Table of Contents

XenServer (XenCenter) Remote Access

xsconsole

Remote XenCenter

:!: For best security, you should limit access to your remote XenServer by source IP address in the firewall at the remote site.

You can get partial functionality by simply forwarding TCP port 443 into the remote XenServer, but not console access (XenServer or VM). Even if you forward a non-standard port (i.e. 4443) in to port 443 on the XenServer, you can still add the remote server to XenCenter:

remote.host.or.ip:4443

Remote Console

A VPN connection makes the following workaround unnecessary!

Without a VPN connection, the easiest way I've found to access the console of a VM running on a XenServer behind NAT is:

  1. Enable remote SSH access directly to the XenServer
    • You can forward a non-standard port at the firewall (i.e. 22222) to the standard port 22 at the XenServer
  2. To access a VM's console, you must tunnel through localhost (the XenServer)
  3. Use SSH port forwarding to forward a VM's VNC port (5901, 5902, 5903, etc.) to 'localhost'
    • Each VM runs on a different VNC port
    • Each VM's VNC console is only available to localhost (the XenServer)
  4. The IP address of the VM doesn't matter and can even change without affecting remote access

You can determine which VNC port is assigned to which VM like this:

Log into the XenServer via SSH:

ssh -p 22222 -l root <your-remote-xenserver>

Determine the domain ID and VNC port of your target VM:

xe vm-list
list_domains
netstat -lp|grep -w <domid> |awk '{print $4}'|cut -d: -f2

Now you can forward the port(s) and access the VNC console of the VM from another terminal on your remote workstation:

ssh -p 22222 -l root -L <local-vnc-port>:localhost:<vm-vnc-port> <your-remote-xenserver>

vncviewer localhost:<last-vnc-port-digit>