| 1 |
"J. Roeleveld" <joost@××××××××.org> writes: |
| 2 |
|
| 3 |
> On Tuesday, January 19, 2016 01:46:45 AM lee wrote: |
| 4 |
>> "J. Roeleveld" <joost@××××××××.org> writes: |
| 5 |
>> > On Monday, January 18, 2016 02:02:27 AM lee wrote: |
| 6 |
>> >> "J. Roeleveld" <joost@××××××××.org> writes: |
| 7 |
>> >> > On 17 January 2016 18:35:20 CET, Mick <michaelkintzios@×××××.com> |
| 8 |
>> >> > wrote: |
| 9 |
>> >> > |
| 10 |
>> >> > [...] |
| 11 |
>> >> > |
| 12 |
>> >> >>I use the icaclient provided by Citrix to access my virtual desktop at |
| 13 |
>> >> >>work, |
| 14 |
>> >> >>but have never tried to set up something similar at home. What |
| 15 |
>> >> >>opensource |
| 16 |
>> >> >>software would I need for this? Is there a wiki somewhere to follow? |
| 17 |
>> >> >> |
| 18 |
>> >> > I'd love to do this myself as well. |
| 19 |
>> >> > |
| 20 |
>> >> > Citrix sells the full package as 'XenDesktop'. To do it yourself you |
| 21 |
>> >> > need |
| 22 |
>> >> > a VMserver (Xen or similar) and a remote desktop tool that hooks into |
| 23 |
>> >> > the |
| 24 |
>> >> > VM display. (Spice or VNC) |
| 25 |
>> >> > |
| 26 |
>> >> > Then you need some way of authenticating users and providing access to |
| 27 |
>> >> > the |
| 28 |
>> >> > client software. [...] |
| 29 |
>> >> |
| 30 |
>> >> You would have a full VM for each user? |
| 31 |
>> > |
| 32 |
>> > Yes |
| 33 |
>> > |
| 34 |
>> >> That would be a huge waste of resources, |
| 35 |
>> > |
| 36 |
>> > Diskspace and CPU can easily be overcommitted. |
| 37 |
>> |
| 38 |
>> Overcommitting disk space sounds like a very bad idea. Overcommitting |
| 39 |
>> memory is not possible with xen. |
| 40 |
> |
| 41 |
> Overcommitting diskspace isn't such a bad idea, considering most installs |
| 42 |
> never utilize all the available diskspace. |
| 43 |
|
| 44 |
When they do not use it anyway, there is no reason to give it to them in |
| 45 |
the first place. And when they do use it, how do the VMs handle the |
| 46 |
problem that they have plenty disk space available, from their point of |
| 47 |
view, while the host which they don't know about doesn't allow them to |
| 48 |
use it? |
| 49 |
|
| 50 |
Besides, overcommitting disk space means to intentionally create a setup |
| 51 |
which involves that the host can run out of disk space easily. That is |
| 52 |
not something I would want to create for a host which is required to |
| 53 |
function reliably. |
| 54 |
|
| 55 |
And how much do you need to worry about the security of the VMs when you |
| 56 |
build in a way for the users to bring the whole machine, or at least |
| 57 |
random VMs, down by using the disk space which has been assigned to |
| 58 |
them? The users are somewhat likely to do that even unintentionally, |
| 59 |
the more the more you overcommit. |
| 60 |
|
| 61 |
> Overcommitting memory is, i think, on the roadmap for Xen. (Disclaimer: At |
| 62 |
> least, I seem to remember reading that somewhere) |
| 63 |
|
| 64 |
That would be a nice feature. |
| 65 |
|
| 66 |
>> >> plus having to take care of a lot of VMs, |
| 67 |
>> > |
| 68 |
>> > Automated. |
| 69 |
>> |
| 70 |
>> Like how? |
| 71 |
> |
| 72 |
> How do you manage a large amount of physical machines? |
| 73 |
> Just change physical to VMs and do it the same. |
| 74 |
> With VMs you have more options for automation. |
| 75 |
|
| 76 |
Individually, in lack of a better way. Per user when it comes to |
| 77 |
setting up their MUAs and the like, in lack of any better way. It |
| 78 |
doesn't make a difference if it's a VM or not, provided that you have |
| 79 |
remote access to the machine. |
| 80 |
|
| 81 |
When you one VM for many users, you install the MUA only once, and when |
| 82 |
you need to do updates, you do them only once. When you have many VMs, |
| 83 |
like one for each user, you have to install and update many times, once |
| 84 |
on each VM. |
| 85 |
|
| 86 |
>> >> plus having to buy a lot of Windoze licenses |
| 87 |
>> > |
| 88 |
>> > Volume licensing takes care of that. |
| 89 |
>> |
| 90 |
>> expensive |
| 91 |
> |
| 92 |
> Depends on the requirements. It's cheaper then a few hundred seperate windows |
| 93 |
> licenses. |
| 94 |
|
| 95 |
It's still more expensive than one, or than a handful, isn't it? |
| 96 |
|
| 97 |
>> >> and taking about a week to install the updates |
| 98 |
>> >> after installing a VM. |
| 99 |
>> > |
| 100 |
>> > Never heard of VM templates? |
| 101 |
>> |
| 102 |
>> It still takes a week to put the updates onto the template. |
| 103 |
> |
| 104 |
> Last time I had to fully reinstall a windows machine it took me a day to do |
| 105 |
> all the updates. Microsoft even has server software that will keep them |
| 106 |
> locally and push them to the clients. |
| 107 |
|
| 108 |
That would be useful to have. Where could I download that? |
| 109 |
|
| 110 |
Last time I installed a VM, it took a week until the updates where |
| 111 |
finally installed, and you have to check on it every now and then to |
| 112 |
find out if it's even doing anything at all. The time before, it wasn't |
| 113 |
a VM but a very slow machine, and that also took a week. You can have |
| 114 |
the fastest machine on the world and Windoze always manages to bring it |
| 115 |
down to a slowness we wouldn't have accepted even 20 years ago. |
| 116 |
|
| 117 |
>> >> Add to that that the xen host goes down at |
| 118 |
>> >> random time intervals (because the sending queue of the network card |
| 119 |
>> >> times out for reasons that cannot be determined) which can be as long as |
| 120 |
>> >> a day, a week or even up to three weeks, and you are likely to become a |
| 121 |
>> >> rather unhappy administrator. |
| 122 |
>> > |
| 123 |
>> > Sorry, but I consider that a bug in your hardware. If it's really that |
| 124 |
>> > unstable, replace it. |
| 125 |
>> > I've been running Xen enabled servers for nearly 15 years. Never had |
| 126 |
>> > issues |
| 127 |
>> > like that. If it were truly that unstable, it wouldn't be gaining |
| 128 |
>> > popularity. |
| 129 |
>> The hardware has already been replaced, and the problem persists. Other |
| 130 |
>> machines of identical hardware that don't run xen don't show any issues. |
| 131 |
> |
| 132 |
> I still say the hardware is buggy. With replacing, I meant replace it with |
| 133 |
> different hardware, not a different version of the same buggy stuff. |
| 134 |
|
| 135 |
The hardware is known to be 100% reliable by own experience for over a |
| 136 |
year, for all the machines. Only when xen is running, the problem shows |
| 137 |
up. |
| 138 |
|
| 139 |
Replacing the machine with another, identical one, allows to rule out |
| 140 |
that the particular machine which was replaced has an issue and was very |
| 141 |
easy to do, so that was a very reasonable second step after trying |
| 142 |
different network cards. Three different network cards, from three |
| 143 |
different manufactures, lead to the same error message. |
| 144 |
|
| 145 |
Googling the error message shows that quite a few ppl, with entirely |
| 146 |
different hardware, usually not running xen, have had the same message |
| 147 |
with very similar symptoms. |
| 148 |
|
| 149 |
This currently leaves these possibilities: |
| 150 |
|
| 151 |
|
| 152 |
1.) Xen doesn't work with this hardware. |
| 153 |
|
| 154 |
2.) The problem might somehow be caused by an SSD. |
| 155 |
|
| 156 |
3.) The error message is actually true and something yet unknown is |
| 157 |
going on on the network. |
| 158 |
|
| 159 |
4.) The problem may have been fixed a while ago in the kernel and has |
| 160 |
not been fixed in the xen kernel. |
| 161 |
|
| 162 |
5.) The gplpv drivers the VMs use cause the problem. |
| 163 |
|
| 164 |
6.) It's an issue with power management since the problem occurs when |
| 165 |
the machine and the VMs are not used/busy, at night. Disabling the |
| 166 |
power management for the network card has not made a difference, |
| 167 |
though. |
| 168 |
|
| 169 |
|
| 170 |
3.) is currently being worked on. It needs to be figured out and, if |
| 171 |
there's something weird going on, to be solved in any case. 6.) seems |
| 172 |
unlikely, 1.) and 2.) can be decided when the the hardware is replaced |
| 173 |
with something entirely different, which is the most painful and most |
| 174 |
time-consuming option. That would leave 4.) and 5.), and 3.) if 3.) |
| 175 |
cannot be resolved. |
| 176 |
|
| 177 |
It's easy to say that "the hardware is buggy". I'm not convinced that |
| 178 |
it is. In any case, you can always run into a situation in which xen |
| 179 |
doesn't work as well as you might wish or have experienced so far. |
| 180 |
|
| 181 |
>> >> Try kvm instead, and you'll find that |
| 182 |
>> >> it's impossible to migrate the VMs from xen to to kvm when you want to |
| 183 |
>> >> use virtio drivers because you can't install them on an existing Windoze |
| 184 |
>> >> VM. |
| 185 |
>> > |
| 186 |
>> > Not a problem with the virtualisation technology. It is an issue with |
| 187 |
>> > driver management inside MS Windows. |
| 188 |
>> > There are ways to migrate VMs succesfully, I just don't see the point in |
| 189 |
>> > wasting time for that. |
| 190 |
>> |
| 191 |
>> It's time consuming when you have to reinstall the VMs to migrate them |
| 192 |
>> to kvm. And when you don't have the installers of all the software |
| 193 |
>> that's on some of the VMs and can't get them, you either have to run |
| 194 |
>> them without virtio drivers or you can't migrate them. |
| 195 |
> |
| 196 |
> There are Howtos on the internet describing how to migrate VMs from 1 |
| 197 |
> technology to another. Shouldn't be too hard. |
| 198 |
|
| 199 |
I looked for them. Did you find one that tells you how to install |
| 200 |
the virtio drivers on an existing Windoze 7 VM and that actually works? |
| 201 |
It's already very difficult to get rid of gplpv drivers. |
| 202 |
|
| 203 |
> And keeping the installers at hand is, in my opinion, a requirement of sane |
| 204 |
> system management. |
| 205 |
> I have installers for all the versions of software I deal with. |
| 206 |
|
| 207 |
Indeed --- but some predecessor decided not to keep an installer which |
| 208 |
would be required and is now unavailable. So the only options are to |
| 209 |
leave the VM running under xen or to run it under KVM without virtio |
| 210 |
drivers. The latter is bad idea because the application the installer |
| 211 |
would be needed for already has severe performance problems built in, |
| 212 |
and making it worse isn't a good idea. |
| 213 |
|
| 214 |
>> > The biggest reason why I don't use KVM is the lack of full snapshot |
| 215 |
>> > functionality. Snapshotting disks is nice, but you end up with an unclean- |
| 216 |
>> > shutdown situation and anything that's not yet committed to disk is gone. |
| 217 |
>> |
| 218 |
>> I'm not sure what you mean. When you take a snapshot while the VM is not |
| 219 |
>> shut down, what difference does it make whether you use xen or kvm? |
| 220 |
> |
| 221 |
> A "snapshot" for KVM is ONLY the disks. |
| 222 |
> With Xen, VMWare and Virtualbox, I can also make a snapshot/copy of what's in |
| 223 |
> memory. It's that which makes the difference. |
| 224 |
|
| 225 |
Is that possible without freezing the VM while you make a snapshot of |
| 226 |
the memory? If not, how is it so much better than shutting the VM down? |
| 227 |
|
| 228 |
>> >> Then there's the question how well vnc or spice connections work over a |
| 229 |
>> >> VPN that goes over the internet. |
| 230 |
>> > |
| 231 |
>> > VNC works quite well, as long as you use a minimal desktop. (like |
| 232 |
>> > blackbox). Don't expect KDE or Gnome to be usable. |
| 233 |
>> > I haven't tried Spice yet, but I've read that it performs better. |
| 234 |
>> |
| 235 |
>> It's not like you had a choice when you have Windoze VMs. |
| 236 |
> |
| 237 |
> Windows has RDP, which is a lot better than VNC. Especially when dealing with |
| 238 |
> low-bandwidth connections. |
| 239 |
|
| 240 |
Wasn't RPD deprecated earlier in this discussion because it seemed to be |
| 241 |
not sufficiently secure? |
| 242 |
|
| 243 |
>> >> It's not like the employees could get |
| 244 |
>> >> reliable internet connections with sufficient bandwidth, not to mention |
| 245 |
>> >> that the company would have to get one in the first place, which isn't |
| 246 |
>> >> much easier to get, if any. |
| 247 |
>> > |
| 248 |
>> > That depends on where you are. |
| 249 |
>> |
| 250 |
>> In this country, you have to be really lucky to find a place where you |
| 251 |
>> can get a decent internet connection. |
| 252 |
> |
| 253 |
> Then in your country, working from home might not be the best option. |
| 254 |
|
| 255 |
That probably goes for most countries. |
| 256 |
|
| 257 |
>> > The company could host the servers in a decent datacentre, which should |
| 258 |
>> > take care of the bandwidth issues. |
| 259 |
>> |
| 260 |
>> And give all their data out of hands? And how much does that cost? |
| 261 |
> |
| 262 |
> I'm talking about putting your own hardware there, not letting the datacentre |
| 263 |
> company access to the servers. |
| 264 |
|
| 265 |
How could they reside in a datacenter without the ppl there having |
| 266 |
physical access to them? |
| 267 |
|
| 268 |
>> > For the employees, if they want to work from home, it's up to them to |
| 269 |
>> > ensure they have a reliable connection. |
| 270 |
>> |
| 271 |
>> It is as much problem of the company when they want the employees to |
| 272 |
>> work at home. And the employees don't have a choice, they can only get |
| 273 |
>> a connection they can get. |
| 274 |
> |
| 275 |
> If the company insists people work from home, they need to ensure the |
| 276 |
> employees have the option for a usable connection. Most companies I deal with |
| 277 |
> leave working from home as an option to the employees. |
| 278 |
|
| 279 |
Sometimes it's not an option, and there isn't anything a company could |
| 280 |
do to improve what internet connection an employee can get, unless |
| 281 |
they'd spend huge amounts of money to put cables or fiber glass into the |
| 282 |
ground, provided that they'd get the permissions for that. |
| 283 |
|
| 284 |
Sooner or later, it might become very difficult to find anyone who's |
| 285 |
still willing to spend all the time and money it takes to commute, or |
| 286 |
someone who can still afford it at all, and it might become difficult to |
| 287 |
find an employer willing to spend the money it takes to provide the |
| 288 |
employees with offices. |
| 289 |
|
| 290 |
When you consider the enormous amount of resources that are wasted for |
| 291 |
commuting in an economy and that some economies might start to gain an |
| 292 |
advantage over others by letting ppl work from their homes and by thus |
| 293 |
becoming able to make more competitive offers to their customers, you |
| 294 |
might come to think that it won't take very long before almost everyone |
| 295 |
must work at their home. So this isn't a problem of a company, or some |
| 296 |
companies, it's a problem for all companies and all employees, as it is |
| 297 |
a problem for all economies and all countries. |
| 298 |
|
| 299 |
>> >> It might work in theory. How would it be feasible in practise? |
| 300 |
>> > |
| 301 |
>> > Plenty of companies do it this way. If you don't want to pay for software |
| 302 |
>> > like XenDesktop, you need to do all the work setting it up yourself. |
| 303 |
>> |
| 304 |
>> VNC is somewhat slow over a 1Gbit LAN. Did they find some way to |
| 305 |
>> overcome this problem? |
| 306 |
> |
| 307 |
> Depends on the settings. |
| 308 |
|
| 309 |
Well, yes, I guess you can send something like 640x480 with some minimum |
| 310 |
content that changes as little as possible with less trouble over an |
| 311 |
internet connection than something one can actually work with. |
| 312 |
|
| 313 |
>> This sounds like it is for people with unlimited resources. |
| 314 |
>> |
| 315 |
>> BTW, access a VM through VNC, and you don't even have any way to make |
| 316 |
>> the mouse pointer in the VNC window actually follow the mouse pointer |
| 317 |
>> you're using, which makes it rather annoying to do anything in the VM |
| 318 |
>> you're looking at. If you found a solution for that, I'd be curious as |
| 319 |
>> to how you solved this problem. |
| 320 |
> |
| 321 |
> There is, it's even documented. |
| 322 |
> I'm assuming you are talking about the VNC-console Xen provides? |
| 323 |
> |
| 324 |
> Configure the mouse to be a tablet in the VM config and the issue disappears. |
| 325 |
|
| 326 |
Thanks, I can try that. I haven't seen this documented anywhere yet. |
Archives