Daniel Pocock
2017-Mar-15 10:26 UTC
[libvirt-users] building virtual desktops with libvirt, KVM, SPICE and GNOME
Can anybody comment on how to host virtual desktops on a headless server using libvirt and KVM on the server and a SPICE client to access the virtual desktop? Is there a standard way of doing this? I've seen many fragments of information about how to do this but I didn't come across a single guide describing the entire solution. Search engines also return a lot of information about gaining remote access to a real physical desktop but that is not what I'm looking for. I've also come across many real-world scenarios where people are manually starting VNC server processes for each user on different ports but I was hoping to find out if there is a more standard way of doing this now. When I say "virtual desktop", the type of user experience I'm thinking about is that named users can run a SPICE client anywhere and always connect to the same host/desktop. E.g. if they leave some windows open, disconnect, go to another physical machine and reconnect with the same username they will see the same desktop with the same windows open. Regards, Daniel
Martin Kletzander
2017-Mar-20 07:37 UTC
Re: [libvirt-users] building virtual desktops with libvirt, KVM, SPICE and GNOME
On Wed, Mar 15, 2017 at 10:26:20AM +0000, Daniel Pocock wrote:> >Can anybody comment on how to host virtual desktops on a headless server >using libvirt and KVM on the server and a SPICE client to access the >virtual desktop? Is there a standard way of doing this? > >I've seen many fragments of information about how to do this but I >didn't come across a single guide describing the entire solution. >Search engines also return a lot of information about gaining remote >access to a real physical desktop but that is not what I'm looking for. >I've also come across many real-world scenarios where people are >manually starting VNC server processes for each user on different ports >but I was hoping to find out if there is a more standard way of doing >this now. > >When I say "virtual desktop", the type of user experience I'm thinking >about is that named users can run a SPICE client anywhere and always >connect to the same host/desktop. E.g. if they leave some windows open, >disconnect, go to another physical machine and reconnect with the same >username they will see the same desktop with the same windows open. >How is it different to just having VM per user on that host and having people connect to their VMs (using TLS and passwords, for example, just to make sure). Each VM will have its own spice (or VNC) server and users can connect to them either directly (if there is access and open ports etc.) or through libvirt (if they are not). If latter is the case, you can use ACLs to restrict particular users to connect only to their machines.>Regards, > >Daniel > > >_______________________________________________ >libvirt-users mailing list >libvirt-users@redhat.com >https://www.redhat.com/mailman/listinfo/libvirt-users
Daniel Pocock
2017-May-02 12:58 UTC
Re: [libvirt-users] building virtual desktops with libvirt, KVM, SPICE and GNOME
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 20/03/17 08:37, Martin Kletzander wrote:> On Wed, Mar 15, 2017 at 10:26:20AM +0000, Daniel Pocock wrote: >> >> Can anybody comment on how to host virtual desktops on a headless >> server using libvirt and KVM on the server and a SPICE client to >> access the virtual desktop? Is there a standard way of doing >> this? >> >> I've seen many fragments of information about how to do this but >> I didn't come across a single guide describing the entire >> solution. Search engines also return a lot of information about >> gaining remote access to a real physical desktop but that is not >> what I'm looking for. I've also come across many real-world >> scenarios where people are manually starting VNC server processes >> for each user on different ports but I was hoping to find out if >> there is a more standard way of doing this now. >> >> When I say "virtual desktop", the type of user experience I'm >> thinking about is that named users can run a SPICE client >> anywhere and always connect to the same host/desktop. E.g. if >> they leave some windows open, disconnect, go to another physical >> machine and reconnect with the same username they will see the >> same desktop with the same windows open. >> > > How is it different to just having VM per user on that host and > having people connect to their VMs (using TLS and passwords, for > example, just to make sure). Each VM will have its own spice (or > VNC) server and users can connect to them either directly (if there > is access and open ports etc.) or through libvirt (if they are > not). If latter is the case, you can use ACLs to restrict > particular users to connect only to their machines. >That would be one solution - is there any standard solution to manage the ACLs and to route each user's connection to the right machine without asking each user to remember their machine name? Is there a way to do this where multiple users are concurrently logged in to the same virtual server, similar to different XDMCP sessions started on the same server for different X users? Regards, Daniel -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJZCIJkAAoJEGxlgOd711bE6gUQALGT7dxFUWtYmKuf3/5eBLAG CTwsTTEN69a8DNp8QNN/q1HtXRjmSCvltcCYfVYOtDlAPSvW/oHoQ2jsoa9k4CY2 YwUN10ChUILicb6braRycFwC2Ff+iA3eME3ncRjwuN9huqszyilLlqU3uAg2+xD2 yfOazAW8pta/cg6Fom41D0IC9I5HXBJLn4AOO0Sbj1eOrSGpIdZYabtKRkMSafJO /0fuOFvYpWQ4+oMqQEICRthu+xF6fbey25hnD3TUJgCW2zM5s4a2oPZdjiFvGtw6 c5uzDcX5Uc0UlcGIKzoT2FvvgTyKkGOae9MXaZSzFXHCTPua3JZYeGcWFAYjTvqQ 934e2/WEnsEFcMaQmySeIHw/ZDxC/CMJzGzyIOr+rEuExezsJMyeXHwk+z6TGoXN CryrApnZB+0Qye6NqdCL+7o/q0W/gxQaGUSlwp4Fjmt62ecgNPlMfq4qndASOpq3 GlSFGuVvz9yFLKkejbAgcT1+cJ3pnI2wdozUmi+nOj9ygdvVdqw0+OMQj0qmQwL1 zjRpCJnz/Algv9w8LRfo9FamUxafo2EFq3HgmMqZf28cc91H+0ekfumOuR4jK0cu FfZCDvKm5XWs45KYknzsBsCQVMP3DyOj3J7hAElkgrGwIE8tdwrlfaS/m/U3MNtB C3XU90VUrSsb+o0Nor+H =b7NO -----END PGP SIGNATURE-----