VMware Cloud Community
DanielJudah
Contributor
Contributor

vSphere Client Web Server and User & Groups Tab Question

Hello.

Glad to be joining the forum. The server admin on my place leaves work abruptly (and has been gone until now) and the company left me in charge to manage their new web servers. I never manage server with VmWare before, so pardon me if I got many questions.

The things that I want to ask are these :

1. Can I enable SSH access to my servers?

Because usually the developers use SSH connection to interface with the server, and the developers seem uncomfortable working in the console environment (the one we get if we go to our virtual machine - host).

So, after reading :

- http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=100297...

- http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=101985...

But the problem is that there are no users and groups tab in my hosts, or in my virtual machine. I use vCenter-vSphere Client to connect to my server, and I use a Windows 7 PC as a gateway to connect to the said servers. And, if I managed to enable these users and enable to grant shell access to these users, will this be any different with "standard" server-SSH access?

2. Which machine should I connect?

To enable the web server, to which machine shall I connect? The previous admin put up 4 virtual machine, but I do not know which machine will serve the web server itself. I already installed the necessary applications to all of the virtual machines, but I still confused which machine will actually serve the Internet.

The version I use will be : VMWare ESXi, 5.1.0, 838463.

Guest OS : CentOS

Thank you, and good day.

Reply
0 Kudos
7 Replies
spravtek
Expert
Expert

Hi, Welcome to the community...

1. If you mean to enable SSH access to your webservers in this case the virtual machines, of course you can, as long as they are reachable on the network (eg you can ping the VM's IP-address and you get a reply) and you configure the VM's correctly (enable SSH open Firewall ports) then you should be able to connect via SSH. Just log-on into the console of the VM and configure the necessary things.

1a. You can also connect via SSH to your ESXi hosts if that is what you meant, check out this KB: http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=200474...

- The accounts you wanted to configure with referencing the KB's are more for access to the virtual environment, if you only wish to let your developers access the VM's through SSH, you don't need to configure that, just make sure the VM's are accessible over the network.

2. This one will be a little trickier for us to figure out, since we don't know what your virtual network looks like, neither do we know how your virtual hosts are connected to the physical network and how your physical network connects to the Internet.

- Is there a DMZ configured in your virtual network? Most likely the webserver connected to the DMZ is the one facing the Internet.

- Can you provide screenshots? That can help us answer more of your questions.

So if this helps but you still need more information, try to provide us with either screenshots or an as detailed explanation of the network as possible.

DanielJudah
Contributor
Contributor

Hello, the problem will be :

1. The public IP of the machine, which is installed with the VMWare, is able to be ping-ed by me. Regarding this KB you mentioned, is this SSH run by our computer (with a direct SSH connection to the Virtual Machine) or this SSH is run through the virtual machine?

2.

My architecture will be as follows :

- My public IP is xxx.xxx.xx.14

- Then, using a Windows 7 PC as a gateway, with a VMSphere Client installed, I connected to my virtual machine. For the purpose of this connection, I use remote desktop connection (from my PC) to xxx.xx.xx.15 (the IP is different than the public IP)

- I got 3 physical server, which 2 of them act as vmware hosts, and 1 of them act as vmware storage.

Please give me information on what screenshots or details I should take.

Further problems I found, related to the problem :

- After I connected to the virtual machine (by connecting to my Win 7 gateway, then using VSphere) I have installed the necessary things to make a web server run (apache, and necessary version of php)

- Still using the console in the virtual machine, I verify the installer, and the apache work well.

- I made the necessary configurations to the apache, so that user can see the site, which is www.mysite.com

- Because DNS resolving takes 24 hours, I decided to try it first. So, I replaced hosts file in my PC, then forcing the PC to connect to xxx.xxx.xx.14 when trying to open mysite,com

- Sadly, the browser only display mysite.com, with page not found. Usually this problem occurs if the web server can't be reached (which should be), or web server has not been activated (which I have activated). If any PHP error occured, that means that the server can be reached, but there are mistakes in the coding. But in my case, the server itself can't be reached.

Please also inform me on what kind of information I can give, so that you guys has better picture on my problem.

I know I sound like a total fool here, but I am really new to this thing.

Reply
0 Kudos
spravtek
Expert
Expert

First thing you'll need to do is to make yourself see the Virtual Machines as though they were physical machines, that will make it a little easier.

The KB articles I referenced to are to enable ssh on the VMware hosts (the physical servers that host the virtual environment), it is not a necessity at the moment for you as far as I can tell.

What you need to be sure about is that the virtual network is setup correctly, and that is where the problem resides at the moment I'm thinking.

- You connect with your vSphere client to the hosts directly or do you have a vCenter server?

If possible take a screenshot of the network configuration through the vCenter server or of each VMware ESXi host. (it looks something like this )

- Will these webservers need to be accessed through Internet? Will SSH be required to these webservers also through Internet? (eg on the public IP-address)

- What IP-addresses are configured on these virtual machines (webservers)? Is this the public (Internet address) or a private range address?

- This Windows 7 PC which is acting like a gateway, is this capable of forwarding ports (like a firewall)?

There's lots of questions that need answering and a lot of issues to solve I think ... That admin sure left you hanging.

Reply
0 Kudos
DanielJudah
Contributor
Contributor

Hello again, thanks for the response.

Yes, maybe virtual network is the problem.

my problem basically boils down to this, "how do i bind vm instance into an ip public ?"

correct me if i'm wrong, but after that i think ssh will work and it also will enable web server hosted inside the vm instance to be accesed.

and basically just like you said, "the vm instance will be look like a physical server which have an ip public".

Reply
0 Kudos
spravtek
Expert
Expert

Well ... The easiest explanation is to say: create a separate virtual switch and use it for DMZ, make sure it is separate from the management network, then make sure this DMZ has connection to the Internet (in other words, the traffic should flow Internet --> Firewall --> Webserver, and only allow through those ports needed, like port 80/443/22) ...

Just make sure you grasp the concept before opening all kinds of ports to the Internet and making yourself vulnerable to potential hackers.

Things that may help you:

http://www.vmware.com/files/pdf/virtual_networking_concepts.pdf

http://www.vmware.com/files/pdf/dmz_virtualization_vmware_infra_wp.pdf

Maybe try to find someone that can help you set this up? You need to be sure that your webservers will stay up and running, and also not get hacked as soon as they are on the Internet.

Reply
0 Kudos
DanielJudah
Contributor
Contributor

1) You connect with your vSphere client to the hosts directly or do you have a vCenter server?

If possible take a screenshot of the network configuration through the vCenter server or of each VMware ESXi host. (it looks something likethis )

I think i have a vCenter server configured by my admin, please kindly check my attachment to see my network config

2) Will these webservers need to be accessed through Internet? Will SSH be required to these webservers also through Internet? (eg on the public IP-address)

Yes, because my developers will do some remote approach through internet

3) What IP-addresses are configured on these virtual machines (webservers)? Is this the public (Internet address) or a private range address?

Ip Address on these virtual machine are 10.10.10.31 and 203.128.73.195 for the gateway

4) This Windows 7 PC which is acting like a gateway, is this capable of forwarding ports (like a firewall)?

I have no idea is that pc could do forwarding ports, maybe you can give some clue how to find out the capabilty of my pc to do forwarding ports? :smileygrin:

Thank you so much for your fast response Smiley Happy

Reply
0 Kudos
spravtek
Expert
Expert

Ok, that helps a little ... As it seems you have a vCenter Appliance running, that can help in the configuration.

If you click the appliance in the list, on the right side you can see its IP-address, try to connect to it using the vSphere client ... Maybe you will be able to manage the hosts through vCenter.

Do you have any spare network interface cards (NICs) in the VMware hosts? If not, we will maybe need to use VLANs but it will be difficult if you don't have any physical switches.

Here is a blog post about port forwarding with a Windows 7 firewall, it's written for VMware Player, but it will give you an overview of what to expect.

http://asunix.tufts.edu/howto/vmware/portforwardingWin7

The IP-addresses of the webservers are ok, but better would be if they weren't in the same range as the rest of the network, the goal is to separate all Internet facing traffic from the rest of the network, this can be done either by separate virtual switches and or VLANs ...

The gateway should be your firewall, the firewall should forward the ports (internet traffic) to the webservers ... And only the traffic that is needed, all other ports on the side of the Internet should be closed.

Reply
0 Kudos