Controlling virtual machines with VNC and Spice

Well Seasoned

Port Forwarding

A far superior solution is to leave the default VNC configuration. But, to be able to use VNC to access the virtual machine from an external machine, you need to use SSH port forwarding. This approach removes the need to modify the firewall on the host computer. The only prerequisite is that an SSH server must be running on the KVM host. This is the default for Virtual Machine Manager if you are controlling virtual machines running on a different host.

On Fedora (but strangely not on RHEL), SSH port forwarding is blocked by an SELinux rule. If you use Fedora as your KVM host and want to use SSH and VNC to control your virtual machines on some other machine, you need to explicitly allow port forwarding on the KVM host. To do so, you can run this command:

root# setsebool -P sshd_forward_ports 1

A third variant is to encrypt VNC communication with TSL via the /etc/libvirt/qemu.conf configuration file. This assumes a TSL-compatible VNC viewer. Tips for configuring this correctly are available online [1].

Spice

The Simple Protocol for Independent Computing Environments (Spice, for short) is a new protocol for controlling virtual machines efficiently over a network. Spice supports image compression, video streaming, audio transmission, OpenSSL encryption, and much more. Communication between the host and guest systems relies on Virtual Device Interfaces (VDIs). Using Spice means access to nearly unlimited graphics resolutions on the virtual machine.

Spice with Sound

Compared with VNC, Spice is not just more efficient, it also offers the benefit of audio support. If you want to listen to the audio output from a virtual machine, Spice is currently your only option. Although VNC basically supports audio transmission, the VNC clients available on Linux are not capable of doing this.

Spice was originally developed by Qumranet, like KVM. After Red Hat acquired Qumranet in 2008, it released Spice as an open source project at the end of 2009. The Spice project is basically independent of KVM but is currently only used in combination with KVM or QEMU. From a technology point of view, Spice is similar to the Virtio drivers: Spice requires you to use paravirtualized drivers on the virtual machines.

Buy ADMIN Magazine

SINGLE ISSUES
 
SUBSCRIPTIONS
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • Secure Your KVM Virtual Machines
    A common misconception posits that software cannot cause mischief if you lock the system away in a virtual machine, because even if an intruder compromises the web server on the virtual machine, it will only damage the guest. If you believe this, you are in for a heap of hurt.
  • Open Source VDI solution with RHEV and oVirt
    Red Hat introduces a management system for KVM-based virtualization based on Red Hat Enterprise Virtualization and open source project oVirt. Now, solutions for desktop virtualization can be implemented without using proprietary software.
  • Virsh Libvert Tool

    With the command-line tool virsh, a part of the libvirt library, you can query virtual machines to discover their state of health, launch or shut down virtual machines, and perform other tasks – all of which can be conveniently scripted.

  • Virtualization with KVM
    KVM continues to gain popularity in the world of Linux – so much so, that it has become Red Hat and Ubuntu's preferred virtualization solution. In contrast to Xen, setting up KVM involves just a couple of steps, and the guest operating systems can run without special patches.
  • Building Virtual Images with BoxGrinder and VMBuilder

    Creating a virtual machine manually is straightforward but too time consuming if you regularly need to set up many virtual machines. The BoxGrinder and VMBuilder programs let you automate this process.

comments powered by Disqus