direct connection:

    1. On the main navigation bar, click Configuration, then click Remote Console.

    2. In the Connection field, select Connect directly.

    3. Click OK.

10.5.5 Enabling Repeater SSL Encryption

Roles that Can Perform This Task: Cloud Administrator

To enable SSL encryption of VNC traffic between your browser and the VNC repeater (making it difficult for an outside entity to intercept and analyze activity between your browser and the repeater):

  1. On the main navigation bar, click Configuration, then click Remote Console.

  2. Select the Enable Repeater SSL Encryption check box.

  3. In the Repeater Keystore field, enter the path to a Java keystore where the SSL key to the VNC Repeater is stored.

    By default, this field is populated from the original Cloud Manager SSL configuration (if that option was chosen).

  4. In the Keystore Password field, enter the password to the Java keystore where the SSL key to the VNC Repeater is stored.

    By default, this field is populated from the original Cloud Manager SSL configuration (if that option was chosen).

  5. (Conditional) If you select the built-in repeater, specify the path to the repeater keystore and passwords. The first password (required) opens the keystore file. The second password (optional) retrieves the private key within the file. The need for the second password depends on the settings you used when you generated the keystore.

    NOTE:The fields on this page validate the keystore and passwords as you make changes: if you enter an incorrect password, the field displays a red asterisk.

  6. Click OK.

10.5.6 Enabling File Uploading

Roles that Can Perform This Task: Cloud Administrator

Cloud Manager users can upload files to their workloads while attached by using the Remote Console window. Uploaded files appear as a mounted CD-ROM from within the virtual machine. This feature is only available for workloads that have a CD-ROM device defined.

  1. On the main navigation bar, click Configuration, then click Remote Console.

  2. Select the Enable File Uploads check box.

  3. Click OK.