IBM Cloud Docs
Connecting to ESXi with Bare Metal Servers on VPC

Connecting to ESXi with Bare Metal Servers on VPC

After your bare metal server is running, you can connect to the ESXi direct console user interface (DCUI) and the ESXi web client. You can use the VNC or serial console to access ESXi DCUI. You can access the ESXi web client through a floating IP.

For more information about VMWare deployments, see Deploying Roll Your Own VMware on IBM Cloud Bare Metal Servers for Virtual Private Cloud.

Obtaining your ESXi account name and password

You need to enter the account name and password to access both ESXi DCUI and the ESXi web client. You can retrieve the account information by using the CLI.

The password is automatically generated and encrypted by using the first SSH key that was provided when the bare metal server was created. You need to decrypt the password by using this SSH key.

For Windows or VMware images, you must use the RSA SSH key type. The Ed25519 SSH key type can't be used to with Windows or VMware images. For more information, see Getting started with SSH keys.

  1. Use the following command to retrieve the account name and identify the SSH key that you use to decrypt the password.

    ibmcloud is bare-metal-server-initialization-values $bare_metal_server_id

  2. In the response, locate the User accounts and SSH keys fields. The value of “User accounts” is your account name. You need to use the first SSH key to decrypt the password.

  3. After you have the SSH key, run the following command to obtain your password:

    ibmcloud is bare-metal-server-initialization-values $bare_metal_server_id [--private-key (KEY | @KEY_FILE)]

  4. Add either '<content of the private key file>' or @private_key_file_path for the --private-key flag to decode and decrypt your password.

After you retrieve the account name and password, you can use them to access the ESXi DCUI and web client.

Accessing ESXi DCUI by using a VNC or serial console

You can access the VMware® ESXi DCUI by connecting to a VNC or serial console.

To connect to a console, you need to be assigned Operator (or greater) and Bare Metal Console Administrator roles for the bare metal server in IBM Cloud Identity and Access Management (IAM). If you are an administrator of your account, you also need to self-assign the Bare Metal Console Administrator role.

ESXi DCUI doesn’t output from a serial console by default. You can enable it by following Connecting to a serial console.

Connecting to a VNC console

You can use the UI, CLI, or API to connect to a VNC console.

Connecting to a VNC console by using the UI

  1. In the IBM Cloud console, go to Navigation Menu icon Menu icon > VPC Infrastructure VPC icon > Compute > Bare metal servers

  2. Click the overflow icon of the target bare metal server, then click Open VNC Console.

Connecting to a VNC console by using the CLI

  1. Run the following command to connect to a console:

    ibmcloud is bare-metal-server-console $bare_metal_server_id --vnc

    The access token is invalid after 3 minutes.

  2. Save the value of "href" in the response.

  3. Open the noVNC portal External link icon in a browser.

  4. Click Setting, then expand Advanced > WebSocket.

  5. Check Encrypt, paste the URL API endpoint portion that you saved in Step 2 to Host:. Don't include "wss://", set Port to "443". Paste the URL's path portion that you saved in Step 2 to Path.

    • Example API endpoint: us-south.iaas.cloud.ibm.com
    • Example path: v1/bare_metal_servers/<bare_metal_server_id>/console?access_token=<access_token>&version=2021-05-26&generation=2

  6. Click Connect.

Connecting to a VNC console by using the API

  1. Run the following API call to connect the VNC console:

    curl -X POST \
"$vpc_api_endpoint/v1/bare_metal_servers/$bare_metal_server_id/console_access_token?version=2020-05-26&generation=2" \
-H "Authorization: $token" \
-d '{"console_type":"vnc"}'

  2. Follow Steps 2 - 6 in Connecting to a VNC console by using the CLI to connect to the VNC console.

Logging in to ESXi DCUI

  1. Open the ESXi DCUI in a VNC console.
  2. Press F2 from the DCUI main page to access the System Customization menu.
  3. In the open window, enter the account name and password, then press Enter.

You can reset the password in the Configure Password section.

Enabling SSH for the bare metal server (optional)

By default, you don't have SSH access to the ESXi bare metal server. You can enable SSH access in DCUI by using one the following options.

Enabling SSH from the DCUI

  1. Press F2 from the DCUI main page to access the System Customization menu. You are prompted to enter your account name and password.

  2. From the System Customization menu, select Troubleshooting Options.

  3. Under the Troubleshooting Mode Options menu, select Enable SSH and toggle it on.

  4. SSH is enabled. You can now access DCUI by using SSH protocol.

Enabling SSH by using a script

You can also enable SSH when you provision a bare metal server by passing in the following script content as user data:

vim-cmd hostsvc/enable_ssh
vim-cmd hostsvc/start_ssh

Connecting to a serial console

You can optionally use a serial console to access ESXi DCUI. You must first manually switch to the serial console mode by using the following steps:

  1. Reboot the bare metal server. Then, immediately open a VNC console following Accessing ESXi DCUI by using a VNC or serial console.

  2. After you click Connect on the noVNC connect window, wait until the Loading VMware Hypervisor window appears, then press shift+O to edit boot options.

  3. Enter gdbPort=none logPort=none tty2Port=com1 in the input field, then press Enter. To use com2 instead, replace com1 with com2.

  4. When the loading completes, close the noVNC window.

  5. Open a serial console by clicking Open serial console on the IBM Cloud UI. A new tab opens in your terminal.

  6. Press ESC if ESXi DCUI doesn’t show up in the terminal. You see ESXi DCUI in your terminal.

You can use other methods to enable the serial console. For more information, see VMware Docs Home.

Accessing the ESXi web client by using floating IP

You can access the ESXi web client through the floating IP.

Attaching a floating IP to the network interface of the bare metal server

Before you can access the bare metal server through the public internet, you need to attach a floating IP to its primary PCI network interface. You attach a floating IP by using the UI, CLI, or API.

Attach a floating IP by using the UI

  1. In the IBM Cloud console, go to Navigation Menu icon Menu icon > VPC Infrastructure VPC icon > Compute > Bare metal servers

  2. Click the name of the bare metal server.

  3. On the Bare metal server details page, scroll to the Network Interfaces section and click Edit of a network interface.

  4. On Edit network interface, select a reserved floating IP or Reserve a new floating IP.

  5. Click Save

Attach a floating IP by using the CLI

You need the following information to attach a floating IP to the bare metal server:

  • Bare metal server ID
  • Network interface ID
  • Floating IP ID

Use the List the network interfaces command to find the ID of the network interface. Use the ibmcloud is floating-ips command to find the reserved floating IP IDs, or, use the ibmcloud is floating-ip-reserve command to reserve a new one.

After you collect all the required information, use the following command to attach the floating IP to the bare metal server:

ibmcloud is bare-metal-server-network-interface-floating-ip-add $bare_metal_server_id $network_interface_id $floating_ip_id

Attach a floating IP by using the API

You need the following information to attach a floating IP to a network interface of the bare metal server:

  • Bare metal server ID
  • Network interface ID
  • Floating IP ID

Use the List all network interfaces command to find the ID of the network interface. Use the List all floating IP command to find the reserved floating IP IDs, or, use the Reserve a floating IP command to reserve a new one.

After you collect all the required information, use the following API request to attach the floating IP to the bare metal server:

curl -X PUT "$vpc_api_endpoint/v1/bare_metal_servers/$bare_metal_server_id/network_interfaces/$network_interface_id/floating_ips/$floating_ip_id?version=2021-03-09&generation=2" \
-H "Authorization: $iam_token"

Accessing the ESXi web client

  1. After you complete the previous steps, you can now access the ESXi web client by entering the floating IP in the address bar of your browser.
  2. In the login window, enter the account name and password that you previously retrieved.

Notes on the console service

Keep the following notes in mind when you're using a console service.

  • The console session expires after 10 minutes of idle time. It closes after 60 minutes, regardless of activity.
  • The number of active VNC consoles per server is limited to two. The number of active serial consoles per server is limited to one.