VirtualBox

source: vbox/trunk/doc/manual/en_US/user_Frontends.xml@ 35519

Last change on this file since 35519 was 35277, checked in by vboxsync, 14 years ago

Manual: new security considerations chapter; VRDE/VRDP

File size: 37.0 KB
Line 
1<?xml version="1.0" encoding="UTF-8"?>
2<!DOCTYPE chapter PUBLIC "-//OASIS//DTD DocBook XML V4.4//EN"
3"http://www.oasis-open.org/docbook/xml/4.4/docbookx.dtd">
4<chapter>
5 <title>Remote virtual machines</title>
6
7 <sect1>
8 <title id="vrde">Remote display (VRDP support)</title>
9
10 <para>VirtualBox can display virtual machines remotely, meaning that a
11 virtual machine can execute on one machine even though the machine will be
12 displayed on a second computer, and the machine will be controlled from
13 there as well, as if the virtual machine was running on that second
14 computer.</para>
15
16 <para>For maximum flexibility, starting with VirtualBox 4.0, VirtualBox
17 implements remote machine display through a generic extension interface,
18 the VirtualBox Remote Desktop Extension (VRDE). The base open-source
19 VirtualBox package only provides this interface, while implementations can
20 be supplied by third parties with VirtualBox extension packages, which
21 must be installed separately from the base package. See <xref
22 linkend="intro-installing" /> for more information.</para>
23
24 <para>Oracle provides support for the <emphasis role="bold">VirtualBox
25 Remote Display Protocol (VRDP)</emphasis> in such a VirtualBox extension
26 package. When this package is installed, VirtualBox versions 4.0 and later
27 support VRDP the same way as binary (non-open-source) versions of
28 VirtualBox before 4.0 did.</para>
29
30 <para>VRDP is a backwards-compatible extension to Microsoft's Remote
31 Desktop Protocol (RDP). Typically graphics updates and audio are sent from
32 the remote machine to the client, while keyboard and mouse events are sent
33 back. As a result, you can use any standard RDP client to control the
34 remote VM.</para>
35
36 <para>Even when the extension is installed, the VRDP server is disabled by
37 default. It can easily be enabled on a per-VM basis either in the
38 VirtualBox Manager in the "Display" settings (see <xref
39 linkend="settings-display" />) or with
40 <computeroutput>VBoxManage</computeroutput>:<screen>VBoxManage modifyvm "VM name" --vrde on</screen></para>
41
42 <para>If you use <computeroutput>VBoxHeadless</computeroutput> (described
43 further below), VRDP support will be automatically enabled since
44 VBoxHeadless has no other means of output.</para>
45
46 <sect2 id="rdp-viewers">
47 <title>Common third-party RDP viewers</title>
48
49 <para>Since VRDP is backwards-compatible to RDP, you can use any
50 standard RDP viewer to connect to such a remote virtual machine
51 (examples follow below). For this to work, you must specify the
52 <emphasis role="bold">IP address</emphasis> of your
53 <emphasis>host</emphasis> system (not of the virtual machine!) as the
54 server address to connect to, as well as the <emphasis role="bold">port
55 number</emphasis> that the RDP server is using.</para>
56
57 <para>By default, VRDP uses TCP port
58 <computeroutput>3389</computeroutput>. You will need to change the
59 default port if you run more than one VRDP server, since the port can
60 only be used by one server at a time; you might also need to change it
61 on Windows hosts since the default port might already be used by the RDP
62 server that is built into Windows itself. Ports 5000 through 5050 are
63 typically not used and might be a good choice.</para>
64
65 <para>The port can be changed either in the "Display" settings of the
66 graphical user interface or with
67 <computeroutput>--vrdeport</computeroutput> option of the
68 <computeroutput>VBoxManage modifyvm</computeroutput> command. You can
69 specify a comma-separated list of ports or ranges of ports. Use a dash
70 between two port numbers to specify a range. The VRDP server will bind
71 to <emphasis role="bold">one</emphasis> of available ports from the
72 specified list. For example, <computeroutput>VBoxManage modifyvm "VM
73 name" --vrdeport 5000,5010-5012</computeroutput> will configure the
74 server to bind to one of the ports 5000, 5010, 5011 or 5012. See <xref
75 linkend="vboxmanage-modifyvm" /> for details.</para>
76
77 <para>The actual port used by a running VM can be either queried with
78 <computeroutput>VBoxManage showvminfo</computeroutput> command or seen
79 in the GUI on the "Runtime" tab of the "Session Information Dialog",
80 which is accessible via the "Machine" menu of the VM window.</para>
81
82 <para>Here follow examples for the most common RDP viewers:<itemizedlist>
83 <listitem>
84 <para>On Windows, you can use the Microsoft Terminal Services
85 Connector (<computeroutput>mstsc.exe</computeroutput>) that ships
86 with Windows. You can start it by bringing up the "Run" dialog
87 (press the Windows key and "R") and typing "mstsc". You can also
88 find it under "Start" -&gt; "All Programs" -&gt; "Accessories"
89 -&gt; "Remote Desktop Connection". If you use the "Run" dialog,
90 you can type in options directly:<screen>mstsc 1.2.3.4[:3389]</screen></para>
91
92 <para>Replace "1.2.3.4" with the host IP address, and 3389 with a
93 different port if necessary.</para>
94
95 <note>
96 <para>When connecting to localhost in order to test the
97 connection, the addresses
98 <computeroutput>localhost</computeroutput> and
99 <computeroutput>127.0.0.1</computeroutput> might not work using
100 <computeroutput>mstsc.exe</computeroutput>. Instead, the address
101 <computeroutput>127.0.0.2[:3389]</computeroutput> has to be
102 used.</para>
103 </note>
104 </listitem>
105
106 <listitem>
107 <para>On other systems, you can use the standard open-source
108 <computeroutput>rdesktop</computeroutput> program. This ships with
109 most Linux distributions, but VirtualBox also comes with a
110 modified variant of rdesktop for remote USB support (see <xref
111 linkend="usb-over-rdp" /> below).</para>
112
113 <para>With rdesktop, use a command line such as the
114 following:<screen>rdesktop -a 16 -N 1.2.3.4:3389</screen></para>
115
116 <para>As said for the Microsoft viewer above, replace "1.2.3.4"
117 with the host IP address, and 3389 with a different port if
118 necessary. The <computeroutput>-a 16</computeroutput> option
119 requests a color depth of 16 bits per pixel, which we recommend.
120 (For best performance, after installation of the guest operating
121 system, you should set its display color depth to the same value).
122 The <computeroutput>-N</computeroutput> option enables use of the
123 NumPad keys.</para>
124 </listitem>
125
126 <listitem>
127 <para>If you run the KDE desktop, you might prefer
128 <computeroutput>krdc</computeroutput>, the KDE RDP viewer. The
129 command line would look like this:<screen>krdc --window --high-quality rdp:/1.2.3.4[:3389]</screen></para>
130
131 <para>Again, replace "1.2.3.4" with the host IP address, and 3389
132 with a different port if necessary. The "rdp:/" bit is required
133 with krdc to switch it into RDP mode.</para>
134 </listitem>
135 </itemizedlist></para>
136 </sect2>
137
138 <sect2 id="vboxheadless">
139 <title>VBoxHeadless, the remote desktop server</title>
140
141 <para>While any VM started from the VirtualBox Manager is capable of
142 running virtual machines remotely, it is not convenient to have to run
143 the full-fledged GUI if you never want to have VMs displayed locally in
144 the first place. In particular, if you are running server hardware whose
145 only purpose is to host VMs, and all your VMs are supposed to run
146 remotely over VRDP, then it is pointless to have a graphical user
147 interface on the server at all -- especially since, on a Linux or
148 Solaris host, the VirtualBox manager comes with dependencies on the Qt
149 and SDL libraries. This is inconvenient if you would rather not have the
150 X Window system on your server at all.</para>
151
152 <para>VirtualBox therefore comes with yet another front-end called
153 <computeroutput>VBoxHeadless</computeroutput>, which produces no visible
154 output on the host at all, but instead only delivers VRDP data. This
155 front-end has no dependencies on the X Window system on Linux and
156 Solaris hosts.<footnote>
157 <para>Before VirtualBox 1.6, the headless server was called
158 <computeroutput>VBoxVRDP</computeroutput>. For the sake of backwards
159 compatibility, the VirtualBox installation still installs an
160 executable with that name as well.</para>
161 </footnote></para>
162
163 <para>To start a virtual machine with
164 <computeroutput>VBoxHeadless</computeroutput>, you have two
165 options:</para>
166
167 <itemizedlist>
168 <listitem>
169 <para>You can use <screen>VBoxManage startvm "VM name" --type headless</screen>The
170 extra <computeroutput>--type</computeroutput> option causes
171 VirtualBox to use <computeroutput>VBoxHeadless</computeroutput> as
172 the front-end to the internal virtualization engine instead of the
173 Qt front-end.</para>
174 </listitem>
175
176 <listitem>
177 <para>The alternative is to use
178 <computeroutput>VBoxHeadless</computeroutput> directly, as
179 follows:<screen>VBoxHeadless --startvm &lt;uuid|name&gt;</screen></para>
180
181 <para>This way of starting the VM is preferred because you can see
182 more detailed error messages, especially for early failures before
183 the VM execution is started. If you have trouble with
184 <computeroutput>VBoxManage startvm</computeroutput>, it can help
185 greatly to start <computeroutput>VBoxHeadless</computeroutput>
186 directly to diagnose the problem cause.</para>
187 </listitem>
188 </itemizedlist>
189
190 <para>Note that when you use
191 <computeroutput>VBoxHeadless</computeroutput> to start a VM, since the
192 headless server has no other means of output, the VRDP server will
193 <emphasis>always</emphasis> be enabled, regardless of whether you had
194 enabled the VRDP server in the VM's settings. If this is undesirable
195 (for example because you want to access the VM via
196 <computeroutput>ssh</computeroutput> only), start the VM like
197 this:<screen>VBoxHeadless --startvm &lt;uuid|name&gt; --vrde=off</screen>To
198 have the VRDP server enabled depending on the VM configuration, as the
199 other front-ends would, use this:<screen>VBoxHeadless --startvm &lt;uuid|name&gt; --vrde=config</screen></para>
200 </sect2>
201
202 <sect2>
203 <title>Step by step: creating a virtual machine on a headless
204 server</title>
205
206 <para>The following instructions may give you an idea how to create a
207 virtual machine on a headless server over a network connection. We will
208 create a virtual machine, establish an RDP connection and install a
209 guest operating system -- all without having to touch the headless
210 server. All you need is the following:</para>
211
212 <para><orderedlist>
213 <listitem>
214 <para>VirtualBox on a server machine with a supported host
215 operating system. The VirtualBox extension pack for the VRDP
216 server must be installed (see the previous section). For the
217 following example, we will assume a Linux server.</para>
218 </listitem>
219
220 <listitem>
221 <para>An ISO file accessible from the server, containing the
222 installation data for the guest operating system to install (we
223 will assume Windows XP in the following example).</para>
224 </listitem>
225
226 <listitem>
227 <para>A terminal connection to that host through which you can
228 access a command line (e.g. via
229 <computeroutput>ssh</computeroutput>).</para>
230 </listitem>
231
232 <listitem>
233 <para>An RDP viewer on the remote client; see <xref
234 linkend="rdp-viewers" /> above for examples.</para>
235 </listitem>
236 </orderedlist>Note again that on the server machine, since we will
237 only use the headless server, neither Qt nor SDL nor the X Window system
238 will be needed.</para>
239
240 <para><orderedlist>
241 <listitem>
242 <para>On the headless server, create a new virtual machine:</para>
243
244 <screen>VBoxManage createvm --name "Windows XP" --ostype WindowsXP --register</screen>
245
246 <para>Note that if you do not specify
247 <computeroutput>--register</computeroutput>, you will have to
248 manually use the <computeroutput>registervm</computeroutput>
249 command later.</para>
250
251 <para>Note further that you do not need to specify
252 <computeroutput>--ostype</computeroutput>, but doing so selects
253 some sane default values for certain VM parameters, for example
254 the RAM size and the type of the virtual network device. To get a
255 complete list of supported operating systems you can use</para>
256
257 <screen>VBoxManage list ostypes</screen>
258 </listitem>
259
260 <listitem>
261 <para>Make sure the settings for this VM are appropriate for the
262 guest operating system that we will install. For example:<screen>VBoxManage modifyvm "Windows XP" --memory 256 --acpi on --boot1 dvd --nic1 nat</screen></para>
263 </listitem>
264
265 <listitem>
266 <para>Create a virtual hard disk for the VM (in this case, 10GB in
267 size):<screen>VBoxManage createhd --filename "WinXP.vdi" --size 10000</screen></para>
268 </listitem>
269
270 <listitem>
271 <para>Add an IDE Controller to the new VM:<screen>VBoxManage storagectl "Windows XP" --name "IDE Controller"
272 --add ide --controller PIIX4</screen></para>
273 </listitem>
274
275 <listitem>
276 <para>Set the VDI file created above as the first virtual hard
277 disk of the new VM:<screen>VBoxManage storageattach "Windows XP" --storagectl "IDE Controller"
278 --port 0 --device 0 --type hdd --medium "WinXP.vdi"</screen></para>
279 </listitem>
280
281 <listitem>
282 <para>Attach the ISO file that contains the operating system
283 installation that you want to install later to the virtual
284 machine, so the machine can boot from it:<screen>VBoxManage storageattach "Windows XP" --storagectl "IDE Controller"
285 --port 0 --device 1 --type dvddrive --medium /full/path/to/iso.iso</screen></para>
286 </listitem>
287
288 <listitem>
289 <para>Start the virtual machine using VBoxHeadless:<screen>VBoxHeadless --startvm "Windows XP"</screen></para>
290
291 <para>If everything worked, you should see a copyright notice. If,
292 instead, you are returned to the command line, then something went
293 wrong.</para>
294 </listitem>
295
296 <listitem>
297 <para>On the client machine, fire up the RDP viewer and try to
298 connect to the server (see <xref linkend="rdp-viewers" /> above
299 for how to use various common RDP viewers).</para>
300
301 <para>You should now be seeing the installation routine of your
302 guest operating system remotely in the RDP viewer.</para>
303 </listitem>
304 </orderedlist></para>
305 </sect2>
306
307 <sect2 id="usb-over-rdp">
308 <title>Remote USB</title>
309
310 <para>As a special feature on top of the VRDP support, VirtualBox
311 supports remote USB devices over the wire as well. That is, the
312 VirtualBox guest that runs on one computer can access the USB devices of
313 the remote computer on which the VRDP data is being displayed the same
314 way as USB devices that are connected to the actual host. This allows
315 for running virtual machines on a VirtualBox host that acts as a server,
316 where a client can connect from elsewhere that needs only a network
317 adapter and a display capable of running an RDP viewer. When USB devices
318 are plugged into the client, the remote VirtualBox server can access
319 them.</para>
320
321 <para>For these remote USB devices, the same filter rules apply as for
322 other USB devices, as described with <xref linkend="settings-usb" />.
323 All you have to do is specify "Remote" (or "Any") when setting up these
324 rules.</para>
325
326 <para>Accessing remote USB devices is only possible if the RDP client
327 supports this extension. On Linux and Solaris hosts, the VirtualBox
328 installation provides a suitable VRDP client called
329 <computeroutput>rdesktop-vrdp</computeroutput>. RDP clients for other
330 platforms will be provided in future VirtualBox versions.</para>
331
332 <para>To make a remote USB device available to a VM,
333 <computeroutput>rdesktop-vrdp</computeroutput> should be started as
334 follows:<screen>rdesktop-vrdp -r usb -a 16 -N my.host.address</screen>Note
335 that <computeroutput>rdesktop-vrdp</computeroutput> can access USB
336 devices only through <computeroutput>/proc/bus/usb</computeroutput>.
337 Please refer to <xref linkend="usb_linux" /> for further details on how
338 to properly set up the permissions. Furthermore it is advisable to
339 disable automatic loading of any host driver on the remote host which
340 might work on USB devices to ensure that the devices are accessible by
341 the RDP client. If the setup was properly done on the remote host,
342 plug/unplug events are visible on the VBox.log file of the VM.</para>
343 </sect2>
344
345 <sect2 id="vbox-auth">
346 <title>RDP authentication</title>
347
348 <para>For each virtual machine that is remotely accessible via RDP, you
349 can individually determine if and how client connections are
350 authenticated. For this, use <computeroutput>VBoxManage
351 modifyvm</computeroutput> command with the
352 <computeroutput>--vrdeauthtype</computeroutput> option; see <xref
353 linkend="vboxmanage-modifyvm" /> for a general introduction. Three
354 methods of authentication are available:<itemizedlist>
355 <listitem>
356 <para>The "null" method means that there is no authentication at
357 all; any client can connect to the VRDP server and thus the
358 virtual machine. This is, of course, very insecure and only to be
359 recommended for private networks.</para>
360 </listitem>
361
362 <listitem>
363 <para>The "external" method provides external authentication
364 through a special authentication library. VirtualBox ships with
365 two such authentication libraries:<orderedlist>
366 <listitem>
367 <para>The default authentication library,
368 <computeroutput>VBoxAuth</computeroutput>, authenticates
369 against user credentials of the hosts. Depending on the host
370 platform, this means:<itemizedlist>
371 <listitem>
372 <para>On Linux hosts,
373 <computeroutput>VBoxAuth.so</computeroutput>
374 authenticates users against the host's PAM
375 system.</para>
376 </listitem>
377
378 <listitem>
379 <para>On Windows hosts,
380 <computeroutput>VBoxAuth.dll</computeroutput>
381 authenticates users against the host's WinLogon
382 system.</para>
383 </listitem>
384
385 <listitem>
386 <para>On Mac OS X hosts,
387 <computeroutput>VBoxAuth.dylib</computeroutput>
388 authenticates users against the host's directory
389 service.<footnote>
390 <para>Support for Mac OS X was added in version
391 3.2.</para>
392 </footnote></para>
393 </listitem>
394 </itemizedlist></para>
395
396 <para>In other words, the "external" method per default
397 performs authentication with the user accounts that exist on
398 the host system. Any user with valid authentication
399 credentials is accepted, i.e. the username does not have to
400 correspond to the user running the VM.</para>
401 </listitem>
402
403 <listitem>
404 <para>An additional library called
405 <computeroutput>VBoxAuthSimple</computeroutput> performs
406 authentication against credentials configured in the
407 "extradata" section of a virtual machine's XML settings
408 file. This is probably the simplest way to get
409 authentication that does not depend on a running and
410 supported guest (see below). The following steps are
411 required:<orderedlist>
412 <listitem>
413 <para>Enable
414 <computeroutput>VBoxAuthSimple</computeroutput> with
415 the following command:</para>
416
417 <para><screen>VBoxManage setproperty vrdeauthlibrary "VBoxAuthSimple"</screen></para>
418 </listitem>
419
420 <listitem>
421 <para>To enable the library for a particular VM, you
422 must then switch authentication to external:<screen>VBoxManage modifyvm &lt;vm&gt; --vrdeauthtype external</screen></para>
423
424 <para>Replace
425 <computeroutput>&lt;vm&gt;</computeroutput> with the
426 VM name or UUID.</para>
427 </listitem>
428
429 <listitem>
430 <para>You will then need to configure users and
431 passwords by writing items into the machine's
432 extradata. Since the XML machine settings file, into
433 whose "extradata" section the password needs to be
434 written, is a plain text file, VirtualBox uses hashes
435 to encrypt passwords. The following command must be
436 used:<screen>VBoxManage setextradata &lt;vm&gt; "VBoxAuthSimple/users/&lt;user&gt;" &lt;hash&gt;</screen></para>
437
438 <para>Replace
439 <computeroutput>&lt;vm&gt;</computeroutput> with the
440 VM name or UUID,
441 <computeroutput>&lt;user&gt;</computeroutput> with the
442 user name who should be allowed to log in and
443 <computeroutput>&lt;hash&gt;</computeroutput> with the
444 encrypted password. As an example, to obtain the hash
445 value for the password "secret", you can use the
446 following command:<screen>VBoxManage internalcommands passwordhash "secret"</screen></para>
447
448 <para>This will print
449 "2bb80d537b1da3e38bd30361aa855686bde0eacd7162fef6a25fe97bf527a25b".
450 You can then use VBoxManage setextradata to store this
451 value in the machine's "extradata" section.</para>
452
453 <para>As example, combined together, to set the
454 password for the user "john" and the machine "My VM"
455 to "secret", use this command:<screen>VBoxManage setextradata "My VM" "VBoxAuthSimple/users/john"
456 2bb80d537b1da3e38bd30361aa855686bde0eacd7162fef6a25fe97bf527a25b</screen></para>
457 </listitem>
458 </orderedlist></para>
459 </listitem>
460 </orderedlist></para>
461 </listitem>
462
463 <listitem>
464 <para>Finally, the "guest" authentication method performs
465 authentication with a special component that comes with the Guest
466 Additions; as a result, authentication is not performed on the
467 host, but with the <emphasis>guest</emphasis> user
468 accounts.</para>
469
470 <para>This method is currently still in testing and not yet
471 supported.</para>
472 </listitem>
473 </itemizedlist></para>
474
475 <para>In addition to the methods described above, you can replace the
476 default "external" authentication module with any other module. For
477 this, VirtualBox provides a well-defined interface that allows you to
478 write your own authentication module. This is described in detail in the
479 VirtualBox Software Development Kit (SDK) reference; please see <xref
480 linkend="VirtualBoxAPI" /> for details.</para>
481 </sect2>
482
483 <sect2 id="vrde-crypt">
484 <title>RDP encryption</title>
485
486 <para>RDP features data stream encryption, which is based on the RC4
487 symmetric cipher (with keys up to 128bit). The RC4 keys are being
488 replaced in regular intervals (every 4096 packets).</para>
489
490 <para>RDP provides three different authentication methods:<orderedlist>
491 <listitem>
492 <para>Historically, RDP4 authentication was used, with which the
493 RDP client does not perform any checks in order to verify the
494 identity of the server it connects to. Since user credentials can
495 be obtained using a "man in the middle" (MITM) attack, RDP4
496 authentication is insecure and should generally not be
497 used.</para>
498 </listitem>
499
500 <listitem>
501 <para>RDP5.1 authentication employs a server certificate for which
502 the client possesses the public key. This way it is guaranteed
503 that the server possess the corresponding private key. However, as
504 this hard-coded private key became public some years ago, RDP5.1
505 authentication is also insecure and cannot be recommended.</para>
506 </listitem>
507
508 <listitem>
509 <para>RDP5.2 authentication is based on TLS 1.0 with
510 customer-supplied certificates. The server supplies a certificate
511 to the client which must be signed by a certificate authority (CA)
512 that the client trusts (for the Microsoft RDP Client 5.2, the CA
513 has to be added to the Windows Trusted Root Certificate
514 Authorities database). VirtualBox allows you to supply your own CA
515 and server certificate and uses OpenSSL for encryption.</para>
516 </listitem>
517 </orderedlist></para>
518
519 <para>While VirtualBox supports all of the above, only RDP5.2
520 authentication should be used in environments where security is a
521 concern. As the client that connects to the server determines what type
522 of encryption will be used, with rdesktop, the Linux RDP viewer, use the
523 <computeroutput>-4</computeroutput> or
524 <computeroutput>-5</computeroutput> options.</para>
525 </sect2>
526
527 <sect2 id="vrde-multiconnection">
528 <title>Multiple connections to the VRDP server</title>
529
530 <para>The VRDP server of VirtualBox supports multiple simultaneous
531 connections to the same running VM from different clients. All connected
532 clients see the same screen output and share a mouse pointer and
533 keyboard focus. This is similar to several people using the same
534 computer at the same time, taking turns at the keyboard.</para>
535
536 <para>The following command enables multiple connection mode: <screen>VBoxManage modifyvm "VM name" --vrdemulticon on</screen></para>
537 </sect2>
538
539 <sect2 id="vrde-multimonitor">
540 <title>Multiple remote monitors</title>
541
542 <para>To access two or more remote VM displays you have to enable the
543 VRDP multiconnection mode (see <xref
544 linkend="vrde-multiconnection" />).</para>
545
546 <para>The RDP client can select the virtual monitor number to connect to
547 using the <computeroutput>domain</computeroutput> logon parameter
548 (<computeroutput>-d</computeroutput>). If the parameter ends with
549 <computeroutput>@</computeroutput> followed by a number, VirtualBox
550 interprets this number as the screen index. The primary guest screen is
551 selected with <computeroutput>@1</computeroutput>, the first secondary
552 screen is <computeroutput>@2</computeroutput>, etc.</para>
553
554 <para>The Microsoft RDP6 client does not let you specify a separate
555 domain name. Instead, use
556 <computeroutput>domain\username</computeroutput> in the
557 <computeroutput>Username:</computeroutput> field -- for example,
558 <computeroutput>@2\name</computeroutput>.
559 <computeroutput>name</computeroutput> must be supplied, and must be the
560 name used to log in if the VRDP server is set up to require credentials.
561 If it is not, you may use any text as the username.</para>
562 </sect2>
563
564 <sect2 id="vrde-videochannel">
565 <title>VRDP video redirection</title>
566
567 <para>Starting with VirtualBox 3.2, the VRDP server can redirect video
568 streams from the guest to the RDP client. Video frames are compressed
569 using the JPEG algorithm allowing a higher compression ratio than
570 standard RDP bitmap compression methods. It is possible to increase the
571 compression ratio by lowering the video quality.</para>
572
573 <para>The VRDP server automatically detects video streams in a guest as
574 frequently updated rectangular areas. As a result, this method works
575 with any guest operating system without having to install additional
576 software in the guest; in particular, the Guest Additions are not
577 required.</para>
578
579 <para>On the client side, however, currently only the Windows 7 Remote
580 Desktop Connection client supports this feature. If a client does not
581 support video redirection, the VRDP server falls back to regular bitmap
582 updates.</para>
583
584 <para>The following command enables video redirection: <screen>VBoxManage modifyvm "VM name" --vrdevideochannel on</screen></para>
585
586 <para>The quality of the video is defined as a value from 10 to 100
587 percent, representing a JPEG compression level (where lower numbers mean
588 lower quality but higher compression). The quality can be changed using
589 the following command: <screen>VBoxManage modifyvm "VM name" --vrdevideochannelquality 75</screen></para>
590 </sect2>
591
592 <sect2 id="vrde-customization">
593 <title>VRDP customization</title>
594
595 <para>With VirtualBox 4.0 it is possible to disable display output,
596 mouse and keyboard input, audio, remote USB or clipboard individually in
597 the VRDP server.</para>
598
599 <para>The following commands change corresponding server
600 settings:</para>
601
602 <screen>VBoxManage modifyvm "VM name" --vrdeproperty Client/DisableDisplay=1
603VBoxManage modifyvm "VM name" --vrdeproperty Client/DisableInput=1
604VBoxManage modifyvm "VM name" --vrdeproperty Client/DisableUSB=1
605VBoxManage modifyvm "VM name" --vrdeproperty Client/DisableAudio=1
606VBoxManage modifyvm "VM name" --vrdeproperty Client/DisableClipboard=1
607VBoxManage modifyvm "VM name" --vrdeproperty Client/DisableUpstreamAudio=1</screen>
608
609 <para>To reenable a feature use a similar command without the trailing
610 1. For example: <screen>VBoxManage modifyvm "VM name" --vrdeproperty Client/DisableDisplay=</screen></para>
611
612 <para>These properties were introduced with VirtualBox 3.2.10. However,
613 in the 3.2.x series, it was necessary to use the following commands to
614 alter these settings instead:</para>
615
616 <screen>VBoxManage setextradata "VM name" "VRDP/Feature/Client/DisableDisplay" 1
617VBoxManage setextradata "VM name" "VRDP/Feature/Client/DisableInput" 1
618VBoxManage setextradata "VM name" "VRDP/Feature/Client/DisableUSB" 1
619VBoxManage setextradata "VM name" "VRDP/Feature/Client/DisableAudio" 1
620VBoxManage setextradata "VM name" "VRDP/Feature/Client/DisableClipboard" 1</screen>
621
622 <para>To reenable a feature use a similar command without the trailing
623 1. For example: <screen>VBoxManage setextradata "VM name" "VRDP/Feature/Client/DisableDisplay"</screen></para>
624 </sect2>
625 </sect1>
626
627 <sect1 id="teleporting">
628 <title>Teleporting</title>
629
630 <para>Starting with version 3.1, VirtualBox supports "teleporting" -- that
631 is, moving a virtual machine over a network from one VirtualBox host to
632 another, while the virtual machine is running. This works regardless of
633 the host operating system that is running on the hosts: you can teleport
634 virtual machines between Solaris and Mac hosts, for example.</para>
635
636 <para>Teleporting requires that a machine be currently running on one
637 host, which is then called the <emphasis role="bold">"source"</emphasis>.
638 The host to which the virtual machine will be teleported will then be
639 called the <emphasis role="bold">"target"</emphasis>; the machine on the
640 target is then configured to wait for the source to contact the target.
641 The machine's running state will then be transferred from the source to
642 the target with minimal downtime.</para>
643
644 <para>Teleporting happens over any TCP/IP network; the source and the
645 target only need to agree on a TCP/IP port which is specified in the
646 teleporting settings.</para>
647
648 <para>At this time, there are a few prerequisites for this to work,
649 however:<orderedlist>
650 <listitem>
651 <para>On the target host, you must configure a virtual machine in
652 VirtualBox with exactly the same hardware settings as the machine on
653 the source that you want to teleport. This does not apply to
654 settings which are merely descriptive, such as the VM name, but
655 obviously for teleporting to work, the target machine must have the
656 same amount of memory and other hardware settings. Otherwise
657 teleporting will fail with an error message.</para>
658 </listitem>
659
660 <listitem>
661 <para>The two virtual machines on the source and the target must
662 share the same storage (hard disks as well as floppy and CD/DVD
663 images). This means that they either use the same iSCSI targets or
664 that the storage resides somewhere on the network and both hosts
665 have access to it via NFS or SMB/CIFS.</para>
666
667 <para>This also means that neither the source nor the target machine
668 can have any snapshots.</para>
669 </listitem>
670 </orderedlist></para>
671
672 <para>Then perform the following steps:<orderedlist>
673 <listitem>
674 <para>On the <emphasis>target</emphasis> host, configure the virtual
675 machine to wait for a teleport request to arrive when it is started,
676 instead of actually attempting to start the machine. This is done
677 with the following VBoxManage command:<screen>VBoxManage modifyvm &lt;targetvmname&gt; --teleporter on --teleporterport &lt;port&gt;</screen></para>
678
679 <para>where <computeroutput>&lt;targetvmname&gt;</computeroutput> is
680 the name of the virtual machine on the target host and
681 <computeroutput>&lt;port&gt;</computeroutput> is a TCP/IP port
682 number to be used on both the source and the target hosts. For
683 example, use 6000. For details, see <xref
684 linkend="vboxmanage-modifyvm-teleport" />.</para>
685 </listitem>
686
687 <listitem>
688 <para>Start the VM on the target host. You will see that instead of
689 actually running, it will show a progress dialog. indicating that it
690 is waiting for a teleport request to arrive.</para>
691 </listitem>
692
693 <listitem>
694 <para>Start the machine on the <emphasis>source</emphasis> host as
695 usual. When it is running and you want it to be teleported, issue
696 the following command on the source host:<screen>VBoxManage controlvm &lt;sourcevmname&gt; teleport --host &lt;targethost&gt; --port &lt;port&gt;</screen></para>
697
698 <para>where <computeroutput>&lt;sourcevmname&gt;</computeroutput> is
699 the name of the virtual machine on the source host (the machine that
700 is currently running),
701 <computeroutput>&lt;targethost&gt;</computeroutput> is the host or
702 IP name of the target host on which the machine is waiting for the
703 teleport request, and <computeroutput>&lt;port&gt;</computeroutput>
704 must be the same number as specified in the command on the target
705 host. For details, see <xref
706 linkend="vboxmanage-controlvm" />.</para>
707 </listitem>
708 </orderedlist></para>
709
710 <para>For testing, you can also teleport machines on the same host; in
711 that case, use "localhost" as the hostname on both the source and the
712 target host.<note>
713 <para>In rare cases, if the CPUs of the source and the target are very
714 different, teleporting can fail with an error message, or the target
715 may hang. This may happen especially if the VM is running application
716 software that is highly optimized to run on a particular CPU without
717 correctly checking that certain CPU features are actually present.
718 VirtualBox filters what CPU capabilities are presented to the guest
719 operating system. Advanced users can attempt to restrict these virtual
720 CPU capabilities with the <computeroutput>VBoxManage --modifyvm
721 --cpuid</computeroutput> command; see <xref
722 linkend="vboxmanage-modifyvm-teleport" />.</para>
723 </note></para>
724 </sect1>
725</chapter>
Note: See TracBrowser for help on using the repository browser.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette