I’m just wondering what people are doing about providing console access for tenants via the public internet.
Our situation - and I doubt this is unusual for a service provider - is that we have a number of VMware vSphere environments sitting behind ManageIQ. ManageIQ’s portal is exposed to the internet via HTTPS, but the vSphere environments are not.
I’m finding that the VMRC console is not actually being proxied by ManageIQ, it seems that ManageIQ is brokering the connection and passing the client VMRC plugin on to vCenter - at which point the connection fails, of course, as the vCenter servers are not exposed to the internet.
We are resistant to trying to proxy a VNC connection, as this would mean modifying a large number of existing customer virtual machines, incurring an outage on each, and from what I gather, the situation would be the same - the connections would be brokered, not proxied.
We could always set up an SSL VPN tunnel, but then the customer would have to log in to the VPN, and then log in again to ManageIQ, which seems awkward and unfriendly.
In this situation, what approaches are other ManageIQ users taking to deliver console access? Does the HTML5 console work in this situation? Are people using VPN & a single sign-on approch. Curious to see what others are doing in this regard.