Connecting to only one Virtual machine on ESX server

I'm looking to give clients access to the console of only one of the Virtual Machines on my ESX server. Is this possible?  As it stands now if I give them access that can see all virtual machines and turn them on/off if they like.  The need ESX console access, RDP will not do in this case.
Who is Participating?
Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
Okay, if you do not want them to use RDP, you've only got two options to use

1. vSphere GUI Client and assign permissions to the VM you want them to access.
(some people vSphere GUI Client find this too complicated)

2. Use vmware-vmrc, which is also installed in the program directory of the vsphere GUI client.

Firstly install the vSphere Client

and then create a shortcut as follows

vmware-vmrc -h esx002 "[vmfs_lun1] BARBUS9/BARBUS9.vmx"

esx002 - ESX server name can be an IP address
[datastore name] - mine is vmfs_lun1

there is a space after ] before the folder name of the VM and VM.vmx

this will give you direct console access to the virtual machine.

If you have a look at my previous solution

"What is the best way to lock down an ESXi Local User?"

and this VMware communites post, for permission related issues;jsessionid=BABB964ACFEB9B5C49468A693D377369

You can connect using the above and get a display as follows:-

 Attaching to Console from VMRC
So if they can get access to your local network, and ping the ESX server, this will work.
can you setup domain access also you can use a vlan
wannabecraigAuthor Commented:
How can I do either of things things?
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

I know you said RDP is no good but you can connect to the console with RDP which is essentially the same thing as what you are trying to achieve:

Newer versions of RDP client use "Server /Admin" to connect

Older versions of the RDP client uses "Server /Console"

Obviously without the " "  It should be exactly the same as the normal console.
My mistake its "Servername -console" in the older versions of the RDP Client:

You can setup your domain on your host (Config tab -> DNS & Routing), then configure specific object (in this case, virtual machine) access. See Basic Admin Guide, beginning on pg. 213 for Roles, Permissions, etc. Or, you can use Web Access (see Guide here to see if that is ok with your requirements:

What ESX version do you have?

Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
You would have to give them access to the vSphere Client or VMRC to connect to the server using the VMware Tools. (and then define security to allow them only to view this server you want them to access).

Let me know, if you need further help, or if RDP Server Console is good for you.
Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
Obviously if they need to attach cdroms and floppies, change VM config, they will need access to vSphere GUI client.
wannabecraigAuthor Commented:
HI, I don't know which is the best option for my situation.  I''l be more clear.

They can't use RDP because the machine is set up to use a VNP to connect to another network. When the RDP to that machine and VPN to another network it cuts off our network, therefore RDP is no use. I want them to access the esx server console so when they access the VPN it doesn't matter if the VPN cuts off our network because we're using the ESX console to access that machine.

So basically I need a console access to only one machine on our ESX server.
I see.  The console will still need local network access to connect to the console would it not?  Surly you would have the same issue?

VPN clients can usually be setup with split tunneling if thats an option to allow both access to the local and remote networks.
wannabecraigAuthor Commented:

The VNP is not allowed a split tunnel but the customer at the other end.
So, if the ESX server's IP is (my addresss is that gives access to the machine, then when that machine is connected to the VPN and takes the address, it looses the connection to our network, but as I'm connecting to, this doesn't matter.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.