Enable VNC on VMware Deployments
This article outlines the steps needed to enable VNC on VMware, so that the VNC console can be used within the Platform9 UI.
Step 1 – Changes Needed on the ESXi Hosts Housing the Virtual Machines
SSH to the ESXi host (not vCenter). We need to open the VNC ports on the ESXi firewall. These steps need to be performed on all the ESX hosts that are part of the clusters authorized with Platform9 controller. An automated script for doing same is coming soon.
chmod 644 /etc/vmware/firewall/service.xml chmod +t /etc/vmware/firewall/service.xml vi /etc/vmware/firewall/service.xml
Create a new service block before the end of ConfigRoot tag:
<service id='new unique id within this file'> <id>VNC</id> <rule id='0000'> <direction>inbound</direction> <protocol>tcp</protocol> <porttype>dst</porttype> <port> <begin>5900</begin> <end>6199</end> </port> </rule> </service>
Step 2 – Add Firewall Rules to the ESXi Firewall and Verify that Ports Have Been Opened
On the ESXi host, execute the following commands
esxcli network firewall refresh esxcli network firewall ruleset set --ruleset-id VNC --enabled true
Verify that the firewall rules were applied and the ports are open by executing the following commands
esxcli network firewall ruleset list # You should see a rule labelled VNC in the output esxcli network firewall ruleset rule list # You should see the details of VNC rule i.e. port range, protocol, direction, etc.
Step 3 – Enable VNC for Existing Virtual Machines (Optional)
To enable VNC console for existing VMs, power off the VM and use one of the following:
- Using vSphere Web Client
Click on “edit settings”-> Select the “VM Options” tab->Expand the “Advanced” section-> click on “Edit configuration” and add the settings mentioned at the end of this step
- Directly on ESXi Host
Edit the *.vmx file of the corresponding VM and the lines mentioned here.
RemoteDisplay.vnc.enabled = "TRUE" RemoteDisplay.vnc.port =
IMPORTANT NOTES –
1. The key point in the step 3 is to make sure that the port number that you are adding does not collide with any other VM. One way to verify that is to SSH into the ESXi host and run grep on all the *.vmx files and choose a port that is not present in the output
grep "vnc.port" */*/*/*/*.vmx
2. For VNC console to work, the appliance, the ESX host, and the browser where the VNC is being accessed need to have IP connectivity to each other.