I have working during many years with VmWare (read for example my articles from 2019 year VmWare 7 management or from 2010 year Основы работы с VmWare, but this project I decide to making with KVM Hypervisor because there are a couple of benefits of this solution:
# apt-get update # apt-get upgrade # apt-get install qemu-kvm libvirt-bin virtinst bridge-utils cpu-checker libvirt-daemon-system # kvm-ok # service libvirtd status
So, first step is protection. Simplest protection is only restriction to server from one address.
But in practice need more complex and sophisticated rules. To reorder UFW rules need to change order in /etc/default/ufw. In this case only server admin has access to KVM hypervisor. If server admin IP addr is changing need to require console access from datacenter.
# apt install ufw # ufw allow from XXX.XXX.XXX.XXX to any port 22 # ufw enable # ufw status numbered
# sudo sh -c 'grep -q 8021q /etc/modules || echo 8021q >> /etc/modules' # modprobe 8021q
Relogin or restart the kernel modules
# rmmod kvm # modprobe -a kvm
# apt-get install vlan # sudo nano /etc/network/interfaces # reboot
And check how it working.
# cat /proc/net/vlan/eth0.4002
This is cool and important point, if VM will be working in this point than all going well.
In final step I define in my KVM host a bridge over my physical interface with VLAN. This allow me connect to bridge more than one VM (as in previous step)
# sudo nano /etc/network/interfaces auto br1 iface br1 inet static mtu 1400 address xxx.xxx.xxx.xxx netmask 255.255.255.240 bridge_ports eth0.4002 bridge_stp off bridge_fd 0 bridge_maxwait 0 metric 1
After that any VM can connect to bridge.
In this configuration need to set special permission to spice server.
Without this permission you will receive only error.
Of course, you can download spice client for windows and with this permission it will be also working well.
|<SITEMAP> <MVC> <ASP> <NET> <DATA> <KIOSK> <FLEX> <SQL> <NOTES> <LINUX> <MONO> <FREEWARE> <DOCS> <ENG> <MAIL ME> <ABOUT ME> < THANKS ME>|