I just found out from one of my readers that with the latest release of vSphere 5.5 Update 2, the HTML5 Console in vCenter Server now goes over a secure connection (HTTPS) as well as using secure web socket connection (WSS) by default. In addition to this change, the HTML5 console port has also been changed from 7331 to 7343. I know customers have asking about this in the past and though this was not possible with previous releases, I am glad to see that VMware Engineering has now added this capablity, another reason to go to vSphere 5.5 Update 2!
This new change is also documented in the vSphere 5.5 Update release notes, which I some how must have missed:
Virtual machines with HTML 5 console in vSphere 5.5 open connections with http:// instead of https://
When the HTML 5 console is launched on a virtual machine, it uses connections like http:// and web sockets like ws:// instead of secure connections like https:// and wss://.This release resolves the issue by launching the virtual machine console with secure connection over port 7343 instead of the connection over port 7331.
For those of you using my generateHTML5VMConsole script to generate a pre-authenticated HTML5 VM Console, I have updated the script to include a new variable called isvSphere55u2 which will default to "false" but you can set it in the command-line to "true" and this will automatically generate a URL using HTTPS instead of HTTP and use port 7343 instead of 7331. Other than these two minor changes, the URL format is exactly the same and will continue to work.
Here is a quick screenshot of the HTML5 VM Console URL in my lab running vSphere 5.5 Update 2:
Maik says
Hi William
Which entry could I set in the webclient.properties to change the secure html port from 7343 to another?
William Lam says
Maik,
Take a look at this blog post on changing the HTML5 port http://www.virtuallyghetto.com/2013/10/how-to-change-default-html5-vm-console.html
psv141 says
Hi William,
is it possible to switch back to HTTP instead of HTTPS?
William Lam says
not afaik.
Sean says
Have you heard of any attempt to generate the one time URL and then in order to restrict direct access to the ESX host use a reverse proxy to access the host from an external endpoint?