Overview
Traditionally, users established remote desktop or SSH connections manually through intermediate Virtual Machines (VMs). The VM Endpoint Connections feature streamlines access by letting users configure multiple endpoints per VM, all accessible directly from the lab client interface.
This feature eliminates the need for complex workarounds —like connecting through intermediary VMs— by enabling direct access to VM endpoints within a lab environment. It significantly improves the user experience, especially for terminal connections, services, and other nested VM environments.
Key Features
Multi-Endpoint Support: Define multiple terminal endpoints on a single VM.
Tab-Based UI: View each endpoint as a separate tab within the lab interface.
Flexible Protocol Support: Connect using SSH, RDP, HTTP/HTTPS, VNC and Telnet endpoints.
Secure Access: Route web traffic using an internal secure network and a proxy for HTTP endpoints.
Persistent Connections: Switch between endpoints without losing active sessions.
Nested VM Support: Interact with child VMs hosted inside a parent VM.
Endpoint Access Gateway: Simplify configuration for accessing resources on complex networks or nested environments.
Requirements
Custom VM endpoints are configured on Lab Profiles. After they're configured, they become available in your lab:
Linux VMs are configured to support programmatic access.
Lab authors define the endpoints each VM needs to support the lab.
VMs in the lab are configured to receive the connection types specified in the lab profile(s).
Once custom VM endpoints are configured in the lab, lab users can interact with terminals or web interfaces directly within the lab client. The endpoints appear as selectable tabs in the lab interface.
Custom Client URLs on Custom VM Endpoints
Using custom client URLs can affect the functionality of Custom VM Endpoints in certain scenarios. Specifically, HTTP/HTTPS-based custom endpoints may not work as expected if the web application relies on cookies (e.g., for managing login or status information).
This issue occurs because cookies are issued based on the domain name of the reverse proxy that connects to the custom VM endpoint. The domain name is based on the default Skillable domain for the lab client application (either skillable.com or labondemand.com).
In some cases, it may be possible to adjust the application's handling of third-party cookies to mitigate this issue, but these adjustments depend on the specific application.
Configuring Custom VM Endpoints
To configure custom VM endpoints:
Optionally define an Endpoint Access Gateway in the lab profile’s Networks tab.
Define the VM endpoints in the lab profile (from the Virtual Machines tab).
Configure VMs to accept the endpoint connections.
Test and validate your connections.
Define an Endpoint Access Gateway
The Endpoint Access Gateway (EAG) allows lab authors to use Custom VM Endpoints with less configuration, particularly in nested scenarios. While the EAG is never required, we recommend it for most labs. Since EAG connects to the user’s lab network the same as a default gateway, there may be scenarios where lab developers want to minimize the number of hosts on the lab network, especially for network cybersecurity labs.
To configure an EAG:
In Skillable Studio, navigate to the Lab Profile and click Edit Profile in the upper-right corner of the page.
Select the Networks tab.
Find the network(s) you wish to add EAG to, and then check Enable Endpoints.
Select whether you want the EAG to obtain its IP address Automatically from DHCP or if you wish to specify a static address.
IP Address Allocation for the EAG
If the EAG is configured to obtain its IP address Automatically from DHCP, it can use either the DHCP service from the NAT service, if enabled, or a DHCP service within the lab network(s). Using a DHCP service within the lab network is especially useful for complex lab environments with advanced routing and VLANS.
If the EAG is configured to use a Static Address, it won’t be provided with additional network configuration, including default gateway or DNS server addresses.
Understand endpoint connectivity with and without the EAG
Without an EAG, Studio provisions proxy devices on the ShellNet network to access the VM. With an EAG, the device is provisioned directly onto the lab network.
The ShellNet network originally allowed Life Cycle Actions (LCAs) and Automated Activities to send scripts into a VM, execute them, and collect the results. In the original implementation, endpoints required all tasks for LCAs and automated activities to be completed on the target VM, and any endpoint target had to be accessed through the ShellNet (172.20.X.Y) interface.
When an EAG is enabled, services are accessed through the lab network and are targeted based on the IP address of the VM hosting the service. This is particularly effective with nested resources, as any resource available on the lab network can be targeted directly.
As shown in the diagrams below, using an EAG reduces the need for complex network translation configurations within the VM.
Define the VM Endpoints
To define VM endpoints, edit the lab profile for the lab you want to configure:
In Skillable Studio, navigate to the Lab Profile and click Edit Profile in the upper-right corner of the page.
Select the Virtual Machines tab.
Toward the bottom of the page, select + Add Endpoint.
Configure the endpoint:
In the first text field, enter your custom endpoint name to replace the default name.
In the second text field, enter the token name to be used in the instructions (this cannot contain spaces).
(Optional) In the Description text field, enter a description for your custom endpoint.
Use the Protocol dropdown to choose the connection type.
Specify the relevant port number and any required authentication details (Username and Password).
Optionally if using the EAG select the network the EAG server to be used is on and specify the IP Address the service is running on.
Repeat the above steps for any additional endpoints that you want to configure for this virtual machine.
Configure the VM to Accept Endpoint Connections
After configuring lab profiles to expose an endpoint in the Lab Client, you must configure your VMs to accept the endpoint connections.
Follow these steps for each endpoint configured in the VM profile:
Ensure VM readiness:
Configure the VM to expose the defined endpoints.
Open necessary ports in the VM’s firewall settings.
Verify that any required services (e.g., SSH, web server, RDP) are running.
Configure network and security settings:
Ensure the VM is connected to the correct network (e.g., ShellNet or the Lab Network).
Use static IP mapping for consistent connectivity in nested VM environments. This would be the default choice however some services/applications for example Cisco Modeling Labs perform dynamic port address translation over the primary network interface.
Apply security best practices, such as limiting endpoint exposure and using strong authentication methods.
After configuring the VMs for all required endpoints, save a differencing disk to make the VM settings available for future lab launches.
Configure the VM Connections
Configure an SSH Connection
Configuring a VM for an SSH connection varies depending on the operating system. Windows and Linux desktops typically don't have an SSH server installed by default.
Windows VMs | Linux VMs |
---|---|
|
|
Configure an HTTP Connection
Configuring a VM for an HTTP connection varies depending on the operating system.
Windows VMs | Linux VMs |
---|---|
|
|
Configure a Remote Desktop (RDP) Connection
RDP configuration is supported on both Windows and Linux VMs. Windows requires only basic configuration, while Linux requires additional software installation.
These instructions assume the Linux VM is running a distribution with a desktop environment already installed.
Windows VMs | Linux VMs | |
---|---|---|
Step 1: Enable remote desktop |
|
|
Step 2: Verify RDP access on the user account To give a user RDP permissions, add them to the Remote Desktop Users group on the target machine using either the GUI or the CLI. | Using the GUI
Using the Command Line Open the command prompt as an administrator:
Using PowerShell Open PowerShell as an administrator:
| |
Step 3: Verify RDP configuration |
|
Configure a Telnet Connection
Telnet connections are generally recommended for use with appliance-style devices that do not support SSH, such as routers and switches. Telnet can be configured on both Windows and Linux; however, only Linux includes native support for Telnet. For Windows, a third-party application must be installed, and each application would have its own configuration steps.
Windows VMs | Linux VMs |
---|---|
While using Telnet with a Windows Server is uncommon, it is possible. Several Telnet server applications are available for Windows. If you're unsure where to start, here are a few examples to consider: |
|
Test and Validate
After configuring lab profiles and VMs with custom VM endpoints, it is best practice to test and validate that everything works as expected:
Launch the lab and verify that all defined endpoints appear in the interface.
Test each endpoint connection to ensure functionality.
Adjust configurations as needed based on testing results.