Accessing VM Console From Outside Your Network For VMware
Platform9's managed OpenStack private cloud deployment gives users the ability to launch a VNC console for Virtual Machine instances that are under its' management. However, this is only possible if the browser is on the same network as the Platform9 VMware gateway appliance.
To get around this restriction, administrators can setup a simple proxy to route traffic to the noVNC port on the gateway appliance, then route the VNC traffic via this proxy.
NOTE that this proxy should be accessible to your end users, as well as be able to communicate with the Platform9 VMware gateway appliance.
This Tutorial lays out the steps needed to accomplish this, using nginx as a proxy server, on a CentOS machine.
Step 1 - Install nginx
On CentOS, you can install nginx via yum simply by issuing the following command:
NOTE: If you already have nginx installed, you may want to ensure that it it updated to the latest version. You can do this directly by issuing the following commands:
Step 2 - Configure nginx
Once nginx has been installed, it will need to be configured to route traffic to the VMware gateway appliance. Since we are setting up a separate proxy, we can also put in an added layer of security by ensuring that all connections are over HTTPS, using appropriate certificates. For e.g., assuming that the host or appliance IP is 192.0.2.10, and the proxy machine has an IP of 203.0.113.55 this is a sample nginx configuration that will accept incoming traffic on HTTPS, and redirect it to the host:
This configuration should be placed under the /etc/nginx/conf.d folder so that the nginx service can ingest it on startup
Step 3 - Start nginx
Once the configuration is created, nginx can be started.
Note that if you have not removed the pass phrase from your SSL certificate security key, you will need to enter it when starting the nginx service
Step 4 - Modify nova configuration to use the proxy as the noVNC base URL
Login to the VMware appliance. The appliance default root password is pf9vmware. The noVNC base url entry can be found in /opt/pf9/etc/nova/conf.d/nova_vmw_override.conf. Change the noVNC proxy base URL entry, and restart the pf9-ostackhost and pf9-novncproxy services:
Now, when the VNC console is loaded from the Platform9 UI, the browser will open a connection to the externally visible proxy server - via HTTPS - which in turn will send that data to the appliance to provide a VNC console view to external users.
January 27, 2016