Virtualization phpVirtualBox and RemoteBox Lead image: © Renjith-Krishnan,
© Renjith-Krishnan,

phpVirtualBox and RemoteBox compared

From a Distance

Oracle's VirtualBox runs as an application on a host operating system, but the phpVirtualBox web interface and the native Perl/Gtk interface, RemoteBox, both make VirtualBox remotely manageable with a little effort. By Thomas Drilling

Not every admin may be aware that VirtualBox, which is popular for desktop virtualization, also meets all the requirements for server use, including a command-line interface. Two optional graphical user interfaces implemented in PHP and Perl/Gtk give convenient access to VirtualBox's server features, helping a virtualization solution based on phpVirtualBox [1] or RemoteBox [2] fill the gap left by the long gone VMware Server.


When it comes to professional Linux virtualization solutions, VMware's competitors include Citrix XenServer and Red Hat's RHEV. Experienced Linux administrators can create individual solutions based on KVM or Xen and use the Libvirt-based Virt-manager as the interface on Linux machines.

From a purely functional point of view, solutions based on KVM/Virt-manager or advanced VirtualBox virtualization are minor-league approaches. The objective of these setups is to host, configure, and manage a large number of virtual machines on a central server. Although you can easily store container and ISO files on a file server for VirtualBox, the VirtualBox Virtual Machine Manager then has to run on each host on which virtual machines are to be used. Even if some admins in smaller environments (SMBs) are satisfied with this type of virtualization on the desktop, it is fairly obvious that the setup has nothing to do with desktop virtualization. Each image is explicitly assigned to a virtual machine, with no dynamic session brokering – that is, no dynamic assignment of users to desktops derived from a master image.

Remote VirtualBox

VirtualBox also supports a genuine server mode. The only downside compared with the Virtual Machine Manager in desktop use is that the screen content is displayed via Remote Desktop Protocol (RDP). A scenario like the one described here is useful particularly for admins in small enterprises who want to manage test environments centrally or need a simple way to provide virtual machines to their users without having to install the virtualization software at the user workplace.

If these happen to be Mac or Windows workplaces, which rules out a Linux-based solution with KVM and Virt-manager, and if you have no money to spare for a VMware or Citrix solution, it is a very good idea to look into RemoteBox or phpVirtualBox. A further advantage of these two solutions is that admins have a platform-independent setup both on the workstation side and on the server side. In this article, I will be testing only the server side with a Linux host.

VirtualBox on Servers

VirtualBox can be used natively as a virtualization solution on a server because, after installing the optional extension packs from Oracle, VirtualBox provides an RDP interface to the virtual machines. After installing the extension pack, you only need to switch on the Enable Server function, and possibly specify the server port, under Settings | Display | Remote Display. From this point, you can access your virtual machines (Figure 1) with any RDP client – for example, KRDC from KDE.

With the Extension Pack, VirtualBox exports the output from the virtual machines via RDP.
Figure 1: With the Extension Pack, VirtualBox exports the output from the virtual machines via RDP.

However, this approach only works for the screen output of an active virtual machine. VirtualBox includes more native features for server operations, including a command-line interface and a SOAP interface for managing VirtualBox via an API. Both tools presented here rely on SOAP or headless mode.

Getting VirtualBox Ready

Matching VirtualBox packages for virtually any major distributions and architecture are available from Oracle's VirtualBox site [3]. VirtualBox has been licensed under the GPL version 2 since version 4.0. The latest version available at the time of writing, version 4.2, is probably newer than the packages provided by the repositories of most Linux distributions.

The installation will not faze any experienced Linux admin, and the download page provides instructions for all major distributions. Providing an RDP server also means installing the platform-independent VirtualBox Extension Pack. Although this extension is available free of charge from the download page, it is subject to Oracle's own "VirtualBox personal use and Evaluation License (PUEL)" [4] (Figure 2). Corporate customers must purchase a commercial license and support for the Extension Pack. When you download or update a version installed using the package manager, make sure the version number of the extension pack matches that of VirtualBox; otherwise, the installation will fail.

The process of installing the extension packs in the associated GUI is easy but necessary for licensing reasons.
Figure 2: The process of installing the extension packs in the associated GUI is easy but necessary for licensing reasons.

The VirtualBox GUI manages the extension pack in File | Preferences | Extensions, and this is also where you can reinstall or upgrade a previously installed version.


phpVirtualBox is a modern user interface, implemented in PHP, that models the VirtualBox interface in Ajax. It lets admins conveniently create, start, and stop virtual machines on a remote server. The requirements on the server side are quite modest: an Apache web server with PHP. Then, you can manage VirtualBox installed on the server remotely over the network.

The screen output from the virtual machines is routed via RDP. A wide variety of RDP clients are available for any operating system. Most Linux distributions come with kdrc or the rdesktop CLI tool. Because phpVirtualBox is a web application, there is no need to install it. You can just unpack the ZIP archive of the current 4.2.2 version in the document root of the web server to extract the files. When you download phpVirtualBox, make sure that the selected version matches your VirtualBox version. Of course, you need to run Apache with PHP support. To discover whether this is the case on a Debian-based distribution, for example, you can type:

sudo apache2 -t -D DUMP_MODULES

If PHP is not enabled, you can enter

sudo a2endmod php5

to enable it. If the PHP module is not installed, you need to install the libapache2-mod-php5 package before you can continue and then restart Apache. After doing so, you can unpack the ZIP archive of PHP VirtualBox 4.2.2 in the web server's document root  – for example, in /var/www/phpvirtualbox:

sudo unzip -q \
           -d /var/www/
sudo mv /var/www/phpvirtualbox-4.2.2/ \

To configure phpVirtualBox, you need to modify a few lines in the supplied configuration file provided with the distribution (/var/www/phpvirtualbox/config.php). For example, in the lines

var $username = '<vbox>';
var $password = '<pass>';
var $location = '<http://localhost:18083/>';

you need to enter the username and password of the account under which VirtualBox is running and supply the server address. The account data for an initial test can be your own Linux user account.

Because the password is stored in plaintext in the configuration file, it is a good idea to set up a separate user account for remote operation of VirtualBox and modify the data in the config.php file. The vboxwebsrv service provided by VirtualBox talks to the PHP scripts in phpVirtualBox and VirtualBox itself. When you install VirtualBox, the binary is stored in /usr/bin/vboxwebsrv, and it contains the complete server version of the virtualization solution.

Admins thus need to be careful to avoid running the local GUI version of VirtualBox because doing so will prevent vboxwebsrv from running and will cause the connection to phpVirtualBox to fail. For a test, you can launch the service manually using the account registered in php.config by calling vboxwebsrv. After that, the phpVirtualBox web interface should be accessible in the browser when you type http://<hostname>/phpvirtualbox.

For this example (Figure 3), phpVirtualBox was installed directly in the document root of the web server. When you log in on the welcome page, note that the default account for phpVirtualBox is admin/admin and has nothing to do with the user account on which VirtualBox is running. You can change the admin account in the web interface by selecting File | Change Password.

The first login to phpVirtualBox is as admin/admin. Change the default password immediately.
Figure 3: The first login to phpVirtualBox is as admin/admin. Change the default password immediately.

As mentioned previously, the interface looks exactly the same as the native interface, but to view the screen of an active virtual machine, you need a separate RDP client. If you need to change the language, go to File | Preferences | Language in the web interface. You can achieve the same results by modifying this line

var $language = 'en';

in the /var/www/phpvirtualbox/config.php file. Additionally, you can set up more users in the web interface in Preferences or Settings.

The important thing is that you installed RDP support in the form of the VirtualBox Extension Pack and have entered VboxAuth in File | Preferences | General | VRDP Authentication Library. Apart from this, compared with the native interface, the controls are no different. Thanks to Ajax, you even have context menus. In other words, phpVirtualBox gives you all the functions that are available in the native GUI, including the ability to clone virtual machines.

The output from the virtual machines does not appear in a pop-up window on the Virtual Machine Manager (console); rather, it is displayed in an RDP client that you need to start separately. The presentation performance is far superior to a VNC client or a VNC/Flash-based browser solution.

If you want to run phpVirtualBox permanently, you need to add the service as an init script. Fortunately, the developers provide a ready-to-run init script [5]. All you need to is look for the line


and replace the default user, vbox, with the user account on which you are running the service (i.e., the same name you entered in config.php). You can then move the script to the SysVinit boot directory, /etc/init.d, and configure the permissions. After you issue the

sudo update-rc.d vboxwebsrv defaults

command, the service should start automatically after the next reboot.


RemoteBox, a graphical front end implemented in Perl and Gtk for managing remote VirtualBox instances in headless mode, does exactly the same job as phpVirtualBox. RemoteBox can be downloaded from the website [2] as a free, GPL2-licensed application. Again, the version must match your VirtualBox version. The current 1.4 version requires VirtualBox 4.2.x.

RemoteBox also uses RDP to display the desktops on active virtual machines. Unlike phpVirtualBox, RemoteBox does not use vboxwebsrv to communicate with VirtualBox; instead it accesses its headless mode /usr/bin/vboxheadless. In VirtualBox's headless mode, VMs are not controlled via the VirtualBox GUI, but at the command line, and in headless mode, you do not see a graphical window as the VM console. Instead, VirtualBox initiates a remote desktop, or SSH, connection to the VM console.

Because RemoteBox was written in Perl and Gtk, the tool is largely platform-independent and is available in versions for Linux, Mac OS X, and Windows. Getting started with RemoteBox is easier than with phpVirtualBox. Because it is a Perl program, RemoteBox does not need to be installed or compiled, but it does require the perl, libgtk2-perl, and libsoap-lite-perl packages to be installed.

RemoteBox can be started at any time (Figure 4). You can open the connection to VirtualBox's headless mode in the GUI by clicking the Connect button and typing the server URL and login credentials in the dialog that appears.

The Gtk GUI in RemoteBox can be started at any time. Clicking on the Connect button opens the connection to the VirtualBox server.
Figure 4: The Gtk GUI in RemoteBox can be started at any time. Clicking on the Connect button opens the connection to the VirtualBox server.

The credentials relate to the Linux account on which VirtualBox is running. The GUI itself offers a feature set that is similar to phpVirtualBox. The workaround for viewing the desktops of your active virtual machines is much easier than that offered by phpVirtualBox. To do this, just click the Remote Display icon in the toolbar. You don't need to launch a separate RDP client.


Both the phpVirtualBox and RemoteBox clients provide fully functional access to running VirtualBox instances, including remote management of the VirtualBox server and the virtual machines, the ability to configure virtual machines – including the processor, display, input devices (USB), audio I/O ports, and shared folders – and managing the current guest systems (stop, start, pause). Additionally, both tools let you clone virtual machines, grab guest snapshots, and much more.

From a purely functional point of view, VirtualBox in combination with phpVirtualBox or RemoteBox precisely fills the gap vacated by VMware Server.

The solutions of each have a certain charm and offer more convenience than a KVM-based hypervisor with Virt-manager or any of the other numerous KVM GUIs for use in environments without enterprise needs, such as small businesses. However, VirtualBox itself contributes far more to the features outlined here than phpVirtualBox or RemoteBox; after all, vboxwebsrv and vboxheadless are well-known VirtualBox functions. Even the mandatory RDP server is provided by VirtualBox.

phpVirtualBox and RemoteBox simply serve up the remote functions in a web or Gtk GUI. And, don't forget that a solution like this, implemented to control virtual machines centrally, has its limitations, not just in terms of management but also with regard to performance and security. Neither of these solutions natively supports encryption of the network connections or more secure authentication via RDP.

This limitation rules out their use on a server on the Internet, unless you are prepared to put significantly more effort into security aspects. Indeed, such an effort would make the configuration much more complex and negate their benefits, compared with a commercial cloud or data center solution.