The best cloud desktop solution for Linux is… Windows!?

I like using a remote desktop work/office environment for various reasons, travelling being on of them. This is also known as a cloud desktop. Thanks to the awesome Apache Guacamole remote desktop gateway software, I can access it everywhere, just by using a web browser (and an Internet connection).

While I love Linux, it sucks when it comes to running a remote desktop server using non-commercial software. Yes, I’ve tried xrdp. While it works, the graphics performance/latency sucks even though I was using the low resource environment xfce4. Obviously there is commercial remote desktop server software like RealVNC or NoMachine but I don’t want to shell out cash for my cloud desktop and in the case of NoMachine, its proprietary NX protocol isn’t supported by Guacamole.

However, I have an unused Windows Server 2019 educational license which I can use for my cloud desktop. It uses the RDP protocol which is fully supported by Guacamole. I realise that a Windows Server installation is pretty much overkill for just a cloud desktop but hey… it’s free (in my case). Windows 10 Pro contains an RDP server as well but I haven’t tried it.

The biggest challenge was to find the right parameters for virt-install to install a Windows server on my Linux KVM host. Here’s what I came up with:

#!/bin/sh 
NAME=desktop
RAM=4096
CPU=2
IMAGE=win-server-2019.iso
VIRTIO_IMAGE=virtio-win.iso
SIZE=50G
VNC_PORT=56681
VARIANT=win2k16
VG=vg0 
MAC=02:00:00:d1:78:d9
lvcreate -L $SIZE -n lv_vm_$NAME $VG 
virt-install --connect qemu:///system --arch=x86_64 -n $NAME -r $RAM --vcpus=$CPU \
--mac=$MAC \
--cdrom /var/lib/libvirt/images/$IMAGE \
--disk path=/dev/$VG/lv_vm_$NAME,bus=virtio \
--disk path=/var/lib/libvirt/images/$VIRTIO_IMAGE,device=cdrom \
--graphics vnc,listen=127.0.0.1,port=$VNC_PORT \
--noautoconsole \
--os-type windows \
--os-variant=$VARIANT \
--network=bridge:br0,model=virtio \
--accelerate \
--noapic

In my case, the network bridge br0 from the Linux KVM host is exposed to the guest KVM. I’m using LVM for storage.

Once the KVM is up, I’m using a VNC client to complete the Windows installation. Since the VNC port isn’t exposed to the internet (deliberately), I’m using ssh port forwarding to access it to complete the installation. Something like:

ssh myhost -L56681:127.0.0.1:56681

Since Windows won’t find the required disk drivers, I’m attaching the Windows virtio driver .iso as a CD-ROM. Look for the viostor drivers during the installation process and the logical volume will finally show up in the installer. Once the installation is complete, I’m using VNC again to update the missing Ethernet drivers in the Device Manager, configure the network and that’s pretty much it.

It’s not recommended to expose the Windows remote desktop server to the Internet. Port 3389 gets brute-force attacked 24/7. I could use the same SSH port forwarding approach shown above to access my cloud desktop by forwarding port 3389 and/or firewall the RDP port so only my Guacamole server is able to access it.