VMware vSphere

 View Only
  • 1.  Open vCenter Access to the internet.

    Posted Dec 14, 2017 06:10 PM

    Hi there!

    This will sound unbelievably stupid and it will probably won't make any sense, but I need to get access to the vSphere Web Client over the internet.

    Why do I need to do this?

    I just deployed 2 ESX hosts and started the vCenter Appliance. This Environment will be used for a project where about 10 people need to connect to my vCenter.

    I don't want to give them access to my vpn because of trust issues.

    I tried to achieve this by port forwarding. This worked great for the Web Client on just the ESXi not vCenter.

    I activated port 80 and 443 for the web access and I can get to the first steps page but when I select one of the clients it should open the single sign on page but it tries to connect to the IP-Adress that I configured on vCenter eventhough i used port forwarding.

    Is there any way I can fix it with port forqarding or are there any other solutions?

    Thanks in advance!



  • 2.  RE: Open vCenter Access to the internet.
    Best Answer

    Posted Dec 14, 2017 07:18 PM

    This is going to be unpopular, but my recommendation is: don't do it. Opening up vCenter to the Internet is universally accepted as a bad idea for a number of reasons, unless this is a simple test lab or something that doesn't have production/sensitive/proprietary information present. The focus needs to be on correctly implementing a VPN which segregates network access to users based on their identity, which is done very regularly. So address the issue in the correct way and not side-stepping proper security methods for the sake of convenience.



  • 3.  RE: Open vCenter Access to the internet.

    Posted Dec 14, 2017 07:27 PM

    Thanks for your answer.

    Since this is just for demonstration (and for temporary access) I haven't got any concerns about the security of forwarding ports. This whole setup while last just for the next week after that I haven't got any needs for it.

    I don't want to setup a VPN connection for these users because I can't trust them. I don't care what they do to my vcenter but I don't want them to access my whole network.

    So is there a way with port forwarding or do you know any other way than setting up a vpn?

    Thanks!



  • 4.  RE: Open vCenter Access to the internet.

    Posted Dec 15, 2017 09:21 AM

    why not just create them a VM they can remote into to access vCenter?