Accessing your KVM host remotely

Use Virtual Network Computing (VNC) to access your Linux Kernel-based Virtual Machine (KVM) host remotely.

About this task

Note: When using VNC to establish remote control sessions on Linux systems, you must also create the following script on your Web browser system and associate it with the .vnc file type in the browser. If you are using Windows, you do not need to create this script.

#!/bin/sh
VncViewer=vncviewer   # (may need to be customized for your environment)
Conf=$1
Host=$(    cat $Conf | grep ^Host= | cut -d= -f2 | tr -d '\r' )
Port=$[ $( cat $Conf | grep ^Port= | cut -d= -f2 | tr -d '\r' ) ]
Port=eval [ $Port - 5900 ]
which $VncViewer 1>/dev/null 2>&1 && $VncViewer $Host:$Port &

The Web browser-client machine must install RealVNC viewer or a compatible VNC viewer. The agent must be configured to run vncserver on the default port of 5900.

Ensure that the port set in IBM® Flex System Manager is 5900. To validate the port setting, follow these steps:

From the Home page, click the Plug-ins tab.
From the Plug-ins tab, under Remote Access, click Setup Remote Control.
Change the VNC port to 5900.

Important: The VNC Remote Framebuffer (RFB) protocol is not secure. However, you can improve the security of a VNC session by using a Secure Shell (SSH) tunnel. To create an SSH tunnel on Linux or Unix systems before you start VNC, run the following command:

ssh -L <local_port>:<local_hostname>:<destination_port> -N -f 
<user_name>@<destination_hostname>

The following list defines the variables in the preceding example:

<local_port> is any available local port on the local host system that is the source of the tunnel
<local_hostname> is the local host system that is the source of the tunnel
<destination_port> is the remote port on the system that is the destination of the tunnel
<user_name> is the user ID that enables the SSH session to the VNC server (and KVM host)
<destination_hostname> is the hostname of the system that is the destination of the tunnel

The SSH session continues to run in the background and can be terminated after the VNC session ends. Some VNC viewers will optionally create an SSH tunnel and determine the available local port to use.

Before launching a remote session to the virtual server, ensure that at least one of the following security measures have been taken for all your KVM hosts. For optimal security, use both of these methods concurrently:

Set the VNC server sharing configuration to the 'Never treat new connections as shared' (NeverShared) option. The default the VNC configuration allows for shared multi-viewing. The NeverShared setting must be made for all the KVM hosts to which the virtual server relocates.
Set a VNC password for all KVM hosts.

To establish a VNC session, complete the following steps:

Procedure

From the Remote Access Summary page, click Remote Control. The Targets page is displayed.
Select the target for VNC access, using Add and Remove to move a system from the left (Available) column to the right (Selected) column.
Click OK. A window opens displaying a file; the file name is an IP address and the file type is vnc.
The first time that you access VNC, you must associate VNC with the correct application or script in Linux.
Click Open. A VNC session is started.
Communicate with the target system by logging in and working as usual.
When you are finished, end the VNC communication by clicking the X at the top of the window