Difference between revisions of "Configuring a VNC based Graphical Console for a Xen Paravirtualized domainU Guest"

From Virtuatopia
Jump to: navigation, search
(Connecting to the Guest Desktop using VNC Viewer)
Line 11: Line 11:
 
== VNC Security ==
 
== VNC Security ==
  
Before proceeding it is important to note that VNC itself does not include any security measures. If a default VNC session is used over the internet, therefore, the session is subject to eavesdropping. It is, however, possible to use secure tunneling to protect VNC sessions. Both the secure and insecure methods of using VNC will be covered in this chapter.
+
Before proceeding it is important to note that VNC itself does not include any security measures. If a default VNC session is used over the internet, therefore, the session is susceptible to eavesdropping. It is, however, possible to use secure tunneling techniques to protect VNC sessions. Both the secure and insecure methods of using VNC will be covered in this chapter.
  
 
== Configuring a Xen domainU for VNC Access ==
 
== Configuring a Xen domainU for VNC Access ==
Line 43: Line 43:
 
</pre>
 
</pre>
  
where ''<IP Address of Xen Host>'' is the IP address or host name of the Xen host system on which the guest domainU system is running. if vncviewer is being run on teh Xen host then ''localhost'' will suffice.  
+
where ''<IP Address of Xen Host>'' is the IP address or host name of the ''Xen host'' system on which the guest domainU system is running and not the IP address of the domainU guest. The reason for this is that we are accessing the desktop via VNC services provided by domain0 on the host and not by VNC servers running on the guest. For details on running and accessing VNC servers on a domainU guest read the chapter entitled [[Running and Connecting to VNC Servers on a Xen Guest (domainU) System]]. If vncviewer is being run on the Xen host then ''localhost'' will suffice.  
  
 
If a port number was specified using the ''vncdisplay='' directive then this port needs to be specified. For example, the following command assumes that vncdisplay 10 was specified in the configuration file and consequently connects to port 5910 on the local system:
 
If a port number was specified using the ''vncdisplay='' directive then this port needs to be specified. For example, the following command assumes that vncdisplay 10 was specified in the configuration file and consequently connects to port 5910 on the local system:
Line 51: Line 51:
 
</pre>
 
</pre>
  
If a password was specified in the Xen domainU configuration file vncviewer will prompt for this before the graphical console is displayed:
+
If a password was specified in the Xen domainU configuration file then vncviewer will prompt for this before the graphical console is displayed:
  
[[Image:vncpasswd.jpg|vncviewer asks for a password is one was specified in the Xen domainU configuration file.]]
+
[[Image:vncpasswd.jpg|The vncviewer tool asks for a password if one was specified in the Xen domainU configuration file.]]
 +
 
 +
Assuming that vncviewer is able to connect to the server the graphical console will appear. Note that at this point no desktop is running so all that will be displayed is output from the boot process of the domainU guest. the follwoing figure show a typical graphical console before a desktop environment has been launched:
 +
 
 +
[[Image:xen_vnc_no_desktop.jpg|A vncviewer session before a desktop has been launched on the Xen domainU guest]]
 +
 
 +
At this point there should be both a Xen text console and the VNC viewer session running and visible. The next step is to start a desktop environment.
 +
 
 +
== Starting a Graphical Desktop on the Xen domainU Guest ==

Revision as of 20:51, 28 April 2008

So far in Xen Virtualization Essentials we have focused on running Xen domainU systems using just the text based console to interact with the system. It is not uncommon, however, to need to view and interact with a graphical desktop environment running on the guest operating system. This can be achieved using one of two technologies known as SDL and VNC. Probably the most flexible option is that provided by VNC.

In terms of displaying graphical desktop environments for a Xen guest, VNC offers two approaches. The first approach (covered in this chapter) involves suing VNC capabilities that are build into the Xen guest domain (domain0) to view and interact with the virtual frame buffer (vfb) of the domainU system. A second option is to run one or more VNC servers directly on the domainU system and connect directly to those servers. This approach will be covered in the next chapter (Running and Connecting to VNC Servers on a Xen Guest (domainU) System).




What is VNC?

VNC is an acronym for Virtual Network Computing and essentially provides a way to provide remote access to graphical desktop environments. The system consists of one or more VNC servers running on a remote system and VNC viewers running on a local system. The VNC server runs the graphical desktop on the remote system and transmits the appearance of the desktop to the VNC viewer. The VNC viewer in turn transmits user interactions with the desktop to the VNC server where they are relayed to the desktop environment. VNC uses compression algorithms to speed the display process and is supported on a wide range of platforms. This makes it possible, for example, to display a Linux desktop environment on a Windows system and vice a versa.

The VNC server and viewer components can communicate over any network connection including the internet.


VNC Security

Before proceeding it is important to note that VNC itself does not include any security measures. If a default VNC session is used over the internet, therefore, the session is susceptible to eavesdropping. It is, however, possible to use secure tunneling techniques to protect VNC sessions. Both the secure and insecure methods of using VNC will be covered in this chapter.

Configuring a Xen domainU for VNC Access

In this chapter it is assumed that you have a Xen domainU system configured and are able to boot this system using the Xen text based console. If this is not the case return the Table of Contents and pick a method from those listed to configure and install a Xen domainU system.

Assuming you have a working text based Xen guest system, VNC access can be enabled by adding a single line to the Xen domainU configuration file:

vfb = [ 'type=vnc' ]

This is the most basic of configuration options and will set up VNC access to the next available VNC port (starting at port number 5901) with no password access. To specify a specific port number and password add vncdisplay and vncpassd directives to the vfb line:

vfb = [ 'type=vnc,vncdisplay=10,vncpasswd=s3cr3t' ]

When the gust system boots up it will be accessible to the VNC viewer on port 5910 and access will be granted if s3cr3t is entered at the password prompt.

With the appropriate change made to the configuration file boot the system as usual, being sure to use the -c command-line option so that the text console is also available during the boot process.

Connecting to the Guest Desktop using VNC Viewer

This section assumes that the desktop environment of the Xen domainU system is not being accessed over an insecure and unencrypted network (such as the internet). This approach is only safe for accessing the domainU desktop either from the Xen host or from a system on the same trusted network. For details on secure remote desktop access refer to the appropriate sections later in this chapter.

If no vncdisplay port number was specified on the vfb = configuration directive then the desktop is likely to be accessible on port 5901. Therefore, to access this display run the following command:

vncviewer <IP Address of Xen Host>:5901

where <IP Address of Xen Host> is the IP address or host name of the Xen host system on which the guest domainU system is running and not the IP address of the domainU guest. The reason for this is that we are accessing the desktop via VNC services provided by domain0 on the host and not by VNC servers running on the guest. For details on running and accessing VNC servers on a domainU guest read the chapter entitled Running and Connecting to VNC Servers on a Xen Guest (domainU) System. If vncviewer is being run on the Xen host then localhost will suffice.

If a port number was specified using the vncdisplay= directive then this port needs to be specified. For example, the following command assumes that vncdisplay 10 was specified in the configuration file and consequently connects to port 5910 on the local system:

vncviewer localhost:5910

If a password was specified in the Xen domainU configuration file then vncviewer will prompt for this before the graphical console is displayed:

The vncviewer tool asks for a password if one was specified in the Xen domainU configuration file.

Assuming that vncviewer is able to connect to the server the graphical console will appear. Note that at this point no desktop is running so all that will be displayed is output from the boot process of the domainU guest. the follwoing figure show a typical graphical console before a desktop environment has been launched:

A vncviewer session before a desktop has been launched on the Xen domainU guest

At this point there should be both a Xen text console and the VNC viewer session running and visible. The next step is to start a desktop environment.

Starting a Graphical Desktop on the Xen domainU Guest