WilliamLam.com

  • About
    • About
    • Privacy
  • VMware Cloud Foundation
  • VKS
  • Homelab
    • Resources
    • Nested Virtualization
  • VMware Nostalgia
  • Apple

How to restrict access to both the Standalone VMRC & HTML5 VM Console?

12.08.2015 by William Lam // 10 Comments

Several weeks back there were a couple of questions from our field asking about locking down access to a Virtual Machine's Console which includes both the new Standalone VMRC (Windows & Mac OS X) which runs on your desktop as well as the new HTML5 VM Console which runs in the browser. Below is a screenshot of the vSphere Web Client showing how to access the two different types of VM Consoles.

restricting-vmrc-and-html5-vm-console-access-1
To prevent users from accessing either of the VM Consoles which also applies to the vSphere C# Client, you can leverage vSphere's extensive Role Based Access Control (RBAC) system. The specific privilege that governs whether a user can access the VM Console is under VirtualMachine->Interaction->Console interaction as seen in the screenshot below.

restricting-vmrc-and-html5-vm-console-access-0
If a user is not granted the following privilege for a particular VM, when they click on either the Standalone VMRC link or the HTML5 VM Console, they will get permission denied and the screen will be blank. Pretty simple if you want to prevent users from accessing the VM Console or allowing only VM Console access when they login.

restricting-vmrc-and-html5-vm-console-access-2

UPDATE (01/31/17): If you are using VMRC 8.1 or greater, you no longer need the additional permission assignment on the ESXi level if you ONLY want to provide VM Console access, just assign it to the VM. However, if you need to provide device management such as mounting an ISO on the client side, then you will still need to assign VMRC role (along with the required privileges for device management) at the ESXi host level.

UPDATE (12/15/15): If you want to restrict users from having ONLY VM Console access which may include the Standalone VMRC, you will need to ensure that the user has the role applied not only on the VMs you wish to restrict but also at the ESXi host level since Standalone VMRC still requires access to ESXi host. You do not need to grant read-only permissions for the user at the ESXi level, but you just need to assign the user "VMRC" only role at the ESXi level or higher to ensure they can connect to the VMRC.

Categories // Security, VMRC, vSphere, vSphere Web Client Tags // HTML5, permission, remote console, vm console, vmrc

Embedded Host Client Fling v3 released!

10.23.2015 by William Lam // 8 Comments

I just wanted to give everyone a quick heads up that version 3 of the awesome Embedded Host Client Fling has just been released! In addition to all the new features and bug fixes which you can find more details below, there is now also an offline bundle for ESXi 5.x as well as ESXi 6.x which can then be used to distribute to your vSphere environment using vSphere Update Manager. One of my favorite features in this new release is the ability to edit or delete existing disk partitions which is super handy when repurposing existing disk devices for use with VSAN. You can find the download on the Embedded Host Client Fling page here.

Screen Shot 2015-10-23 at 10.03.53 AM
If you have v1 or v2 installed, you can perform an "update" by simply running the following ESXCLI command:

[root@mini:~] esxcli software vib update -v /esxui-signed.vib
Installation Result
Message: Operation finished successfully.
Reboot Required: false
VIBs Installed: VMware_bootbank_esx-ui_0.0.2-0.1.3172496
VIBs Removed: VMware_bootbank_esx-ui_0.0.2-0.1.3015331
VIBs Skipped:

What's new in v3 - 

  • VM
    • Answer question support
    • Upgrade virtual hardware to the latest supported by the host
    • Hot edit VM settings
    • VM table column configuration (show/hide columns), remembered across browser refresh
    • VM startup/shutdown priority (simple increase/decrease)
  • Host
    • Change host power management policy, advanced power configuration
    • Generate IP/FQDN certificate signing request and import new certificate
    • Join a host to an active directory domain controller
  • Storage
    • Disk device partition editor
    • Adapter rescan for new LUNs
    • Disk device rescan for new VMFS volumes
    • Clear a disk's partition table
    • Disk device partition diagram
    • Increase datastore size onto disk that already contains a partition table
  • Performance charts
    • Ability to change performance chart colors (two choices: default VMware colors and high contrast colors)
    • Added Network and Disk charts to Host performance UI
    • Improve VM performance UI, still missing some charts
    • Improved performance UI on tablets
      • Always hide the top legend in the chart
      • Hide the focus widget to increase vertical space
  • General
    • In-app update tool: provide a URL to a new version of the VIB, refresh the browser, et voila!
    • For tabbed UIs, the selected tab is remembered as you navigate around the UI to avoid un-necessary clicks
    • Better scrolling performance on tablets (tested on iPad)
    • Hide-able navigator allowing more space on tablets
    • Shortcut buttons to Host, Host Manage, Host Monitor, VMs, Storage, Networking when navigator is collapsed
    • Improved Actions menu behavior on tablets:
      • Menu navigation no longer hides the actions menu
      • Added an explicit close button on actions menus
      • A second press on the Actions button will close the menu
  • Bugfixes
    • VM table sizing with small number of VMs
    • In-browser consoles:
      • Will now attempt to reconnect when losing a connection to a powered on VM
      • Reverting to a powered-on snapshot while a console is open to that VM will reconnect the console

Categories // ESXi Tags // embedded host client, ESXi, Fling, HTML5, vum, web access

ESXi Embedded Host Client Fling updated to v2

08.26.2015 by William Lam // 13 Comments

The response and feedback from our customers on the recently released HTML5 Embedded Host Client for ESXi Fling has just been absolutely phenomenal. Having only been released for a little less than two weeks ago, it has also become the #1 Fling on the VMware Labs which is an amazing accomplishment in it itself as well as to the awesome work from both the Engineers: Etienne and George. 

Having said that, both Etienne and George have not stopped and have been quite busy in the last couple of weeks. They have been working adding new features based on feedback from our customers as well as any bug fixes that have been reported. Today, I am please to announce that they have just released version2 of the Embedded Host Client for ESXi which you can find here. If you have v1 installed, you can perform an "update" by running the following ESXCLI command:

[root@mini:~] esxcli software vib update -v /esxui-3015331.vib
Installation Result
Message: Operation finished successfully.
Reboot Required: false
VIBs Installed: VMware_bootbank_esx-ui_0.0.2-0.1.3015331
VIBs Removed: VMware_bootbank_esx-ui_0.0.2-0.1.2976804
VIBs Skipped:

In addition to the new features listed below in v2, I would also like to mention we now have both an installable VIB as well as an offline bundle as some of you have been asking for which will allow you to use vSphere Update Manager (VUM) to automate the deployment of the Embedded Host Client across your ESXi hosts.

What's new in v2:

  • Host
    •  Improved host performance monitoring UI
    • Composite CPU/memory figure
  • Virtual Machines
    • VM Snapshot support.
    • In-browser VM console full screen support.
    • In-browser VM console 'shrink’ support.
    • Create Wizard: Mac OS guest creation has been enabled.
  • Storage
    • Completed file browser (copy/move/delete/create directory/upload/download)
    • Right click on VMX file in browser to register VM
    • Mount/create NFS datastores
    • Create VMFS datastore (currently only on disks that don't have a partition table)
    • Extend VMFS datastore (currently only onto disks that don't have a partition table)
    • Mount/Unmount VMFS datastore
  • Networking
    • Firewall ruleset listing (currently read-only)
  • General Features
    • Double click title bar to enlarge dialogs and wizards
    • Alt + drag in a dialog or wizard to resize
    • Locale override (we still only support en-US at this stage)
    • Customizable session timeout.

I have already deployed the latest version in my lab and I have to say, the new features rock. One tiny little feature which I really like is a session timeout count down which appears on your browser tab of the Embedded Host Client when left idle.

Screen_Shot_2015-08-24_at_9.23.29_AM_stream
In my opinion, the attention to details both big and small is what really differentiates this UI from any other that I have used and really provides for a fantastic user experience. Keep up the great work guys!

If you have any feedback, please leave a comment either on my blog or on the Fling site and who knows, your request might just make it into the next release 🙂

Categories // ESXi Tags // embedded host client, ESXi, Fling, HTML5, vum, web access

  • « Previous Page
  • 1
  • 2
  • 3
  • 4
  • 5
  • …
  • 7
  • Next Page »

Search

Thank Author

Author

William is Distinguished Platform Engineering Architect in the VMware Cloud Foundation (VCF) Division at Broadcom. His primary focus is helping customers and partners build, run and operate a modern Private Cloud using the VMware Cloud Foundation (VCF) platform.

Connect

  • Bluesky
  • Email
  • GitHub
  • LinkedIn
  • Mastodon
  • Reddit
  • RSS
  • Twitter
  • Vimeo

Recent

  • VMware Flings is now available in Free Downloads of Broadcom Support Portal (BSP) 05/19/2025
  • VMUG Connect 2025 - Minimal VMware Cloud Foundation (VCF) 5.x in a Box  05/15/2025
  • Programmatically accessing the Broadcom Compatibility Guide (BCG) 05/06/2025
  • Quick Tip - Validating Broadcom Download Token  05/01/2025
  • Supported chipsets for the USB Network Native Driver for ESXi Fling 04/23/2025

Advertisment

Privacy & Cookies: This site uses cookies. By continuing to use this website, you agree to their use.
To find out more, including how to control cookies, see here: Cookie Policy

Copyright WilliamLam.com © 2025

 

Loading Comments...