Short-Take: vSphere Client for iPad, Preview

March 18, 2011

I highlighted the installation and use of VMware’s vCenter Moble Access (vCMA) appliance in a post in late February. For the most part, vCMA has not changed much since our initial download back in April of 2009. If you downloaded the OVF early this February and looked at the updated instructions from the “fling” site, you may have noticed the following “curious” statements:

  • Once it powers on, you will need to configure your iPad by going into Settings, the vSphere client (usually bottom left corner of screen, in the Apps section), then you enter the IP address of your mobile appliance.
  • Finally, you can access your environment from the vSphere iPad app by entering your vCenter server info or ESX server info, with appropriate username and password.

vSphere Client for iPad

Having a heads-up from the vExpert team briefing by Srinivas Krishnamurti, Sr. Director for Mobile Solutions and Marketing at VMware, plus earlier press coverage from VMworld 2010 (see below), I knew what this “information leak” was hailing. Fortunately, the offending section (text above) was quickly redacted and VMware managed to avoid spoiling the surprise pending today’s [press release].

However, that was not the only source of “information leakage” prior to today’s announcement: you just had to know where to look. For instance, while looking deeper into the virtual appliance for our vCMA how-to, I found bread-crumbs pointing to more “curious” iPad wanderings. The following “Easter egg” was discovered in the “action-config.xml” file (which we held back under the spirit of the information embargo):

<!-- VCMA iPad Actions -->
 <action name="vcmaAbout" type="com.vmware.vcma.action.VcmaAboutAction"></action>
 <action name="vcmaLogin" type="com.vmware.vcma.action.VcmaLoginAction"></action>
 <action name="vcmaLogout" type="com.vmware.vcma.action.VcmaLogoutAction"></action>
 <action name="vcmaHome" type="com.vmware.vcma.action.VcmaHomeAction"></action>
 <action name="vcmaHostInfo" type="com.vmware.vcma.action.VcmaHostInfoAction"></action>
 <action name="vcmaHostOp" type="com.vmware.vcma.action.VcmaHostOperationAction"></action>
 <action name="vcmaVmInfo" type="com.vmware.vcma.action.VcmaVmInfoAction"></action>
 <action name="vcmaVmQuestion" type="com.vmware.vcma.action.VcmaVmQuestionAction"></action>
 <action name="vcmaVmAnswer" type="com.vmware.vcma.action.VcmaVmAnswerAction"></action>
 <action name="vcmaVmOp" type="com.vmware.vcma.action.VcmaVmOperationAction"></action>
 <action name="vcmaSnapshot" type="com.vmware.vcma.action.VcmaSnapshotAction"></action>
 <action name="vcmaPerf" type="com.vmware.vcma.action.VcmaPerfAction"></action>
 <action name="vcmaSearch" type="com.vmware.vcma.action.VcmaSearchAction"></action>
 <action name="vcmaPing" type="com.vmware.vcma.action.VcmaPingAction"></action>
 <action name="vcmaTracert" type="com.vmware.vcma.action.VcmaTraceRouteAction"></action>
 <action name="vcmaVmsList" type="com.vmware.vcma.action.VcmaVmListAction"></action>
 <action name="vcmaMonitorTask" type="com.vmware.vcma.action.VcmaMonitorTaskAction"></action>

This grouping of action/command definitions identify 17 of 23 vCMA action classes. These classes meant four things to me: (1) the actions are tuned specifically for a non-HTML-only client; (2) the limitations of vCMA’s web interface do not bind the iPad client; (3) there is significant potential for “capabilities drift” between the iPad client the “generic” mobile access client (i.e. HTML) as time goes by (read: richer feature set, user options); and (4) other “tablet” or “mobile” clients can’t be too far behind.

Since it is not feasible to have iPad software previews for vExperts (i.e. via iTunes) for pre-release products, this “pre-view” is based on exposure to product briefing and other pre-launch sources (direct and indirect). We’ll be following-up within the week with actual hands-on experience… That said, here’s what’s going on with VMware and iPad:

vSphere Client for iPad

Today, VMware CIO Steve Herrod announced the launch of version 1.0 of the vSphere Client for iPad (vCiP). The aptly named utility runs on Apple’s current generations of iPad and provides access to many of the basic administrative functions available to vCenter and the standard vSphere Client. This release must be seen as a quick, 1-2-3 punch of mobile and management-centric releases for VMware in the span of two weeks: vCenter Ops, View Client for iPad and now vSphere Client for iPad.

This iPad application is not truly a “native” or “fat” client for vSphere in the “conventional Windows sense.” Instead, VMware’s new app deploys as a web service reliant application (typical of its iPad ilk), and it is accordingly “small, light and elegant.” As you might guess from the [leading] introduction, the “heavy lifting” is actually performed by VMware’s vCenter Mobile Access (vCMA) appliance through the set of new classes (conveniently listed above).

VMware diagram showing (optional) placement of firewall, vCMA, vCenter and vSphere clusters. The use of a VPN connection to your firewall is strongly recommended as vCMA deploys with its web service without SSL enabled.

This illustration depicts the “best practice” recommended deployment for the iPad client by way of a trusted VPN connection. Again, this information was provided to us from Srinivas and his team “pre-launch” and hence was also prior to the recently released enhancements in vCMA (see below). In either case, the connection from iPad to vCenter is always translated through vCMA.

Like the standard Windows “fat” client (now conveniently available as a ThinApp’d zero-install package), the iPad client login requires the following credentials:

  1. The IP address or DNS host name for your vCenter;
  2. A valid user name with rights to access/manage the target vCenter;
  3. The password for the vSphere user.

Unlike the Windows variant, the following must be configured into the iPad’s “Settings” for the vSphere app prior to initial connection:

  1. The IP address or DNS host name for your vCMA appliance (displayed as “Web Server” in “Settings”).

vCMA’s web service is not SSL encrypted, and these credentials could be passed “in the clear.” (see updated post, SSL added to vCMA this Tuesday.) Given this client is targeted for mobile use, the risk of exposure to insecure networks (Internet, public WiFi, etc) without SSL would have created “special” opportunities for man-in-the-middle attacks. However, the use of a mobile VPN connection for the iPad client is strongly recommended, but no longer strictly necessary.

While the application does not yet enable the saving of data/images presented here, there are plans for future enhancements that take advantage of familiar iPad gestures and available visuals. Also – in keeping with the rapid release schedules for mobile apps – VMware will be departing from their standard versioning methodology and promises to deliver “micro updates” to the mobile client that come in the form of new features rather than full version changes – about every 2-3 months with new features and functionality.

The client team promises that future updates will enable actions for sending e-mails or messages that referring to specific hosts or VMs – along with additional info – and provide links back to specific resources enabling rapid, targeted responses. Until that time, Client for iPad users will just have to take screenshots the old fashioned way and e-mail them as attachments.

During the vExpert preview call, a [forward looking] statement was made that “eventually” this type of app would no longer need vCMA to interface with vCenter. As you can imagine, that didn’t ring true with some of the security wonks on the call. In fact, it makes sense to have “micro appliances” like vCMA serving as proxy layers between external clients (i.e. vSphere Client for iPad) and production vCenter(s) to limit direct exposure to zero-day exploits in vCenter.

If you attended VMworld last year, today’s news may not be news at all. This video – released at VMworld in September, 2010 – shows Srinivas Krishnamurti putting the application through its paces. From the looks of it six months ago and compared to the briefing we received a couple of weeks ago, not very much appears to have changed. Hopefully this means the iPad application is rock-solid and bullet-proofed over the months of beta testing.

Searching for VMs to manage with the vSphere iPad Client

VMware Support for iPad Client

Prior to launch, VMware was considering offering the client as a “premium administrative tool” and placing a $10 price on the app in iTunes. However, just prior to launch, VMware reversed course – perhaps learning from the overwhelming response of the free View Client for iPad launch – and is now releasing the vSphere Client for iPad at no charge!

* NOTE: This application is only available as-is, with community support only.

– vSphere Client for iPad, Community Site

VMware is supporting the vSphere Client for iPad through its dedicated community site. Links to vCMA and Client setup videos (YouTube) are available along with a user forum. The application is ready for download now through iTunes.

[Update: pictures from running app in SOLORI Lab.]

ESX Server Stats view in vSphere iPad Client

ESX Server Performance view in vSphere iPad Client

Virtual Machine Stats and Messages, iPad Client View

Virtual Machine performance view in vSphere iPad Client

Virtual Machine actions pop-up menu


Virtual Machine shutdown options

Jason Boche points out that vMotion is missing
from this iteration of the iPad app. However, the vMotion capability is very much functional in the vCMA appliance – admins needing to vMotion will have to bypass the vSphere Client for iPad today and go directly to vCMA. Fortunately, the two are not mutually exclusive.

Here’s a guru note for those struggling with PAT and security by obfuscation: enter the hostname or IP address followed by a colon and then the PAT’d port for your vCMA server (access outside the firewall.) For instance, inside the firewall vCMA is (port 443) and outside the firewall the vCMA is but port assignment is 8443 instead (i.e. HTTPS is taken). In the “Web Server” settings, you will need to place and vSphere Client for iPad will do the rest.

One comment

  1. […] dual-core) running Honeycomb 3.0.1 the display updates where just as snappy as my iPad2 running View Client for iPad. The only problem I experienced in the hour or so of working with the client is the lack of […]


Comments are closed.

%d bloggers like this: