Solved: Re: Access VM's from Internet

IanYoung · ‎01-13-2010

Hi all,

Excuse me but I'm very new to ESXi.

I need our reps to access virtual machines from the internet, what are the options for doing this?

Can I open ports upon the router ? How secure is this? Which ports would I need to open?

Cheers

Ian

malaysiavm · ‎01-13-2010

you can also port forward the Port number for RDP to the dedicated virtual machine you want to access from internet.

Craig

vExpert 2009

Malaysia VMware Communities -

Craig vExpert 2009 & 2010 Netapp NCIE, NCDA 8.0.1 Malaysia VMware Communities - http://www.malaysiavm.com

View solution in original post

weinstein5 · ‎01-13-2010

Welcoem to the Forums - What are the Reps using these VMs for? How did you reps access the machines when they were physical? I would just treat the VMs the same way - the reps used VPN software to securely access your network and then use an RDP client do it the same way -

If you find this or any other answer useful please consider awarding points by marking the answer correct or helpful

AntonVZhbankov · ‎01-13-2010

Treat VMs as physical machines in this case. Think about vSwitch as usual unmanaged L2 switch with internet uplink and set router according to this.

---

MCSA, MCTS, VCP, VMware vExpert '2009

http://blog.vadmin.ru

EMCCAe, HPE ASE, MCITP: SA+VA, VCP 3/4/5, VMware vExpert XO (14 stars)
VMUG Russia Leader
http://t.me/beerpanda

malaysiavm · ‎01-13-2010

you can also port forward the Port number for RDP to the dedicated virtual machine you want to access from internet.

Craig

vExpert 2009

Malaysia VMware Communities -

Craig vExpert 2009 & 2010 Netapp NCIE, NCDA 8.0.1 Malaysia VMware Communities - http://www.malaysiavm.com

IanYoung · ‎01-14-2010

We wish for our reps to be able to access our erp system. They currently don't have any access. VPN access is certainly something I'd look at, although it does add a layer of complexity.

Cheers

Ian

IanYoung · ‎01-14-2010

Thanks for the reply.

I'm sorry, I forgot in my orignal post to mention our network layout. We have a private internal network and a seperate 'public' network where the router is located. They are connected via an gateway server which controls internet access. The ESXi box has two NICs one on each network with the relavent virtual switches. The management network is on the private network.

For a while now we have had a VMserver box running with this configuration and the ports 902, 903, 8333 & 8222 forwarded from the router. Could I add a management network to the 'public' network on the ESXi server and then redirect the above ports to the new management network's IP address? Would this be secure?

Thanks in advance.

Ian

PS My apologies marking this question answered.

IanYoung · ‎01-14-2010

Thanks for the reply. We will being using more than one VM from ther internet at any one time.

Cheers

Ian

AntonVZhbankov · ‎01-15-2010

Could you post a diagram of your network with used protocols?

---

MCSA, MCTS, VCP, VMware vExpert '2009

http://blog.vadmin.ru

EMCCAe, HPE ASE, MCITP: SA+VA, VCP 3/4/5, VMware vExpert XO (14 stars)
VMUG Russia Leader
http://t.me/beerpanda

IanYoung · ‎01-18-2010

Hi,

Thanks for your reply.

Please find attached a diagram of our network. I'm not sure which protocols you mean. The network is pure IP, with both TCP/UDP packets. The traffic on the internet side is principly SMTP, HTTP, DNS. Internally it's would include these plus MS/MSQL, SMB, plus others.

Cheers

Ian

AntonVZhbankov · ‎01-18-2010

It depends on how do you want to access your VMs from Internet. Now all your VMs can be accessed from intenet very easily - you just need to add second virtual NIC and connect it to vSwitch with NIC2.

But that would be pretty insecure. So I suggest to connect NIC2 to Internet Connection Server and publish ports with forwarding.

---

MCSA, MCTS, VCP, VMware vExpert '2009

http://blog.vadmin.ru

EMCCAe, HPE ASE, MCITP: SA+VA, VCP 3/4/5, VMware vExpert XO (14 stars)
VMUG Russia Leader
http://t.me/beerpanda

IanYoung · ‎01-18-2010

The ADSL router has a firewall in it. If I added a second virtual NIC and connected it to vSwitch with NIC2 and forwarded the relavent ports in the router, would this be secure?

Which ports would I forward?

Thanks again

Ian

AntonVZhbankov · ‎01-18-2010

>and forwarded the relavent ports in the router, would this be secure?

Yes.

>Which ports would I forward?

Which ports do you need to forward? Actually you don't want to put VMs to Internet, you want some service be accessible from Internet, so it all depends on what services do you want to publish.

---

MCSA, MCTS, VCP, VMware vExpert '2009

http://blog.vadmin.ru

EMCCAe, HPE ASE, MCITP: SA+VA, VCP 3/4/5, VMware vExpert XO (14 stars)
VMUG Russia Leader
http://t.me/beerpanda

IanYoung · ‎01-18-2010

Thanks for all your help.

I need our external reps to be able to operate their Vm's from the internet, so they can use our ERP system.

Cheers

Ian

defiant1970 · ‎05-23-2010

I have been reading post for a day now tring to get my webserver VM and this one seened close to my poblem. I am very new with VMware and This seems to be my problem too.

I want port 80 to be open to the internet and I am unsure how to get this to happen

If you could go in more detail to get to work. I would be very greatful

harry

All

Access VM's from Internet