Hi guys,
I'd like to share a new package with you which will take off abit of the pressure that was generated with the recent VMRC vulnerability VMSA-2014-0013.
As you may know, a recent bug in the vRA VMRC implementation forced VMware to remove the VMRC from the latest vRA release 6.2. As much as I personally endorse the security policy VMware is runing here I also understand the need of many customers to provide VMRC access to their users. Within secured network infrascructures the possible risk of exploitation is minimal and limited to people who have access to the network. In such cases you may want to ignore the VMRC flaws and just use it anyways - the decision should be within the hands of the administrator.
However, the yet better solution which will work for most customers is using the vSphere VMRC for this job till the flaw in the vRA VMRC is fixed (since only the vRA VMRC is affected by VMSA-2014-0013). The only requirement here is that your users are able to access vCenter on the ports required for the VMRC (depending on the VMRC type - defaults: 7331,9443,443).
Please note that this package will also empower you to provide HTML5 based VMRCs to your users, BUT since the HTML5 VMRC URI specification is not final yet, the links this package creates for you may stop working with future updates of vSphere. If that ever happens: let me know and I'll take a look into it.
About
Requirements:
Limitations
Thanks to
Licensing
Copyright (C) 2014-2015 Robert Szymczak (rszymczak@fum.de)
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU Lesser General Public License as published
by the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
See the GNU Lesser General Public License for more details.
You should have received a copy of the GNU Lesser General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
I added the Flash and HTML5 workflows into vRA as "Resource Actions". They both work but the user has to go into each VM in their item list and submit the requests and then go into the requests tab to get the console links to their VMs. Is there a way to have the resource action wait for the workflow to execute and then open a new browser tab with the returned url?
That is as far as the user gets currently because we don't allow open access to VM consoles in vCenter. We will have to automate the VM permission changes during creation. Unfortunately I haven't figured out how to edit the server provisioning workflow (CloneWorkflow), that is referenced in the machine blueprints, to set console permissions on the VM as it is created in vCenter. Does anyone know where the CloneWorkflow resides and if it is editable? I'm hopeful that I can pass VirtualMachine.Admin.Owner custom property to the workflow so that it can find that username in AD and assign a role on the VM.
Thoughts? Thanks!
Yes thats possible and that's exactly what makes the difference between the "normal" workflows and the vRA workflows (illustrated here within shot2). When calling the workflow a OGNL request will be made for the "url" input field based on what "vm" object was automaticly provided by vRA. Make sure that you set the url-field within the ASD forms designer to "read only" and use the field-type "link" for it. After running the action the user should see the "input"-field url that will be automaticly populated by the workflow. In vRA 6.2 you should even see a "loading" spinning cycle while the OGNL expression is executed which is kinda cool.
There are plenty examples in the formuns showing you how to implement OGNL workflows within vRA - although it may differ a little bit depending on the vRA version you are using.
Hey, this is really useful and great work! As far as you know, is there any way to limit the "amount" of permissions the user gets by using this approach? I mean, if one is interested in simply allowing the user to mount an ISO and basic "ctrl-alt-del" commands, how can you limit the Manage/Virtual Machine Settings options? By using this approach one does get console + mount local ISO, but it'll also allow the user the edit the VM.
Thanks!
Hi Guys..
I have been looking for this solution for a long time...
Thank you a lot..
But I am new to vRA .. I unzipped the package but I don't know how to use them .. where to import them & what to change inside..
please help in this ..
Thank you