Virtual Desktop Service (xrdp)
Project blog:
http://blog.inf.ed.ac.uk/squinney/tag/xrdp/
Server
The server-side configuration is closely based on a prototype service developed by SEE. It uses
xrdp project to provide remote access to the X server. In front of that is a proxy which uses
HAProxy to load balance across a cluster of machines. Up to now we have only had a single "staff" server and a single "student" server but with there being a lot more interest in supporting distance learning we clearly are going to have to expand our provision and this should provide the ideal solution.
- xrdp
- Based on the work of FreeRDP and rdesktop, xrdp uses the remote desktop protocol to present a GUI to the user. The goal of this project is to provide a fully functional Linux terminal server, capable of accepting connections from rdesktop, freerdp, and Microsoft's own terminal server / remote desktop clients. Xrdp uses Xvnc or X11rdp to manage the X session.
- HAProxy
- A free, very fast and reliable solution offering high availability, load balancing, and proxying for TCP and HTTP-based applications.
SEE headers (needs EASE authentication):
LCFG headers (closely based on SEE):
DICE headers:
We have these servers:
- xrdp.inf.ed.ac.uk is the general server. It's on hammermith, an old Dell PowerEdge R720.
- staff.xrdp.inf.ed.ac.uk is the staff, postgrad and visitor server. It's on waterloo, an old Dell PowerEdge R720.
- There's a test server on test.xrdp.inf.ed.ac.uk which is mizar, a VM.
Clients
One of our biggest issues with the previous NX service was the lack of decent client software for all platforms. The open-source versions were rarely sufficiently well maintained so we relied on the closed-source versions from
NoMachine, newer versions of which no longer support the old protocol. With RDP it is all a lot simpler as it's a "standard" protocol on Windows and MacOSX.
- Linux
- Various clients are available, the current best appears to be Remmina which is available as a package for at least Fedora, Debian, Ubuntu.
- Windows
- The standard Microsoft Remote Desktop application (which is free to install) should work. See this page for details.
- MacOSX
- Microsoft provide a free application in the App Store
SEE have put together some
basic notes on how to configure various RDP clients.
Intervention
When a user launches inappropriately resource-heavy computing jobs on a remote desktop server, their use of resources can be capped as follows:
- Run
top -c
as root. Identify the pid of a problematic process.
- Find out which systemd scope unit owns that process:
# systemctl status pid | grep CGroup
CGroup: /user.slice/user-1234567.slice/session-number.scope
- Set resource limits for that scope:
# systemctl --runtime set-property session-number.scope CPUQuota=50% MemoryLimit=4G
These are total limits for the user's session as a whole, not limits on each process. CPUQuota=number% sets the maximum permissible CPU use, expressed as a percentage of a single CPU core (you can exceed 100% to permit use of more than one core). MemoryLimit sets the collective maximum memory usage of the session's processes.
- Note that a bug means that a few processes do not get allocated to their own scope unit by systemd, but to the systemd service unit which configures the xrdp session manager. In this case the control group will be reported as
/system.slice/xrdp-sesman.service
. It's maybe not a good idea to limit that unit's resources...
Further Ideas
--
StephenQuinney - 06 Feb 2018