I would like to embed the VMware console in a webapplication, and am looking at the VMware Remote Console SDK documentation.
The documentation suggests my webapplication should log into vSphere using the VIM API, call acquireCloneTicket() to get a session ticket, and generate HTML/Javascript code that passes this ticket to the client plugin.
The problem I have with that, is that if my webapplication logs in as an administrative user, and I clone the ticket, and pass that to the client, I am essentially handing out the end-user a key to every virtual machine, not just his.
Is there a VIM API method to restrict the access the session ticket provides to a specfic virtual machine?
(Just filling in the "vmid" parameter in the clientside VMRC plugin code does not provide acceptable security.)