Connecting to vCenter VMs

This topic explains how to configure vCenter VM connections, and how to open them.

In this topic:

Note: When troubleshooting console connection issues, always try the console connection in vCenter. If you're unable to establish a console connection from vCenter, you have to troubleshoot the issue outside Commander.

Console connection methods

VMware supports both the WebMKS and VMRC (VMware Remote Console) methods for opening a console session. Each of these methods has its own set of prerequisites and limitations.

  • WebMKS console connection method

    The WebMKS method requires no additional plug-in or application to be installed, and is the default method for console connections. Commander automatically uses the WebMKS connection method for all supported versions of vCenter.

    • Secure WebSockets (wss://) must be enabled on the vCenter cloud account.
    • The vCenter cloud account must have a valid SSL certificate issued by a certificate authority, or from your domain.
    • When using the VM Access Proxy with WebMKS, the VM Access Proxy must have a valid SSL certificate issued by a certificate authority, or from your domain.

    If you're using WebMKS for direct console connections with ESXi 6.0 or newer hosted by vCenter 6.0 or newer and your ESXi hosts don't have CA signed certificates installed, you must add a certificate exception in your browser for Commander to open a direct console connection. See the Configuring Internet Explorer 11 for Direct Console Connections knowledge base article for setup information.

  • VMRC console connection method

    The VMRC method requires VMware Remote Console 7.0 to be installed. VMRC is a standalone Windows-only application supported on vCenter.

    Note: The VM Access Proxy doesn't support the VMRC application.

Additional prerequisites for opening console sessions on vCenter

In addition to the requirements listed above that are specific to the WebMKS and VMRC console connection methods, note the following prerequisites:

  • For direct (non-proxied) console connections, there must be a route between the initiating user's computer and vCenter.
  • Depending on the web browser used, you may have to enable compatibility mode for connections to vCenter. Note that you can't use compatibility mode.

Configuring console credentials for connections to vCenter VMs

Console credentials are configured at the cloud account level. These credentials are used for both direct (non-proxied) and secure (proxied) connections.

By default, when users open a console to a vCenter VM, they're automatically signed in to vSphere using the credentials of the cloud account. Allowing users to open a console on a VM means that they can carry out any command on the VM that's allowed by the cloud account credentials.

Optionally, you can change the default sign in process used so that:

  • users are prompted for credentials. With this option, users are presented with a credentials dialog within Commander or the Service Portal.
  • users are automatically signed in to vSphere using a set of credentials that you specify. This option allows you to enhance security in a VM console session. Controlling the user's credentials allows you fine-grained control over what actions they can perform on the VM.

Access through:

Views > Inventory > Infrastructure, Applications, or Storage

Available to:

Commander Roles of Superuser and Enterprise Admin; must also have Administrator Access Rights for the Cloud Account

To configure prompting users for credentials:

  1. From the Inventory tree, select a cloud account.
  2. On the Summary page, select Actions > Configure Console Credentials.
  3. In the Configure Console Credentials dialog, select Prompt for credentials for Commander and/or Service Portal users.
  4. Click OK.

To configure automatic sign in with specific credentials:

  1. Set up one or two reduced-privilege accounts in the cloud account. You can specify separate accounts to be used by Commander users and Service Portal users.
  2. From the Inventory tree, select the cloud account.
  3. On the Summary page, select Actions > Configure Console Credentials.
  4. In the Configure Console Credentials dialog, select Use these credentials for Commander users and/or Service Portal users.
  5. Enter the user name and password for the account(s) you set up in the cloud account.
  6. Click Test Credentials to ensure that these credentials can access the cloud account.
  7. Click OK.

Note: If you don't have Administrator access rights for the cloud account, you can view console credentials by right-clicking a cloud account and select View Console Credentials.

Opening connections to vCenter VMs

Access through:

Views > Inventory > Infrastructure, Applications, or Storage

Available to:

Administrator and All Operator Levels of Access Rights

To open a connection to a vCenter VM:

  1. From the Inventory tree, select a cloud account.

    Note: You can also select a VM from the list on the Virtual Machines tab.

  2. On the Summary page, select Actions > Open Connection, then choose the connection type:
    • Open Console: Open a VM console. See Additional prerequisites for opening console sessions on vCenter above.
    • Open Secure Console: Open a VM console using the VM Access Proxy, in your browser.

      Note: To open a Secure Console session in Internet Explorer, the VM Access Proxy Server's IP address must be added to either the Local Intranet zone (when on the same network as the VM Access Proxy server) or the Trusted Sites zone (when connecting from a network other than that of the VM Access Proxy server).

    • Open RDP Session: Opens an RDP connection to a running Windows VM, using the RDP client.
    • Open Secure RDP Session: Opens an RDP connection to a running Windows VM using a user name and password, in your browser, using the VM Access Proxy. In the Credentials dialog, enter the user name and password, and click OK.
    • Note: In a secure RDP session, if Caps Lock is enabled, duplicate characters may be printed for the characters c, x, and v. Use the Shift key instead of enabling Caps Lock.

    • Open VNC Session: Opens a VNC connection to a running VM, using a VNC client.
    • Open Secure VNC Session: Opens a VNC connection to a running VM, in your browser, using the VM Access Proxy. In the Credentials dialog, enter the password and edit the default port of 5900 if required, and click OK.
    • Open Secure SSH Session: Opens an SSH connection to a running Linux or Solaris VM using a user name and password, in your browser, using the VM Access Proxy. In the Credentials dialog, enter the user name and password, and click OK.

Viewing VM consoles with screenshots

For vCenter, you can take a look, through a screenshot, at what's happening on a VM console without having to RDP into the VM.

Access through:

Views > Inventory > Infrastructure or Applications

Available to:

Administrator, All Operator Levels of Access Rights

To view a VM console through a screenshot:

  1. From the Inventory tree, select a powered-on VM.
  2. Select a powered-on VM in the tree.
  3. On the Summary page, select Actions > Configuration Management > View Console Screenshot.
    • If a screenshot was taken previously, that screenshot is displayed on the screen.
    • If a screenshot hasn't been taken yet, or if you want to update the screenshot, click Update Screenshot.
  4. Click Close to exit the screenshot.