Custom VM Endpoints

  • Updated on Aug 5, 2025
  • Published on Mar 18, 2025
  • 7 minute(s) read
Prev Next

Traditionally, users needed to establish remote desktop or SSH connections manually through intermediate Virtual Machines (VMs). This feature streamlines access by configuring multiple endpoints per VM, which can be directly interacted with from the lab client interface.

The VM Endpoint Connections feature enables direct access to VM  endpoints within a lab environment, eliminating the need for complex workarounds like connecting through intermediary virtual machines. This enhancement significantly improves the user experience, especially for terminal connections, services, and other similar nested VM environments.

Key Features

  • Multi-Endpoint Support: Users can define multiple terminal endpoints on a single VM.
  • Tab-Based UI: Each endpoint appears as a separate tab within the lab interface.
  • Flexible Protocol Support: Initial implementation includes SSH, RDP, HTTP and HTTPS, VNC and Telnet endpoints.
  • Secure Access: Uses an internal secure network for web traffic and a proxy for HTTP endpoints.
  • Persistent Connections: Users can switch between endpoints without losing active sessions.
  • Nested VM Support: Allows interaction with child VMs hosted inside a parent VM.

Requirements

Custom Virtual Machine Endpoints are configured on Lab Profiles. After these have been configured, the custom VM endpoints will be available in your lab.

  • Linux VMs has been configured to support Programmatic Access
  • Lab authors define the endpoints on a VM that are needed in the lab.
  • VMs in the lab are configured to receive the connection types selected on the Lab profile(s).

After these two/three have been configured properly, lab users can interact with terminals or web interfaces directly within the lab client. The endpoints will appear in the lab interface as selectable tabs.

Impact of Custom Client URLs on Custom VM Endpoints

When utilizing Custom Client URLs, it may affect the functionality of Custom VM Endpoints in certain scenarios. Specifically, if Custom VM Endpoints that use HTTP/HTTPS protocols are employed, the web application might fail to operate correctly if it relies on cookies (e.g., for managing login or status information).

The primary reason for this issue is that cookies are issued based on the domain name of the reverse proxy providing connectivity to the Custom VM Endpoint. This domain name is derived from the default Skillable domain name of the Lab Client application (either  skillable.com or labondemand.com).

While it may be possible to adjust third-party cookie behavior within the application to mitigate this issue, such adjustments would be dependent on the specific application.

Setting Up and Configuring VM Endpoints

Define VM Endpoints:

To define VM endpoints, you must edit the Lab Profile of the lab that you want to define endpoints for. You can navigate to the Lab profile directly.

  1. In Skillable Studio, navigate to the Lab Profile and select edit in the upper-right corner of the page.
  2. Select the Virtual Machines tab.
  3. Select + Add Endpoint.
  4. Choose the connection type.
  5. Specify the relevant port number and any required authentication details (username and password).
  6. Repeat the above steps for any additional endpoints that you want to configure for this virtual machine.

Virtual Machine Updates

After configuring lab profiles to expose an endpoint in the Lab Client, you must configure your VMs to accept the endpoint connections.
Follow the steps below for each endpoint that you have configured in the VM profile.

After the VMs are configured for all endpoints that are needed, a differencing disk needs to be saved, so that the settings and changes configured in the VM are saved and available for subsequent lab launches.

Ensure VM Readiness:

  • Configure the VM to expose the defined endpoints.
  • Open necessary ports in the VM’s firewall settings.
  • Verify that any required services (e.g., SSH, web server, RDP) are running.
    • For more information on setting up these services inside a Virtual Machine, see below.

Network and Security Considerations:

  • Ensure that the VM is connected to the correct network (e.g., ShellNet for SSH-based access).
  • Utilize static IP mapping for consistent connectivity in nested VM environments.
  • Apply security best practices, such as limiting endpoint exposure and using strong authentication methods.

Configuring Virtual Machines

Configuring an SSH Connection

Configuring a VM for an SSH connection varies depending on the operating system, Windows and Linux desktops are likely not to have an SSH Server installed.

Windows VMs

  1. Install OpenSSH Server: Add-WindowsFeature -Name OpenSSH-Server.
  2. Open port 22 in Windows Firewall: New-NetFirewallRule -Protocol TCP -LocalPort 22 -Direction Inbound -Action Allow -DisplayName "OpenSSH".
  3. Ensure the SSH service starts on boot: Set-Service -Name sshd -StartupType Automatic.

Linux VMs

  1. Install and start an OpenSSH Server:
    • CentOS/RHEL: yum install openssh-server -y && systemctl start ssh && systemctl enable ssh
    • Ubuntu: apt install openssh-server-y && systemctl start ssh && systemctl enable ssh
  2. Open port 22 in firewall:
    • CentOS/RHEL: firewall-cmd --add-service=ssh --permanent && firewall-cmd --reload
    • Ubunutu: ufw allow ssh && ufw reload

Configuring an HTTP connection

Configuring a VM for an HTTP connection varies depending on the operating system that is used. Following the steps below for Windows or Linux respectively.

Windows  VMs:

  1. Install IIS Web Server: Install-WindowsFeature -name Web-Server -IncludeManagementTools.
  2. Start the IIS service: Start-Service W3SVC.
  3. Open port 80 in Windows Firewall: New-NetFirewallRule -Protocol TCP -LocalPort 80 -Direction Inbound -Action Allow -DisplayName "HTTP".
  4. Place web content in
    C:\inetpub\wwwroot\.

Linux VMs:

  1. Install and start an Apache web server:
    • CentOS/RHEL: yum install httpd -y && systemctl start httpd && systemctl enable httpd
    • Ubuntu: apt install apache2 -y && systemctl start apache2 && systemctl enable apache2
  2. Open port 80 in firewall:
    • CentOS/RHEL: firewall-cmd --add-service=http --permanent && firewall-cmd --reload
    • Ubunutu: ufw allow 80/tcp && ufw reload
  3. Place web content in /var/www/html/

Configuring Remote Desktop (RDP)

Configuring a VM for an RDP connection is available Windows and Linux VM's.  Windows just requires some configuration whereas Linux requires a software installation.  These instructions assume the Linux installation is on a Linux distribution that has a desktop already installed..

Linux VMs

Enable Remote Desktop:

  1. Install and start xrdp:
    • CentOS/RHEL: yum install xrdp -y && systemctl start xrdp && systemctl enable xrdp
    • Ubuntu: apt install xrdp -y && systemctl start xrdp && systemctl enable xrdp
  2. Open port 80 in firewall:
    • CentOS/RHEL: firewall-cmd --add-port=3389 --permanent && firewall-cmd --reload
    • Ubunutu: ufw allow 3389/tcp && ufw reload

Windows VMs

Enable Remote Desktop:

  1. Start the VM and log in.
  2. Open the Settings app and search for "Remote Desktop settings".
  3. Turn on the "Enable Remote Desktop" option.
  4. Ensure the check is removed from the check box "Only allow connections from computers running Remote Desktop with Network Level Authentication (recommended).  Removing this check does not present a security risk as the connection is only available across an internal Skillable network.

Ensure User account has RDP access:
To give a user RDP (Remote Desktop Protocol) permissions, you need to add them to the Remote Desktop Users group on the target machine. This can be done using the GUI or the command line, please choose the option you are most comfortable with.

Using the GUI
For the GUI option, you will need to navigate to Local Users and Groups:

  1. Press Win + R, type lusrmgr.msc, and press Enter.

  2. In the left pane, click on Groups.

  3. Add User to Remote Desktop Users Group:

  4. In the right pane, double-click on Remote Desktop Users.

  5. Click the Add button.

  6. Enter the username of the user you want to add and click OK.

Using Command Line
For the command line option, you will need to open Command Prompt as Administrator:

  1. Press Win + X and select Command Prompt (Admin) or Windows PowerShell (Admin).
  2. Add User to Remote Desktop Users Group:
  3. Run the following command: net localgroup "Remote Desktop Users" /add [username]
  4. Replace [username] with the actual username of the user.

Using PowerShell
For the PowerShell option, you will need to open PowerShell as Administrator:

  1. Press Win + X and select Windows PowerShell (Admin).

  2. Add User to Remote Desktop Users Group:

  3. Run the following command: Add-LocalGroupMember -Group "Remote Desktop Users" -Member [username]

  4. Replace [username] with the actual username of the user.

Verify RDP Configuration

Verify the User Has RDP Rights

Check Group Membership:

  1. You can verify the user is added to the group by running: Get-LocalGroupMember -Group "Remote Desktop Users"

Ensure Remote Desktop is Enabled:

  1. Navigate to Settings > System > Remote Desktop and make sure "Enable Remote Desktop" is turned on.

Testing and Validation:

After configuring Lab Profiles and Virtual Machines, it is best practice to test and validate that everything works as expected.

  • Launch the lab and verify that all defined endpoints appear in the interface.
  • Test each endpoint connection to ensure functionality.
  • Adjust configurations as needed based on testing results.

Configuring a Telnet Connection

Telnet connections are generally recommended for us on appliance style devices that do not support SSH e.g. Routers and Switches.  Telnet can be configured on Windows and Linux, however only Linux provides the capability inbox.  For Windows a third party application would need to be installed, and each application would have its own configuration steps.

Linux VMs

  1. Install and start an inet network utilities:
    • CentOS/RHEL: sudo dnf install telnet-server telnet xinetd -y
    • Ubuntu: sudo apt install inetutils-inetd telnetd
  2. Edit the configuration file:
    • CentOS/RHEL: sudo nano /etc/xinetd.d/telnet
      • Change disable = yes to disable = no
    • Ubunutu: sudo nano /etc/inetd.conf
      • Remove the comment #<off># from the front of the line that contains telnet stream tcp nowait telnetd /usr/sbin/telnetd telnetd

Windows VMs
Even though using Telnet against a Windows Server is unlikely it is possible. There are a few Telnet Server applications available for Windows.  If you cannot find an application these are a couple of examples for you to consider.

Related articles