Virtual Architects Support Wiki

User Tools

Site Tools

You are here: start » virtualization » xenserver » xenserver_remote
Trace: xenserver_remote
virtualization:xenserver:xenserver_remote

Table of Contents

XenServer (XenCenter) Remote Access

  • Remote Access is a weak spot in XenServer since the primary management tool is XenCenter on Windows.
  • XenCenter is not NAT-friendly.
  • Most XenCenter-to-XenServer communications happen on ports 22 (SSH) and 443 (HTTPS).
  • Linux guest consoles use VNC starting on port 5901.
  • Since standard SSH is available, the first management tool to grab is xsconsole.

xsconsole

  • xsconsole is the built-in text-mode console on XenServer.
  • xsconsole is useful, but it doesn't provide guest console visibility.
  • If you can SSH into the XenServer, just run xsconsole at the CLI.

Remote XenCenter

:!: For best security, you should limit access to your remote XenServer by source IP address in the firewall at the remote site.

You can get partial functionality by simply forwarding TCP port 443 into the remote XenServer, but not console access (XenServer or VM). Even if you forward a non-standard port (i.e. 4443) in to port 443 on the XenServer, you can still add the remote server to XenCenter:

remote.host.or.ip:4443

Remote Console

A VPN connection makes the following workaround unnecessary!

Without a VPN connection, the easiest way I've found to access the console of a VM running on a XenServer behind NAT is:

  1. Enable remote SSH access directly to the XenServer
    • You can forward a non-standard port at the firewall (i.e. 22222) to the standard port 22 at the XenServer
  2. To access a VM's console, you must tunnel through localhost (the XenServer)
  3. Use SSH port forwarding to forward a VM's VNC port (5901, 5902, 5903, etc.) to 'localhost'
    • Each VM runs on a different VNC port
    • Each VM's VNC console is only available to localhost (the XenServer)
  4. The IP address of the VM doesn't matter and can even change without affecting remote access

You can determine which VNC port is assigned to which VM like this:

Log into the XenServer via SSH: 

ssh -p 22222 -l root <your-remote-xenserver>

Determine the domain ID and VNC port of your target VM: 

xe vm-list
list_domains
netstat -lp|grep -w <domid> |awk '{print $4}'|cut -d: -f2

Now you can forward the port(s) and access the VNC console of the VM from another terminal on your remote workstation: 

ssh -p 22222 -l root -L <local-vnc-port>:localhost:<vm-vnc-port> <your-remote-xenserver>

vncviewer localhost:<last-vnc-port-digit>
virtualization/xenserver/xenserver_remote.txt · Last modified: 2016/10/18 18:10 by gcooper

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki