Final Report: UEFI Support in LCFG (389)

The aim of this project was to replace our aging NX service with something based on a standard technology.

Config Sharing

The majority of the configuration for this service came from SEE who had already implemented a test service before our project started. It was nice to be able to get a service up and running quickly and I hope we can share config for more services in the future. The one part we didn't use in the end was the support for multiple backends based on haproxy. As we currently only have two servers - one for staff and one for students - I decided to avoid the extra layer of complex configuration which gave us no benefit. We can switch over to that approach if we decide we need to throw more hardware at the problem in the future.

Client Support

The NX service suffered from rather poor support on the client side, particularly on non-Linux platforms so the main benefit of switching to an RDP based service is that it is a standard protocol and clients are readily available on Windows and MacOS. If anything the ease of access to client software has made the service too popular which regularly leads to overloading.

Application Support

Due to the use of old X libraries on NX some applications just would not run and had to be excluded from the service, we are not aware of any similar problems with XRDP.

Performance

We are aware that the performance of XRDP is not always as good as NX, particularly for slower connections, the only way to improve the performance seems to be to tweak the color depth.

Security

The old NX service relied on an SSH private key being shared with all our users, this meant that session snooping was a real possibility. The RDP service properly supports secure sessions with TLS encryption, we also use a Quovadis certificate so that clients do not warn about locally signed certificates.

Resources

If anything the accessibility of the new service has caused us a lot of problems as it has been a victim of its own success. At the start of semester 1 the service saw heavy load which led to it crashing regularly. This has since been mostly resolved by using cgroups to strictly limit what resources are available to users. This was particularly a problem for distance learning students who had no alternative way to access a DICE desktop environment. We are aware that the current servers are rather old so we are currently working on specifying replacement hardware. With increasing numbers of distance learning students we plan to retain one of the old servers to provide a dedicated service for those users.

Documentation

Effort

This project took 113 hours of effort.

Time Period Hours
T1 77
T2 18
T3 18

-- StephenQuinney - 05 Feb 2019

Topic attachments
I Attachment Action Size Date Who Comment
pdfpdf project389_blog.pdf manage 56.9 K 05 Feb 2019 - 11:54 StephenQuinney blog entries for project #389
pdfpdf xrdp.log.pdf manage 20.0 K 05 Feb 2019 - 13:57 StephenQuinney Reports from MPU weekly meetings
Topic revision: r4 - 19 Mar 2019 - 11:45:27 - StephenQuinney
 
This site is powered by the TWiki collaboration platformCopyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback
This Wiki uses Cookies