I highlighted the installation and use of VMware’s vCenter Moble Access (vCMA) appliance in a post in late February. For the most part, vCMA has not changed much since our initial download back in April of 2009. If you downloaded the OVF early this February and looked at the updated instructions from the “fling” site, you may have noticed the following “curious” statements:
- Once it powers on, you will need to configure your iPad by going into Settings, the vSphere client (usually bottom left corner of screen, in the Apps section), then you enter the IP address of your mobile appliance.
- Finally, you can access your environment from the vSphere iPad app by entering your vCenter server info or ESX server info, with appropriate username and password.
vSphere Client for iPad
Having a heads-up from the vExpert team briefing by Srinivas Krishnamurti, Sr. Director for Mobile Solutions and Marketing at VMware, plus earlier press coverage from VMworld 2010 (see below), I knew what this “information leak” was hailing. Fortunately, the offending section (text above) was quickly redacted and VMware managed to avoid spoiling the surprise pending today’s [press release].
However, that was not the only source of “information leakage” prior to today’s announcement: you just had to know where to look. For instance, while looking deeper into the virtual appliance for our vCMA how-to, I found bread-crumbs pointing to more “curious” iPad wanderings. The following “Easter egg” was discovered in the “action-config.xml” file (which we held back under the spirit of the information embargo):
<!-- VCMA iPad Actions -->
<action name="vcmaAbout" type="com.vmware.vcma.action.VcmaAboutAction"></action>
<action name="vcmaLogin" type="com.vmware.vcma.action.VcmaLoginAction"></action>
<action name="vcmaLogout" type="com.vmware.vcma.action.VcmaLogoutAction"></action>
<action name="vcmaHome" type="com.vmware.vcma.action.VcmaHomeAction"></action>
<action name="vcmaHostInfo" type="com.vmware.vcma.action.VcmaHostInfoAction"></action>
<action name="vcmaHostOp" type="com.vmware.vcma.action.VcmaHostOperationAction"></action>
<action name="vcmaVmInfo" type="com.vmware.vcma.action.VcmaVmInfoAction"></action>
<action name="vcmaVmQuestion" type="com.vmware.vcma.action.VcmaVmQuestionAction"></action>
<action name="vcmaVmAnswer" type="com.vmware.vcma.action.VcmaVmAnswerAction"></action>
<action name="vcmaVmOp" type="com.vmware.vcma.action.VcmaVmOperationAction"></action>
<action name="vcmaSnapshot" type="com.vmware.vcma.action.VcmaSnapshotAction"></action>
<action name="vcmaPerf" type="com.vmware.vcma.action.VcmaPerfAction"></action>
<action name="vcmaSearch" type="com.vmware.vcma.action.VcmaSearchAction"></action>
<action name="vcmaPing" type="com.vmware.vcma.action.VcmaPingAction"></action>
<action name="vcmaTracert" type="com.vmware.vcma.action.VcmaTraceRouteAction"></action>
<action name="vcmaVmsList" type="com.vmware.vcma.action.VcmaVmListAction"></action>
<action name="vcmaMonitorTask" type="com.vmware.vcma.action.VcmaMonitorTaskAction"></action>
This grouping of action/command definitions identify 17 of 23 vCMA action classes. These classes meant four things to me: (1) the actions are tuned specifically for a non-HTML-only client; (2) the limitations of vCMA’s web interface do not bind the iPad client; (3) there is significant potential for “capabilities drift” between the iPad client the “generic” mobile access client (i.e. HTML) as time goes by (read: richer feature set, user options); and (4) other “tablet” or “mobile” clients can’t be too far behind.
Since it is not feasible to have iPad software previews for vExperts (i.e. via iTunes) for pre-release products, this “pre-view” is based on exposure to product briefing and other pre-launch sources (direct and indirect). We’ll be following-up within the week with actual hands-on experience… That said, here’s what’s going on with VMware and iPad:
vSphere Client for iPad
Today, VMware CIO Steve Herrod announced the launch of version 1.0 of the vSphere Client for iPad (vCiP). The aptly named utility runs on Apple’s current generations of iPad and provides access to many of the basic administrative functions available to vCenter and the standard vSphere Client. This release must be seen as a quick, 1-2-3 punch of mobile and management-centric releases for VMware in the span of two weeks: vCenter Ops, View Client for iPad and now vSphere Client for iPad.
This iPad application is not truly a “native” or “fat” client for vSphere in the “conventional Windows sense.” Instead, VMware’s new app deploys as a web service reliant application (typical of its iPad ilk), and it is accordingly “small, light and elegant.” As you might guess from the [leading] introduction, the “heavy lifting” is actually performed by VMware’s vCenter Mobile Access (vCMA) appliance through the set of new classes (conveniently listed above).
VMware diagram showing (optional) placement of firewall, vCMA, vCenter and vSphere clusters. The use of a VPN connection to your firewall is strongly recommended as vCMA deploys with its web service without SSL enabled.
This illustration depicts the “best practice” recommended deployment for the iPad client by way of a trusted VPN connection. Again, this information was provided to us from Srinivas and his team “pre-launch” and hence was also prior to the recently released enhancements in vCMA (see below). In either case, the connection from iPad to vCenter is always translated through vCMA.
Like the standard Windows “fat” client (now conveniently available as a ThinApp’d zero-install package), the iPad client login requires the following credentials:
- The IP address or DNS host name for your vCenter;
- A valid user name with rights to access/manage the target vCenter;
- The password for the vSphere user.
Unlike the Windows variant, the following must be configured into the iPad’s “Settings” for the vSphere app prior to initial connection:
- The IP address or DNS host name for your vCMA appliance (displayed as “Web Server” in “Settings”).
vCMA’s web service is
not SSL encrypted, and these credentials could be passed “in the clear.” (see updated post, SSL added to vCMA this Tuesday.) Given this client is targeted for mobile use, the risk of exposure to insecure networks (Internet, public WiFi, etc) without SSL would have created “special” opportunities for man-in-the-middle attacks. However, the use of a mobile VPN connection for the iPad client is strongly recommended, but no longer strictly necessary.
Read the rest of this entry ?