Copyright 2017 - CSIM - Asian Institute of Technology

VMware vSphere Client cannot be used outside of CSIM because of the restrictions on the firewall. These restrictions can be bypassed by configuring SSH tunnels.

The following example will use puTTY as SSH client. Obviously, VMware vSphere Client too must be installed on your PC. For non-Windows system, see below.

The first step is to install the software and make sure they are working, VMware vSphere Client must be tested inside CSIM and puTTY must be used to connect to bazooka.cs.ait.ac.th from outside CSIM.

Configuring puTTY for SSH tunnel

VMware needs four tunnels on TCP ports 80, 443, 902 and 903. For some reason, VMware vSphere Client refuses to work on a tunnel opened on the IP 127.0.0.1. Instead you can use the IP 127.0.0.2, it works fine.

Port 443 is used by all the VMware traffic between VMware vSphere Client and the VMware ESXi server. Port 902 is used when you open the console of your virtual machine. Port 80 is used to a a page with an error. I have not ye seen the use of port 903 but it was documented elsewhere. Traffic to port 902 is mostly VNC.

1. Start puTTY.
Enable compression: VMware vSphere Client allows you to access your virtual machine in console mode, that is you may end up doing remote desktop to your virtual machine. If you are using a Graphical User Interface on your virtual machine, a large amount of data will be sent through the SSH tunnel, between your PC and your virtual machine; you better reduce the amount of data with ccompression. 
Compression is configurable under the option SSH.
2. Create the tunnel: the example correspond to the tunnel for TCP port 80.
Go to the option SSH/Tunnels and add a new forwarded port from source port 127.0.0.2:80 to destinationvirtual3.cs.ait.ac.th:80 The option local and auto should be selected by default. 
Note that the field to enter the source port is too short but you should enter the full 127.0.0.2:80
Click on add.
3. Reapeat the operation above, adding forwarded ports for TCP ports 443, 902 and 903.
At the end, you should have the list of forwarded ports given in the image:
L127.0.0.2:80    virtual3.cs.ait.ac.th:80
L127.0.0.2:443   virtual3.cs.ait.ac.th:443
L127.0.0.2:902   virtual3.cs.ait.ac.th:902
L127.0.0.2:903   virtual3.cs.ait.ac.th:903

Note that the window can only show three ports while you have forwarded four. Use the scrollbar to check all ports are thete.
4. Go to the session option at the very top and specify the destination where you connect to by enteringbazooka.cs.ait.ac.th in the host name field.
Give a name to the session and save it: you will be able to reuse it later on.
You can then open the connection.
Later you will be able to open the session you have saved and proceed on, starting from step 5 below.
5. Enter your CSIM username and password. 
You are connected to bazooka.cs.ait.ac.th and the SSH tunnels are created: your local machine at 127.0.0.2appears like a VMware ESXi server, but all the traffic will be sent to bazooka through the tunnel and bazooka will send that traffic to the real VMware ESXi server virtual3.cs.ait.ac.th.
6. Launch VMware vSphere Client and connect to the server 127.0.0.2
Use the username and password as you would use them in CSIM and work normally.

Et voilà!

SSH tunnels for non-Windows systems

On Linux, you can use ssh to establish the tunnel needed to run vmplayer across CSIM firewall.

Note that because it uses system ports, you need to be root to run the following command.

ssh -L443:virtual3.cs.ait.ac.th:443 -L902:virtual3.cs.ait.ac.th:902 <your account>@bazooka.cs.ait.ac.th

Then you can run vmplayer -H localhost on your Linux machine.

Powered by: puTTY
 
 

Login Form

Search

School of Engineering and technologies     Asian Institute of Technology