Changes

m
Text replacement - "<htmlet>xen<htmlet>" to "<htmlet>xen</htmlet>"
<table border="0" cellspacing="0" width="100%">
<tr>
<td width="20%">[[Creating and Booting a Xen Guest domainU using an NFS Mounted Root Filesystem|Previous]]<td align="center">[[Xen Virtualization Essentials|Table of Contents]]<td width="20%" align="right">[[Running and Connecting to VNC Servers on a Xen Guest (domainU) System|Next]]</td>
<tr>
<td width="20%">Creating and Booting a Xen Guest domainU using an NFS Mounted Root Filesystem<td align="center"><td width="20%" align="right">Running and Connecting to VNC Servers on a Xen Guest (domainU) System</td>
</table>
<hr>
 
 
<htmlet>xen</htmlet>
 
 
So far in [[Xen Virtualization Essentials]] we have focused on running Xen domainU systems using just the text based console to interact with the system. It is not uncommon, however, to need to view and interact with a graphical desktop environment running on the guest operating system. This can be achieved using one of two technologies known as SDL and VNC. Probably the most flexible option is that provided by VNC.
In terms of displaying graphical desktop environments for a Xen guest, VNC offers two approaches. The first approach (covered in this chapter) involves suing using VNC capabilities that are build built into the Xen guest domain (domain0) to view and interact with the virtual frame buffer (vfb) of the domainU system. A second option is to run one or more VNC servers directly on the domainU system and connect directly to those servers. This approach will be covered in the next chapter ([[Running and Connecting to VNC Servers on a Xen Guest (domainU) System]]).
== What is VNC? ==
VNC is an acronym for Virtual Network Computing and essentially provides a way to provide remote access to graphical desktop environments. The system consists of one or more VNC servers running on a remote system and VNC viewers running on a local system. The VNC server runs the graphical desktop on the remote system and transmits the appearance of the desktop to the VNC viewer. The VNC viewer in turn transmits user interactions with the desktop to the VNC server where they are relayed to the desktop environment. VNC uses compression algorithms to speed the display process and is supported on a wide range of platforms. This makes it possible, for example, to display a Linux desktop environment on a remote Windows system and vice a versa.
The VNC server and viewer components can communicate over any network connection including the internetallowing desktops to be accessed from anywhere in the world where an internet connection is available.
== VNC Security ==
</pre>
When the gust guest system boots up it will be accessible to the VNC viewer on port 5910 and access will be granted if ''s3cr3t'' is entered at the password prompt.
With the appropriate change made to the configuration file boot the system as usual, being sure to use the -c command-line option so that the text console is also available during the boot process.
This section assumes that the desktop environment of the Xen domainU system is not being accessed over an insecure and unencrypted network (such as the internet). This approach is only safe for accessing the domainU desktop either from the Xen host or from a system on the same trusted network. For details on secure remote desktop access refer to the appropriate sections later in this chapter.
If no ''vncdisplay'' port number was specified on the ''vfb = '' configuration directive and no other Xen guests or VNC sessions are running, then the desktop is likely to be accessible on port 5901. Therefore, to access this display run the following command:
<pre>
</pre>
where ''<IP Address of Xen Host>'' is the IP address or host name of the ''Xen host'' system on which the guest domainU system is running and not the IP address of the domainU guest. The reason for this is that we are accessing the desktop via VNC services provided by domain0 on the host and not by VNC servers running on the guest. For details on running and accessing VNC servers on a domainU guest read the chapter entitled [[Running and Connecting to VNC Servers on a Xen Guest (domainU) System]]. If vncviewer is being run on the Xen host then ''localhost'' will suffice. If vncviewer is running on a remote client then it is strongly recommended that the connection be established through a secure SSH tunnel as described later in this chapter.
If a port number was specified using the ''vncdisplay='' directive then this port needs to be specified. For example, the following command assumes that vncdisplay 10 was specified in the configuration file and consequently connects to port 5910 on the local system:
[[Image:vncpasswd.jpg|The vncviewer tool asks for a password if one was specified in the Xen domainU configuration file.]]
Assuming that vncviewer is able to connect to the server the graphical console will appear. Note that at this point no desktop is running so all that will be displayed is output from the boot process of the domainU guest. the follwoing The following figure show shows a typical graphical console before a desktop environment has been launched:
[[Image:xen_vnc_no_desktop.jpg|A vncviewer session before a desktop has been launched on the Xen domainU guest]]
At this point there should be both a Xen text console and the VNC viewer session running and visible. The next step is to start a desktop environment.
== Starting a Graphical Desktop on the Xen domainU Guest ==
 
At this point we have successfully configured a Xen domainU guest system to provide a VNC graphical console access via domain0 on the host system. The domainU guest has booted and we have successfully connected to the to the VNC session using ''vncviewer''. The next step is to start a desktop environment running on the domainU system such that it appears in our ''vncviewer'' window.
 
At this point both the Xen text console and the vncviewer window should be visible. If the Xen text console is no longer attached to the domainU guest attach it as follows:
 
<pre>
xm console guestname
</pre>
 
where ''guestname'' is the name of the domainU guest system. Log in to the domainU guest at the Xen console as a suitable user. Once logged in, the default desktop environment for the domainU guest system can be launched using the ''startx'' command:
 
<pre>
startx
</pre>
 
After a short delay and a number of diagnostic messages in the Xen text console, the graphical desktop environment will appear in the ''vncviewer'' window. The following figure shows a Red Hat Enterprise Linux GNOME desktop running inside the vncviewer window:
 
[[Image:gnome_desktop_xen_domainU.jpg|GNOME desktop running on a Xen domainU displayed in vncviewer]]
 
== Establishing a Secure Remote Desktop Session ==
 
The remote Xen desktop configurations we have explored so far in this chapter are considered to be insecure because no encryption is used. This is acceptable when the remote connection does not extend outside of an internal network protected by a firewall or when the connection is taking place on the Xen host system. When a remote session is required over an internet connection a more secure option is needed. This is achieved by tunneling the remote desktop through a secure shell (SSH) connection.
 
Before a secure connection is established the SSH server must be installed in the desktop to which the connection is to be established and the firewall configured to allow SSH access. This is the default for many Linux distributions but may not be the case for your distribution. If in doubt refer to the documentation for your chosen distribution to find out how to install and enable SSH access.
 
Once the SSH server is installed and active it is time to move to the other system. At the other system, log in to the remote system using the following command, which will establish the secure tunnel between the two systems. The following example assumes that ''vncdisplay'' number 10 (which maps to port 5910) was specified in the domainU configuration file. Modify this value to suit your environment:
 
<pre>
ssh -l username -L 5910:localhost:5910 hostname
</pre>
 
In the above example, ''hostname'' is either the hostname or IP address of the remote system and ''username'' is the account you wish to use to log in. Enter the password associated with the specified account when prompted. The secure connection is now established and it is time to launch vncviewer so that it uses the secure tunnel. Leaving the ssh session running in the other terminal window, launch another terminal and enter the following command:
 
<pre>
vncviewer localhost::5910
</pre>
 
As before, the vncviewer session will prompt for a password if one was specified in the domainU configuration file, and then launch the VNC viewer providing secure remote access to your Xen domainU guest desktop environment.
 
If you are connecting to the remote desktop from outside the firewall using Network Address Translation (NAT) keep in mind that the IP address for the ssh connection will be the external IP address provided by your ISP, not the internal LAN IP address of the remote system (since this IP address is not visible to those outside the firewall). You will also need to configure your firewall to forward port 22 (for the ssh connection) to the IP address of the system running the desktop. It is not necessary to forward port 5910. Steps to perform port forwarding differ between firewalls, so refer to the documentation for your firewall, router or wireless base station for details specific to your configuration.
 
 
<htmlet>xen</htmlet>
 
 
<hr>
<table border="0" cellspacing="0" width="100%">
<tr>
<td width="20%">[[Creating and Booting a Xen Guest domainU using an NFS Mounted Root Filesystem|Previous]]<td align="center">[[Xen Virtualization Essentials|Table of Contents]]<td width="20%" align="right">[[Running and Connecting to VNC Servers on a Xen Guest (domainU) System|Next]]</td>
<tr>
<td width="20%">Creating and Booting a Xen Guest domainU using an NFS Mounted Root Filesystem<td align="center"><td width="20%" align="right">Running and Connecting to VNC Servers on a Xen Guest (domainU) System</td>
</table>