Introduction

This document describes how to deploy video stream cloud phone containers on KVM-based VMs in terms of VM deployment, configuration, and tuning.

The video stream engine is the core component of the cloud phone Turbo toolkit in Kunpeng BoostKit. A cloud phone solution based on the video stream engine technology is called video stream cloud phone. This solution is implemented by directly deploying Docker containers on a server to run the Android Open Source Project (AOSP). In the Docker technology, containers share the host OS kernel. If cloud phone permissions are not properly controlled, container escape attacks may occur. As the kernel is shared, when there are a large number of containers, the kernel is overloaded and the system performance may deteriorate. Even though Docker uses cgroups and namespaces to isolate hardware resources, in extreme scenarios with high loads and resource contention, complete resource isolation might not be achieved. On the other hand, KVM-based VMs have strong isolation capabilities. Deploying cloud phones on VMs can avoid risks from container escape and better isolate hardware resources. In addition, since each VM has an independent OS, the overall system performance limit is higher, allowing more containers to be deployed. However, this introduces extra performance loss. In conclusion, the Docker container solution may experience system performance deterioration and security issues in special or extreme scenarios. In contrast, the VM container solution can offer better resource isolation and security at the cost of some performance.