VCSA 6.5 consoles and connections

Being successful with VMware vSphere is largely about understanding “Who’s on first, What’s on second and Idunno’s on third,” at any given point in time. This is especially true with the VMware vCenter Server Appliance (VCSA), as it presents a several new console choices to the administrator.

vCenter Windows and VCSA consoles compared:

VCSA Console Windows equivalent Type of access What it manages Account
VMRC VMRC Out-of-band Operating System root or Windows Account
SSH Remote Desktop In-band Operating System root or Windows Account
VAMI N/A In-band Operating System root or Windows Account
Web Client Web Client In-band vSphere Management SSO Administrator

In reality, the VCSA is no more complicated to access or manage than the (now deprecated) Windows vCenter Server, but you need to know which console to access to perform specific tasks:

vCenter Task (VCSA / Windows) VMRC SSH VAMI RDP Web Client
Change local root / administrator password YES YES YES YES NO
Join Operating System to Domain NO YES NO YES YES
Patch and update vCenter Operating System YES YES YES YES NO
Edit hosts file YES YES YES YES NO
Change network settings YES YES YES YES NO
Backup vCenter YES YES YES YES NO
View / Export log files YES YES YES YES YES
Use Active Directory as an Identity Source NO YES NO NO YES
Manage VMware vSphere Single Sign On (SSO) NO NO NO NO YES
Manage VMs NO NO NO NO YES
Configure Hosts & Clusters NO NO NO NO YES
Use Update Manager (now integrated in VCSA) NO NO NO NO YES
Configure vSphere Storage NO NO NO NO YES

Consoles and connectivity to VCSA 6.5

VMware Remote Console

The VCSA has a VMware Remote Console, just like any other VM. Use the VMRC of the VCSA to access the Appliance Shell, and allows you to start a BASH shell for systems management. The VMRC is an out-of-band console, meaning that if the VCSA has failed to boot or experienced a critical system issue (like a purple screen), then you will see that in the VMRC window and be able to react accordingly.

To access the VMRC of your VCSA, open either the Embedded Host Client to the ESXi currently hosting your VCSA (https://ESXihost.mydomain.tly/ui) or the Web Client itself (https://vcsa.mydomain.tld), and right-click on the VCSA instance to choose “open Console”

Open VMware Remote Console
Open VMware Remote Console
VMware Remote Console Login
VMware Remote Console Login

After you login with the root user and password, you will have options to run API commands directly or start a BASH shell.

API and BASH CL
API and BASH CLI

Secure Shell

Secure Shell merely establishes an in-band connection to the same the vCenter Appliance Shell, and BASH shell that the VMRC does. SSH provides numerous advantages over the VMRC. Such as:

  • [ctrl]+[alt] not necessary to escape console
  • Cut & paste functionality available in Putty and most SSH client programs
  • Session recording from client
  • Typematic issues (repeated keystrokes) avoided
  • Secure and encrypted by default
  • File transfer possible

With the main disadvantage being, should there be a critical system issue or purple screen, in band connectivity using SSH will not be possible

To access VCSA with SSH, start Putty or your favorite SSH client and enter the IP or hostname of your VCSA.

NOTE: if you get “Connection Refused,” enable SSH using the VAMI, as described in the next section

After you login with the root user and password, you will have options to run API commands directly or start a BASH shell.

Useful BASH shell commands for VCSA

In the BASH shell using either the VMRC or SSH console, there are a few commands that stand-out above others as useful.

Show disks and utilization

In this case, we are going to check the utilization of all disks and partitions

df –h

Show space consumed by folder, with a maximum depth of one folder

In this case, we are going to see how much space is being used by each sub-folder of /var

du –h –d 1

Find a file name from root

In this case, we are going to search for the sftp-server path because we need to use it to re-configure WinSCP to access VCSA

find / -name file-foldername

Find a character string in a path

In this example, we will search the entire /etc (configurations) folder for the IP of the VCSA

grep –r string /path

VMware vSphere Appliance Management Interface

While VMware has engaged in its usual practice of renaming things and now refers to the VAMi as the “VMware vSphere Appliance Management (vSAM)”, the rest of the world continues to refer to the vSAM for vCenter 6.5 as VAMI. I will continue to refer to the vSAM as VAMI!

The VAMI for VCSA 6.5 in an in-band console, and can only be used if the operating system is up and functioning correctly. To access VAMI for VCSA 6.5 use either IP or hostname at https://vcsa.mydomain.tld:5480 with the username root and root user password.

The VAMI provides basic and advanced Appliance Management capabilities such as:

  • Backup (requires a server configured to receive files)
  • Create log file bundle
  • Reboot /Shutdown gracefully
  • Allow SSH and/or BASH shell
  • Monitor or manage networking
  • Configure time, NTP or VMware Tools time synchronization
  • Update the VCSA
  • set password and password aging (root password expired by default in 365 days)
  • Configure remote Syslog
  • View compute metrics for VCSA only

If you are unable to use SSH, it is probably disabled. Go to Access, click Edit and enable SSH Login

The VMware vSphere Web Client

The VMware vSphere Web Client is the much-disliked flash-based console/client that is the only complete management interface available in vSphere 6.5. Gone are the management efficiencies of the Windows C# client and in its place is the slowness, vulnerability and frequent crashes associated with the Web Client. Moreover, users of the Web Client are subject to unpredictable and unprompted browser updates (which come at the behest of Google, Microsoft, and Mozilla and are aplied without so much as a notification), which may affect your ability to connect to the Web Client at all!

While it is true that every version of the Web Client is better than the previous, my personal experience tells me that an experienced vSphere administrator will require 20% to 40% more time to complete any given task in the Web Client as compared to the C# client.

You can access the Web Client at: https://vcsa.mydomain.com/vsphere-client and log in using either SSO credentials or credintials from any Identity Source that has been added to vCenter.

Allow 1-2 minutes for the first log-in to load

We used the credential: administrator@vsphere.local to log-on. This is the SSO administrator, and can be managed by going to: Home > Administration

Under Single Sign-On > Configuration, you can set password policy and add identity sources from any AD or LDAP source

vSphere Client (HTML5)

Lastly, there is an HTML5 standards-based vSphere Client available, although not fully functional. To access the vSphere Client (HTML5) go to: https://vcsa.mydomain.tld/ui

John Borhek

John Borhek (VCP 3-6) is the IT Director and Lead Solutions Architect at VMsources Group Inc. and an active consultant specializing in VMware vSphere, Linux, Networking and Infrastructure Design.

Leave a Reply

Your email address will not be published. Required fields are marked *