[Spice-devel] Protocol extensions

thkerle at bluewin.ch thkerle at bluewin.ch
Mon Jun 6 18:18:09 UTC 2016 

Hi David,

It's a long time ago you replied to my question. Indeed I had not so much time to spend on it. Finally it works now. First of all, since I'm using not a too expensive server, I can only setup 3-4 VM on one server.
Therefore I just opened the port 5904, 5905 (secure), 5906, 5907 (secure) and so on for one server. 
The forwarding I will do by the host file (since my network is small until now). 

The problems I had were the following:
- Kubuntu 15.10 and 16.04 is not running headless (you must attach a display)

Solution:
- I choose Xubuntu 16.04, Openssh and vnc4server (here only in the home directory of the user the adjustment ist needed to start up xfce window manager)

- Spice Viewer was slow at the beginning

Solution:
- You need really an internet connection with speed up to 4-6 MBit's, else I'm not able to work fluently on the guest.

- I choose Windows 8 at the beginning for the guest.

Solution:
- Was really a bad choice. The computer hangs up for almost a day until you could install it. I then choose Windows 10 and this runs very good.

Now I can admin my virtual machines by a VNC viewer (password protected) through an ssh tunnel (the port is different than from exterior to achieve more security)

And that you can see how it works, I attached on this mail a screenshot with three different guests (one Kubuntu and two Windows 10 guests).

- Problems still existing:

The remote viewer for a Kubuntu 16.05 instance is not so fast as like for Windows 10. A bigger bandwidth is needed. Perhaps there are some adjustments needed...

Many thanks again for your reply

Thomas


 



----UrsprĂĽngliche Nachricht----
Von : djasa at redhat.com
Datum : 19/04/2016 - 09:51 (UTC)
An : thkerle at bluewin.ch
Cc : spice-devel at lists.freedesktop.org
Betreff : Re: [Spice-devel] Protocol extensions

Hi Thomas,

Spice supports proxying over HTTP CONNECT method to achieve connecting
to spice servers in DMZs or with private addresses from general
internet. The spice client has to know the internal name/IP of the host
system so you can use .vv file to abstract users from these details.
Connection to oVirt VMs work this way. The scheme is then

"Dispatcher"
   |
   | .vv file
   |
   v                  internet     private network
client (remote-viewer) -----> proxy ------------> host1
                                                  host2

If you use single host, you can also use SSH tunnelling by libvirt
(pointing virt-viewer or virt-manager to qemu+ssh:// URI).

HTH,

David

On So, 2016-04-16 at 23:09 +0000, thkerle at bluewin.ch wrote:
> Hi all,
> 
> I have studied the protocol that a spice client sends to a spice
> server.
> 
> If I have a socket listening on a specific port (in spice for example
> the port 5900). I get on the socket listener a RED_LINK message. From
> this message I cannot
> get additional parameters like for example
> spice://myhost.com:5900/hosteddomain/jack where
> - myhost.com is the public IP to connect
> - hosteddomain is for example a identifier for a subscriber of a VM
> (Vitual Machine) cluster
> - jack is the end user or some abstract path for a location in the
> internal net 
> 
> The usage is simple. For example I assume to host seven VM all running
> some Linux distribution for a university or a company.
> 
> Internally I like to make some redirection of the spice request.
> - say it's a server at myhost.com listening to port 5900.
> - It parses the connection string and looks up in a IP table of the
> internal network where the VM's are located for the hosteddomain. With
> the additional identifier jack I know
> to which VM cluster I have to connect. On each host for VM's are for
> example 4 VM's. 
> 
> spice client  --- spice dispatcher  --- (hosteddomain1:192.168.1.20)
> 
> 
> jack --->         192.168.1.30            ---> spice-server (using
> port 9500)    -->connection to VM001
> 
> anna -->         192.168.1.30            ---> spice-server (using port
> 9502)                     
> 
>                                                      ---
> (hosteddomain2:192.168.2.40)                               
> 
>  fred -->         192.168.2.59            ---> spice-server (using
> port 9500)
>                  
> 
>  Such a spice dispatcher is relativ easely to program for an
> administrator.
>      
> 
> The protocol on the website is in the draft release.
> 
> My questions:
> - Is there a way to already achieve this?
> - Or are there planned steps forwarding in this direction?
> 
> Best regards
> 
> Thomas
> 
> 
> 
> 
> 
> 
> _______________________________________________
> Spice-devel mailing list
> Spice-devel at lists.freedesktop.org
> https://lists.freedesktop.org/mailman/listinfo/spice-devel



-------------- next part --------------
A non-text attachment was scrubbed...
Name: Virtualisierte Arbeitsflächen.PNG
Type: image/png
Size: 2265429 bytes
Desc: not available
URL: <https://lists.freedesktop.org/archives/spice-devel/attachments/20160606/c9c4ca15/attachment-0001.png>

More information about the Spice-devel mailing list