Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Securely using vSphere to monitor runtime activity

Go to answer
RichardLorenz
Level 4

‎15-08-19 06:39 AM

Our process controllers use vSphere to hop into an existing session in production on a runtime bot so they can see what the bot is doing. They usually do this when weird things are happening just to get to the bottom of it.

If we start to add processes which access secure sites (like banking sites) this presents a serious issue as the controller could potentially wait for the bot to log into the site and then take over the banking account for nefarious purposes.

Are there better ways of achieving the aim here? I'm thinking there might be an app that shows what's happening on the screen without allowing the user to control the screen. Or alternately is there an app that can record the activity on the screen for audit purposes?

Thanks!

Rich

------------------------------
Richard Lorenz
CoE Manager
Computershare
Australia/Melbourne
------------------------------
0 Likes
1 BEST ANSWER

Best Answers

Go to answer
RichardLorenz
Level 4
In response to JamesMarsh

‎19-08-19 12:11 AM

Hi James

>>Just to clarify you are wanting to be able have a view only console session with a running Runtime Resource (Robot)? 

Yes, exactly.

 

>>If so, I am not 100% sure it is achievable within vSphere. From what I remember once you grant the rights to allow someone to view the console that person has access to send keystrokes >>and mouse movements and the access is not granular enough to prevent that. It is worth have a look/play with some combination of permissions as it may be able to give you what you want.

No, I have not been able to find a way to do it in vSphere either.

>>I do believe that with other remote connection tools it can be achieved e.g Real VNC: www.realvnc.com/en/connect/docs/faq/viewonly.html

Thanks!

>>If you are limited to using vSphere and you cannot get a view only combination of permissions, I did come across this article that talks about Capturing Virtual Machine Screenshots in >>vSphere. It could be that an implementation of this may give you a form of view access you require albeit with images rather than a real time view: blogs.vmware.com/vsphere/2013/01/...

That sounds helpful, I'll check it out

 

Richard

 



------Original Message------

Just to clarify you are wanting to be able have a view only console session with a running Runtime Resource (Robot)? 

If so, I am not 100% sure it is achievable within vSphere. From what I remember once you grant the rights to allow someone to view the console that person has access to send keystrokes and mouse movements and the access is not granular enough to prevent that. It is worth have a look/play with some combination of permissions as it may be able to give you what you want.

I do believe that with other remote connection tools it can be achieved e.g Real VNC: https://www.realvnc.com/en/connect/docs/faq/viewonly.html

If you are limited to using vSphere and you cannot get a view only combination of permissions, I did come across this article that talks about Capturing Virtual Machine Screenshots in vSphere. It could be that an implementation of this may give you a form of view access you require albeit with images rather than a real time view: https://blogs.vmware.com/vsphere/2013/01/capturing-virtual-machine-screenshots-in-vsphere.html



------------------------------
James Marsh
Technical Consultant
Blue Prism
Europe/London
------------------------------

View answer in original post

0 Likes
2 REPLIES 2

Go to answer
JamesMarsh
Staff
Staff

‎15-08-19 09:48 AM

Just to clarify you are wanting to be able have a view only console session with a running Runtime Resource (Robot)? 

If so, I am not 100% sure it is achievable within vSphere. From what I remember once you grant the rights to allow someone to view the console that person has access to send keystrokes and mouse movements and the access is not granular enough to prevent that. It is worth have a look/play with some combination of permissions as it may be able to give you what you want.

I do believe that with other remote connection tools it can be achieved e.g Real VNC: https://www.realvnc.com/en/connect/docs/faq/viewonly.html

If you are limited to using vSphere and you cannot get a view only combination of permissions, I did come across this article that talks about Capturing Virtual Machine Screenshots in vSphere. It could be that an implementation of this may give you a form of view access you require albeit with images rather than a real time view: https://blogs.vmware.com/vsphere/2013/01/capturing-virtual-machine-screenshots-in-vsphere.html



------------------------------
James Marsh
Technical Consultant
Blue Prism
Europe/London
------------------------------

Go to answer
RichardLorenz
Level 4
In response to JamesMarsh

‎19-08-19 12:11 AM

Hi James

>>Just to clarify you are wanting to be able have a view only console session with a running Runtime Resource (Robot)? 

Yes, exactly.

 

>>If so, I am not 100% sure it is achievable within vSphere. From what I remember once you grant the rights to allow someone to view the console that person has access to send keystrokes >>and mouse movements and the access is not granular enough to prevent that. It is worth have a look/play with some combination of permissions as it may be able to give you what you want.

No, I have not been able to find a way to do it in vSphere either.

>>I do believe that with other remote connection tools it can be achieved e.g Real VNC: www.realvnc.com/en/connect/docs/faq/viewonly.html

Thanks!

>>If you are limited to using vSphere and you cannot get a view only combination of permissions, I did come across this article that talks about Capturing Virtual Machine Screenshots in >>vSphere. It could be that an implementation of this may give you a form of view access you require albeit with images rather than a real time view: blogs.vmware.com/vsphere/2013/01/...

That sounds helpful, I'll check it out

 

Richard

 



------Original Message------

Just to clarify you are wanting to be able have a view only console session with a running Runtime Resource (Robot)? 

If so, I am not 100% sure it is achievable within vSphere. From what I remember once you grant the rights to allow someone to view the console that person has access to send keystrokes and mouse movements and the access is not granular enough to prevent that. It is worth have a look/play with some combination of permissions as it may be able to give you what you want.

I do believe that with other remote connection tools it can be achieved e.g Real VNC: https://www.realvnc.com/en/connect/docs/faq/viewonly.html

If you are limited to using vSphere and you cannot get a view only combination of permissions, I did come across this article that talks about Capturing Virtual Machine Screenshots in vSphere. It could be that an implementation of this may give you a form of view access you require albeit with images rather than a real time view: https://blogs.vmware.com/vsphere/2013/01/capturing-virtual-machine-screenshots-in-vsphere.html



------------------------------
James Marsh
Technical Consultant
Blue Prism
Europe/London
------------------------------
0 Likes