Virtual Network Computing, as known as VNC

ArticleCategory: [Choose a category for your article]

System Administration

AuthorImage:[Here we need a little image form you]

[Photo of the Author]

TranslationInfo:[Author and translation history]

original in en Georges Tarbouriech

AboutTheAuthor:[A small biography about the author]

Georges is a long time Unix user (commercial and free). VNC changed his life:-).

Abstract:[Here you write a little summary]

VNC is the dream of the network administrator come true.
We could say it's a remote display system, but it's much more than that.
Visiting http://www.uk.research.att.com allows you to get this great piece of software for FREE. VNC is distributed under GPL and it's available for a lot of platforms.
Obviously you can contribute and many ports on different OSes have been done by contributors.
Let's try to discover the many features of VNC.

ArticleIllustration:[This is the title picture for your article]

[Illustration]

ArticleBody:[The article body]

Introduction

At the beginning of 1999 AT&T acquired the Olivetti Research Laboratory and carried on with the work on VNC.
As explained on AT&T web-site, the name VNC comes from the original development of very-thin-client ATM network computers and "because the VNC viewer is a software-only version of this ATM Network Computer, and so provides workstations which can be created or deleted at will, we named the system Virtual Network Computing".
To use VNC, you need a network TCP/IP connection, a vncserver and a vncviewer to connect to the machine running the vncserver.
X-based VNCserver works according to the client-server architecture like X does. As a matter of fact you have two servers in one: an X server and a VNC server. This allows to keep the same display number for the X server and the VNC server. To connect to a VNC server, you need to give the machine name and the display number. The command would be something like "vncviewer machinename:2". Clearly speaking, it means if your X server has display number 2 then the VNC server will have display number 2. On the client side, the viewer, you can then connect to the server specifying that display number. If a user is working on display 1 on the server and you connect on display 2, this user won't even notice you're working on his machine.
VNC is able to find the first display number available and informs you about this number, but nothing prevents you from using another display number. If vncserver gives you display number 2, you can connect on display number 3, 4... as soon as you specify that number when you start the viewer.
On Windows machines it'll be different as you won't be able to create a new desktop. The existing desktop is made available remotely. If we take the previous example of the working user, once you are connected to his machine this user can see everything you do, just like if his machine was working alone!
Of course, default display number will be 0. If you connect two NT machines you don't even have to specify this number.
VNC is available for many different OSes, sometimes only as a client, that's to say the viewer. BeOS for instance has no VNC server. Many Unixes, MacOS, AmigaOS, ... can use VNC. To check the available platforms go to http://www.uk.research.att.com/vnc/platforms.html
You can get vnc as source code or as binary, depending on the platform. The programs are very small in size and quite easy to install.
Now, let's see how vnc works.

Presentation



The server side

Current version of vnc is 3.3.3 with different release number according to the platform.
On Unixes (or machines using X) you get a program called vncserver and another one named Xvnc. vncserver is a Perl script you can modify to suit your needs. It launches Xvnc. It's not recommended to launch directly Xvnc.
These programs can be installed where you want as soon as their directory is in your path.
Any window manager can be used as soon as you define it as the default for the viewer in the xstartup script (found in the .vnc directory).
Running vncserver for the first time will ask for a password. This password will be necessary to connect to this server.
Vncserver provides you with many options like any X server. Typing Xvnc --help will list them all. If you use these arguments, they will be passed from vncserver to Xvnc, hence the preferred use of the first one.
That's enough to run VNC server!
On Microsoft machines, it's a bit different. Using NT4.0 allows you to run vncserver as a service. Using Windows 95 or 98 you'll have to launch it from its icon or menu.
As for X-based servers a lot of settings can be defined. You just have to check the provided menu.
We won't mention all the specificities of the different vncservers for the numerous supported platforms as it would require a whole article.

The client side (the viewer)

The client is a single executable called vncviewer.
To connect to a VNC server you just have to launch vncviewer specifying the display number. For instance, if you want to connect to a server called linux on display number 2, you just have to type "vncviewer linux:2". Then you're asked for the server password and you're on the linux machine desktop like if you were working on that machine. If you logged as root, you can fully administrate that machine. Well, take care, you better know what you are doing!
This is available for each viewer on every platform. Just a word: fantastic!


The funny side (up!)


On a local (because of the speed) network, VNC allows you to do quite unusual things.
Everything seems possible: you can launch any type of application on any OSes.
For instance, if you run vncserver on a Windows NT machine and launch a viewer on BeOS, you're able to use every software available from the NT machine.
Let's say, if you own a Photoshop license you can run Photoshop on your BeOS machine as you would on the NT machine. This means, a window opens in your BeOS desktop representing the NT desktop: that is, you are working on the NT machine!

bewin.jpg
Photoshop on BeOS!

winlin.jpg
Or Gimp on Windows?

Once again, this can be done from any machine running a VNC viewer.
Another example: if you're working on a machine without Internet access, you can connect to a vncserver having an Internet connection and use its browser to visit an URL. Obviously you can as well use its mailer to check the mailbox or send a message.

linsgi.jpg
The vncviewer has no Internet access, nevertheless...

Going further, you can connect to a vncserver and from there connect to any other machine of the network, and why not, running a new vncviewer from that machine and connect to another vncserver, and so on!
If you run a vncserver on an Unix machine, many other machines running vncviewer can connect to this server at the same time, using different display numbers. This won't work on Windows machines as you only have one display available.

The serious side

Well, that doesn't mean what we said before wasn't serious!
For instance, every SysAdmin can appreciate Windows NT administration: you don't even know who is connected to a server and, of course who is doing what... unless you bought the resource kit, this, at least allows you to get the list of running processes on a specific machine (but without being able to kill most of them). No comment!
Vnc allows to turn around this great "feature".
Let's take an example.
You're developing and maintaining different Windows applications (My fellow Javi says: when you're a poor man you can't choose!). Every new version requires an update on the server and on the clients. The machines are more or less far from your office.
Obviously, you can't update the application if it's running on one or more clients.
With vnc, you can stop the application on every clients, install the update, check it... without leaving your office. Well, it's much better to do this when nobody works, but many users forget to quit the application after use, then you'll have to check if the application is running or not.
As soon as VNC is installed as a service on the workstations, you can start vncserver remotely from the NT server and then connect to them and do what you have to. That is, you can stop the running application, install the upgrade, (even from a different NT server than the one you're working on and which is connected to the vncserver), and check if the upgrade works right. Then you can stop the vncserver on the remote machine and do the same work on another workstation.
This wouldn't be possible that way with an X emulation on the Windows machines, because even the installer is proprietary. Another difference: Other then uder X11 no state is stored on the viewer side. You can disconnect from the vncserver, go to another machine, connect again to the vncserver and continue your work!
Something important: VNC allows you to send a Ctrl-Alt-Del to unlock the remote NT workstation. (It wasn't possible on previous releases).
This example assumed we were working from an NT server. You can do exactly the same from an Unix workstation, running a vncviewer connected to the NT server running vncserver.
Obviously you can administrate the whole network that way, using remote commands (if they exist) to launch the vncservers on the remote machines as soon as you have the rights to do so.
Going further, "remote" means anywhere else. That is, you could do this from home!
That leads us to security.

Security

Every communication task within a network can be considered as a potential security hole.
It's a fact! The only thing you can do is to try to reduce the risk. Don't be fooled: security is only a word. If someone tells you his network is 100% secure, don't believe him! Hackers are much more clever than people think: it's another fact.
Accordingly, to secure VNC you must secure your network. Firewalls, SSL, SSH... can be used to improve security.
SSL and SSH allow to encrypt the traffic in two different ways. We won't talk about SSL or SSH as it is a completely different subject. If you want to know more about them, you can have a look at SSH website http://www.ssh.fi or at the open source SSL at http://www.openssl.org
Extras, patches and add-ons for security are available from the AT&T website. Among them you can find a way to access a server behind a firewall.
Also available is a version of VNC using SSLeay public key encryption.
Another security feature is to restrict connections by IP address.
There are much more and we won't list them all. You can check http://www.uk.research.att.com/vnc/extras.html
VNC has also a Java implementation. That means you can use a Java compliant web browser as a viewer as soon as you use the right port (58**, where ** means display number: ex. 5802 corresponds to display 2). This had to be mentioned, but it's awfully slow and it's a security whole. But it does exist and deserves some testing.
To close the security chapter, in short, "as is", VNC is not a bigger security hole than telnet or rlogin.

It's all over

If you don't know VNC, it's worth testing. We hope this article will be able to make VNC attractive to you. It's probably one of the greatest piece of software in this category.
It's small in size, rather fast (of course, it depends on the network or on the type of connection) and it's FREE!
VNC is quite reliable, and the only problem I had with the latest release concerned the Windows version: if the user of a remote NT workstation has left the CapsLock key down the send Ctrl-Alt-Del command seems not to work (my co-worker suggests to write the password into an editor, copy it, and paste it into the password field... and it works!). That's all I was able to find! Nevertheless I use VNC on Solaris Sparc, Irix, Linux, BeOS, AmigaOS and NT. The least developed version is the AmigaOS version.
What you just read only represents a small part of VNC capabilities.
VNC begins to appear in some Linux distributions, a sign of a more wider interest in this software.
If you have a small network at home or a big one at work, just try VNC. It's great!

When I told you we were living a great time...