SPICE (protocol)
| Original author(s) | Qumranet |
|---|---|
| Developer(s) | Red Hat |
| Stable release | 0.12.0 |
| Written in | C, C++ |
| Operating system | Linux, Windows |
| Type | Server, client |
| License | GPL, LGPL, BSD |
| Website | spice-space.org |
| Internet protocol suite |
|---|
| Application layer |
| Transport layer |
| Internet layer |
| Link layer |
In computing, SPICE (the Simple Protocol for Independent Computing Environments) is a remote-display system built for virtual environments which allows users to view a computing "desktop" environment - not only on its computer-server machine, but also from anywhere on the Internet and using a wide variety of machine architectures.
Qumranet originally developed SPICE as a closed source codebase in 2007. Red Hat, Inc acquired Qumranet in 2008, and in December 2009 decided to release the code under an open-source license and treat the protocol as an open standard.[1][2]
Security
A SPICE client connection to a remote desktop server consists of multiple data channels, each of which is run over a separate TCP or UNIX socket connection. A data channel can be designated to operate in either clear-text, or TLS modes, allowing the administrator to tradeoff the security level vs performance. The TLS mode provides strong encryption of all traffic transmitted on the data channel.
In addition to encryption, the SPICE protocol allows for a choice of authentication schemes. The original SPICE protocol defined a ticket based authentication scheme using a shared secret. The server would generate an RSA public/private keypair and send its public key to the client. The client would encrypt the ticket (password) with the public key and send the result back to the server, which would decrypt and verify the ticket. The current SPICE protocol also allows for use of the SASL authentication protocol, thus enabling support for a wide range of admin configurable authentication mechanisms, in particular Kerberos.
Implementations
While only one server implementation exists, several programmers have developed new implementations of the SPICE client-side since the open-sourcing of SPICE.
spice-protocol
The spice-protocol module[3] defines the SPICE wire protocol formats. This is made available under the BSD license, and is portable across the Linux and Windows platforms.
spice
The spice module[4] provides the reference implementations for both the server and client side of the SPICE protocol. Available under the LGPLv2+ license, this is portable across Linux and Windows platforms. The server part of the codebase is provided as a dynamic library which can be linked to any application wishing to expose a SPICE server. As of 2013, the QEMU codebase uses this to provide a SPICE interface for virtual machines. The client part of the codebase is provided as a standalone executable.
spice-gtk
The spice-gtk module[5] implements a SPICE client using the GObject type system and the GTK widget toolkit. This comprises a low-level library, spice-client-glib, which implements the client protocol code, and a high-level set of widgets which provide a graphical client capability using GTK. This is made available under the LGPLv2+ license, and is portable across the Linux, OS X and Windows platforms.
spice-html5
The spice-html5 module[6] implements a SPICE client that uses JavaScript and is intended to run inside a web browser supporting HTML5. While it implements the SPICE protocol, it cannot talk directly to a regular SPICE server. It must connect to the server indirectly via WebSocket proxy.[7] This is made available under a combination of the GPLv3+ and LGPLv3+ licenses.
Application usage
The SPICE protocol originated to provide improved remote desktop capabilities in a fork of the KVM codebase.
QEMU / KVM
The QEMU maintainers merged support for providing SPICE remote desktop capabilities for all QEMU virtual machines in March 2010. The QEMU binary links to the spice-server library in order to provide this capability and implements the QXL paravirtualized framebuffer device to enable the guest OS to take advantage of the performance benefits the SPICE protocol offers. The guest OS may also use a regular VGA card, albeit with degraded performance as compared to QXL.
Xspice
The X.Org Server driver for the QXL framebuffer device includes a wrapper script[8] which makes it possible to launch an Xorg server whose display is exported via the SPICE protocol. This enables use of SPICE in a remote desktop environment, without requiring QEMU/KVM virtualization.
virt-viewer
The virt-viewer program uses the spice-gtk client library to connect to virtual machines using SPICE, as an alternative to its previous VNC support.
OVirt
SPICE is integrated into OVirt private-cloud management software, allowing users to connect to virtual machines through SPICE.
See also
References
- ↑ "Red Hat open-sources SPICE". Redhat.com. Retrieved 2013-10-25.
- ↑ "Project website". Spice-space.org. Retrieved 2013-10-25.
- ↑ "spice-protocol GIT repository". Cgit.freedesktop.org. Retrieved 2013-10-25.
- ↑ http://cgit.freedesktop.org/spice/spice/ spice GIT repository
- ↑ "spice-gtk GIT repository". Cgit.freedesktop.org. 2013-10-10. Retrieved 2013-10-25.
- ↑ "spice-html5 GIT repository". Cgit.freedesktop.org. Retrieved 2013-10-25.
- ↑ https://github.com/kanaka/websockify WebSockify proxy server
- ↑ "XSpice README". Cgit.freedesktop.org. Retrieved 2013-10-25.