vCloud Air: Access Your Linux Server Over SSH From Outside


This week while working in my lab, I came across a situation where I wanted to run few commands on my linux server which is running in vCloud Air. To access my lab from outside I have configured a Windows jump server and from there I access my lab components (using SSH or RDP to other server). At times it is annoying to switch back and forth between your home desktop and the RDP session.

I went ahead and configured my main Linux server to access it over SSH directly from my home computer (without logging into my windows jump server).

This process is not difficult, but as a habit I tend to document the new things which I do in my lab, and so I am writing a blog post on the same.

Prerequisite: The only prerequisite for this process is that you should have a Public IP purchased and assigned on your edge gateway.

1: To start with the process, login to vca.vmware.com and navigate to your virtual datacenter.

ssh-1

2: Within your VDC, navigate to Gateways tab and double click on your edge gateway.

ssh-2

3: Add a DNAT rule for access to your server from outside by clicking on Add button.

ssh-3

4: Under External IP, select the Public IP which via which you want to access your server.

You can leave the source and destination port to Any-Any at the moment (we will see later how to modify this rule for a specific port)

Under Translated IP, provide the local IP of your linux server which you want to access.

ssh-4

5: Hit finish button to add the NAT rule to your Edge gateway.

ssh-5

6: It will take a few seconds to apply this config on your edge.

ssh-6

7: After few seconds, you can verify that the newly added rule appears under NAT rule list.

ssh-7

8: Next is to add a firewall rule for the outside access. You can add the rule by navigating to ‘Firewall Rules’ tab and clicking on Add button.

ssh-8

9: You can name this rule as per your choice. Also if you wish you can chose to log the traffic details (a good idea for auditing purpose).

You can select source as ‘ANY’ (if you want to access this server from anywhere) or you can limit the source to an IP or range of IP’s (in case if you want this server to be accessed only from your on-prem production environment and not from home)

Under Destination, select Specific CIDR/IP option and provide the Public IP in the box.

Unfortunately this window do not give you ability to limit this rule to a specific port. But no need to worry about it as we will see in next steps how to achieve that.

Hit Next when you are done with filling the required entries.

ssh-9

 

10: Hit ‘Finish’ to complete the firewall rule creation process.

ssh-10

11: Now its time to modify the NAT/firewall rules (in order to limit them to a specific port to harden the security)

To do so navigate back to Gateways tab and click on ‘Manage in vCloud Director’

ssh-11

12: From the VCD page, select your edge and right click on it and chose ‘Edge Gateway Services’. A new window will pop-up here (unless you have subscribed to Advance Networking Services where you will be taken to hybridity page)

ssh-12

13: Under NAT, select the DNAT rule created by you and hit edit.

ssh-13

14: You can leave original port to ANY. Change the translated port to 22 (or any other, in case you have changed  default ssh port on your server). Hit OK

ssh-14

15: Now from the firewall rule list, select the newly created rule and click edit button.

ssh-15

16: Again you can leave source port to ANY and change the destination port to your SSH port. Make sure you have select allow as Action for this rule. Hit OK.

ssh-16

17: Thats it. You can access your server directly from your source computer now.

ssh-17

I hope this post is informational to you. Feel free to share this on social media if it is worth sharing. Be sociable 🙂

Advertisements

About Alex Hunt

Hi All I am Manish Kumar Jha aka Alex Hunt. I am currently working in VMware Software India Pvt Ltd as Operations System Engineer (vCloud Air Operations). I have around 5 Years of IT experience and have exposure on VMware vSphere, vCloud Director, RHEL and modern data center technologies like Cisco UCS and Cisco Nexus 1000v and NSX. If you find any post informational to you please press like and share it across social media and leave your comments if you want to discuss further on any post. Disclaimer: All the information on this website is published in good faith and for general information purpose only. I don’t make any warranties about the completeness, reliability and accuracy of this information. Any action you take upon the information you find on this blog is strictly at your own risk. The Views and opinions published on this blog are my own and not the opinions of my employer or any of the vendors of the product discussed.
This entry was posted in vCloud Air. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s