Our settings are unlimited by default.

Try to use different user accounts in vCD console, as well as vCenter, only one simultaneous VMRC console per VM.

That's strange. I can log into the VCD console as one user and open a VMRC console for a single VM multiple times. While those VMRC consoles are still open, I can log in to the VCD console as another user and open multiple VMRC consoles for the same VM. (My org is also set up to allow unlimited simultaneous connections per VM.)

I can open mulitple console windows, but they all share the same session, whatever I do in one window, the others see it. How about yours?

That is correct. VMRC is akin to a physical console for a machine, so you get one session shared amongst all console clients. It's not RDP, which would allow unique sessions per client.

you can compare it to iLO or to the normal console that is used with vCenter. It is not RDP etc.

Duncan

VMware Communities User Moderator | VCDX

-

Now available: <a href="http://www.amazon.com/gp/product/1439263450?ie=UTF8&tag=yellowbricks-20&linkCode=as2&camp=1789&creative=9325&creativeASIN=1439263450">Paper - vSphere 4.0 Quick Start Guide (via amazon.com)</a> | <a href="http://www.lulu.com/product/download/vsphere-40-quick-start-guide/6169778">PDF (via lulu.com)</a>

Blogging: http://www.yellow-bricks.com | Twitter: http://www.twitter.com/DuncanYB

It makes sense that VMRC is the physical console of VM.

Due to limited routable IP addresses, we are evaluating to have large number of vApp on internal network (non-routable IP), the issue here is to how to access VMs, VMRC doesn't seem to be viable, what are the other options?

If multiple people will need to connect to the same console than VMRC isn't viable. Another option would be to implement some sort of stepping stone server which is reachable from outside via RDP in which you setup another RDP session. However I full realize this is not the perfect solution.

Duncan

VMware Communities User Moderator | VCDX

-

Now available: <a href="http://www.amazon.com/gp/product/1439263450?ie=UTF8&tag=yellowbricks-20&linkCode=as2&camp=1789&creative=9325&creativeASIN=1439263450">Paper - vSphere 4.0 Quick Start Guide (via amazon.com)</a> | <a href="http://www.lulu.com/product/download/vsphere-40-quick-start-guide/6169778">PDF (via lulu.com)</a>

Blogging: http://www.yellow-bricks.com | Twitter: http://www.twitter.com/DuncanYB

vSE has VPN function but not licensed under evaluation license, I'm wondering if it can help to access VM on internal network?

good point, VPN however is part of the vShield Edge license so you would need to license that additionally to get that functionality. Definitely something worth testing and something that should work. I think one of my colleagues has already set this up, I will ask him if he can chip in.

Duncan

VMware Communities User Moderator | VCDX

-

Now available: <a href="http://www.amazon.com/gp/product/1439263450?ie=UTF8&tag=yellowbricks-20&linkCode=as2&camp=1789&creative=9325&creativeASIN=1439263450">Paper - vSphere 4.0 Quick Start Guide (via amazon.com)</a> | <a href="http://www.lulu.com/product/download/vsphere-40-quick-start-guide/6169778">PDF (via lulu.com)</a>

Blogging: http://www.yellow-bricks.com | Twitter: http://www.twitter.com/DuncanYB

If the VMs /vApps are in non-routed Org network, can vSE licensed edition handle the IPSec tunnel termination and NAT as well?

do you mean the directly connected mode or the isolated mode? with directly connected there is no vSE device at all as the VMs are dropped directly into the portgroup that represents your external network.

Duncan

VMware Communities User Moderator | VCDX

-

Now available: <a href="http://www.amazon.com/gp/product/1439263450?ie=UTF8&tag=yellowbricks-20&linkCode=as2&camp=1789&creative=9325&creativeASIN=1439263450">Paper - vSphere 4.0 Quick Start Guide (via amazon.com)</a> | <a href="http://www.lulu.com/product/download/vsphere-40-quick-start-guide/6169778">PDF (via lulu.com)</a>

Blogging: http://www.yellow-bricks.com | Twitter: http://www.twitter.com/DuncanYB

I was referring to isolated mode as most likely that would be the case when you have multiple vApps in an Org and only specific VMs within vApps or vApps need to communicate across VPN.

it is called isolated as the vSE device will not have an "external" interface only an inbound. So in this case it is not possible to VPN into the environment. Sorry about that. I do understand your use case though.

Duncan

VMware Communities User Moderator | VCDX

-

Now available: <a href="http://www.amazon.com/gp/product/1439263450?ie=UTF8&tag=yellowbricks-20&linkCode=as2&camp=1789&creative=9325&creativeASIN=1439263450">Paper - vSphere 4.0 Quick Start Guide (via amazon.com)</a> | <a href="http://www.lulu.com/product/download/vsphere-40-quick-start-guide/6169778">PDF (via lulu.com)</a>

Blogging: http://www.yellow-bricks.com | Twitter: http://www.twitter.com/DuncanYB

Thanks Duncan. What would be the use case of using vSE licensed version and form a IPSec tunnel between a private cloud and a vCD public cloud if you cannot NAT and reach the inside vApps and VMs? I assume in that case the original discussion on VMRC also exists that it cannot be reached through IPSec as well?

Looks like VPN might be a viable solution to enable access to VMs on internal network behind vSE, please see Massimo's post at http://communities.vmware.com/message/1629211#1629211

Can the full version of Edge be integrated or used with vCloud? and use Edge's VPN function?

Yes you can.

What you'd do is you'd create an Org Network which would in turn deploy an Edge. At that point, once you have identified the Edge device (programmatically or on the UI) you can use vSM (programmatically or on the UI) to configure VPN and LB. You have to do this via vSM because this part has not yet been implemented in the vCloud APIs / vCD UI.

We are producing more documentation on this.

To do this you need to have the full Edge license.

Massimo

vSE has VPN function but not licensed under evaluation license, I'm wondering if it can help to access VM on internal network?

Massimo,

Changes via vSM console don't seem to be always persistent, especially the vSE devices as a result of vApp fencing, which gets destroyed when vApp stop and redeploy after vApp power up with configuration store in vCloud. The vSE device of Org Network might be more permanent (always running), what if it gets rebooted, will it retains changes made via vSM console?

Thanks,

William

What would be the use case of using vSE licensed version and form a IPSec tunnel between a private cloud and a vCD public cloud if you cannot NAT

and reach the inside vApps and VMs?

I believe Duncan was referring to the External Org Isolated scenario. In this scenario there is no edge at all (or if there is it's only for the DHCP service if you enable it - in this case, only one Edge vNic is connected to the internal network, the other one is not connected hence no NAT / VPN..).

What you are referring to is the External Org NAT/Routed scenario. In this case the Edge does NAT (and VPN if you provide the additional license).

Massimo.

Massimo Re Ferre'

VMware vCloud Architect

twitter.com/mreferre

www.it20.info

>Changes via vSM console don't seem to be always persistent, especially the vSE devices as a result of vApp fencing, which gets destroyed when vApp

>stop and redeploy after vApp power up with configuration store in vCloud. The vSE device of Org Network might be more permanent (always running), what

if it gets rebooted, will it retains changes made via vSM console?

That's why we ask to be cautious with this setup. The network that you configure via the vSM needs to be persistent (typically an Org Network is persistent). While I have never tested this in the lab I'd say that yes the config would survive an Edge reboot. What it would survive is if you delete the Org Network and you recreate it. That's why we typically associate this extra config step via the vSM to the Org Network and not to the vApp Network (vApp Networks tend to be more transient and may come&go more dynamically).

Massimo Re Ferre'

VMware vCloud Architect

twitter.com/mreferre

www.it20.info