VMware GSX Server 3.2Features | Documentation | Knowledge Base | Discussion Forums Connecting a VMware Virtual Machine Console through a Proxy ServerYou can configure the VMware Virtual Machine Console to connect to virtual machines located on a GSX Server host located on a server outside your corporate firewall. The safest way for you to allow this type of access is to have the users connect with the console through a proxy server. Proxy servers exist in many corporate networks since users want or need to access external pages on the World Wide Web. By allowing the console to connect through a Web proxy server, you can take advantage of any existing mechanisms your site has for allowing external Web access. Recall that when connecting to the GSX Server host, the console connects by way of a TCP connection. The default port used to establish connections is port 902. On a Windows server host, the VMware Authorization Service listens for connections on this port. On a Linux server host, the vmware-authd daemon listens for connections on this port. If a console connects to this port, the service authenticates the console before passing off the connection to the virtual machine to which the user is trying to connect. A proxy server inserts an intermediary between the console and the authorization service. When a console connects to the proxy server, the console issues a command indicating which virtual machine on which host the proxy should contact on its behalf. The server then attempts to open a TCP connection to the host that the console requests and sends a response indicating success or failure. If the connection through the proxy succeeds, a tunnel is established and any data transferred is between the console on the client and the virtual machine on the server host. The proxy server transparently moves proxy data between the console and virtual machine, but does not interject between the client and server. However, if the proxy is terminated, the connection between the console and virtual machine is dropped. Enabling Connections through a Proxy ServerIn order to connect a console through a proxy server, there are certain configuration variables you need to set in the preferences.ini file located in C:\Documents and Settings\<user>\Application Data\VMware. On a Linux host, the variables you need to set are located in ~/.vmware/preferences. These settings must be made at each host containing a virtual machine console, not the GSX Server host. To enable the use of a proxy, you use the following configuration variables: proxy.use = TRUE | FALSE proxy.host = hostname.domain.com proxy.port = port proxy.exclude = the list of host and domain names to bypass proxy server The proxy.use variable indicates whether or not the remote console should use the proxy. Set proxy.use to TRUE to enable the use of the proxy. If this variable is not specified or is set to FALSE, the remote console does not use the proxy server when it connects to a virtual machine. The proxy.host variable specifies the server host name where the proxy is located. It must be specified for proxying to work. The proxy.port variable specifies the port through which the proxy connection is made. It must be specified for proxying to work. The proxy.exclude variable allows you to specify a list of hosts and domains that do not use the proxy server when making a connection from the console's host. The list is specified as a comma delimited set of names. For example: proxy.exclude = ".vmware.com, localhost, foo.com " The algorithm used to match the hosts and domains listed in proxy.exclude against the host to which the console is trying to connect is a simple string comparison against the end of the host name. Leading and trailing white spaces are ignored. Thus, in the example above, the console does not connect through the proxy server for the following host names: www.vmware.com myhost.vmware.com localhost mylocalhost www.myfoo.com www.yourfoo.com Whereas the console does connect to the proxy server for these host names: www.vmware.domain.com localhost.localdomain air.com |
