Hi there!
This will sound unbelievably stupid and it will probably won't make any sense, but I need to get access to the vSphere Web Client over the internet.
Why do I need to do this?
I just deployed 2 ESX hosts and started the vCenter Appliance. This Environment will be used for a project where about 10 people need to connect to my vCenter.
I don't want to give them access to my vpn because of trust issues.
I tried to achieve this by port forwarding. This worked great for the Web Client on just the ESXi not vCenter.
I activated port 80 and 443 for the web access and I can get to the first steps page but when I select one of the clients it should open the single sign on page but it tries to connect to the IP-Adress that I configured on vCenter eventhough i used port forwarding.
Is there any way I can fix it with port forqarding or are there any other solutions?
Thanks in advance!
This is going to be unpopular, but my recommendation is: don't do it. Opening up vCenter to the Internet is universally accepted as a bad idea for a number of reasons, unless this is a simple test lab or something that doesn't have production/sensitive/proprietary information present. The focus needs to be on correctly implementing a VPN which segregates network access to users based on their identity, which is done very regularly. So address the issue in the correct way and not side-stepping proper security methods for the sake of convenience.
This is going to be unpopular, but my recommendation is: don't do it. Opening up vCenter to the Internet is universally accepted as a bad idea for a number of reasons, unless this is a simple test lab or something that doesn't have production/sensitive/proprietary information present. The focus needs to be on correctly implementing a VPN which segregates network access to users based on their identity, which is done very regularly. So address the issue in the correct way and not side-stepping proper security methods for the sake of convenience.
Thanks for your answer.
Since this is just for demonstration (and for temporary access) I haven't got any concerns about the security of forwarding ports. This whole setup while last just for the next week after that I haven't got any needs for it.
I don't want to setup a VPN connection for these users because I can't trust them. I don't care what they do to my vcenter but I don't want them to access my whole network.
So is there a way with port forwarding or do you know any other way than setting up a vpn?
Thanks!
why not just create them a VM they can remote into to access vCenter?