VCSA 6.5 consoles and connections
Being successful with VMware vSphere is largely about understanding “Who’s on first, What’s on second and Idunno’s on third,” at any given point in time. This is especially true with the VMware vCenter Server Appliance (VCSA), as it presents a several new console choices to the administrator.
vCenter Windows and VCSA consoles compared:
| VCSA Console | Windows equivalent | Type of access | What it manages | Account |
| VMRC | VMRC | Out-of-band | Operating System | root or Windows Account |
| SSH | Remote Desktop | In-band | Operating System | root or Windows Account |
| VAMI | N/A | In-band | Operating System | root or Windows Account |
| Web Client | Web Client | In-band | vSphere Management | SSO Administrator |
In reality, the VCSA is no more complicated to access or manage than the (now deprecated) Windows vCenter Server, but you need to know which console to access to perform specific tasks:
| vCenter Task (VCSA / Windows) | VMRC | SSH | VAMI | RDP | Web Client |
| Change local root / administrator password | YES | YES | YES | YES | NO |
| Join Operating System to Domain | NO | YES | NO | YES | YES |
| Patch and update vCenter Operating System | YES | YES | YES | YES | NO |
| Edit hosts file | YES | YES | YES | YES | NO |
| Change network settings | YES | YES | YES | YES | NO |
| Backup vCenter | YES | YES | YES | YES | NO |
| View / Export log files | YES | YES | YES | YES | YES |
| Use Active Directory as an Identity Source | NO | YES | NO | NO | YES |
| Manage VMware vSphere Single Sign On (SSO) | NO | NO | NO | NO | YES |
| Manage VMs | NO | NO | NO | NO | YES |
| Configure Hosts & Clusters | NO | NO | NO | NO | YES |
| Use Update Manager (now integrated in VCSA) | NO | NO | NO | NO | YES |
| Configure vSphere Storage | NO | NO | NO | NO | YES |
Consoles and connectivity to VCSA 6.5
VMware Remote Console
The VCSA has a VMware Remote Console, just like any other VM. Use the VMRC of the VCSA to access the Appliance Shell, and allows you to start a BASH shell for systems management. The VMRC is an out-of-band console, meaning that if the VCSA has failed to boot or experienced a critical system issue (like a purple screen), then you will see that in the VMRC window and be able to react accordingly.
To access the VMRC of your VCSA, open either the Embedded Host Client to the ESXi currently hosting your VCSA (https://ESXihost.mydomain.tly/ui) or the Web Client itself (https://vcsa.mydomain.tld), and right-click on the VCSA instance to choose “open Console”
After you login with the root user and password, you will have options to run API commands directly or start a BASH shell.
Secure Shell
Secure Shell merely establishes an in-band connection to the same the vCenter Appliance Shell, and BASH shell that the VMRC does. SSH provides numerous advantages over the VMRC. Such as:
- [ctrl]+[alt] not necessary to escape console
- Cut & paste functionality available in Putty and most SSH client programs
- Session recording from client
- Typematic issues (repeated keystrokes) avoided
- Secure and encrypted by default
- File transfer possible
With the main disadvantage being, should there be a critical system issue or purple screen, in band connectivity using SSH will not be possible
To access VCSA with SSH, start Putty or your favorite SSH client and enter the IP or hostname of your VCSA.
NOTE: if you get “Connection Refused,” enable SSH using the VAMI, as described in the next section
After you login with the root user and password, you will have options to run API commands directly or start a BASH shell.
Useful BASH shell commands for VCSA
In the BASH shell using either the VMRC or SSH console, there are a few commands that stand-out above others as useful.
Show disks and utilization
In this case, we are going to check the utilization of all disks and partitions
df –h
Show space consumed by folder, with a maximum depth of one folder
In this case, we are going to see how much space is being used by each sub-folder of /var
du –h –d 1
Find a file name from root
In this case, we are going to search for the sftp-server path because we need to use it to re-configure WinSCP to access VCSA
find / -name file-foldername
Find a character string in a path
In this example, we will search the entire /etc (configurations) folder for the IP of the VCSA
grep –r string /path
VMware vSphere Appliance Management Interface
While VMware has engaged in its usual practice of renaming things and now refers to the VAMi as the “VMware vSphere Appliance Management (vSAM)”, the rest of the world continues to refer to the vSAM for vCenter 6.5 as VAMI. I will continue to refer to the vSAM as VAMI!
The VAMI for VCSA 6.5 in an in-band console, and can only be used if the operating system is up and functioning correctly. To access VAMI for VCSA 6.5 use either IP or hostname at https://vcsa.mydomain.tld:5480 with the username root and root user password.
The VAMI provides basic and advanced Appliance Management capabilities such as:
- Backup (requires a server configured to receive files)
- Create log file bundle
- Reboot /Shutdown gracefully
- Allow SSH and/or BASH shell
- Monitor or manage networking
- Configure time, NTP or VMware Tools time synchronization
- Update the VCSA
- set password and password aging (root password expired by default in 365 days)
- Configure remote Syslog
- View compute metrics for VCSA only
If you are unable to use SSH, it is probably disabled. Go to Access, click Edit and enable SSH Login
The VMware vSphere Web Client
The VMware vSphere Web Client is the much-disliked flash-based console/client that is the only complete management interface available in vSphere 6.5. Gone are the management efficiencies of the Windows C# client and in its place is the slowness, vulnerability and frequent crashes associated with the Web Client. Moreover, users of the Web Client are subject to unpredictable and unprompted browser updates (which come at the behest of Google, Microsoft, and Mozilla and are aplied without so much as a notification), which may affect your ability to connect to the Web Client at all!
While it is true that every version of the Web Client is better than the previous, my personal experience tells me that an experienced vSphere administrator will require 20% to 40% more time to complete any given task in the Web Client as compared to the C# client.
You can access the Web Client at: https://vcsa.mydomain.com/vsphere-client and log in using either SSO credentials or credintials from any Identity Source that has been added to vCenter.
Allow 1-2 minutes for the first log-in to load
We used the credential: administrator@vsphere.local to log-on. This is the SSO administrator, and can be managed by going to: Home > Administration
Under Single Sign-On > Configuration, you can set password policy and add identity sources from any AD or LDAP source
vSphere Client (HTML5)
Lastly, there is an HTML5 standards-based vSphere Client available, although not fully functional. To access the vSphere Client (HTML5) go to: https://vcsa.mydomain.tld/ui
