Virtual Desktop Research
Categories: tech
Tags: vdi kubernetes research
I have a Chromebook which no longer receives updates. We use it as a child’s movie device. Recently Netflix stopped working on the device and I fear Youtube will eventually wind up there. Meaning the device either becomes e-waste or it will have to find another task. I have looked in the past, however maybe now is time for the thin client over linux!
Essentially a thin client is a minimal computer which connects to more powerful computer. The minimal computer displays the desired graphics and pushes user input to the remote device. Applications run on the more powerful computer, allowing one to centralize computation. I figure I have powerful Linux cluster, maybe I can take advantage of that. Still waiting for the year of Linux desktop though :-) .
Tale of Two Approaches
There are several paths ahead.
- Chrome Remote Desktop - Effectively uses Google’s Remote Desktop system. As this is built like a real product I expect this to be easiest to set up.
- Guacamole - An Apache project to provide an HTML5 based viewer. This requires a bunch of elements, including a database for authentication and authorization.
- VNC - Classic screen sharing software.
- X11 - Everytime I look at this I get lost in a sea of knobs and frustration. So much you can do, from greeters and seats to so much more.
Chrome Remote Desktop
According to Yannick Misteli’s How to setup a virtual desktop on Kubernetes in 15 minutes this is an easy lift. Steps are: 1.) Goto Setup via SSH for Google Remote Desktop. Grab the code. 2.) Build and deploy the container from the article above. 3.) Provide the pin you hardwired into the above container. 4.) … 5.) Profit.
The given Dockerfile
does not build on arm64
because Chrome Remote Desktop does not have an arm64
deb
package. After removing VS Code and restarting on an amd64
machine it took a while to install an enitre desktop
environment, despite being XFCE .
After one gets the service to launch, you get no indication it has properly connected on the instructions screen. You
must return to the Remote Sessions
tab. Overall Chromoting looks fairly cool from a tooling perspective. Running
Chrome in a container proved to be a bit more challenging.
Since the container is already running in a namespaced environment, Chrome must be run with --disable-sandbox
. I
could not get Chrome to run stably. I tried --disable-gpu
which increased the stability. However, Chrome would still
crash. After spending some time with the sound and a message warning Chrome could not connect to the container’s
SystemD process I gave up. Sound is probably solvable. SystemD is not. In order to run SystemD correctly you
must run it as PID 1
. I will need to return to this problem at some other point.
Benefits
- Easy Setup - Google has provided a reasonable product.
- Works out of the box - Since this is a product it works fairly easily and is ready to go.
Concerns
- Key Sharing - Examples of deploying on k8s seem to require special keys during builds.
- Network Hairpin and Egress - Since both devices exist within the same network there is no reason for the traffic to
egress. Best case the traffic would get the edge router and hair pin on the
wan
interface. Worst case it transits from my ISP into Google services and back. Network is probably fast but will do a number on the bandwidth. - Internet Reliance - Ideally operations within a datacenter or location do not have an external dependency with the internet. This heavily relies on Google’s service, meaning all paths to the internet must work.
- Google’s habit of killing things. Need I say more?
Guacamole
I found a promising tutorial which even uses Postgres ! Effectively this is a system setup for virtual desktops.
sequenceDiagram Browser ->> Guacamole: I can haz session? Guacamole ->> Postgres: Yo, we have this browser? Postgres --> Guacamole: Query results with positive acknowledgement Guacamole ->> Browser: "You can haz session at _Container_" Browser ->> Container: Connect
This looked really promising. However given the PID1
problem I am not currently pursing it. Getting a display is
less challenging than stably running Chrome.
Benefits
- Internal Network Only
- Open Source Project
- Ben around for a while
Concerns
- Several Manual Steps
- Web Only
- Several Components
VNC
Benefits
- Internal Network Only
- Well vetted and Established Solution
Concerns
X11
Benefits
- Local Only
Concerns
- Authentication and Authorization - I will need to learn how to secure these session better.
- Movement away from network - For optimization many of the systems