If you are familiar with the vCloud Director UI and have used the virtual console for a virtual machine, you may have noticed it is serviced by the VMRC (Virtual Machine Remote Console) vCD browser plugin which is only accessible in the vCD UI. If you are building a custom provisioning portal, you may want to provide similar functionality in your own portal for your users to access their VMs.
You can do so by leveraging the vCloud API and the new VMRC API that was made available with the release of vCloud Director 1.5.
In addition to the VMRC API documentation, there is an sample VMRC API Reference Implementation that you can download and experiment with. When you extract the contents of the zip file, you will find an index.html and console.html web page and you can use this locally on your system or host it on a web server.
The index.html is the landing page that you will use to provide the vCloud VM's screen ticket using the vCloud API's AcquireTicket REST API method. The console.html will then load the VMRC for the requested VM assuming you provided a valid screen ticket.
Here are the four simple steps to access a vCloud VM's remote console using the vCloud REST API & VMRC API using curl:
You will need a system that has curl installed and you will need an account in vCD that has access to some powered on VMs. In the example below, I will be logging into a regular organization and not the System organization. There are a few parameters you need to specify to login to vCD and obtain an authorization token. You will need to specify the following parameters and the URL to your vCloud Director instance which should be in the form of https://vcd-fqdn/api/sessions:
- -i = Include headers
- -k = Performs an "insecure" SSL connection
- -H = Setting the header for the version of vCloud Director (1.5 in this example)
- -u = User credentials in the format of [username@org:password]
- -X = Request type
Note: For more details on the cURL flags, please refer to the cURL documentation.
curl -i -k -H "Accept:application/*+xml;version=1.5" -u coke-admin@Coke:vmware -X POST https://vcd.primp-industries.com/api/sessions
HTTP/1.1 200 OK Date: Tue, 28 Feb 2012 22:20:54 GMT x-vcloud-authorization: n/+ZglmIwJ2SbWlyz04XC5sHUDJqefU1mCMa9TFu9lk= Set-Cookie: vcloud-token=n/+ZglmIwJ2SbWlyz04XC5sHUDJqefU1mCMa9TFu9lk=; Secure; Path=/ Content-Type: application/vnd.vmware.vcloud.session+xml;version=1.5 Date: Tue, 28 Feb 2012 22:20:55 GMT Content-Length: 894 <?xml version="1.0" encoding="UTF-8"?> <Session xmlns="http://www.vmware.com/vcloud/v1.5" user="coke-admin" org="Coke" type="application/vnd.vmware.vcloud.session+xml" href="https://vcd.primp-industries.com/api/session/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.vmware.com/vcloud/v1.5 http://172.30.0.139/api/v1.5/schema/master.xsd"> <Link rel="down" type="application/vnd.vmware.vcloud.orgList+xml" href="https://vcd.primp-industries.com/api/org/"/> <Link rel="down" type="application/vnd.vmware.admin.vcloud+xml" href="https://vcd.primp-industries.com/api/admin/"/> <Link rel="down" type="application/vnd.vmware.vcloud.query.queryList+xml" href="https://vcd.primp-industries.com/api/query"/> <Link rel="entityResolver" type="application/vnd.vmware.vcloud.entity+xml" href="https://vcd.primp-industries.com/api/entity/"/> </Session>
If you have successfully logged in, you should get an HTTP 200 response and get similar output as above. You will need to make note of your authorization token which is located on the third line that starts with "x-vcloud-authorization". This will be needed throughout the remainder of the session
Using the new Query Service API in vCloud 1.5, we will locate all VMs within the vCD instance with the vm type. If you are logged in as a System Administrator and using the System Org, use the adminVM type instead. You can see the command is very similar to the one above but instead of specifying the credentials, we are using the authorization token from step 1. We are also including specific fields in the XML output for readability (VM name + vApp name), if you remove '&fields=name,containerName', you will see the other fields in the XML response. We also want to filter for only powered-on VMs, we can do this by adding '&filter=status==POWERED_ON'.
curl -i -k -H "Accept:application/*+xml;version=1.5" -H "x-vcloud-authorization: n/+ZglmIwJ2SbWlyz04XC5sHUDJqefU1mCMa9TFu9lk=" -X GET "https://vcd.primp-industries.com/api/query?type=vm&filter=status==POWERED_ON&fields=name,containerName"
HTTP/1.1 200 OK Date: Tue, 28 Feb 2012 22:22:09 GMT Content-Type: application/*+xml;version=1.5 Date: Tue, 28 Feb 2012 22:22:09 GMT Content-Length: 1356 <?xml version="1.0" encoding="UTF-8"?> <QueryResultRecords xmlns="http://www.vmware.com/vcloud/v1.5" total="2" pageSize="25" page="1" name="vm" type="application/vnd.vmware.vcloud.query.records+xml" href="https://vcd.primp-industries.com/api/query?type=vm&page=1&pageSize=25&format=records&filter=status==POWERED_ON&fields=name,containerName" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.vmware.com/vcloud/v1.5 http://172.30.0.139/api/v1.5/schema/master.xsd"> <Link rel="alternate" type="application/vnd.vmware.vcloud.query.references+xml" href="https://vcd.primp-industries.com/api/query?type=vm&page=1&pageSize=25&format=references&filter=status==POWERED_ON&fields=name,containerName"/> <Link rel="alternate" type="application/vnd.vmware.vcloud.query.idrecords+xml" href="https://vcd.primp-industries.com/api/query?type=vm&page=1&pageSize=25&format=idrecords&filter=status==POWERED_ON&fields=name,containerName"/> <VMRecord name="WebServerVM" containerName="WebServer-Test-1" href="https://vcd.primp-industries.com/api/vApp/vm-25a4228e-1202-45a7-8f85-cafaeb1c3bc8"/> <VMRecord name="ApplicationVM" containerName="AppTesting" href="https://vcd.primp-industries.com/api/vApp/vm-fadffc47-fa24-4ca0-9a90-f1048bc9f731"/> </QueryResultRecords>
If the operation was successful, you should see a HTTP 200 response and list of VMs in your vCD instance. You will need to make a note of the VM's href property that you wish to obtain the remote console screen ticket for which is needed in the next step.
Next we need to obtain the screen ticket using the AcquireTicket vCloud REST API method. You will need to perform a POST operation and using the href property from the previous step, append "/screen/action/acquireTicket". This link is only available IF the VM is powered-on and must be used within 30seconds or it will be considered invalid.
curl -i -k -H "Accept:application/*+xml;version=1.5" -H "x-vcloud-authorization: n/+ZglmIwJ2SbWlyz04XC5sHUDJqefU1mCMa9TFu9lk=" -X POST https://vcd.primp-industries.com/api/vApp/vm-25a4228e-1202-45a7-8f85-cafaeb1c3bc8/screen/action/acquireTicket
HTTP/1.1 200 OK Date: Tue, 28 Feb 2012 22:23:21 GMT Content-Type: application/vnd.vmware.vcloud.screenticket+xml;version=1.5 Date: Tue, 28 Feb 2012 22:23:21 GMT Content-Length: 895 <?xml version="1.0" encoding="UTF-8"?> <ScreenTicket xmlns="http://www.vmware.com/vcloud/v1.5" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.vmware.com/vcloud/v1.5 http://172.30.0.139/api/v1.5/schema/master.xsd">mks://172.30.0.140/vm-180?ticket=cst-HtefHNvLNiLmfK1na3mx74rqmLmM%2FjhWu3UHHTFrRlnGZg%2FtgjfqwanE4HUvWgvaclaR5vRI3iJrOvJS4P%2Fq6vH%2FfU06v0kMJ4U1ngSCNnt2SmHpaazWp%2B7JPLMCPQz0f88bxnU3t2NIX3bn%2BrsIznRNaDkQeIEldti%2F7pWsH%2FWm1PGIAk%2Fh54IpBuaGmlwPtNjs40zGTLjSYzRtO9oII75jgWA%2F%2FVcRBXtIPgoQzL4GHpyS6PZ7vaTklxdjCUJklJnlAbpVjo7P5uUqzfhhFQa52GNxZK%2FCLS6nNJpVkmvV12J5aUwsWe3OXdecsckW%2By3VLdcKe9Fp8N44TEgGfqrjzvCsXOv5DbiChjrfhIBKlUhN2%2BHL2fHqbtrBbKvtteNERMl08cqExR7qyf4n1w%3D%3D-X6PBbcMUeRCaF5G6lkqOrrdPbjm%2FfLOj1Exk8w%3D%3D--tp-9B%3A2B%3A82%3A8D%3AA2%3AFD%3AF1%3A8F%3A42%3A20%3ABF%3A75%3AA9%3A4F%3AFA%3AA6%3AC4%3A09%3ACA%3A4F--</ScreenTicket>
Now we just need to take the screen ticket which starts with mks://..... and copy that over to our VMRC sample web page and hit the submit button. If everything was successful, you should see the a remote console popup up for the VM you had just requested the screen ticket from. You will also notice the IP Address in the screen ticket is not the same address as your vCloud Director Cell, it is actually the console proxy address if you were wondering why the IP is different.
So this is great, but you still need some interaction with the browser to actually submit the screen ticket request. What if we just wanted to provide a single URL that would automatically launch the remote console for a requested VM? You can definitely do so, but you will need to perform a URL encoding on the mks://... ticket and construct the proper URL.
Here is a simple shell script called vcloud-vAppRemoteConsole.sh that uses the same vCloud REST API calls as above and allows a user to select the vCloud VM to to retrieve a screen ticket and returns back a single URL to access the remote console of the VM.
The script requires three parameters: (username@organization, password and vcloud-host)
Here is an sample execution:
Once you have successfully logged in, you should see a list of VMs that are currently powered on (highlighted in blue). You will need to select a VM and provide the "href" property as input (highlighted in green). Then the AcquireTicket method will be called and the screen ticket is then encoded using a quick Perl one-liner. The encoded entry is then appended to the hosted URL of the VMRC sample https://air.primp-industries.com/vmrc/console.html? (you can replace the URL to fit your environment). The output of the script (highlighted in orange) is the URL you would then paste into a supported web browser and the remote console will automatically launch without any additional user input.
With the above knowledge, you can easily translate this using any of the vCloud SDKs (Java, .NET, PHP), vCO or the new vCloud Director cmdlets and provide console access to your vCloud VMs.
Note: For vSphere virtual machine remote console access instructions, please take a look at this article here.
Daniyal says
Thumbs up to you man.
Nicely elaborated and solved me a lot of time.
Thanks
Daniyal
Paul Carver says
If using a public vCD provider and they have any API manipulation sitting in front of vCD it may be required to add a Content-Length header to POSTs per RFC2616. This would make the step 1 and 3 commands look as follows:
curl -i -k -H "Content-Length:0" -H "Accept:application/*+xml;version=1.5" -u coke-admin@Coke:vmware -X POST https://vcd.primp-industries.com/api/sessions
curl -i -k -H "Content-Length:0" -H "Accept:application/*+xml;version=1.5" -H "x-vcloud-authorization: n/+ZglmIwJ2SbWlyz04XC5sHUDJqefU1mCMa9TFu9lk=" -X POST https://vcd.primp-industries.com/api/vApp/vm-25a4228e-1202-45a7-8f85-cafaeb1c3bc8/screen/action/acquireTicket
Clark Updike says
Hi William. I cannot find anything but html docs for VMRC at the link you provided. Also, I don't see any USB icons on your screenshots even though the API docs talk about "managing USB devices". Any idea how I can get USB devices working? I tried calling manageUsb() but it crashes the plugin when it tries to call deviceControl.getPhysicalClientDeviceDetails(deviceKey).
As it stands, via the vCD portal, it is very inconvenient to get data in and out of VMs on isolated networks if you can only use ISOs (and floppies--machines don't even have those anymore). Even worse, the console provided by vService Manager does even provide ISOs or floppies--rendering anything isolated practically useless. Hopefully there is some way to get a console with a client USB support (or even better, client folder sharing).
Thanks, Clark.
*protected email* says
Did VMware release new API reference for the VMRC with 5.1? I have the older 1.5 and it has limitations such as IE and firefox only and it has a blank screen in Firefox until you go full screen.
Was wondering if there are better binaries or an updated reference example available from somewhere?
VMblog.pl says
Hi William
Is possible get ticket from vSphere vCenter and use this vcd-1.5-vmrc-api-example.zip without vCloud Director?? Proxyconsole is required??
William says
Yes, there is an AcquireTicket() method in the vSphere API as well and that "should" (I've not tested myself) also work with the VMRC sample. In vCloud Director, you would use it's API to acquire the ticket but VMRC will work in either vSphere or vCloud Director environment.
SimonJGreen says
Does the VMRC proxy work when not using vCloud Director?
William Lam says
Yes. It supports both vSphere & vCloud Director, hence the name VMRC API which has not specific tie into vSphere or VCD.
maddy says
HI william,
IE uses the link "https://vcd.xxxx.de/cloud/VMRCConsole.html" while i open the console manually. Is it possible to combine the screenticket with this link and open the vcloud remote console ?
Maddy says
Hi William
Is there any specific url format to open the vcloud vm console in a browser ? Can you pls specify the url format ?
William Lam says
Maddy,
Those details would be covered in the VMRC API reference implementation as that demonstrates how to load VMRC via browser, I'm not sure if there's a specific URI or just a set of JS that's called, but you'll find more details in the docs/examples.
madhansakthi says
Hi william,
I'm able to open the console in a browser. But at times the console is not opening properly. Just a blank screen is shown. Is it possible to confirm by any means if the console is opened successfully ? I need it for an automation requiremnet
psv141 says
Hi William,
Any ideas how we can generate such URL for VCD >5.5 that uses WebMKS?
William Lam says
I don't sorry
hcg says
Hi William, thanks for the great entry, helped me very much. When I copy the url generated and paste to firefox, I got an error "Error connecting to main vCloud Director UI. Please close this window, verify that your session is still active, and try again". Then I've checked the source code of the VMRCConsole.html and seen that there's a function that checks direct access and returns an error:
---
if (window.opener == null) { /* the page was accessed directly */
vmware.log("ERROR", "init", "direct access");
$("body").text("Error connecting to main vCloud Director UI. Please close this window, verify that your session is still active, and try again.");
}
---
Can you suggest a solution for this? Thanks.
Stephen LAI says
I can smoothly complete the steps till "Step 3 - Obtain Screen Ticket for VM". However, after then, I cannot proceed any further.
We are using VMware vCloud Director ver. 5.5.2.2000523, and are trying to develop a web application with VMRC SDK 5.5 for showing remote consoles of VMs running on the VCD.
We have tried vmrc-embed-example.html comes with the SDK (ver. 5.5).
If Firefox is used, till now, we can never get it run properly. When we click "getVersion", it returns "5.5.0.1879329". When we click "isReadyToStart", it returns "true". However, after we have set "VMRC modes", "Message mode", and "Advanced config", and then click "startup", it always returns "Error calling method on NPObject!".
If IE is used, the situation is a bit better. When we click "startup", it returns somewhat like "vmrc-ax-t-{FE4495D0-DFE7-47FB-B719-C4FDD53FDCDE}". However, we encounter another problem after then.
When IE is used, after entering the following:
Hostname: hostname returned by acquireTicket (mentioned in step 3), which is directly following "mks://" in those returned data
Ticket: ticket returned by acquireTicket, which is following "?ticket=" in those returned data
VM ID: VM id returned by acquireTicket, which is between hostname and ticket in those returned data
Then, we click "connect". Firstly, it responses as "connect succeeded". However, it becomes disconnected (onConnectionStateChange - connectionState: 1) then, and the reason is "An error occurred that affected the security of the connection".
Is there any advice for us to solve the problem?