Re: [Users] [Spice-devel] multiple concurrent spice consoles (was Ovirt + Spice + VDI)
On Fri, 2012-09-14 at 11:49 +0200, David Jaša wrote: John A. Sullivan III píše v Čt 13. 09. 2012 v 12:36 -0400: On Thu, 2012-09-13 at 20:16 +0430, Mohsen Saeedi wrote: John A. Sullivan III jsulli...@opensourcedevel.com wrote on Thu, 13 snip We have also been toying with the idea of using KVM/KSM to move to a single server per user. This would provide much greater isolation and non-repudiation but we are concerned about the overhead of KVM on the KVM host and deduplication on the SAN. Thanks - John I think so, spice has experimental feature for multiple client to single windows XP now. is it true?? and what is the details for idea of using KVM/KSM to move to a single server per user? I didn't understand it very well. Thanks This is something we are able to do splendidly well with VServer and X2Go (an NX implementation). With the VServer hashification feature, I can have 400 VMs on a host and only take one VM's worth of space for system files. oVirt (RHEV) templates will do the same for you. Then I had better start investigating it! Thanks. Moreover, all instances in memory only take the space of one instance. Thus, we get deduplication and KSM almost for free. oVirt (RHEV) runs KSM only when the host memory gets fuller but I seem to remember that guys were able to have high 1000's of % of memory overcommit ratios I have heard rumors of high CPU utilization with KSM but we have not experimented enough with it ourselves to know. Is that an issue? BTW, how does VServer implement its memory sharing, isn't it KSM internally too? No, it's a consequence of their hashification. As an option, all duplicate files in the file system (there is a single file system in VServer although accessed via different namespaces) are replaced by immutable hard links. I'm not sure of the details but, because each of those files shares a common inode, I believe only one instance is loaded into memory. Because the additional overhead is so minuscule (minimal memory and disk and almost no virtualization overhead since it is a container technology instead of a hypervisor), and because there are no licensing issues for our Linux desktops, it makes sense to give each user a dedicated VM. Not only does that give us excellent isolation from errant processes but it also means (because of the details of our implementation) that each user has a consistent IP address allowing us to correlate network events with specific users. in oVirt, your guest systems have stable MAC address so with properly configured DHCP/DNS, you'd get the same. David snip ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] [Spice-devel] multiple concurrent spice consoles (was Ovirt + Spice + VDI)
On Fri, 2012-09-14 at 16:55 +0300, Itamar Heim wrote: On 09/14/2012 03:28 PM, John A. Sullivan III wrote: ... Moreover, all instances in memory only take the space of one instance. Thus, we get deduplication and KSM almost for free. oVirt (RHEV) runs KSM only when the host memory gets fuller but I seem to remember that guys were able to have high 1000's of % of memory overcommit ratios I have heard rumors of high CPU utilization with KSM but we have not experimented enough with it ourselves to know. Is that an issue? ksm takes cpu, but servers today are loaded with cores, but memory is still the expensive part. today we configure ksm to kick in only when memory is ~80%, which is when you'd usually be willing to pay the price of one of your cores spending some time on ksm, then the memory congestion on the host / losing memory overcommit. That's where VServer is so great - we get the same results without the overhead. I assume oVirt does not change that part. Still, we are looking forward to exploring it as we really have no other option for Windows desktops and servers. Thanks - John ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] [Spice-devel] multiple concurrent spice consoles (was Ovirt + Spice + VDI)
On Thu, 2012-09-13 at 20:16 +0430, Mohsen Saeedi wrote: John A. Sullivan III jsulli...@opensourcedevel.com wrote on Thu, 13 Sep 2012 08:38:11 -0400: On Thu, 2012-09-13 at 08:06 -0400, Alon Levy wrote: Hi Mohsen, multiple sessions to the single VM are not on the roadmap. There is experimental multi-client support but it is to make more users see the same session. Moshen, I misunderstood. In this case, I guess I don't actually see how we could fix your problem without circumventing any mechanism that windows has to count license users. Please ignore my lengthy email, it won't help you at all. Alon You can use some recipe for get ridding windows XP RDP limitation: http://www.petri.co.il/multiple-remote-desktop-sessions-on-windows-xp-sp3.htm I think the problems are more legal than technical. From the above link: However, be warned. Before you begin, I need to warn you that patching the file and allowing more than one concurrent Remote Desktop session will violate a few lines in the Windows XP EULA. Proceed with caution and at your own risk. snip We are actually quite interested in something like this. In effect, it is RDS but replaces the RDP protocol with SPICE for the advantages SPICE brings. We have also been toying with the idea of using KVM/KSM to move to a single server per user. This would provide much greater isolation and non-repudiation but we are concerned about the overhead of KVM on the KVM host and deduplication on the SAN. Thanks - John I think so, spice has experimental feature for multiple client to single windows XP now. is it true?? and what is the details for idea of using KVM/KSM to move to a single server per user? I didn't understand it very well. Thanks This is something we are able to do splendidly well with VServer and X2Go (an NX implementation). With the VServer hashification feature, I can have 400 VMs on a host and only take one VM's worth of space for system files. Moreover, all instances in memory only take the space of one instance. Thus, we get deduplication and KSM almost for free. Because the additional overhead is so minuscule (minimal memory and disk and almost no virtualization overhead since it is a container technology instead of a hypervisor), and because there are no licensing issues for our Linux desktops, it makes sense to give each user a dedicated VM. Not only does that give us excellent isolation from errant processes but it also means (because of the details of our implementation) that each user has a consistent IP address allowing us to correlate network events with specific users. In some Windows licensing models, there is no cost differential between individual workstations and individual VMs. In that model, we are investigating the same scenario, viz., a single VM per user. However, since we cannot use VServer for Windows guests, we either need to look at Virtuozzo or produce the same results with KVM/KSM/dedupe. We suspect that is much more resource intensive than it is with VServer. Whatever model we choose, we then need a transport protocol and, as SPICE is refined especially in its handling of WAN video, we are quite interested in using it rather than RDP for transport. I hope that clarifies it. Thanks - John ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users