vCD Console Proxy Test

The Console Proxy along with the VMRC i.e., the VMware Remote Console client in the vCloud Director cell enables a user to view the screen of a specified vApp (VM).

The Console Proxy performs three distinct functions:

  • Provides a single entry point: A VMware vCloud Director installation works with a large number of vCenter servers and ESX/ESXi servers and therefore the Virtual Machines (VM) can be located on many different hosts. The vCD clients are not aware of that however – they communicate only with the Console Proxy in order to open Remote Consoles. It is the only visible entry point for Remote Console communication from the viewpoint of the vCD clients. The Console Proxy is responsible for redirecting the requests to the correct vCenter server and ESX/ESXi servers.
  • HTTPS communication: The VMware vCloud Director clients communicate with the Console Proxy only via HTTPS on port 443. This communication can be channelled through a client's HTTPS proxy as well if needed. The Console Proxy converts the incoming HTTPS communication to the protocols specific to the vCenter server and ESX/ESXi servers.
  • Security: The Console Proxy provides an additional layer of VMware vCloud Director specific security on top of the standard vCenter server security. The Console Proxy assists with the protection of customer Virtual Machines (VMs) in a multi-tenant environment. In this case it ensures that a client in one organization does not get access to the Virtual Machines (VMs) of another organization. The Console Proxy also protects the vCenter and vSphere servers from denial of service attacks. This works through the Console Proxy communicating with the vCenter and ESX/ESXi servers, but only if the connection is made by clients who have already authenticated to the VMware vCloud Director server. Other clients are denied access, and as a result the vSphere servers cannot be subjected with connections from anonymous users.

The Remote Console Proxy runs as a process on the VMware vCloud Director Cell and communicates to the vCenter server on port 443 and to the ESX/ESXi host on ports 902 and 903. The VMware Remote Console Plugin, which runs on the client browser, communicates with the Remote Console Proxy only on port 443. The VMware Remote Console Plugin then tunnels the MKS traffic (902/903 raffic) over HTTPS to the Console Proxy. It is the Console Proxy's responsibility to direct the connection to the correct vCenter server or ESX/ESXi server and to convert the HTTPS connections to MKS connections on ports 902/903 if needed. 

By tracking the connections to the Remote Console Proxy, you can gauge the number of remote console requests coming into the vCloud Director Cell, and thus assess the workload on the vCloud Director Cell. To keep tabs on Console Proxy connections, use this test. 

This test reports the total number of Console Proxy connections and the number of connections that are currently active, and thus holds a mirror to the current workload of the vCloud Director Cell.

Target of the test : A vCloud Director Cell

Agent deploying the test : An internal/remote agent

Outputs of the test : One set of results for the vCloud Director Cell being monitored.

Configurable parameters for the test
Parameter Description

Test Period

How often should the test be executed.


The host for which the test is being configured.


Specify the port at which the specified host listens in the Port text box. By default, this is NULL.

JMX Remote Port

Here, specify the port at which the JMX listens for requests from remote hosts. Ensure that you specify the same port that you configured in the vmware-vcd-cell file in the /opt/vmware/vcloud-director/binfolder of the vCloud Director.


The JNDIName is a lookup name for connecting to the JMX connector. By default, this is jmxrmi. If you have registered the JMX connector in the RMI registry using a different lookup name, then you can change this default value to reflect the same.

User, Password, and Confirm Password

By default, JMX requires no authentication or security (SSL). This is why, by default, the User and Password parameters are set to none. If JMX requires authentication only (but no security), then ensure that the User and Password parameters are configured with the credentials of a user with read-write access to JMX. To know how to create this user, refer to Pre-requisites for Monitoring vCloud Director. Confirm the password by retyping it in the Confirm Password text box.

Measurements made by the test
Measurement Description Measurement Unit Interpretation

Total connections

Indicates the total number of connections to the Remote Console Proxy.


A high value is a clear indicator of heavy load on the vCloud Director cell.

Active connections

Indicates the number of Console Proxy connections that are currently active.


A value of zero indicates that there are no users accessing the vApps at present.