David McKeon, 08/12/2008

www.bonzoli.com

1.0) Introduction

This is an attempt to write a comprehensive and complete guide to install XP in a virtualized environment running KVM/Qemu as the virtualization engine.

I am going to show you how to get a virtual guest running and get synchronized clip boards for cut and pasting between machines with a secure client.

The guide was written using:

QEMU PC emulator version 0.9.0

Fedora 8 - Host

Windows XP - Guest

Contributors:

David McKeon 12/02/2007

2.0) What is KVM/Qemu?

In short its a PC host emulator. You can install XP in a fully operational PC with BIOS inside of another running operating system. Wiki Entry for Qemu

Basic Terms:

Guest Operationing System or Guest OS is the operating system we will be installing in the Qemu virtualization tool. All resources are virtualized versions of the host operating system.

Host Operating system or Host OS is the operation system Qemu lives on, you will be running the guests using the physical resources of this box.

In this document, the Host OS is Linux, the Guest OS is XP.

3.0) Why am I using KVM and not Qemu?

KVM uses the vmx/smv virtualization cpu hooks both Intel and AMD now ship in their new processors. In short this speeds up the guest operating system(XP) quite a bit. KVM runs inside of Linux as another process, which allows me to do things with my existing scripts and applications. It does not need a special kernel such as Xen. And its battery friendly for laptops. Its 100% Free, as in beer, no strings attached. If you like it, you should donate back to the project to help make it better. There are pro's and con's to any virtualization software you use, and there are lots of cool things you can do with all of them: List of virtulization links

4.0) Does your CPU support virtual machines natively?

To see if your cpu supports this in linux type in a HOST OS shell:

egrep '(vmx|svm)' /proc/cpuinfo

You will see 2 lines of text returned if you have a virtulizing cpu:

flags : fpu vme de pse tsc msr pae mce cx8 apic mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe nx lm constant_tsc arch_perfmon pebs bts pni monitor ds_cpl vmx est tm2 ssse3 cx16 xtpr lahf_lm ida

flags : fpu vme de pse tsc msr pae mce cx8 apic mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe nx lm constant_tsc arch_perfmon pebs bts pni monitor ds_cpl vmx est tm2 ssse3 cx16 xtpr lahf_lm ida

If you do not see this, then you probably do not have a newer cpu with virtualization in the cpu or you have it disabled in the BIOS. Reboot your system and check to make sure if its enabled if you know your PC should be a newer CPU.

Intel CPU will have: vmx

AMD CPU will have: svm

You can still use qemu/kvm if you do not have the newer cpu, it will just not be as fast with many operations. You can also move a Guest OS image to another box and run KVM later if you get a newer CPU that supports these.

Fedora 8 ships with qemu-kvm as the binary name, where distributions such as Ubuntu/Debian others will use kqemu or kvm.

5.0) Pre-Configuration Check list

I'm not using http://virt-manager.et.redhat.com/ this is the Redhat virtualization manager, since it doesn't allow me to use scripts to start and stop the guest client. I use a script to make sure things are ready before I try to start the Guest OS.

Qemu: Disk image setup Prep

Figure out how big you want your XP base image to be, and have a partition that size available.

20G should be really good but 10G would work.

Copy as root qemu-ifdown and qemu-ifup scripts to /etc directory.

The scripts are below: cut and paste each then chmod 755 the scripts

6.0) Install KVM/Qemu.

Make sure yum works:

Type:

yum list

If this works run:

yum install -y qemu.i386 kvm.i386 SDL.i386 bridge-utils.i386

6.1) Using yum through the MS ISA firewall:

If you are behind an ISA MS firewall. We need to install cntlm. Cntlm is an NTLM/NTLMv2 authenticating HTTP proxy. MS ISA servers are NTLM proxies.

if you have internet:

yum install cntlm.i386 gedit.i386 -y

otherwise download with firefox on linux

rpm -ihv cntlm.i386 gedit.i386

cntlm-0.35-1.i386.rpm (or on your windows box, and ftp it to the linux machine)

gedit /etc/cntlm.conf

Put the appropriate information in for your network, DO NOT PUT THE PASSWORD in this file, security is always an issue.

as root type :

export http_proxy=http://127.0.0.1:3128/

cntlm -fIc /etc/cntlm.conf

Type in your ISA / Windows Password for the user when prompted, this is setting up the proxy to auto authenticate your user against ISA and pass you through.

WARNING: Don't mistype this, it can lock your account.

You should now be able to type:

yum list

6.2) Manually load the driver:

For AMD processors

modprobe kvm-amd

For Intel processors

modprobe kvm-intel

then

modprobe tun

Note: Do not worry if the “modprobe tun” fails, as it might already be loaded.

7.0) Install and Configuration of XP

7.1) Create base image

We are going to use the qcow2 format for the Guest OS image, its nice as it supports grow as needed file system, and optionally AES encryption and Zlib compression. We will not be encrypting or compressing in this document, please see the manual pages for supported options.

qemu-img create windows-xp.img -f qcow2 10G

The Image created at this point will be quite small, not 10G, but Windows once installed will see 10Gs of available space, and the Image will grow as you add stuff to the XP image. My initial image was 1.45G after I did a base install It was 7.2G after MS Office, Outlook, and McAfee was installed. There are a couple other work related items on it also. My image is actually a 30G, so I have lots of room to grow.

Warning: this process will probably break your current network firewall settings on the linux host system and you should have another firewall set up using the br0 device for the length of this session, but the above scripts do not include such a thing at this time. Don't run this unless your behind a firewall of some sort or are certain your network is safe. You can do all of this and not mess with your settings by removing -net nic -net tap from the command lines below.

Install XP

	Note: -boot d says boot the cdrom first, allowing you to install off the install cd of choice.
	

Install command:

	/usr/bin/qemu-kvm -no-acpi -soundhw all -net nic -net tap -smp 2 -m 512  -cdrom /dev/cdrom -boot d windows-xp.img;/etc/qemu-ifdown	

	Note:
	if you have dual or quad core use -smp 2 option otherwise take this out. Do not put in more cpu then you physically have or you will pay a speed penalty to manage it in qemu. 

-soundhw all sets up generic sound devices, if you do not want sound take this out.

To Run command:

/usr/bin/qemu-kvm -no-acpi -soundhw all -net nic -net tap -smp 2 -m 512 windows-xp.img;/etc/qemu-ifdown

So what does the above command do?

Well its saying boot the windows-xp.img using qemu-kvm emulate 2 cpus using 512 megs of memory with all sound card emulation on, also use the tap device as our Network interface card in windows(NIC). The no acpi option turns off a process where windows queries a BIOS register over and over which causes the system to go much slower in emulation mode, as in 4x times slower on my laptop.

The Run command does the same thing as the Install, except we remove the cdrom emulation,

you can put this in if you want to pass the cdrom by putting back in the -cdrom /dev/cdrom option.

This is the command I use to start windows in a start_xp script:

#!/bin/bash

# start_xp

# Start kvm Qemu script

#Insert kernel modules

modprobe kvm-intel

modprobe tun

# Start qemu-kvm guest

/usr/bin/qemu-kvm -no-acpi -net nic -net tap -smp 2 -m 1000 winxp.img

# Reset my network settings, ifup will restart firestarter script for me

/etc/qemu-ifdown

7.2) Making no-acpi work with xp

If the image installs, but later does not boot with the -no-acpi option follow this guide to turn off the acpi windows drivers. Read it once or twice, understand you are going to remove the acpi drivers for the motherboard in the XP guest operating system, and replace them with a standard driver that does not auto switch off the machine. So Windows will now say “Ready to Shut off” machine after you shut down the guest. This will require 1 or 2 reboots of the guest to setup the new generic drivers and see the hardware correctly.

7.3) No sound via alsa/pulse

Even though qemu supports alsa as a backend for sound, the fedora version does not support this, which means it will try to allocate the /dev/dsp device if you activate the sound drivers. I generally do not start the soundhw with my boot image because Linux is my default desktop and I view Multimedia items there.

8.0) Remote Copy/Clipboard sync

At this point XP should be installed as the Guest OS. You should be able to see your network.

We are now going to set up Clip board sharing between the 2 Operating systems. This process is using SSL libraries in Java, so you should not be breaking any laws downloading this program. I've never had an issue with security with this program, but just to be safe you should have a firewall up with only known hosts accessing this port. I recommend Firestarter on fedora 8, you can install this tool by typing 'yum install -y firestarter'. You will have to shut off the Fedora firewall before using firestarter, this is accessed through system->firewall->disable->apply. Then run firestarter system->firestarter and follow the setup wizard, you are not connection sharing when setting up a bridge device. Also once the guest is running you want the active device to be br0. I'm working on a quick way to switch from eth0 to br0 on bootup of the guest OS. I'll post it once I have something that I'm happy with.

Download remoteclip on the windows and linux partition fedora java-tea version works fine with remote clip, but you will have to put in the xcb fix.

Remote clip works anywhere java with a gui works. So linux to linux or even to a palm OS will work.

8.1) FIXING JAVA XCB on Fedora 8

Issue with java install programs on Fedora 8

November 17th, 2007

Error I was getting:

java: xcb_xlib.c:50: xcb_xlib_unlock: Assertion `c->xlib.lock’ failed.

I use the java version of the IBM HMC client with had some issues installing on fedora 8. This is also the same issue I believe Zend has installing. This fixes that error:

# Fix java can not lock bug in xcb - you need to be root to do this.
yum install compat-libstdc++-* libXp

wget http://members.optusnet.com.au/foonly/libxcb/libxcb-1.0-3.0.fc8.i386.rpm
wget http://members.optusnet.com.au/foonly/libxcb/libxcb-devel-1.0-3.0.fc8.i386.rpm

rpm -U libxcb-1.0-3.0.fc8.i386.rpm
rpm -U libxcb-devel-1.0-3.0.fc8.i386.rpm
If you have errors on the libxcb-devel file, try

yum remove libxcb-devel*

This should only remove the devel packages, at which point you should be able to rerun the rpm -U commands above and have it work.

8.2) Installing Remote Clip

Download the Remote Clip Zip file, which is used for both Operating Systems we are using here. Remote Clip Homepage

Remote Clip File

For linux

unzip RemoteClip-3.1.zip

For XP just open the zip folder and drag the Remote clip directory where you want it. The Homepage for Remoteclip documents the functionality and has a good walk through if needed.

8.3) Installing Java and Remote Clip correctly on XP

Download java 1.6.0.x on xp

Put path in the computer advanced properties PATH option

Right click my computer icon->Properties->Advanced->Enviroment Variables->System Variables->Path

Double click path, or highlight and select edit.

Edit Systems Variable(Window Popup)

Variable Value: At the front of this line:(highlight line, hit home key)

Insert: C:\Program Files\Java\jre1.5.0_09\bin;

Do not forget the semi colon,

Push the “OK” button

At this point you should be able to click on the

\RemoteClip-3.1\bin\rclip.exe

And a window should pop up with your machine name in it.

(My computername(local host))

If it says, can not open the port, and exits, then your path is still not correct, reffer to the above about pathing and see if you did that correctly.

If you somehow messed up this pathing entry, mine looks like:

C:\Program Files\Java\jre1.5.0_09\bin;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem

This should be a pretty standard line on most installs of XP.

Ok, if this is working create a shortcut in the start->programs->startup

This will autostart the rclip.exe after you login to the xp desktop for you.

Now if you have both working on Linux and the XP guest OS, you can click ADD and put the hostname of the other machine in the linux side and it should hit you with a “Add this host popup” on the other system. Select Yes, and you should now be in sync clipboard mode, where your last current clipboard cut/copy will be in the other side. This works with txt only. You can also paste files between the system with the “Copy Files/Paste Files” Option.

8.3) Installing Remote clip Correctly on Fedora 8

This is quite easy once you did the the steps in 8.2 of this guide.

There is a directory RemoteClip-3.1/ where you unzipped the files.

command:

./RemoteClip-3.1/bin/rclip

A java windows should pop up same as in the XP side. If you have issues with it running, please check to make sure you have java-1.7.0-icedtea installed from the yum repository.

yum install java-1.7.0-icedtea

Should tell you if you have it.

IP based connectivity does work, but if there is a hostname rclip will switch to that, if that hostname doesn't match the IP it will not work correctly. So make sure the Addresses and Hostnames match up. Check your /etc/host file for bad or multiple entries if it isn't working after the add host button is clicked.

9.0) Samba File share

TBD

10.0) Testing sound where is alsa support?

It appears the F8 version did not compile with Alsa Support?

11.0) Firewalls and security.

Its always wise to have a firewall up and know who is connecting to you, rclip all though a nice program is also java based and rather non supported. Which means I do not know if there are security issues with port based attacks. So, using firestarter and the windows personal firewall you should be able to set up a port allow based on IP only, between the Host and Guest which still allows you to access other network resources. I'll put something together if I get the time when I'm happy with one. Firestarter has a very nice gui that helps a lot with this on linux.

Never expose an unprotected service to the internet unless you know what you are doing, security changes every day. 0 day viruses and hacks for windows are always a constant issue. You can use Linux to block the bridge, but it also will keep certain other services from working so use the MS personal firewall when you can and always have a good virus and security scanning tool running which updates nightly at a minimum.

Appendix - Resources used and references.

qemu-doc.html

https://help.ubuntu.com/community/KVM

Qemu ubuntu install page

IBM developer paper explaining what virtualization is and how it works

Virt Tech article