computing Computing is any goal-oriented activity requiring, benefiting from, or creating computer, computing machinery. It includes the study and experimentation of algorithmic processes, and the development of both computer hardware, hardware and softw ...

, SPICE (the Simple Protocol for Independent Computing Environments) is a remote-

display Display may refer to: Technology * Display device, output device for presenting information, including: ** Electronic visual display, output device to present information for visual or tactile reception *** Cathode-ray tube (CRT), that uses an el ...

system built for

virtual environment A virtual environment is a networked application that allows a user to interact with both the computing environment and the work of other users. Email, chat, and web-based document sharing applications are all examples of virtual environments. Sim ...

s which allows users to view a computing "desktop" environment – not only on its computer-server machine, but also from anywhere on the

Internet The Internet (or internet) is the Global network, global system of interconnected computer networks that uses the Internet protocol suite (TCP/IP) to communicate between networks and devices. It is a internetworking, network of networks ...

– using a wide variety of machine architectures.

Qumranet Qumranet, Inc. was an enterprise software company offering a desktop virtualization platform based on hosted desktops in Kernel-based Virtual Machines (KVM) on servers, linked with their SPICE protocol. The company was also the creator, maintaine ...

originally developed SPICE using a

closed-source Proprietary software is software that grants its creator, publisher, or other rightsholder or rightsholder partner a legal monopoly by modern copyright and intellectual property law to exclude the recipient from freely sharing the software or modi ...

codebase In software development, a codebase (or code base) is a collection of source code used to build a particular software system, application, or software component. Typically, a codebase includes only human-written source code system files; thu ...

in 2007.

Red Hat, Inc Red is the color at the long wavelength end of the visible spectrum of light, next to orange and opposite violet. It has a dominant wavelength of approximately 625–750 nanometres. It is a primary color in the RGB color model and a secondary ...

acquired Qumranet in 2008, and in December 2009 released the code under an

open-source license Open-source licenses are software licenses that allow content to be used, modified, and shared. They facilitate free and open-source software (FOSS) development. Intellectual property (IP) laws restrict the modification and sharing of creative ...

and made the protocol an open standard.

Security

A SPICE client connection to a remote desktop server consists of multiple

data channel A communication channel refers either to a physical transmission medium such as a wire, or to a logical connection over a multiplexed medium such as a radio channel in telecommunications and computer networking. A channel is used for informa ...

s, each of which is run over a separate TCP or

UNIX Unix (, ; trademarked as UNIX) is a family of multitasking, multi-user computer operating systems that derive from the original AT&T Unix, whose development started in 1969 at the Bell Labs research center by Ken Thompson, Dennis Ritchie, a ...

socket connection A network socket is a software structure within a network node of a computer network that serves as an endpoint for sending and receiving data across the network. The structure and properties of a socket are defined by an application programming ...

. A data channel can be designated to operate in either clear-text, or TLS modes, allowing the administrator to trade off the security level vs performance. The TLS mode provides

strong encryption Strong cryptography or cryptographically strong are general terms used to designate the cryptographic algorithms that, when used correctly, provide a very high (usually insurmountable) level of protection against any eavesdropper, including the ...

of all traffic transmitted on the data channel. In addition to encryption, the SPICE protocol allows for a choice of authentication schemes. The original SPICE protocol defined a ticket based authentication scheme using a shared secret. The server would generate an RSA public/private

keypair Public-key cryptography, or asymmetric cryptography, is the field of cryptographic systems that use pairs of related keys. Each key pair consists of a public key and a corresponding private key. Key pairs are generated with cryptographic alg ...

and send its

public key Public-key cryptography, or asymmetric cryptography, is the field of cryptographic systems that use pairs of related keys. Each key pair consists of a public key and a corresponding private key. Key pairs are generated with cryptographic alg ...

to the client. The client would encrypt the ticket (password) with the public key and send the result back to the server, which would decrypt and verify the ticket. The current SPICE protocol also allows for use of the SASL authentication protocol, thus enabling support for a wide range of admin configurable authentication mechanisms, in particular Kerberos.

Implementations

While only one server implementation exists, several programmers have developed new implementations of the SPICE client-side since the open-sourcing of SPICE. ; spice-protocol : The spice-protocol module defines the SPICE wire protocol formats. This is made available under the BSD license, and is portable across the

Linux Linux ( ) is a family of open source Unix-like operating systems based on the Linux kernel, an kernel (operating system), operating system kernel first released on September 17, 1991, by Linus Torvalds. Linux is typically package manager, pac ...

and

Windows Windows is a Product lining, product line of Proprietary software, proprietary graphical user interface, graphical operating systems developed and marketed by Microsoft. It is grouped into families and subfamilies that cater to particular sec ...

platforms. ; spice : The spice module provides the reference implementation for the server side of the SPICE protocol. The server is provided as a

dynamic library A dynamic library is a library that contains functions and data that can be consumed by a computer program at run-time as loaded from a file separate from the program executable. Dynamic linking or late binding allows for using a dynamic libra ...

which can be linked to any application wishing to expose a SPICE server. ,

QEMU The Quick Emulator (QEMU) is a free and open-source emulator that uses dynamic binary translation to emulate a computer's processor; that is, it translates the emulated binary codes to an equivalent binary format which is executed by the mach ...

uses this to provide a SPICE interface for

virtual machine In computing, a virtual machine (VM) is the virtualization or emulator, emulation of a computer system. Virtual machines are based on computer architectures and provide the functionality of a physical computer. Their implementations may involve ...

s. The spice codebase is available under the

LGPL The GNU Lesser General Public License (LGPL) is a free-software license published by the Free Software Foundation (FSF). The license allows developers and companies to use and integrate a software component released under the LGPL into their own ...

v2+ license. : A client part of the spice codebase named spicec was removed in December 2014. ; spice-gtk : The spice-gtk module implements a SPICE client using the

GObject The GLib Object System, or GObject, is a free software, free software library providing a portable object system and transparent cross-language interoperability. GObject is designed for use both directly in C (programming language), C programs ...

type system and the

GTK GTK (formerly GIMP ToolKit and GTK+) is a free software cross-platform widget toolkit for creating graphical user interfaces (GUIs). It is licensed under the terms of the GNU Lesser General Public License, allowing both Free software, free and ...

widget toolkit A widget toolkit, widget library, GUI toolkit, or UX library is a library (computing), library or a collection of libraries containing a set of graphical control elements (called ''widgets'') used to construct the graphical user interface (GUI) of ...

. This comprises a low-level

library A library is a collection of Book, books, and possibly other Document, materials and Media (communication), media, that is accessible for use by its members and members of allied institutions. Libraries provide physical (hard copies) or electron ...

, spice-client-glib, which implements the client protocol code, and a high-level set of widgets which provide a graphical client capability using GTK. This is made available under the LGPLv2+ license, and is portable across the Linux,

OS X macOS, previously OS X and originally Mac OS X, is a Unix, Unix-based operating system developed and marketed by Apple Inc., Apple since 2001. It is the current operating system for Apple's Mac (computer), Mac computers. With ...

and Windows platforms. ; spice-html5 : The spice-html5 module implements a SPICE client that uses

JavaScript JavaScript (), often abbreviated as JS, is a programming language and core technology of the World Wide Web, alongside HTML and CSS. Ninety-nine percent of websites use JavaScript on the client side for webpage behavior. Web browsers have ...

and is intended to run inside a web browser supporting

HTML5 HTML5 (Hypertext Markup Language 5) is a markup language used for structuring and presenting hypertext documents on the World Wide Web. It was the fifth and final major HTML version that is now a retired World Wide Web Consortium (W3C) recommend ...

. While it implements the SPICE protocol, it cannot talk directly to a regular SPICE server. It must connect to the server indirectly via

WebSocket WebSocket is a computer communications protocol, providing a full-duplex, simultaneous two-way communication channel over a single Transmission Control Protocol (TCP) connection. The WebSocket protocol was standardized by the Internet Engineering ...

proxy. This is made available under a combination of the

GPLv3+ The GNU General Public Licenses (GNU GPL or simply GPL) are a series of widely used free software licenses, or ''copyleft'' licenses, that guarantee end users the freedom to run, study, share, or modify the software. The GPL was the first c ...

and LGPLv3+ licenses.

Applications

The SPICE protocol originated to provide improved

remote desktop In computing, the term remote desktop refers to a software- or operating system feature that allows a personal computer's desktop environment to be run remotely from one system (usually a PC, but the concept applies equally to a server or a sma ...

capabilities in a

fork In cutlery or kitchenware, a fork (from 'pitchfork') is a utensil, now usually made of metal, whose long handle terminates in a head that branches into several narrow and often slightly curved tines with which one can spear foods either to h ...

of the KVM codebase. ; QEMU/KVM : The QEMU maintainers merged support for providing SPICE remote desktop capabilities for all QEMU virtual machines in March 2010. The QEMU binary links to the spice-server library to provide this capability and implements the QXL paravirtualized framebuffer device to enable the guest OS to take advantage of the performance benefits the SPICE protocol offers. The guest OS may also use a regular

VGA card Video Graphics Array (VGA) is a video display controller and accompanying de facto graphics standard, first introduced with the IBM PS/2 line of computers in 1987, which became ubiquitous in the IBM PC compatible industry within three years. T ...

, albeit with degraded performance as compared to QXL. ; Xspice : The

X.Org Server X.Org Server is the free and open-source implementation of the X Window System (X11) display server stewarded by the X.Org Foundation. Implementations of the client-side X Window System protocol exist in the form of ''X11 libraries'', which ...

driver for the QXL

framebuffer A framebuffer (frame buffer, or sometimes framestore) is a portion of random-access memory (RAM) containing a bitmap that drives a video display. It is a memory buffer containing data representing all the pixels in a complete video frame. Mode ...

device includes a wrapper script, which makes it possible to launch a Xorg server whose display is exported via the SPICE protocol. This enables use of SPICE in a remote desktop environment, without requiring QEMU/KVM virtualization. ; virt-viewer : The virt-viewer program uses the spice-gtk client library to connect to virtual machines using SPICE, as an alternative to its previous support for

VNC VNC (Virtual Network Computing) is a graphical desktop-sharing system that uses the Remote Frame Buffer protocol (RFB) to remotely control another computer. It transmits the keyboard and mouse input from one computer to another, relaying the g ...

. ; oVirt : SPICE is integrated into oVirt

private cloud Cloud computing is "a paradigm for enabling network access to a scalable and elastic pool of shareable physical or virtual resources with self-service provisioning and administration on-demand," according to ISO. Essential characteristics ...

management software, allowing users to connect to virtual machines through SPICE.

References

External links

*
SPICE protocol
{{DEFAULTSORT:Spice (Protocol) Application layer protocols Red Hat software Remote desktop Remote desktop protocols Thin clients Virtualization software for Linux

Security

Implementations

Applications

See also

References

External links