Stream of Consciousness

Mark Eschbach's random writings on various topics.

Virtual Desktop Research

Categories: tech

Tags: vdi kubernetes research

I have a Chromebook which no longer receives updates. We use it as a child’s movie device. Recently Netflix stopped working on the device and I fear Youtube will eventually wind up there. Meaning the device either becomes e-waste or it will have to find another task. I have looked in the past, however maybe now is time for the thin client over linux!

Essentially a thin client is a minimal computer which connects to more powerful computer. The minimal computer displays the desired graphics and pushes user input to the remote device. Applications run on the more powerful computer, allowing one to centralize computation. I figure I have powerful Linux cluster, maybe I can take advantage of that. Still waiting for the year of Linux desktop though :-) .

Tale of Two Approaches

There are several paths ahead.

  • Chrome Remote Desktop - Effectively uses Google’s Remote Desktop system. As this is built like a real product I expect this to be easiest to set up.
  • Guacamole - An Apache project to provide an HTML5 based viewer. This requires a bunch of elements, including a database for authentication and authorization.
  • VNC - Classic screen sharing software.
  • X11 - Everytime I look at this I get lost in a sea of knobs and frustration. So much you can do, from greeters and seats to so much more.

Chrome Remote Desktop

According to Yannick Misteli’s How to setup a virtual desktop on Kubernetes in 15 minutes this is an easy lift. Steps are: 1.) Goto Setup via SSH for Google Remote Desktop. Grab the code. 2.) Build and deploy the container from the article above. 3.) Provide the pin you hardwired into the above container. 4.) … 5.) Profit.

The given Dockerfile does not build on arm64 because Chrome Remote Desktop does not have an arm64 deb package. After removing VS Code and restarting on an amd64 machine it took a while to install an enitre desktop environment, despite being XFCE .

After one gets the service to launch, you get no indication it has properly connected on the instructions screen. You must return to the Remote Sessions tab. Overall Chromoting looks fairly cool from a tooling perspective. Running Chrome in a container proved to be a bit more challenging.

Since the container is already running in a namespaced environment, Chrome must be run with --disable-sandbox. I could not get Chrome to run stably. I tried --disable-gpu which increased the stability. However, Chrome would still crash. After spending some time with the sound and a message warning Chrome could not connect to the container’s SystemD process I gave up. Sound is probably solvable. SystemD is not. In order to run SystemD correctly you must run it as PID 1. I will need to return to this problem at some other point.

Benefits

  • Easy Setup - Google has provided a reasonable product.
  • Works out of the box - Since this is a product it works fairly easily and is ready to go.

Concerns

  • Key Sharing - Examples of deploying on k8s seem to require special keys during builds.
  • Network Hairpin and Egress - Since both devices exist within the same network there is no reason for the traffic to egress. Best case the traffic would get the edge router and hair pin on the wan interface. Worst case it transits from my ISP into Google services and back. Network is probably fast but will do a number on the bandwidth.
  • Internet Reliance - Ideally operations within a datacenter or location do not have an external dependency with the internet. This heavily relies on Google’s service, meaning all paths to the internet must work.
  • Google’s habit of killing things. Need I say more?

Guacamole

I found a promising tutorial which even uses Postgres ! Effectively this is a system setup for virtual desktops.

sequenceDiagram
  Browser ->> Guacamole: I can haz session?
  Guacamole ->> Postgres: Yo, we have this browser?
  Postgres --> Guacamole: Query results with positive acknowledgement 
  Guacamole ->> Browser: "You can haz session at _Container_"
  Browser ->> Container: Connect

This looked really promising. However given the PID1 problem I am not currently pursing it. Getting a display is less challenging than stably running Chrome.

Benefits

  • Internal Network Only
  • Open Source Project
  • Ben around for a while

Concerns

  • Several Manual Steps
  • Web Only
  • Several Components

VNC

Benefits

  • Internal Network Only
  • Well vetted and Established Solution

Concerns

X11

Benefits

  • Local Only

Concerns

  • Authentication and Authorization - I will need to learn how to secure these session better.
  • Movement away from network - For optimization many of the systems