Introduction

This document describes how to deploy video stream cloud phone containers on KVM-based VMs in terms of VM deployment, configuration, and tuning.

The video stream engine is the core component of the cloud phone Turbo toolkit in Kunpeng BoostKit. A cloud phone solution based on the video stream engine technology is called video stream cloud phone. This solution is implemented by directly deploying Docker containers on a server to run the Android Open Source Project (AOSP). Since Docker containers share the host OS kernel, container escape may occur if cloud phone permissions are not properly configured. Additionally, when a large number of containers are deployed, the shared kernel is overloaded, which may result in system performance degradation.

Even though Docker uses cgroups and namespaces to isolate resources, in extreme scenarios with high loads and resource contention, complete resource isolation might not be achieved. In contrast, deploying cloud phones on KVM VMs can leverage their strong isolation capabilities to implement stricter resource isolation and avoid container escape risks. Each VM has an independent OS, which allows more containers to be deployed. However, this solution introduces some performance loss.

In conclusion, the Docker container solution may experience performance degradation and security issues in extreme scenarios. The VM container solution can offer better resource isolation and higher security at the cost of some performance.