The Video

The Megadesk Monster Machine - Threadripper Pro

161749025668866078482077367850143000×4000 2.37 MB

Asus SAGE wrx80 and Threadripper Pro 3975wx

image2068×1481 411 KB

image1843×1162 341 KB

Background

Yes, that is Microsoft Office running seamlessly (flawlessly) on Fedora 34, at near-native speed, with some measure of video acceleration.

This had been broken on both Virtual Box and VMware workstation for years . It does not actually work.

This is not a perfect solution either. It uses Remote Desktop, well specifically RemoteApp, that allows running individual apps via the RDP protocol, but without the start menu and the rest of the “windows desktop experience.”

It is not as fast as Looking Glass, but it can work seamlessly. I don’t recommend it for playing games, but it works reasonably well even for things like Photoshop and Premiere. (Parsec may be a better choice for these kinds of tasks, if Looking Glass is not an option.)

Running apps in this way has some advantages. For one, it is possible to get an experience more akin to QubesOS, but without the baggage and commitment to Qubes. (Qubes only supports seamless mode with Windows 7, but this technique probably works fine there too, with a new enough version of xFreeRDP).

If you aren’t familiar with Qubes, imagine setting up a VM for each kind of thing you might want to do – online banking, playing games, doing work stuff, etc. Any security issue that happens in one doesn’t affect the others. Certainly, when I play Escape from Tarkov, there is really no way to be sure it isn’t stealing my login cookies in the background. Unless the only thing I do is play games in that virtual machine, however.

I think this kind of thing will eventually be requisite basic computer hygene. That day isn’t today, but it can’t get here fast enough. Especially given the kinds of threats normal computer users face. We technical users would be doing our fellow man a great service by making it as seamless, and painless as possible, to offer them transparent and varying levels of app isolation which would prevent one app from stealing another apps’ data.

Getting Started

Running a Windows VM on Linux is pretty easy these days. On Fedora 34, I’ve written several guides already on the topic, centered around GPU Passthrough: Passing a second GPU through to a virtual machine.

A further wrinkle is that LXC, the containerization platform for Linux, now also supports VMs. It is possible, in a relatively few commands, setup a new virtual machine.

Here’s the mind bender: Nvidia GPUs can actually be shared among several LXC containers! Even Geforce cards! Before I get your hopes up, windows can’t (as far as I know) run inside an LXC/LXD container – only a VM. So, to the extent “LXC Supports Windows” this is really just a full-fat virtual machine (and not shared GPU resources).

(The irony being, of course, that you can do shared Linux VMs just fine and “The QubesOS Experience” maybe works a little better without Windows AND getting hardware acceleration in graphics…)

This guide asumes you Windows 10 Pro VM is setup. (You need Remote Desktop, so Win10 Home won’t work).

After Windows 10 Pro is Ready

Enable Remote Desktop:

image998×872 141 KB

image988×869 158 KB

Next, you’ll need to install RemoteApp Tool from Kim Knight:

and add Windows EXplorer to the list of remote apps.

Note: strictly speaking all we’re doing is registry manipulation. This isn’t some complicated arcane thing. This app just makes it more convenient. Check out WinApps also for a similar approach.

Why turn Explorer.exe into a RemoteApp ???

Windows 10 RDP only allows two RemoteApp connections at once. So you could only launch Paint and Notepad. If, however, you launch Explorer and then Explorer spawns Notepad, Paint, etc. Then that’s perfectly ok! That only counts as one!

On the Linux Side

Ideally you have the latest version of xfreerdp. It’s probably the best? I’m still testing because it’s really buggy. I appreciate the hard work that has gone into xfreeRDP but it sure seems like they need a lot of cash so that the developers can be paid to bughunt and get some things fit.

The list of pull requests is long, extensive even. If any of the contributors or the main author(s) want any help from me, please reach out. I will be glad to do whatever you think would help you move the project along.

Microsoft has a “native” version of their RDP client for macOS, Android, iOS, chromeOS, BeOS… but not Linux?

Fortunately xfreeRDP supports RemoteApp protocols.

Here is the command I use to connect:

xfreerdp /cert:ignore /u:test /p:beeltejuicebettlejuicebeetlejuice/app:'%windir%\explorer.exe' /v:192.168.122.254 /monitors:0,1,2 /relax-order-check

From here I can launch Office, Edge (for windows), or any other Windows app.

that’s prettymuch it!

If anything goes wrong, you can still connect on the console (not via remote app mode) with Looking Glass, RDP or even directly at the console (even in a VFIO setup) and sort the issue out.

xfree rdp is buggy you say?

In this remoteApp mode, it sure is. Dragging windows often causes the tracking position of the cursor to be completely lost. Check out this hilarious gif of click-to-draw in paint.net showing “where my cursor is”

[18:29:58:075] [299221:299222] [WARN][com.freerdp.client.x11] - xf_lock_x11_:	[1] recursive lock from xf_UpdateWindowArea
[18:29:58:111] [299221:299222] [INFO][com.freerdp.client.x11] - Property 262 does not exist
[18:29:58:113] [299221:299222] [WARN][com.freerdp.client.x11] - xf_lock_x11_:	[1] recursive lock from xf_UpdateWindowArea
[18:29:58:114] [299221:299222] [WARN][com.freerdp.client.x11] - 

Normal, right? There are a lot more unsettling errors after a
few hours of use and the windows get all wonky. Fortunately it
is possible to close and reconnect and everything will go back to normal.

The Experience - with GPU in the VM

So you can do this JUST FINE without doing the vfio thing. Works via RDP and is totally okay. HOWEVER if you DO pass through the GPU, then you still get video acceleration through RDP. It sounds like madness, but it really isn’t. It’s almost good enough to play games at 1080p30 but for that use case Looking Glass is much better.

It is also possible for Looking Glass to support single-application modes, but we would want Nvidia’s blessing on opening up their API as they have with Steam. We can do this single-app looking glass thing with Quadro cards fairly easily, but not for geforce cards because that API is disabled. Unless you’re steam. Then it is enabled.

Fortunately, for most pedestrian workloads, the GPU acceleration inside a VM with a VFIO GPU connected via RemoteApp seamless RDP works Just FIne.

Highly interesting! Quite something I’d like to test for drawing eventually, simply to see how it goes.

However, unless some internet monkey is messing with my computer again, I do believe that gif near the end is a png file at the moment.

I captured it as a big black nothing. Will have to lift and replace when the yt vid is live

Ahh, this is like the winapps project huh? I’ll have to try this, because while winapps works okay, there are some visual glitches in the seamless mode, particularly involving any sort of tooltips, dropdown menu, and any floating visual elements (though tbf there is also a full fat freerdp mode). Makes it hard for me as a mainly mouse user with Excel. Maybe this one would work better.

Thank you sir, very interesting setup!

Have you tried GitHub - Xpra-org/xpra: Persistent remote applications for X11; screen sharing for X11, MacOS and MSWindows.?
It can run apps seamlessly almost any direction Linux → Linux, Linux → Windows and even Windows → Linux and MacOS
I’m using Linux → Linux for my home office and it is great

just curious…

is the remoteapp limit of 2 removed if windows server was used instead?

no, no limit. As per the video, you run explorer, which then launches other apps. No limit this way because “explorer” is the one.

is the remoteapp program required if you have windows server?
is it just using terminal services, or something else built in?

aka
I have an idea for using this, but i doubt the place i work would trust software from github.

So the program just maipulates the registry once the registry is manipulated you don’t need it anymore. You can learn how to do it manually which isnt hard

Basically explorer.exe goes into the remote app whitelist and you add shortcuts to a folder you can browse with explorer (since no start menu) and done.

If you want to remove all the rdp limits you’d need something like rdpwrapper

this is awesome!

It would be interesting to try this in combination with the settings in the Group Policy Editor (Requires Windows Pro) under Computer Configuration > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Remote Session Environment.

In particular, the Use hardware graphics adapters for all Remote Desktop Services sessions policy is the most interesting where “sessions use the hardware graphics renderer instead of the Microsoft Basic Render Driver”. This policy is not active by default so you need to enable it manually.

I’ve actually used this (with other policies in that folder) before to set up a Windows VM on unraid, pass through a GTX650 and play games through an RDP session over wifi on my (Windows) laptop. The experience was adequate considering the hardware and situation.

I imagine the experience going to a local Windows VM with decent hardware would be substantially better. Unfortunately I don’t have a GPU to test on currently to provide any data.

I gotta put this part in later. Sometimes this gets enabled somehow with certain remote gaming software installed and so it can be a bit weird.

This is kinda how I was playing skyrim on surface rt. its basically remotefx lite

1408×1262 141 KB

This just feels wrong

Dragging windows around works surprisingly well

This is great. Wendell I’ve been wanting to make the jump in my main Threadripper system but… I am an animator and vfx artist. I need the adobe suite to work flawlessly. Is there any hope for me to be able to use that in a vm? I also have to hand drawn a lot with a cintiq

I know this solution won’t be for me but, what if I use a second video card for direct pass through? Am I going to find unmanageable problems in a virtual workstation? I’ve been using a second laptop with qubes next to my threadripper with 256gb of ram and it just feels wrong

is xfreerdp the only thing at works currently?

aka
I use remmina the most… anyone know if that works?

Hmm. Did I do something wrong?
When I try to connect to my Win10 Pro VM I get the error message SPNEGO received NTSTATUS: STATUS_ACCOUNT_RESTRICTION [0xC000006E] from server.
Remote desktop is enabled and I rebooted the VM after setting up the tool.

have to have a password set, and not use ‘administrator’ as your username.

Reminna doesn’t do RemoteApps properly. I always run Explorer.exe over remote apps as a tricky way to get RDApps to just give me a desktop.