Manage Learn to apply best practices and optimize your operations.

VSphere Client for iPad: VMware management on the go

The vSphere Client for iPad brings VMware management to the iOS tablet. Once installed, you can tap, pinch and flick your way around a VMware infrastructure.

The new VMware vSphere Client for iPad, a native iOS application that performs basic host and virtual machine (VM) administration and monitoring tasks, hit Apple's App Store today.

The initial release of the VSphere Client for iPad doesn't have the complete functionality of the vSphere Client. It's designed to perform approximately 80% of the most common vSphere administration tasks, but this first release can perform roughly 50% of the most common tasks.

Why the vSphere Client for iPad was delayed

Recently, VMware remedied a major security vulnerability with a new version of the vCenter Mobile Access (vCMA), released on March 14. The connections between any mobile device and vCMA did not use Secure Sockets Layer (SSL) encryption. As a result, all communication -- including login credentials -- was sent via plain text over the network to the vCenter Server. The omission of SSL encryption made vCMA risky, and if your login information was obtained by someone listening on the network, it could be used on the full vSphere Client to gain access to your infrastructure.

When I installed vCMA in preparation for the iPad app, I noticed this vulnerability and brought it to VMware’s attention. To VMware’s credit, the company responded quickly. In a few weeks, it released a new version of vCMA that included default support for secure HTTP. The new vCMA caused a brief delay in the release of the VMware vSphere Client for iPad.

It's also worth noting that VMware doesn't officially support the vSphere Client for iPad. It's part of VMware Labs, which issues experimental tools and applications.

Currently, the vSphere Client for iPad can execute the following tasks:

  • monitor host and VM performance;
  • manage VM power states;
  • manage VM snapshots;
  • place hosts in maintenance mode and restart them; and
  • perform basic network troubleshooting using ping and traceroute.

A big feature that's missing is performing a vMotion, which will be added later.

The VMware vSphere Client for iPad is not a standalone app. It requires the vCenter Mobile Access (vCMA) appliance, which is a free, pre-built virtual appliance that can be imported directly into vCenter Server. Before you can take advantage of the vSphere Client for iPad, you have to download and install vCMA, then connect it to the iPad app.

Security considerations for vCMA

Before deploying vCMA, which acts as a proxy server between the VMware vSphere Client for iPad and vCenter Server, consider some of its security implications. The vCMA appliance is meant to be on an internal private network, for instance. It should not be deployed to a DMZ under any circumstances, because that poses a huge security risk to your vSphere infrastructure.

You can access it directly over the local area network from your iPad. But to remotely access it, you need a secure virtual private network (VPN) connection, and the security policies in your infrastructure may limit the app's functionality. Some companies may not allow iPads to make VPN connections, or they may not be set up for it. The built-in iPad VPN client supports the Layer 2 Tunneling Protocol, Point-to-Point Tunneling Protocol and Cisco Systems Inc. Internet Protocol Security. (Apple has articles on iOS supported protocols for VPN and VPN server configuration for iOS 4 devices.)

Figure 1
This diagram shows the VMware vSphere Client for iPad connecting to the vCMA appliance through a firewall, using a VPN connection. And vCMA is connected to vCenter Server. The firewall shouldn’t be considered optional, unless the iPad is on the same internal network as vCMA.(Click image for an enlarged view.)

The vCMA default configuration has security weaknesses. It uses the Linux operating system CentOS, which runs the Apache Web Server and the Tomcat application server. Normally, you don't have to interact with the OS on the appliance; you just deploy it.

But the OS has a default username (root) and password (vmware) for console access, and you should change those parameters immediately. If the root password is not changed, someone can easily log in and compromise your infrastructure using its well-known, default password. I'll cover how to change the default password during the installation steps.

Read on to learn how to install vCMA and connect it to the VMware iPad app.

Dig Deeper on Remote administrative options