Desktop virtualization solution
Proxmox VE+RDP
1. Topology
Two, deployment configuration
The proxmox VE used by the Virtualization Center, if you are interested, please check out https://www.proxmox.com/
pve is a free virtualization center, you can also spend money to buy services, similar to redhat.
Purpose: enable users on the external network to connect to the internal network through VPN and remotely connect to the vm_Client in pve through the rdp protocol
1. Install pve:
Download the pve CD https://www.proxmox.com/en/downloads to install the pve system, log in through a browser: https://ip:8006, the password is the system user password, and the field is linux PAM.
2. Install Windows Server (Windows Server 2016 I use):
In pve, create a new Windows Server 2016 virtual machine (you must first build a resource pool and upload the iso file), select the corresponding configuration, add at least two network cards, add server 2016 to AD and install the RD gateway service and DHCP service.
2.1 Add a remote desktop user group in the AD domain
2.2 Add roles RD and DHCP in server2016
2.3 Configure RD
Open RD Gateway Manager, configure RD CAP, add RD server member IP address (local IP address)
Configure the RD certificate, this step is necessary. You can go to a trusted organization to apply (self-signed certificate for testing)
Import certificate,
new policy,
add rd connection authorization policy,
add authorized access user or group
device redirection,
add rd authorized resource policy, and
other default configurations are complete.
Add firewall exceptions, add tcp443 and udp3391 exceptions to inbound rules.
IIS Manager binds https://ip:443 certificate
Configure dhcp scope.
3. Install the Windows 10 virtual machine, open the remote desktop, and configure the remote user password
Three, test
Add rd server domain name resolution in the hosts file,
windows+R open cmd, enter mstsc, open the remote desktop
Set up rd gateway server
Enter the IP address of Windows 10 and
enter the account password of the ad domain user. It is
not safe. Import this certificate into this machine, view the certificate
copy file to the local
double-click to install the certificate, import it to a trusted certificate authority and
connect again to test
Enter the AD domain user account password first, and enter the Windows 10 user password the second time
Appendix, optimization
1.pve turns on nested virtualization
svm is amd virtualization
vmx is intel virtualization
egrep --color'vmx|svm' /proc/cpuinfo is not supported if there is no output, otherwise vmx or svm will be highlighted.
cat /sys/module/kvm_intel/parameters/nested Y output N, which means it is not turned on, and output Y, which means it is turned on.
Shut down all virtual machines
modprobe -r kvm_intel
modprobe kvm_intel nested=1
cat /sys/module/kvm_intel/parameters/nested
Check the nested again, output Y, that is, the opening is successful.
cat /sys/module/kvm_intel/parameters/nested
Set the system to automatically turn on nested after startup
echo "options kvm_intel nested=1" >> /etc/modprobe.d/modprobe.conf
Set the cpu type of the virtual system vm to host
Set in the graphical interface: select vm, "hardware"-"processor"-"type"-"host"
2. Install spice-guest-tools to optimize the Windows virtual machine
3. Remove subscription
sed -i "s/data.status !== 'Active'/false/g" /usr/share/javascript/proxmox-widget-toolkit/proxmoxlib.js
Clear the browser cache and log in to the web again
4. Replace proxmox domestic source
#Delete Enterprise Source
rm -rf /etc/apt/sources.list.d/pve-enterprise.list
#Download key
wget http://download.proxmox.com/debian/proxmox-ve-release-6.x.gpg -O /etc/apt/trusted.gpg.d/proxmox-ve-release-6.x.gpg
#Add community source
echo "deb http://download.proxmox.wiki/debian/pve buster pve-no-subscription" >/etc/apt/sources.list.d/pve-install-repo.list
5. Replace debain domestic source
mv /etc/apt/sources.list /etc/apt/sources.list.bak
vi /etc/apt/source.list (copy the address below to this file)
deb http://mirrors.aliyun.com/debian/ buster main non-free contrib
deb-src http://mirrors.aliyun.com/debian/ buster main non-free contrib
deb http://mirrors.aliyun.com/debian-security buster/updates main
deb-src http://mirrors.aliyun.com/debian-security buster/updates main
deb http://mirrors.aliyun.com/debian/ buster-updates main non-free contrib
deb-src http://mirrors.aliyun.com/debian/ buster-updates main non-free contrib
deb http://mirrors.aliyun.com/debian/ buster-backports main non-free contrib
deb-src http://mirrors.aliyun.com/debian/ buster-backports main non-free contrib
Update
apt update (check for updates)
apt dist-upgrade (upgrade system and pve)
reboot
6. When installing ifupdown2, you are prompted to delete proxmox ve
System debain10.x, proxmox ve6.2
solve:
proxmox source setting problem
deb http://download.proxmox.wiki/debian/pve stretch pve-no-subscription
To
deb http://download.proxmox.wiki/debian/pve buster pve-no-subscription
Stretch and buster belong to two system versions, debain9.x is stretch, debain10.x is buster.
mox source setting problem
deb http://download.proxmox.wiki/debian/pve stretch pve-no-subscription
To
deb http://download.proxmox.wiki/debian/pve buster pve-no-subscription
Stretch and buster belong to two system versions, debain9.x is stretch, debain10.x is buster.
Restart pve: pvedaemon restart