Enable Remote Desktop on virtual machine
7.1. Remote Display (VRDP Support) Show
Oracle VM VirtualBox can display virtual machines remotely, meaning that a virtual machine can execute on one computer even though the machine will be displayed on a second computer, and the machine will be controlled from there as well, as if the virtual machine was running on that second computer. For maximum flexibility, Oracle VM VirtualBox implements remote machine display through a generic extension interface called the VirtualBox Remote Desktop Extension (VRDE). The base open source Oracle VM VirtualBox package only provides this interface, while implementations can be supplied by third parties with Oracle VM VirtualBox extension packages, which must be installed separately from the base package. See Section 1.5, “Installing Oracle VM VirtualBox and Extension Packs”. Oracle provides support for the VirtualBox Remote Display Protocol (VRDP) in such an Oracle VM VirtualBox extension package. VRDP is a backwards-compatible extension to Microsoft's Remote Desktop Protocol (RDP). As a result, you can use any standard RDP client to control the remote VM. Even when the extension is installed, the VRDP server is disabled by default. It can easily be enabled on a per-VM basis either in the VirtualBox Manager in the Display settings, see Section 3.6, “Display Settings”, or with the VBoxManage command, as follows: $ VBoxManage modifyvm VM-name --vrde onBy default, the VRDP server uses TCP port 3389. You will need to change the default port if you run more than one VRDP server, since the port can only be used by one server at a time. You might also need to change it on Windows hosts since the default port might already be used by the RDP server that is built into Windows itself. Ports 5000 through 5050 are typically not used and might be a good choice. The port can be changed either in the Display settings of the graphical user interface or with the --vrdeport option of the VBoxManage modifyvm command. You can specify a comma-separated list of ports or ranges of ports. Use a dash between two port numbers to specify a range. The VRDP server will bind to one of the available ports from the specified list. For example, VBoxManage modifyvm VM-name --vrdeport 5000,5010-5012 configures the server to bind to one of the ports 5000, 5010, 5011, or 5012. See Section 8.8, “VBoxManage modifyvm”. The actual port used by a running VM can be either queried with the VBoxManage showvminfo command or seen in the GUI on the Runtime tab of the Session Information dialog, which is accessible from the Machine menu of the VM window. Oracle VM VirtualBox supports IPv6. If the host OS supports IPv6 the VRDP server will automatically listen for IPv6 connections in addition to IPv4. 7.1.1. Common Third-Party RDP ViewersSince VRDP is backwards-compatible to RDP, you can use any standard RDP viewer to connect to such a remote virtual machine. For this to work, you must specify the IP address of your host system, not of the virtual machine, as the server address to connect to. You must also specify the port number that the VRDP server is using. The following examples are for the most common RDP viewers:
7.1.2. VBoxHeadless, the Remote Desktop ServerWhile any VM started from the VirtualBox Manager is capable of running virtual machines remotely, it is not convenient to have to run the full GUI if you never want to have VMs displayed locally in the first place. In particular, if you are running server hardware whose only purpose is to host VMs, and all your VMs are supposed to run remotely over VRDP, then it is pointless to have a graphical user interface on the server at all. This is especially true for Linux or Oracle Solaris hosts, as the VirtualBox Manager comes with dependencies on the Qt and SDL libraries. This is inconvenient if you would rather not have the X Window system on your server at all. Oracle VM VirtualBox therefore comes with a front-end called VBoxHeadless, which produces no visible output on the host at all, but still can optionally deliver VRDP data. This front-end has no dependencies on the X Window system on Linux and Oracle Solaris hosts. In legacy releases of Oracle VM VirtualBox, the headless server was called VBoxVRDP. For backwards compatibility, the Oracle VM VirtualBox installation still includes an executable with that name. To start a virtual machine with VBoxHeadless, you have the following options:
When you use the VBoxHeadless command to start a VM, the VRDP server will be enabled according to the VM configuration. You can override the VM's setting using --vrde command line parameter. To enable the VRDP server, start the VM as follows: VBoxHeadless --startvm uuid|vmname --vrde onTo disable the VRDP server: VBoxHeadless --startvm uuid|vmname --vrde offTo have the VRDP server enabled depending on the VM configuration, as for other front-ends: VBoxHeadless --startvm uuid|vmname --vrde configThis command is the same as the following: VBoxHeadless --startvm uuid|vmnameIf you start the VM with VBoxManage startvm then the configuration settings of the VM are always used. 7.1.3. Step by Step: Creating a Virtual Machine on a Headless ServerThe following instructions describe how to create a virtual machine on a headless server over a network connection. This example creates a virtual machine, establishes an RDP connection and installs a guest operating system. All of these tasks are done without having to touch the headless server. You need the following prerequisites:
Note that on the server machine, since we will only use the headless server, Qt and the X Window system are not required.
As a special feature additional to the VRDP support, Oracle VM VirtualBox also supports remote USB devices over the wire. That is, an Oracle VM VirtualBox guest that runs on one computer can access the USB devices of the remote computer on which the VRDP data is being displayed the same way as USB devices that are connected to the actual host. This enables running of virtual machines on an Oracle VM VirtualBox host that acts as a server, where a client can connect from elsewhere that needs only a network adapter and a display capable of running an RDP viewer. When USB devices are plugged into the client, the remote Oracle VM VirtualBox server can access them. For these remote USB devices, the same filter rules apply as for other USB devices. See Section 3.11.1, “USB Settings”. All you have to do is specify Remote, or Any, when setting up these rules. Accessing remote USB devices is only possible if the RDP client supports this extension. On Linux and Oracle Solaris hosts, the Oracle VM VirtualBox installation provides a suitable VRDP client called rdesktop-vrdp. Some versions of uttsc, a client tailored for the use with Sun Ray thin clients, also support accessing remote USB devices. RDP clients for other platforms will be provided in future Oracle VM VirtualBox versions. To make a remote USB device available to a VM, rdesktop-vrdp should be started as follows: rdesktop-vrdp -r usb -a 16 -N my.host.addressSee Section 12.7.5, “USB Not Working” for further details on how to properly set up the permissions for USB devices. Furthermore it is advisable to disable automatic loading of any host driver on the remote host which might work on USB devices to ensure that the devices are accessible by the RDP client. If the setup was properly done on the remote host, plug and unplug events are visible in the VBox.log file of the VM. 7.1.5. RDP AuthenticationFor each virtual machine that is remotely accessible using RDP, you can individually determine if and how client connections are authenticated. For this, use the VBoxManage modifyvm command with the --vrdeauthtype option. See Section 8.8, “VBoxManage modifyvm”. The following methods of authentication are available:
In addition to the methods described above, you can replace the default external authentication module with any other module. For this, Oracle VM VirtualBox provides a well-defined interface that enables you to write your own authentication module. This is described in detail in the Oracle VM VirtualBox Software Development Kit (SDK) reference. See Chapter 11, Oracle VM VirtualBox Programming Interfaces. RDP features data stream encryption, which is based on the RC4 symmetric cipher, with keys up to 128-bit. The RC4 keys are replaced at regular intervals, every 4096 packets. RDP provides the following different authentication methods:
As the client that connects to the server determines what type of encryption will be used, with rdesktop, the Linux RDP viewer, use the -4 or -5 options. 7.1.7. Multiple Connections to the VRDP ServerThe VRDP server of Oracle VM VirtualBox supports multiple simultaneous connections to the same running VM from different clients. All connected clients see the same screen output and share a mouse pointer and keyboard focus. This is similar to several people using the same computer at the same time, taking turns at the keyboard. The following command enables multiple connection mode: VBoxManage modifyvm VM-name --vrdemulticon on7.1.8. Multiple Remote MonitorsTo access two or more remote VM displays you have to enable the VRDP multiconnection mode. See Section 7.1.7, “Multiple Connections to the VRDP Server”. The RDP client can select the virtual monitor number to connect to using the domain login parameter (-d). If the parameter ends with @ followed by a number, Oracle VM VirtualBox interprets this number as the screen index. The primary guest screen is selected with @1, the first secondary screen is @2, and so on. The Microsoft RDP 6 client does not let you specify a separate domain name. Instead, enter domain\username in the Username field. For example, @2\name. name must be supplied, and must be the name used to log in if the VRDP server is set up to require credentials. If it is not, you may use any text as the username. 7.1.9. VRDP Video RedirectionThe VRDP server can redirect video streams from the guest to the RDP client. Video frames are compressed using the JPEG algorithm allowing a higher compression ratio than standard RDP bitmap compression methods. It is possible to increase the compression ratio by lowering the video quality. The VRDP server automatically detects video streams in a guest as frequently updated rectangular areas. As a result, this method works with any guest operating system without having to install additional software in the guest. In particular, the Guest Additions are not required. On the client side, however, currently only the Windows 7 Remote Desktop Connection client supports this feature. If a client does not support video redirection, the VRDP server falls back to regular bitmap updates. The following command enables video redirection: VBoxManage modifyvm VM-name --vrdevideochannel onThe quality of the video is defined as a value from 10 to 100 percent, representing a JPEG compression level, where lower numbers mean lower quality but higher compression. The quality can be changed using the following command: VBoxManage modifyvm VM-name --vrdevideochannelquality 757.1.10. VRDP CustomizationYou can disable display output, mouse and keyboard input, audio, remote USB, or clipboard individually in the VRDP server. The following commands change the corresponding server settings: $ VBoxManage modifyvm VM-name --vrdeproperty Client/DisableDisplay=1 $ VBoxManage modifyvm VM-name --vrdeproperty Client/DisableInput=1 $ VBoxManage modifyvm VM-name --vrdeproperty Client/DisableUSB=1 $ VBoxManage modifyvm VM-name --vrdeproperty Client/DisableAudio=1 $ VBoxManage modifyvm VM-name --vrdeproperty Client/DisableClipboard=1 $ VBoxManage modifyvm VM-name --vrdeproperty Client/DisableUpstreamAudio=1To reenable a feature, use a similar command without the trailing 1. For example: $ VBoxManage modifyvm VM-name --vrdeproperty Client/DisableDisplay=Oracle VM VirtualBox supports teleporting. Teleporting is moving a virtual machine over a network from one Oracle VM VirtualBox host to another, while the virtual machine is running. This works regardless of the host operating system that is running on the hosts. You can teleport virtual machines between Oracle Solaris and Mac OS X hosts, for example. Teleporting requires that a machine be currently running on one host, which is called the source. The host to which the virtual machine will be teleported is called the target. The machine on the target is then configured to wait for the source to contact the target. The machine's running state will then be transferred from the source to the target with minimal downtime. Teleporting happens over any TCP/IP network. The source and the target only need to agree on a TCP/IP port which is specified in the teleporting settings. At this time, there are a few prerequisites for this to work, as follows:
To configure teleporting, perform the following steps:
For testing, you can also teleport machines on the same host. In that case, use localhost as the hostname on both the source and the target host. In rare cases, if the CPUs of the source and the target are very different, teleporting can fail with an error message, or the target may hang. This may happen especially if the VM is running application software that is highly optimized to run on a particular CPU without correctly checking that certain CPU features are actually present. Oracle VM VirtualBox filters what CPU capabilities are presented to the guest operating system. Advanced users can attempt to restrict these virtual CPU capabilities with the VBoxManage modifyvm --cpuid command. See Section 8.8, “VBoxManage modifyvm”. |