Desktop virtualization solution

Desktop virtualization solution

Proxmox VE+RDP

1. Topology

Two, deployment configuration

The proxmox VE used by the Virtualization Center, if you are interested, please check out https://www.proxmox.com/

pve is a free virtualization center, you can also spend money to buy services, similar to redhat.

Purpose: enable users on the external network to connect to the internal network through VPN and remotely connect to the vm_Client in pve through the rdp protocol

1. Install pve:

Download the pve CD https://www.proxmox.com/en/downloads to install the pve system, log in through a browser: https://ip:8006, the password is the system user password, and the field is linux PAM.

2. Install Windows Server (Windows Server 2016 I use):

In pve, create a new Windows Server 2016 virtual machine (you must first build a resource pool and upload the iso file), select the corresponding configuration, add at least two network cards, add server 2016 to AD and install the RD gateway service and DHCP service.

2.1 Add a remote desktop user group in the AD domain

2.2 Add roles RD and DHCP in server2016

2.3 Configure RD

Open RD Gateway Manager, configure RD CAP, add RD server member IP address (local IP address)

Configure the RD certificate, this step is necessary. You can go to a trusted organization to apply (self-signed certificate for testing)

Import certificate,

new policy,

add rd connection authorization policy,


add authorized access user or group

device redirection,

add rd authorized resource policy, and



other default configurations are complete.

Add firewall exceptions, add tcp443 and udp3391 exceptions to inbound rules.

IIS Manager binds https://ip:443 certificate

Configure dhcp scope.

3. Install the Windows 10 virtual machine, open the remote desktop, and configure the remote user password

Three, test

Add rd server domain name resolution in the hosts file,

windows+R open cmd, enter mstsc, open the remote desktop

Set up rd gateway server

Enter the IP address of Windows 10 and

enter the account password of the ad domain user. It is

not safe. Import this certificate into this machine, view the certificate

copy file to the local


double-click to install the certificate, import it to a trusted certificate authority and

connect again to test

Enter the AD domain user account password first, and enter the Windows 10 user password the second time

Appendix, optimization

1.pve turns on nested virtualization

svm is amd virtualization

vmx is intel virtualization

egrep --color'vmx|svm' /proc/cpuinfo is not supported if there is no output, otherwise vmx or svm will be highlighted.

cat /sys/module/kvm_intel/parameters/nested Y output N, which means it is not turned on, and output Y, which means it is turned on.

Shut down all virtual machines

modprobe -r kvm_intel
modprobe kvm_intel nested=1
cat /sys/module/kvm_intel/parameters/nested

Check the nested again, output Y, that is, the opening is successful.

cat /sys/module/kvm_intel/parameters/nested

Set the system to automatically turn on nested after startup

echo "options kvm_intel nested=1" >> /etc/modprobe.d/modprobe.conf

Set the cpu type of the virtual system vm to host

Set in the graphical interface: select vm, "hardware"-"processor"-"type"-"host"

2. Install spice-guest-tools to optimize the Windows virtual machine

3. Remove subscription

sed -i "s/data.status !== 'Active'/false/g" /usr/share/javascript/proxmox-widget-toolkit/proxmoxlib.js

Clear the browser cache and log in to the web again

4. Replace proxmox domestic source

#Delete Enterprise Source

rm -rf /etc/apt/sources.list.d/pve-enterprise.list

#Download key

wget http://download.proxmox.com/debian/proxmox-ve-release-6.x.gpg -O /etc/apt/trusted.gpg.d/proxmox-ve-release-6.x.gpg

#Add community source

echo "deb http://download.proxmox.wiki/debian/pve buster pve-no-subscription" >/etc/apt/sources.list.d/pve-install-repo.list

5. Replace debain domestic source

mv /etc/apt/sources.list /etc/apt/sources.list.bak

vi /etc/apt/source.list (copy the address below to this file)

deb http://mirrors.aliyun.com/debian/ buster main non-free contrib
deb-src http://mirrors.aliyun.com/debian/ buster main non-free contrib
deb http://mirrors.aliyun.com/debian-security buster/updates main
deb-src http://mirrors.aliyun.com/debian-security buster/updates main
deb http://mirrors.aliyun.com/debian/ buster-updates main non-free contrib
deb-src http://mirrors.aliyun.com/debian/ buster-updates main non-free contrib
deb http://mirrors.aliyun.com/debian/ buster-backports main non-free contrib
deb-src http://mirrors.aliyun.com/debian/ buster-backports main non-free contrib

Update

apt update (check for updates)

apt dist-upgrade (upgrade system and pve)

reboot

6. When installing ifupdown2, you are prompted to delete proxmox ve

System debain10.x, proxmox ve6.2

solve:

proxmox source setting problem

deb http://download.proxmox.wiki/debian/pve stretch pve-no-subscription

To

deb http://download.proxmox.wiki/debian/pve buster pve-no-subscription

Stretch and buster belong to two system versions, debain9.x is stretch, debain10.x is buster.

mox source setting problem

deb http://download.proxmox.wiki/debian/pve stretch pve-no-subscription

To

deb http://download.proxmox.wiki/debian/pve buster pve-no-subscription

Stretch and buster belong to two system versions, debain9.x is stretch, debain10.x is buster.

Restart pve: pvedaemon restart