By default, the Oracle VM Manager UI can only log into the local installation of Oracle VM Manager. In some situations you may want to use Oracle VM Manager UI to log into a remote instance of Oracle VM Manager. To enable this, you must perform some set up on the Oracle VM Manager host to allow remote log ins.
You should not configure remote log ins unless directed to by Oracle Support.
Once secure TCP connectivity has been configured, it cannot be disabled again. There are no remote (regular) TCP connections allowed.
If remote log ins are configured, a remote instance of the Oracle VM Manager UI can log into the local instance of Oracle VM Manager and interact with all the objects the local instance owns and manages. If you want to enable remote instances of Oracle VM Manager UI to log in, you set up remote TCPS authentication. To do this you must first generate a keystore, then use it to enable remote TCPS connections.
To enable TCPS connections from a remote Oracle VM Manager:
Enter the following commands on the Oracle VM Manager host to create the keystore:
# cd /u01/app/oracle/ovm-manager-3/bin # ./secureOvmmTcpGenKeyStore.sh
You are prompted to enter the following information:
Generate OVMM TCP over SSH key store by following steps: Enter keystore password:password
Re-enter new password:password
What is your first and last name? [Unknown]:name
What is the name of your organizational unit? [Unknown]:unit
What is the name of your organization? [Unknown]:organization
What is the name of your City or Locality? [Unknown]:City
What is the name of your State or Province? [Unknown]:State
What is the two-letter country code for this unit? [Unknown]:country_code
Is CN=name
, OU=unit
, O=organization
, L=City
, ST=State
, C=country_code
correct? [no]:yes
Enter key password for <ovmm> (RETURN if same as keystore password):password
Re-enter new password:password
Use the keystore to enable the TCPS service using the
secureOvmmTcp.sh
script, which is in the
same directory as the keystore script above. On the Oracle VM Manager
host, enter:
# ./secureOvmmTcp.sh
You are prompted to enter the following information:
Enabling OVMM TCP over SSH service Please enter the OVM manager user name:username
The local Oracle VM Manager username to use Please enter the OVM manager user password:password
The local Oracle VM Manager password to use Please enter the password for TCPS key store :password
The keystore password created in the previous script The job of enabling OVMM TCPS service is committed, please restart OVMM to take effect.
The username and password entered here are the local Oracle VM Manager authentication credentials to use when logging in from the remote Oracle VM Manager UI instance.
Restart the local Oracle VM Manager instance:
# /sbin/service ovmm stop # /sbin/service ovmm start -- OR -- # /sbin/service ovmm restart
In the Oracle VM Manager UI, check the Show Management Server URI checkbox in the Preferences sub tab of the Tools and Resources tab to display the Management Server URI field on the login screen.
You can now connect to the Oracle VM Manager, using a remote instance of the Oracle VM Manager UI, using the following syntax in the Management Server URI field in the remote Oracle VM Manager UI login screen:
tcps://hostname
Using the username and password you enabled with the
secureOvmmTcp.sh
script.
If you perform an upgrade from Oracle VM Manager 3.0.x to Oracle VM Manager 3.1.1, the above scripts are not included. You should download the scripts by searching the patch 14067211 from the My Oracle Support website at: https://updates.oracle.com/ARULink/PatchDetails/process_form? patch_num=14067211.
Alternatively you can use Java keytool and Oracle VM Utilities which provide more configuration options. For information on configuring secure TCP (TCPS) for Oracle VM Manager, see the My Oracle Support website at: https://support.oracle.com/oip/faces/secure/km/DocumentDisplay.jspx?id=1456338.1.