© Oleg Doroshin, 123RF.com

© Oleg Doroshin, 123RF.com

Controlling virtual machines with VNC and Spice

Well Seasoned

Article from ADMIN 13/2013
By
Administrators on Linux virtual machines tend to use VNC to transfer the graphical system to Virtual Machine Manager or a VNC client. One alternative is Spice: If the guest system is running the QXL driver, you can look forward to fast graphics and audio pass through.

For graphical output to work on KVM-based virtual machines, several pieces of a puzzle need to fit. For one thing, KVM needs to provide a graphics adapter to the underlying QEMU system on the virtual machine. By default, a (legacy) Cirrus graphics card is emulated. If you need a resolution above 1024x768 pixels, other virtual graphics cards are available; however, on Linux guests, this setup often means a manual X configuration.

Additionally, you must consider which protocol you should use to transfer the graphical data from the virtual machine to the client. VNC is the standard choice for a remote desktop protocol; it is widespread beyond the world of Linux and causes the least problems in production use. One alternative to VNC, however, is the new Spice protocol, which promises superior speed and a number of additional features.

The Virtual Graphics Adapter

For the virtual machine to see a graphics system, QEMU emulates a graphics card. In combination with KVM, you have a choice of four models:

  • cirrus: This graphics card is correctly detected by just about any guest system and offers acceptable speed with no configuration overhead. However, the maximum resolution is 1024x768 pixels.
  • vga: The benefit of this virtual graphics card is that it supports far higher resolutions (tested up to 2560x1600 pixels). The graphics card is correctly detected on Windows, but some manual configuration work is necessary on Linux. You need to set up the Vesa driver explicitly in xorg.conf (Listing 1).

Listing 1

Vesa Configuration

01 Section "Device"
02   Identifier "device0"
03   Driver     "vesa"
04 EndSection
  • vmvga: This graphics card has been used for many years by various VMware products. The matching open source graphics drivers are available out of the box with some Linux distributions. If this is the case with your distribution, the VMware graphics card is a good choice. It supports high resolutions on the virtual machine without any major configuration overhead.
  • qxl: This graphics card can only be used in combination with Spice.

In the Virtual Machine Manager, you can set the desired graphics adapter in the virtual machine's detailed view Video section. The xen graphics adapter cannot be used with KVM. (The Virtual Machine Manager is only suitable for managing virtual Xen machines that support this graphics adapter.) The qxl graphics adapter is available only if you select the Spice protocol in the Display tab.

VNC Desktop

VNC stands for Virtual Network Computing and gives users the ability to display the screen content of another machine, including virtual machines, in a window (the VNC Viewer or VNC Client). At the same time, VNC passes local keyboard and mouse input through to the virtual machine.

To be able to use VNC to control a virtual machine, qemu-kvm runs a VNC server, thus making the content of the virtual graphics adapter available on the network. The VNC server can only be addressed on 127.0.0.1 by default for security reasons. The Virtual Machine Manager takes the settings of the Libvirt configuration file into consideration; you can also set a VNC password here. However, VNC is a relatively insecure protocol, and using a VNC password will not do much to change this.

# File /etc/libvirt/qemu.conf
...
vnc_listen = "127.0.0.1"
vnc_password = "topSecret"

To control the virtual machine, you need to run a VNC client on the local machine. You will typically want to use the console window of the Virtual Machine Manager for this. Alternatively, you could use the vncviewer, vinagre, or virt-viewer programs.

By default, the first virtual machine to launch uses port 5900, the second port 5901, and so on. If you do not work with Virtual Machine Manager, you can determined the display number with the vncdisplay Virsh command. To find the right port number, just add 5900:

root# virsh list
 Id Name Status
 ----------------------------------
 7 centos running
 8 fedora running
root# virsh vncdisplay 8
 :1

The VNC client integrated into Virtual Machine Manager, or virt-viewer, transfers keyboard input in the form of RAW code. If the host and guest system use the same keyboard layout, you will not experience any mapping problems.

Other VNC clients always transfer keyboard input to reflect the US layout. If this is a problem for you, you need to go to the Virtual Machine Manager's detailed view (Display tab) and select the keyboard layout that you need. It is stored in the XML file on the virtual machine:

# in /etc/libvirt/qemu/vmname.xml
...
<graphics type='vnc' port='-1' autoport='yes' keymap='de'/>

using the keymap attribute as shown.

VNC on the Network

By default, the VNC server in qemu-kvm is only accessible on the KVM host. To control a virtual machine on a different machine, you have various options. One variant is to bind the VNC server to the 0.0.0.0 address (vnc_listen=0.0.0.0 in /etc/libvirt/qemu.conf). You should only use this simple solution in a secure lab environment. On Fedora and RHEL, the firewall, which is enabled by default, will also prevent any external VNC connections.

Buy ADMIN Magazine

SINGLE ISSUES
 
SUBSCRIPTIONS
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • Secure Your KVM Virtual Machines
    A common misconception posits that software cannot cause mischief if you lock the system away in a virtual machine, because even if an intruder compromises the web server on the virtual machine, it will only damage the guest. If you believe this, you are in for a heap of hurt.
  • Open Source VDI solution with RHEV and oVirt
    Red Hat introduces a management system for KVM-based virtualization based on Red Hat Enterprise Virtualization and open source project oVirt. Now, solutions for desktop virtualization can be implemented without using proprietary software.
  • Virsh Libvert Tool

    With the command-line tool virsh, a part of the libvirt library, you can query virtual machines to discover their state of health, launch or shut down virtual machines, and perform other tasks – all of which can be conveniently scripted.

  • Virtualization with KVM
    KVM continues to gain popularity in the world of Linux – so much so, that it has become Red Hat and Ubuntu's preferred virtualization solution. In contrast to Xen, setting up KVM involves just a couple of steps, and the guest operating systems can run without special patches.
  • Building Virtual Images with BoxGrinder and VMBuilder

    Creating a virtual machine manually is straightforward but too time consuming if you regularly need to set up many virtual machines. The BoxGrinder and VMBuilder programs let you automate this process.

comments powered by Disqus