Menu
Home
People
Places
Arts
History
Plants & Animals
Science
Life & Culture
Technology
Reference.org
Simple Protocol for Independent Computing Environments
open-in-new
<h2 id="security">Security</h2> <p>A SPICE client connection to a remote desktop server consists of multiple <a href="/facts/Data_channel/MtlxEShV">data channels</a>, each of which is run over a separate <a href="/facts/Transmission_Control_Protocol/WW4sPrt9">TCP</a> or <a href="/facts/UNIX/0pNL2seI">UNIX</a> <a href="/facts/Socket_connection/r1ldfkb5">socket connection</a>. A data channel can be designated to operate in either clear-text, or <a href="/facts/Transport_Layer_Security/pGy16TnA">TLS</a> modes, allowing the administrator to trade off the security level vs performance. The TLS mode provides <a href="/facts/Strong_encryption/aYUIhgLe">strong encryption</a> of all traffic transmitted on the data channel. </p><p>In addition to encryption, the SPICE protocol allows for a choice of authentication schemes. The original SPICE protocol defined a ticket based authentication scheme using a shared secret. The server would generate an <a href="/facts/RSA_(algorithm)/XTzyfHuq">RSA</a> public/private <a href="/facts/Keypair/gowoFTxS">keypair</a> and send its <a href="/facts/Public_key/gowoFTxS">public key</a> to the client. The client would encrypt the ticket (password) with the public key and send the result back to the server, which would decrypt and verify the ticket. The current SPICE protocol also allows for use of the <a href="/facts/Simple_Authentication_and_Security_Layer/4z9w1bx6">SASL</a> authentication protocol, thus enabling support for a wide range of admin configurable authentication mechanisms, in particular <a href="/facts/Kerberos_(protocol)/RMXs3P1w">Kerberos</a>. </p> <h2 id="implementations">Implementations</h2> <p>While only one server implementation exists, several programmers have developed new implementations of the SPICE client-side since the open-sourcing of SPICE. </p> spice-protocol The spice-protocol module<a class="footnote-ref" id="fnref:3" href="#fn:3"><sup>3</sup></a> defines the SPICE wire protocol formats. This is made available under the BSD license, and is portable across the <a href="/facts/Linux/9FvCKSTq">Linux</a> and <a href="/facts/Microsoft_Windows/bwhAhuSL">Windows</a> platforms. spice The spice module<a class="footnote-ref" id="fnref:4" href="#fn:4"><sup>4</sup></a> provides the reference implementation for the server side of the SPICE protocol. The server is provided as a <a href="/facts/Dynamic_library/4vQ2J2xS">dynamic library</a> which can be linked to any application wishing to expose a SPICE server. As of 2013<a href="https://en.wikipedia.org/w/index.php?title=Simple_Protocol_for_Independent_Computing_Environments&action=edit">[update]</a>, <a href="/facts/QEMU/s6utqULJ">QEMU</a> uses this to provide a SPICE interface for <a href="/facts/Virtual_machine/BLevU3sx">virtual machines</a>. The spice codebase is available under the <a href="/facts/LGPL/AXwkz9x3">LGPL</a> v2+ license. A client part of the spice codebase named spicec was removed in December 2014. spice-gtk The spice-gtk module<a class="footnote-ref" id="fnref:5" href="#fn:5"><sup>5</sup></a> implements a SPICE client using the <a href="/facts/GObject/FEF00XSx">GObject</a> type system and the <a href="/facts/GTK/oLpVm9pp">GTK</a> <a href="/facts/Widget_toolkit/v8wM8wwy">widget toolkit</a>. This comprises a low-level <a href="/facts/Library_(computing)/xRzL3P7q">library</a>, spice-client-glib, which implements the client protocol code, and a high-level set of <a href="/facts/Graphical_widget/SuVeScB2">widgets</a> which provide a graphical client capability using GTK. This is made available under the <a href="/facts/GNU_Lesser_General_Public_License/AXwkz9x3">LGPLv2+</a> license, and is portable across the Linux, <a href="/facts/OS_X/Y93vVpTm">OS X</a> and Windows platforms. spice-html5 The spice-html5 module<a class="footnote-ref" id="fnref:6" href="#fn:6"><sup>6</sup></a> implements a SPICE client that uses <a href="/facts/JavaScript/XhhIIEsl">JavaScript</a> and is intended to run inside a web browser supporting <a href="/facts/HTML5/HBAxEAr6">HTML5</a>. While it implements the SPICE protocol, it cannot talk directly to a regular SPICE server. It must connect to the server indirectly via <a href="/facts/WebSocket/NcQrqpnv">WebSocket</a> proxy.<a class="footnote-ref" id="fnref:7" href="#fn:7"><sup>7</sup></a> This is made available under a combination of the <a href="/facts/GNU_General_Public_License/S75KhLSX">GPLv3+</a> and LGPLv3+ licenses. <h2 id="applications">Applications</h2> <p>The SPICE protocol originated to provide improved <a href="/facts/Remote_desktop/gJgglwht">remote desktop</a> capabilities in a <a href="/facts/Fork_(software_development)/D6khxhpr">fork</a> of the KVM codebase. </p> QEMU/KVM The QEMU maintainers merged support for providing SPICE remote desktop capabilities for all QEMU virtual machines in March 2010. The QEMU binary links to the spice-server library to provide this capability and implements the QXL paravirtualized framebuffer device to enable the guest OS to take advantage of the performance benefits the SPICE protocol offers. The guest OS may also use a regular <a href="/facts/VGA_card/8GGsGTSc">VGA card</a>, albeit with degraded performance as compared to QXL.<a class="footnote-ref" id="fnref:8" href="#fn:8"><sup>8</sup></a> Xspice The <a href="/facts/X.Org_Server/7AaPmYtV">X.Org Server</a> driver for the QXL <a href="/facts/Framebuffer/kr8I4mm3">framebuffer</a> device includes a <a href="/facts/Wrapper_function/nyy4XUdb">wrapper</a> script,<a class="footnote-ref" id="fnref:9" href="#fn:9"><sup>9</sup></a> which makes it possible to launch a Xorg server whose display is exported via the SPICE protocol. This enables use of SPICE in a remote desktop environment, without requiring QEMU/KVM virtualization. virt-viewer The virt-viewer program uses the spice-gtk client library to connect to virtual machines using SPICE, as an alternative to its previous support for <a href="/facts/VNC/xTmWVgV4">VNC</a>. oVirt SPICE is integrated into <a href="/facts/OVirt/XcQsz3RU">oVirt</a> <a href="/facts/Private_cloud/guhg0FGV">private cloud</a> management software, allowing users to connect to virtual machines through SPICE. <h2 id="see-also">See also</h2> <ul> <li>Free and open-source software portal</li></ul> <ul><li><a href="/facts/Red_Hat_Virtualization/ygz2mBv5">Red Hat Virtualization</a></li> <li><a href="/facts/Remote_Graphics_Software/xHNReBsR">HP Remote Graphics Software</a></li></ul> <h2 id="external-links">External links</h2> <ul><li><a href="https://www.spice-space.org/">Official website</a></li> <li><a href="https://www.spice-space.org/static/docs/spice_protocol.pdf">SPICE protocol</a></li></ul> <h2 id="references">References</h2> <ol> <li id="fn:1"><p>"Red Hat open-sources SPICE". Red Hat. 9 December 2009. Retrieved 2013-10-25. <a href="https://www.redhat.com/about/news/press-archive/2009/12/spice-os" target="_blank">https://www.redhat.com/about/news/press-archive/2009/12/spice-os</a> <a href="#fnref:1" class="footnote-back-ref">↩</a></p></li> <li id="fn:2"><p>"Project website". spice-space.org. Retrieved 2019-12-25. <a href="https://www.spice-space.org/" target="_blank">https://www.spice-space.org/</a> <a href="#fnref:2" class="footnote-back-ref">↩</a></p></li> <li id="fn:3"><p>"spice-protocol GIT repository". cgit.freedesktop.org. Retrieved 2013-10-25. <a href="http://cgit.freedesktop.org/spice/spice-protocol/tree/spice" target="_blank">http://cgit.freedesktop.org/spice/spice-protocol/tree/spice</a> <a href="#fnref:3" class="footnote-back-ref">↩</a></p></li> <li id="fn:4"><p>"spice/spice". cgit.freedesktop.org. Retrieved 2023-01-05. <a href="https://cgit.freedesktop.org/spice/spice/" target="_blank">https://cgit.freedesktop.org/spice/spice/</a> <a href="#fnref:4" class="footnote-back-ref">↩</a></p></li> <li id="fn:5"><p>"spice-gtk GIT repository". cgit.freedesktop.org. 2013-10-10. Retrieved 2013-10-25. <a href="http://cgit.freedesktop.org/spice/spice-gtk/" target="_blank">http://cgit.freedesktop.org/spice/spice-gtk/</a> <a href="#fnref:5" class="footnote-back-ref">↩</a></p></li> <li id="fn:6"><p>"spice-html5 GIT repository". cgit.freedesktop.org. Retrieved 2013-10-25. <a href="http://cgit.freedesktop.org/spice/spice-html5/" target="_blank">http://cgit.freedesktop.org/spice/spice-html5/</a> <a href="#fnref:6" class="footnote-back-ref">↩</a></p></li> <li id="fn:7"><p>websockify on GitHub <a href="https://github.com/kanaka/websockify" target="_blank">https://github.com/kanaka/websockify</a> <a href="#fnref:7" class="footnote-back-ref">↩</a></p></li> <li id="fn:8"><p>"QEMU/KVM Virtual Machines". pve.proxmox.com. Retrieved 2023-09-18. <a href="https://pve.proxmox.com/pve-docs-7/chapter-qm.html" target="_blank">https://pve.proxmox.com/pve-docs-7/chapter-qm.html</a> <a href="#fnref:8" class="footnote-back-ref">↩</a></p></li> <li id="fn:9"><p>"XSpice README". cgit.freedesktop.org. Retrieved 2013-10-25. <a href="http://cgit.freedesktop.org/xorg/driver/xf86-video-qxl/tree/README.xspice" target="_blank">http://cgit.freedesktop.org/xorg/driver/xf86-video-qxl/tree/README.xspice</a> <a href="#fnref:9" class="footnote-back-ref">↩</a></p></li> </ol>