Away from your workstation, but you need to access vCenter or NSX Manager for Oracle Cloud VMware Solution software-defined data center (SDDC) quickly and securely? Follow this blog to access vCenter and NSX Manager using Oracle Cloud Infrastructure (OCI) Bastion service.

OCI Bastion provides a faster and simpler way to implement secure access to private resources. The administrator has centralized bastion control, specifying which Identity and Access Management (IAM) users or groups have access to specific private end points. Access to the bastion is restricted to the CIDR block allowlist. Sessions are also ephemeral, based on user-defined session time-to-live (TTL), admin-defined session TTL, or explicit session termination. OCI Bastion has two types of sessions that you can create: A managed SSH session or an SSH port forwarding session. To access Oracle Cloud VMware Solution resources, such as vCenter and NSX Manager, we create SSH port forwarding sessions.

Prerequisites

To create an SSH port forwarding session, users must have appropriate authorization to manage bastions, sessions, and networks. To understand and implement the required policies, refer to Bastion IAM Policies.

Create a bastion

Follow the documentation to create a bastion in the virtual cloud network (VCN) and subnet where the Oracle Cloud VMware Solution SDDC is deployed. In the CIDR block allowlist section, I added the public IP address of the machine accessing the SDDC resources. If you’re planning to share these sessions with a team, you can open the allowlist to several public IPs or to be accessed from anywhere. This method is still secure because accessing these sessions requires the SSH key pair.

A screenshot of the Create Bastion screen with field exmaples filled in.

Create your sessions

To access the SDDC resources, we create SSH port forwarding sessions. Create a session, as shown in the following figure, by using the IP address of the vCenter and entering the port as 443. Add an SSH Key and set an appropriate TTL according to your requirements. By default, all sessions are deleted after three hours.

Don’t open the SSH Key pair used to everyone. We recommend giving user read permissions and removing all other permissions on the files.

A screenshot of the Create Session pages, showing an example for creating an SSH port forwarding session for vCenter.

Similarly, create a session for NSX Manager.

A screenshot of the Create Session screen showing an example of how to create an SSH port forwarding session for NSX Manager.

Accessing SDDC resources

Create SSH port forwarding sessions

Copy the SSH command of the sessions from the Oracle Cloud Console. Use the following SSH Command for a bastion session:

A screenshot of the details page for the example BastionOCVS, showing the SSH command to copy.

Change command by adding the path to the private key of the key pair used when creating the session, and enter the localPort that you want to use.

ssh -i <privateKey> -N -L <localPort>:10.0.3.130:443 -p 22 ocid1.bastionsession.oc1.ap-melbourne-1.amaaaaaaugt6wmqac7loorkiihy6vgxmdsfqaempoqpj4cvpbaexscw5xx4a@host.bastion.ap-melbourne-1.oci.oraclecloud.com

For vCenter, use port 443 as your <localPort>. Only this method connects to vCenter with SSH port forwarding.

ssh -i ssh-key-2022-01-19.key -N -L 443 :10.0.3.130:443 -p 22 ocid1.bastionsession.oc1.ap-melbourne-1.amaaaaaaugt6wmqac7loorkiihy6vgxmdsfqaempoqpj4cvpbaexscw5xx4a@host.bastion.ap-melbourne-1.oci.oraclecloud.com

To access NSX Manager, you can use any local port not currently in use.

ssh -i ssh-key-2022-01-19.key -N -L 6443:10.0.3.131:443 -p 22 ocid1.bastionsession.oc1.ap-melbourne-1.amaaaaaaugt6wmqa7zg4aotle252c2dadqhvcnmmb4uzssnle7cfsrqp6dsq@host.bastion.ap-melbourne-1.oci.oraclecloud.com

Update your hosts file

To access vCenter, you need to resolve the FQDN. Because we’re accessing outside the network and don’t have access to the domain name system (DNS), let’s update the hosts file.

  • If you’re using Windows, you can find this file at C:\Windows\System32\drivers\etc\hosts

  • If you’re using Mac, you can find this file at /etc/hosts

Edit the hosts file by elevating your privileges to administrator or root to edit the hosts file. The following screenshot shows the hosts file in a Windows system.

A screenshot of a notepad file showing the hosts file contents.

Access vCenter

Open a terminal session or command line and elevate your privileges to root. Run the SSH command for vCenter.

A screenshot of the example SSH session using vCenter.

In a web browser, open the vCenter FQDN and connect to the vCenter Getting Started page.

A screenshot of the VMware Getting Started page.

Access NSX Manager

Like with vCenter, establish an SSH session for NSX manager.

A screenshot of an SSH session connecting to NSX Manager.

In a web browser, connect to https://localhost:<localport>. In this example, I connect to https://localhost:6443, which brings up the login screen for NSX manager.

A screenshot of the VMware NSX Manager login screen.

Try it yourself

Oracle Cloud VMware Solution provides customers with full control of their VMware environments. When coupled with the Oracle Cloud Infrastructure native services, such as Bastion, it shows the flexibility of the solution. Try it in your environment to access SDDC resources securely from anywhere.

Get started with Oracle Cloud VMware Solution and learn more about our solution.