Virtual Desktop Service (xrdp)

Project blog: http://blog.inf.ed.ac.uk/squinney/tag/xrdp/

Server

The server-side configuration is closely based on a prototype service developed by SEE. It uses xrdp project to provide remote access to the X server. In front of that is a proxy which uses HAProxy to load balance across a cluster of machines. Up to now we have only had a single "staff" server and a single "student" server but with there being a lot more interest in supporting distance learning we clearly are going to have to expand our provision and this should provide the ideal solution.

xrdp
Based on the work of FreeRDP and rdesktop, xrdp uses the remote desktop protocol to present a GUI to the user. The goal of this project is to provide a fully functional Linux terminal server, capable of accepting connections from rdesktop, freerdp, and Microsoft's own terminal server / remote desktop clients. Xrdp uses Xvnc or X11rdp to manage the X session.
HAProxy
A free, very fast and reliable solution offering high availability, load balancing, and proxying for TCP and HTTP-based applications.

SEE headers (needs EASE authentication):

LCFG headers (closely based on SEE):

DICE headers:

We have these servers:

  • xrdp.inf.ed.ac.uk is the general service. It's on two machines, lute and archlute. An "haproxy" service sends users to one or other of them.
  • staff.xrdp.inf.ed.ac.uk is the staff, postgrad and visitor server. It's on waterloo, an old Dell PowerEdge R720.
  • From time to time there's a test server on test.xrdp.inf.ed.ac.uk.

Clients

One of our biggest issues with the previous NX service was the lack of decent client software for all platforms. The open-source versions were rarely sufficiently well maintained so we relied on the closed-source versions from NoMachine, newer versions of which no longer support the old protocol. With RDP it is all a lot simpler as it's a "standard" protocol on Windows and MacOSX.

Linux
Various clients are available, the current best appears to be Remmina which is available as a package for at least Fedora, Debian, Ubuntu.
Windows
The standard Microsoft Remote Desktop application (which is free to install) should work. See this page for details.
MacOSX
Microsoft provide a free application in the App Store

SEE have put together some basic notes on how to configure various RDP clients.

Intervention

This should no longer be necessary since we moved the service to machines with capacious and reliable hardware but just in case: When a user launches inappropriately resource-heavy computing jobs on a remote desktop server, their use of resources can be capped as follows:
  1. Run top -c as root. Identify the pid of a problematic process.
  2. Find out which systemd scope unit owns that process:
    # systemctl status pid | grep CGroup
    CGroup: /user.slice/user-1234567.slice/session-number.scope
  3. Set resource limits for that scope:
    # systemctl --runtime set-property session-number.scope CPUQuota=50% MemoryLimit=4G
    These are total limits for the user's session as a whole, not limits on each process. CPUQuota=number% sets the maximum permissible CPU use, expressed as a percentage of a single CPU core (you can exceed 100% to permit use of more than one core). MemoryLimit sets the collective maximum memory usage of the session's processes.
  4. Note that a bug means that a few processes do not get allocated to their own scope unit by systemd, but to the systemd service unit which configures the xrdp session manager. In this case the control group will be reported as /system.slice/xrdp-sesman.service. It's maybe not a good idea to limit that unit's resources...
  5. Dealing with a "hung" session - Use loginctl list-sessions to get the list of sessions and then use loginctl terminate-session <session id> to remove the stuck session. If that doesn't work try kill-session, there are also terminate-user and kill-user which can be used to kill all processes for a specified username.

Further Ideas

Topic revision: r9 - 03 May 2019 - 11:16:31 - ChrisCooke
 
This site is powered by the TWiki collaboration platformCopyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback
This Wiki uses Cookies