vCenter

 View Only
  • 1.  Accessing VCenter from the Internet side

    Posted Aug 18, 2019 07:19 PM

    Using VCenter 6.5 Appliance on ESXi 6.5. I would like to access the Appliance over the Internet. However, I read several posts saying that this is impossible by design.

    Sorry if this is a silly newbie question, but then what is the use of a FQDN if not for that? And how does VCenter "know" that it is being used over the Internet? (assuming the proper port forwarding on the Router).



  • 2.  RE: Accessing VCenter from the Internet side

    Posted Aug 18, 2019 08:19 PM

    Exposing vCenter or ESXi across the Internet is a terrible idea from a security standpoint and should absolutely be avoided. A FQDN and Internet accessibility have nothing to do with each other. It's simply a way to resolve a name within a specified domain to the correct IP regardless of how traffic to it gets routed



  • 3.  RE: Accessing VCenter from the Internet side

    Posted Aug 18, 2019 08:50 PM

    >> Exposing vCenter or ESXi across the Internet is a terrible idea from a security standpoint and should absolutely be avoided.

    Why is it any more terrible idea than making a Web Server accessible over the Internet?

    Are you saying it should be avoided or that it is not possible?



  • 4.  RE: Accessing VCenter from the Internet side

    Posted Aug 18, 2019 09:11 PM

    Because vCenter and esxi have not been designed with the hardening in mind to expose to the internet like many web servers have been. They should only be made accessible from a LAN.



  • 5.  RE: Accessing VCenter from the Internet side

    Posted Aug 19, 2019 09:59 AM

    Why is it any more terrible idea than making a Web Server accessible over the Internet?

    Think of it this way. A publicly accessible web server is usually located in a company's DMZ, and has only limited/secured access to production resources.

    vCenter Server is comparable with a server room. With access to it, one could e.g. bring down your whole infrastructure.

    André



  • 6.  RE: Accessing VCenter from the Internet side

    Posted Aug 19, 2019 11:48 AM

    Hi Andre'

    I agree with you

    Alessandro Romeo



  • 7.  RE: Accessing VCenter from the Internet side

    Posted Aug 18, 2019 09:05 PM

    Hi,

    Instead of making an Internet access to the vcenter, can't you make a Radius or VPN access to an internal server and use it to connect to the vcenter?

    Best regards,

    Alessandro Romeo



  • 8.  RE: Accessing VCenter from the Internet side

    Posted Aug 19, 2019 01:14 AM

    At the moment we RDP into a Windows Server behind the same router as VCenter and connect to VCenter that way. Not the most convenient but it works.

    As an aside, I find the browser based VCenter client far inferior and much slower than the old Windows Client. I'm sorry they got rid of it.