I'd like to share a new package with you which will take off abit of the pressure that was generated with the recent VMRC vulnerability VMSA-2014-0013.
As you may know, a recent bug in the vRA VMRC implementation forced VMware to remove the VMRC from the latest vRA release 6.2. As much as I personally endorse the security policy VMware is runing here I also understand the need of many customers to provide VMRC access to their users. Within secured network infrascructures the possible risk of exploitation is minimal and limited to people who have access to the network. In such cases you may want to ignore the VMRC flaws and just use it anyways - the decision should be within the hands of the administrator.
However, the yet better solution which will work for most customers is using the vSphere VMRC for this job till the flaw in the vRA VMRC is fixed (since only the vRA VMRC is affected by VMSA-2014-0013). The only requirement here is that your users are able to access vCenter on the ports required for the VMRC (depending on the VMRC type - defaults: 7331,9443,443).
Please note that this package will also empower you to provide HTML5 based VMRCs to your users, BUT since the HTML5 VMRC URI specification is not final yet, the links this package creates for you may stop working with future updates of vSphere. If that ever happens: let me know and I'll take a look into it.
- This package for vRO will create HTML5, Flash or standalone VMRC console links for a given VM. Visiting the link will open the VMRC to that VM and allow access to the VM.
- vRA OGNL workflows are prepared for you so you're ready to use this with vRA's ASD day-2-operations. The images attached show you a quick&dirty example of the integration.
- in order to access the links the user has to be able to reach the vCenter used for VM-hosting on the ports that the VMRC implementations use (differs depending on what type of VMRC you want to use)
- vCenter 5.5 and vCenter 5.5.2 vRO Plugin installed
- vRealize Orchestrator 5.5.2 installed and the vCenter that hosts your VM added to the vRO vCenter plugin
- I didn't have much time for error handling. The scripts are robust enough, though if you run into any issues, please let me know and I promisse amendment
- As I already said: the HTML5 VMRC URI specification is not final yet, which may cause the generated HTML5 VMRC links not to function if you ever update your vSphere (which of course you should)
- Except of the standalone VMRC workflow all scripts assume defaults vSphere ports. Edit them to your needs if you changed your ports.
- William Lam for his cool blog post about the vSphere API involved
Copyright (C) 2014-2015 Robert Szymczak (firstname.lastname@example.org)
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU Lesser General Public License as published
by the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
See the GNU Lesser General Public License for more details.
You should have received a copy of the GNU Lesser General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.