Re: vSphere Web Access-Accessing from external sou...

GergMN · ‎07-28-2009

I can use vCenter Web Access to access my vSphere installation internally through my LAN (https://[IP address]/ui/# is the address in my local browser) but I can't figure out how to access it from an external source, through an internet connection. Is that possible?

I've changed port numbers for access through the Admistrative setup (I have another Web Server that uses Port 443) and set up my firewall to send incoming requests to the new port to the vCenter Server's computer, but when I try it, I don't connect to anything.

AndreTheGiant · ‎07-29-2009

Is your firewall the default gateway of your VC?

Web access must work. You can have several problem if you want to use also the web-console (in this case you need also 902 port).

See also page 179 of: https://www.vmware.com/pdf/vi3_35/esx_3/r35u2/vi3_35_25_u2_3_server_config.pdf

Andre

Andrew | http://about.me/amauro | http://vinfrastructure.it/ | @Andrea_Mauro

GergMN · ‎07-29-2009

I have vSphere 4 Essentials, with ESXi hosts. Internally I use vClient to access the vCenter Server. What I want to be able to do is access the vCenter Server via a web browser over the internet from an off-site location.

My firewall is the default gateway, and I had set it up to forward the new port (443 replacement) to the IP address of the vCenter Server. Do I need to add 902 & 903 as well? If I do, what would be the URL I woulduse to access the vCenter Server? So far, I've assumed it would be "https://host_name:443/ui/#" as internally the URL is "https://IP_address/ui/#"

AndreTheGiant · ‎07-29-2009

Port 902 is used for the Console. But Console need to reach the ESX...

For external access you need to use https://ExternalIP/

Andre

Andrew | http://about.me/amauro | http://vinfrastructure.it/ | @Andrea_Mauro

GergMN · ‎07-30-2009

I'm not having any luck. I've opened ports 902, 903 and 1443(My replacement for 443, as another web server uses port 443) and pointed them all to the IP address of the vCenter Server, but when I try to access the vCenter Server over the internet, I never connect. It times out. I've tried https://externalIP:1443, https://externalIP:902, and https://externalIP:903, but none of them connect.

AndreTheGiant · ‎07-30-2009

I'm not sure that PAT (Port Address Translation) could work for webaccess.

Probably this is the problem.

Andre

Andrew | http://about.me/amauro | http://vinfrastructure.it/ | @Andrea_Mauro

azn2kew · ‎07-30-2009

There are several solutions you can try when accessing from external networks to vSphere Web console.

1. Create a "jump server" which is a virtual machine where you will use general RDP/VNC/VPN sessions to connect from your external network to internally and from this jump server you can use browser and connect. this is the safest method.

2. Configure firewalls to allow your virtual center server to have Web Access services through port 443 and access it directly from externally but it might be risky.

3. Use Citrix to publish IE internal URL pointed to your vSphere Web Access site if you have Citrix XenApp in house. This is very secure since its protected by your Citrix Secure Gateway or Access Gateway!

Hope that helps you to think of possibilities and choose the right solution.

If you found this information useful, please consider awarding points for "Correct" or "Helpful". Thanks!!!

Regards,

Stefan Nguyen

VMware vExpert 2009

iGeek Systems Inc.

VMware, Citrix, Microsoft Consultant

If you found this information useful, please consider awarding points for "Correct" or "Helpful". Thanks!!! Regards, Stefan Nguyen VMware vExpert 2009 iGeek Systems Inc. VMware vExpert, VCP 3 & 4, VSP, VTSP, CCA, CCEA, CCNA, MCSA, EMCSE, EMCISA

GergMN · ‎07-30-2009

#1 & #3 are out of the scope f my capabilities & circumstances.

#2 is the methid I've been trying, but I can't seem to get it to work. I'll keep trying, but when I try to access it, the browser always times out.

All

vSphere Web Access-Accessing from external source