Remote Server Access

The Remote Server Access features (Console and RDP/SSH) allow users to connect to their servers remotely via the Console feature on VMware and OpenStack and via Microsoft Remote Desktop Protocol (RDP) on Windows servers or Secure Shell (SSH) on servers which support SSH. Users can access these features by clicking the ‘Console’, ‘Remote Desktop’, or ‘SSH’ buttons on a server’s details page. These features are supported on modern browsers which support HTML5+WebSockets, so no plugins or third-party applications need to be installed on the user’s computer or browser to use these features.

Remote Server Access Prerequisites

The Console and RDP/SSH features require some setup in order to use them. Further, some platforms provide more or less support for these features.

Resource Technology Support Matrix

Resource Technology Console 1 SSH 2 RDP 2
AWS N/A 5 YES YES
AWS China N/A 5 YES YES
AWS Govcloud N/A 5 YES YES
Azure N/A 5 YES YES
Azure Classic N/A 5 YES YES
Azure Stack N/A 5 YES YES
CenturyLink Cloud N/A 5 YES YES
Google Compute N/A 5 YES YES
Hyper-V NO YES YES
IBM SoftLayer N/A 5 YES YES
VMware vSphere 3 YES YES YES
Nutanix Acropolis YES YES YES
OpenStack 4 YES YES YES
Oracle Compute Cloud N/A 5 YES YES
QEMU-KVM NO YES YES
RHEV (Red Hat) NO YES YES
Xen NO YES YES
Other Private Clouds NO YES YES
Other Public Clouds N/A 5 YES YES
  • 1: See Console Prerequisites
  • 2: See RDP/SSH Prerequisites
  • 3: See VMware Console Requirements
  • 4: See OpenStack Console Requirements
  • 5: Platform did not provide Console support at time of writing

RDP/SSH Prerequisites

To use this feature:

  1. The feature must be supported on the specific resource technology (see the Resource Technology Support Matrix above)
  2. The RDP/SSH feature must be enabled for the server’s resource handler. This can be managed from Miscellaneous Settings or from the resource handler’s Overview tab.
  3. The user must have permission to use the feature (server.remote_terminal or CloudBolt super admin)
  4. The remote server must be online
  5. The remote server must have an IP Address shown in its Server Details page
  6. That IP address must be routable from the CloudBolt server
  7. TCP port 22 (SSH) or 3389 (RDP) must be open between the CloudBolt server and the remote server
  8. The SSH server must be configured to accept password-based connections
  9. If the remote server is configured to use Network Level Authentication (NLA; common starting with Windows Server 2008 R2), the server must have the ‘nla_for_rdp’ parameter set in CloudBolt
  10. The user must use a modern browser (supported browsers are the latest versions of Chrome, Firefox, Safari, and Internet Explorer) with JavaScript enabled

Console Prerequisites

To use these features:

  1. The feature must be supported on the specific resource technology (see the Resource Technology Support Matrix above)
  2. The Console feature must be enabled on the server’s resource handler. This can be managed from Miscellaneous Settings or from the resource handler’s Overview tab.
  3. The end-user’s browser must be able to communicate to the CloudBolt server over TCP ports 5900-6900 (configurable range, see Firewall Considerations below) for VMware and 6080 for OpenStack (see OpenStack Specific Requirements below).
  4. The resource technology (e.g. ESX and OpenStack servers) must be configured to accept such connections
  5. The remote server must be online

VMware Console Requirements

All console related traffic is sent to the ESX/ESXi server hosting the virtual machine by way of CloudBolt. For the feature to work is necessary for CloudBolt to be enabled direct connectivity with each ESX/ESXi host.

Firewall Considerations

The considerations below apply to vCenter versions 6.0 and below. Console in vCenter 6.5+ uses the HTML Console and only requires port 443 to be open on CloudBolt and the ESXi host.

CloudBolt listens for connections that should be routed for console access in ports 5900 to 6900 by default, and this can be controlled by adding parameters to /var/opt/cloudbolt/customer_settings.py (/var/opt/cloudbolt/proserv/customer_settings.py for versions < 5.1):

LOW_CONSOLE_PORT=XXXX
HIGH_CONSOLE_PORT=YYYY

It’s also important that each ESX/ESXi be configured to allow incoming connections on the TCP ports used for console. This can be accomplished with the following steps:

  1. Open the configuration for each ESX/ESXi host.
  2. Select “Security Profile” under the “Software” heading.
  3. Open the Firewall properties.
  4. Check to enable “VM serial port connected over network”.

OpenStack Console Requirements

CloudBolt delegates console access to the nova-novncproxy on your OpenStack resource handler. It is therefore a requirement that the user’s browser have the ability to reach the novnc proxy on the port listening for console related connection – usually port 6080.

For more information on the nova-novncproxy and help setting it up refer to the openstack documentation: http://docs.openstack.org/admin-guide-cloud/content/nova-vncproxy-replaced-with-nova-novncproxy.html

Using Remote Server Access

As long as the prerequisites specified above have been met, a Console, Remote Desktop, or SSH button will appear on the server’s Server Details page. Clicking that button will open a new browser window or tab which will initiate the remote connection to the server (either via the resource technology or directly). The window size will be based on the current size of your browser window or tab, and cannot be resized after the session has been initiated. When using SSH or RDP, a login prompt will appear 1; when using Console, you may need to move the mouse or press a benign key to get the screen to refresh if the console session has blanked out. To close the session, simply close the window or tab. To restart a disconnected session, simply reload the window or tab.

  • 1: SSH connections prompt you for username and password prior to attempting the connection to the remote server. If you enter valid credentials and all you get is a black screen and a disconnection message, the RDP/SSH Prerequisites may not have been fully met. You can perform some simple diagnostics from the CloudBolt server as described in the RDP/SSH Troubleshooting section.

Keyboard Limitations

This table lists keyboard commands that are known not to work under Console and/or RDP/SSH. If you absolutely require any of these keyboard shortcuts to work in the browser, contact CloudBolt Support to file a feature request. If you find other keyboard shortcuts that do not work properly, you may send that information to support as well and we can update this document (and file a feature request on your behalf).

Feature Shortcut Notes
RDP/SSH Win+M Opens the Start menu on Windows instead of minimizing all windows.
RDP/SSH Shift+Left  
RDP/SSH Shift+Right  
RDP/SSH Cmd+` Switches same-app windows on OSX, but is passed through to the remote server.
RDP/SSH RightCtrl Remapped to LeftCtrl
RDP/SSH Ctrl+a Left  
RDP/SSH Ctrl+a Right