 So, the next talk is about virtual desktops instead of the cloud. A thing that was often favored during events was doing a couple of tutorials with a couple of people and a bunch of laptops at a desk and working on a thing together, trying it out, looking at what the others do, and the person that leads the tutorial can see what people are doing and maybe help them out, but that doesn't really work once you at home. There is a possibility to do such a thing, which is not using physical laptops, but with virtual desktops in the cloud. And this is what Holocaust wants to show us today. Yes, hello. Altogether, it's nice to have you here. I am Horikos and I will tell you something about hands-on tutorials with virtual desktops in the cloud. About my motivation for this, how did I get here? Well, some of you know me from other chaos events. I often like to talk about things that I find interesting and I think talks are not just a thing where I pass information in one direction, but they're also always a thing where I collect a lot of information and ideas from other people and talk to them. And that's why I think it's very interesting to give talks. Now we're one year into this pandemic and talks are now only online. And the longer this goes, the more I think it's kind of problematic to just have these one-directional talks because the bi-directional information exchange doesn't really exist anymore. And when one gives a talk these days, you can't see the audience, you don't really have a feeling for the audience, there are no real big questions or responses. Maybe there's a Q&A session which is usually chat-based where you can give a quick answer, but that's basically it. And really a discussion or feedback is not happening. And yeah, this is basically like staring into a black hole during the talk. So that didn't make me very happy, so I thought I want to try something different maybe, and maybe another format to give more interaction even in an online format. So I often was busy with things like Docker and Kubernetes, and after I found a lot of things about these things from various information sources, but I thought maybe some exchange would be useful. And now I thought, yeah, maybe I could give some online tutorials where I would not just passively interact with people, but also have some interaction. And so I experimented with this, and out of that came a few things like hands-on tutorials and how one could do them as frictionless as possible and interesting for all participants. So that's what this talk is about. How do I do software tutorials in the cloud with people not just watching, but also interacting and playing along and learning from one another? So let's talk about the problems that maybe result once one tries to do these things in public. With a classic video conferencing system like the GlueButton or Jitsi, one very quickly gets to the problem that people have different base knowledge, some are faster, some are slower, some need a little more explanation, and one can't really see that that is the case. And so the synchronization with all of these people is a bit difficult because everybody has their own tempo to work in, but one also in such a hands-on tutorial wants to make sure that everybody is getting along. And then maybe also people have different operating system and different desktops. And maybe as the person leading the tutorial, one can't really expect certain things. Everybody has maybe a different issue in studying certain software or using it. There are also always some weird error messages that are very specific to certain users and specific to that hardware or software. And then often you have to install software onto the computers of the people that are participating in the tutorial, which is also difficult and sometimes impossible because there are people that for an online tutorial are using the wrong in-acquotes tutorial. And so that also makes participating very hard. And then once people have problems, it's very difficult to help people if one can't see what's going on with them. And when they only say they have some error message, maybe you've experienced this yourself, somebody tries to ask for help on the telephone, and just a verbal description is often not very helpful. So you can maybe do some screen share things, which can also already become difficult until once one actually gets to a usable picture, often you can't type into their keyboard. So yeah, it's often not very optimal to only have a video conferencing system. So I thought, well, that might go a little better. And so the idea that I had was doing online tutorials where everybody has their own workstation that is pre-configured. They aren't working on their own machine, but use it using a remote desktop viewer and then like VNC and then can access their own virtual workstation. If I have like 10 to 15 participants in a workshop, then they all have the identical workstation. And so everybody has the same starting conditions. And an error occurring is not maybe not because somebody doesn't have the specific hardware or software. So the users use a remote desktop viewer, and the leader of the workshop can maybe also show their own virtual desktop via, for example, the Plubaten or Jitzi. And the people, the participants can then see what he's doing, what they're doing. And also everybody can work for themselves, and they can also exchange information. And then, if there are problems, then the workshop leader can also access these workstations with VNC and can have a look at what the issues that a participant may have and what that error looks like. And since this workstation is the familiar pre-configured layout, it's much easier to help them. If everybody is using the same desktop, then all the commands are identical. And with maybe another etherpad that everybody can have open, you can synchronize, can maybe paste commands for the shell, and also receive feedback from people if they arrived at a certain point and continue with the workshop. Yeah. So that's the basic idea. And now I want to show from my desktop what this might look like in praxis. It's my image, and this is my desktop, and everything is visible. I prepared a couple of virtual machines, and the VNC viewer we use here on the next is Remina, and I have prepared a profile for my workstation as ship owner. I can start it and immediately am at my desktop. It's a Ubuntu Nome desktop. I usually use that, but all other Linux flavors can also be available in the virtual machines and can be used by a remote desktop. In this specific case, with the Docker Contorial, I have a shell on the left side, this way you can see it, and on the right side there's a web browser, and the web browser has different tabs for searching in the internet, or in this case, one tab with the etherpad, and the upper part there are usually the participants, and I ask the people to add an X in their line, and that way I can see which participant has reached each specific step, and which other participants may take a minute or two longer, and can ask them and figure out whether there are any issues better. I can help, and if that's the case, I can log into their workstations and see where their issues are, or where they're stuck. I can also present one here, Ramina is able to have more than one window, and perhaps I ask the user for his workstation IP, in this case, this one, I enter that IP, and the part, enter, copy the password, and I have a new tab, and I am ready to go on their workstation in the cloud with the participant, and can help him interact with his desktop, and can jump back to my screen, look at something there, and click back and forth, and help him quickly. This works great in practice, and now we have the question, how can we create these desktops in the cloud? I'll return to my presentation. Yes, how are the desktops in the cloud? Like all virtual machines in the cloud are instant-sized, we choose a host of our choice, I'm going to use Hetzner for my cloud tutorials, because virtual machines are rented by the minute, and therefore it's cheaper, and we create a virtual machine with Ubuntu server, and then install all the required packages for the graphical screen gnome in this case, and we also need some software for the virtual screen, because there are no graphics cards on this device, and we need a VNC server to enable the participants to log into with their VNC client. That all works in detail, I wrote down here, it's quite detailed, and in the end of the talk I'll hand out the link, so we don't go into the minutia here, yes, how much is it? Once this example image is done, you turn it down, take a snapshot, you can delete the server because the snapshot is kept, and then you take the snapshot and say, hey, let's clone 10 machines from this, and with one click the system is done, 10 identical virtual machines with 10 identical virtual desktops, the only difference is that each virtual machine has its own IP address, and these IP addresses are forward to the participants, and without a lot of work, everybody has their own virtual machine, and if you run it again and have several workshops, you just delete the machines, and that way they don't cost anything, and if you do a workshop again a couple of days later, you create or recreate 10 to 15 machines. It is not as expensive as this example here shows, but that's the price per month for a machine that has appropriate amounts of RAM and CPU capacity, that would be 58 euros per month, but we don't need it for a complete month, but only for half a day, or perhaps a day, and that way it only costs 30, or so for a euro or two or three 15 to 20 people can participate, so the costs are reasonable. Next is the question, how do we secure something like that, because of course the stations are on the internet and the standard configuration, it was us to do anything with them, they have a public IP address and the workshop participants, I assume that can be trusted, those who want to participate, but trust is good, control would be better, and if participants do some things that are legal according to German law, they are not the first ones who are get questioned by the police, but first of all the person who owns these machines, and we have to avoid that, and the answer is we create a firewall for these virtual machines and remove everything needed for the workshop, the upper arrow shows incoming connections are prohibited this example except for the access to port 22 for SSH, I limit it to my own IP address, that way only I can access port 22, and the other part of open port is the VNC server to enable the clients, the participants to connect with their VNC clients to the work station, those two are the only ports and thus are closed, that way you can't run a server on there. Next, what about outgoing ports, you can still make a lot of mischief using those and the idea here is outgoing connections should be limited to the minimum possible, so if I create a Docker workshop, I may allow only those IP addresses that are allowed for outgoing ports are those required to use Docker Hub, for example for Kubernetes, I only allow those IP addresses that are required to download images or the Kubernetes images, that leads to the questions, where I get those IP addresses from and the idea is use one of those virtual desktops just before the workshop and download all the required images, runs a wire shark and checks which DNS requests are queried, which IP addresses are associated and allows those, especially with Docker and Kubernetes, those are large systems, therefore there are DNS with more than one result, and that's quite annoying to type them all into the firewall, you might be able to optimize that, my solution was to only allow one of those IP addresses and the ETC hosts file in the workstation gets a specific mapping that the domain name is only associated to this one IP address, that way there's no DNS query, they can just directly access those IP addresses, that can be optimized, and therefore it's not a lot of work to done it semi-automatically for a large number of workstations, that way I have a system that does not allow incoming connections except of VNC and also limits the outgoing connections to those that are required to the specific host, we are on the wrong place, let's go back to the last step, how do I get the Etherpad into the cloud, very important for online workshops, because that way you can easily synchronize participants, check whether they are at a specific point, and exchange text to ensure they don't mistype, maybe post parts of configuration files, and Etherpad can easily be created, there's a Docker container, one command on the terminal and there's an Etherpad instance that can be used, and finally when I'm done I just stop that container and destroy it very easily, very easy, it's doable and yes that's the end of my talk and everything you need to create those virtual machines and those desktops, how you configure your VNC servers and the firewalls and everything else, can be found behind this QR code or the URL below, so thank you very much, now I'm looking forward to questions and the discussion. All right, thank you for the very interesting talk, all right, if you have any questions, there is a pad that can be accessed on the talk page on pre-talks, you can enter your questions there. For now there are two mentions, one is about video conferences for virtual classrooms which are not really interactive and apparently make it hard to have various starting conditions that people start from, which apparently lines up with your observations. Yes, yes exactly, that is why I've thought about how to do this better and I think these virtual workstations and Etherpads is the closest one, one probably gets to sitting around the table. All right, so how do you do the audio transmission? Yeah, usually via a big blue button or a jitzy server which I also use to mirror my display to the others to show how to get started with various things and then they can try this on their own workstations and from then on develop their progression. Yeah, jitzy or big blue button is what works well plus the VNC sessions. All right, there's a new question arriving at the moment. A couple of questions are arriving but they're not fully posed yet. All right, so one is how do you deal with artifacts from various monitor layouts? So the screen resolution of the VNC connection is given is hard coded and is usually displayable on normal laptop screens and if you have a 4K monitor that may be a little small for you but it works the best if everybody has the same screen resolution and maybe you can also configure the machines to allow people to choose their own resolutions which is not very trivial. So yeah, this is the way I went with. All right, and so a question about the communication and the VNC. So if the video conferencing had a remote controlled video conferencing video screen sharing system would that work? Well, yeah, some exist that have that but that's always a bit different thing especially with sharing the screen from the client side that often takes a bit of time and it works but it's not optimal and the other thing is that if people have various starting conditions on their computer again one person has one operating system and another person another then the configuration differences and stuff that again makes the helping out with these things very difficult with like knowing whether this is an issue with a setup or this person maybe do a couple of round steps. That's the other thing that with everybody having the same operating system that makes things a lot more easy than if everybody uses their own operating system. Yeah, that's also the point on another note here where a viewer says yeah it's better if the tutor can really just switch dial into the computer and has the same situation and conditions everywhere without any local differences. Yeah, that is the important point of your suggestions. And then there's another question coming in. Still takes a while. All right, so the security is that you can have all your non-encrypted VNC sessions which you do on an encrypted VPN which means that it's not externally accessible. So you know if I use VNC for my personal things with remote support then that is usually via an SSH connection with a reverse proxy for a workshop that is a bit difficult for people to enable reverse proxies on their SSH and stuff. That is a bit more difficult than just installing a VNC client. So for these workshops where the content isn't really secret things but more like yeah a couple first steps with Docker Kubernetes which is nothing secret to be honest then yeah that's not great but the connections are not encrypted. So usually whoever can listen on the line can see what the participant may be doing on their machine but yeah that is a thing that one should be aware of probably but for normal workshops that is not really an issue. So somebody's asking would RDP with TLS not be better maybe? Yeah I did try RDP but I really tried it a lot in various ways but I couldn't really make it run smoothly and look okay and also react in time. So yeah this is of course not limited to VNC. You can of course use RDP or other proprietary remote desktop solutions. Those are of course possible if they are better from the encryption standpoint and if it's working then sure. All right so could this maybe be realized within the internet of a school without doing it outside on the internet? Yeah I do think so sure. It depends on how many people are participating because of course for every virtual workstations yes it's virtual but it does need resources so if you have a workshop with a lot of participants and every workstation has four gigabytes of RAM then we're already at a lot of gigabytes of RAM maybe you can use like two gigabytes per member but and you can maybe fit that on a server but maybe difficult with a small home server that could be very difficult at some point but you can of course do this in a school if you have like a stronger server with a lot of RAM because the CPU isn't really the issue with these desktops that's not very intensive but the storage and the memory that that's the limiting factor there then do you know guacamole and would that maybe be an alternative which also uses VNC or RDP but would be on the net and could be accessing the internal net VNC or RDP I don't know that I thanks for the tip I will have a look at it later did you do such a workshop with windows machines before well yes I guess maybe you could probably use windows in these machines as well which would of course require a lot of licenses but no I haven't done that and I'm also not very familiar with windows so yeah the first thing would be how do I get that into the cloud and the second thing would be how weird I get licenses so would the setup also work for sharing the same workspace with multiple users multiple participants I don't know if I understood the question correctly but I'll try to answer it so an arbitrary number of people can dial into one virtual desktop and see the same things and all control the mouse and all type things but it is all on the same desktop which does make the whole thing a very confusing that would work for the workshops where only two or three people are participating then one could actually put them on the same screen then you could maybe maybe you'd have to prepare who uses the keyboard and who uses the mouse and but if they are in communication which with each other then that could work which would be the same as sitting on the same computer in real life and VNC absolutely supports that that is a thing that if somebody has problems the idea is that the workshop leader can dial into the participants virtual machine and then they can actually actually use the computer at the same time and that also works with three or four people all right one question is being formed more precisely right now so if I have a laptop on the couch and like could I could I just use that as a workspace yeah I think you could probably log out from your session and then open it on another laptop and then dial in from there yeah sure that is not an issue so yeah I assume that is the original idea behind VNC that yeah no the workstation doesn't disappear just from from logging off of the VNC it's just always there and you can dial off from one and dial in from the other device so yeah oh somebody put a link to guacamole in the pad yeah thanks all right thanks that seemed to have been the most important questions if there's no one else typing really fast then I will thank you for the very interesting talk and the brilliant idea for how one can do these kinds of workshops without a table to sit around which is probably useful for many of us thanks again and bye also thanks and