<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML>
<HEAD>
<META http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<META NAME="GENERATOR" CONTENT="lfparser_2.8">
<META NAME="LFCATEGORY" CONTENT="System Administration">
<TITLE>lf155, System Administration: Virtual Network Computing, as known as VNC</TITLE>
<!-- stylesheet added by lfparser: -->
<style type="text/css">
<!--
pre { font-familiy:monospace,Courier }
-->
</style>
</HEAD>
<BODY bgcolor="#ffffff" text="#000000">
<!-- this is generated html code. NEVER use this file for your
translation work. Instead get the file with the same article number
and .meta.shtml in its name. Translate this meta file and then
use lfparser program to generate the final article -->
<!-- lfparser can be obtained from http://main.linuxfocus.org/~guido/dev/lfparser.html -->
<!-- 2pdaIgnoreStart -->
<MAP name="top">
<AREA shape="rect" coords="367,9,418,30" alt="Home" href="../index.shtml">
<AREA shape="rect" coords="423,9,457,30" alt="Map" href="../map.html">
<AREA shape="rect" coords="463,9,508,30" alt="Index" href="../indice.html">
<AREA shape="rect" coords="514,9,558,30" alt="Search" href="../Search/index.html">
</MAP>
<MAP name="bottom">
<AREA shape="rect" coords="78,0,163,15" alt="News" href="../News/index.html">
<AREA shape="rect" coords="189,0,284,15" alt="Archives" href="../Archives/index.html">
<AREA shape="rect" coords="319,0,395,15" alt="Links" href="../Links/index.html">
<AREA shape="rect" coords="436,0,523,15" alt="About LF" href="../aboutus.html">
</MAP>
<!-- IMAGE HEADER -->
<CENTER>
<IMG src="../../common/images/Topbar-en.gif" width="600" height="40" border="0" alt="[Top bar]" ismap usemap="#top" ><BR>
<IMG src="../../common/images/Bottombar-en.gif" width="600" height="21" border="0" alt="[Bottom bar]" ismap usemap="#bottom">
</CENTER>
<!-- SSI_INFO -->
<!-- tr_staticssi include virtual -->
<!-- tr_staticssi exec cmd -->
<!-- addedByLfdynahead ver 1.1 --><TABLE ALIGN="right" border=0><TR><TD ALIGN="right"><FONT SIZE="-1" FACE="Arial,Helvetica">This article is available in: <A href="../../English/July2000/article155.shtml">English</a> <A href="../../Castellano/July2000/article155.shtml">Castellano</a> <A href="../../Deutsch/July2000/article155.shtml">Deutsch</a> <A href="../../Francais/July2000/article155.shtml">Francais</a> <A href="../../Nederlands/July2000/article155.shtml">Nederlands</a> <A href="../../Russian/July2000/article155.shtml">Russian</a> <A href="../../Turkce/July2000/article155.shtml">Turkce</a> </FONT></TD></TR></TABLE><br>
<!-- 2pdaIgnoreStop -->
<!-- SHORT BIO ABOUT THE AUTHOR -->
<TABLE ALIGN=LEFT BORDER=0 hspace=4 vspace=4 WIDTH="30%" >
<TR>
<TD>
<!-- 2pdaIgnoreStart -->
<!-- PALM DOC -->
<TABLE BORDER=0 hspace=4 vspace=4> <TR> <TD>
<font size=1> <img src="../../common/images/2doc.gif" width=34 align=left border=0 height=22 alt="convert to palm"><a href="http://cgi.linuxfocus.org/cgi-bin/2ztxt">Convert to GutenPalm</a><br>or <a href="http://cgi.linuxfocus.org/cgi-bin/2pda">to PalmDoc</a></font>
</TD> </TR> </TABLE>
<!-- END PALM DOC -->
<!-- 2pdaIgnoreStop -->
<br>
<img src="../../common/images/Georges-Tarbouriech.jpg" alt=
"[Photo of the Author]" height="147" width="126">
<BR>by <a href="mailto:gete@wanadoo.fr">Georges Tarbouriech</a>
<BR><BR>
<I>About the author:</I><BR>
<p>Georges is a long time Unix user (commercial and free). VNC
changed his life:-).</p>
<BR><i>Content</i>:
<UL>
<LI><A HREF="#lfindex0">Introduction</A></LI>
<LI><A HREF="#lfindex1">Presentation</A></LI>
<LI><A HREF="#lfindex2">The funny side (up!)</A></LI>
<LI><A HREF="#lfindex3">The serious side</A></LI>
<LI><A HREF="#lfindex4">Security</A></LI>
<LI><A HREF="#lfindex5">It's all over</A></LI>
<LI><A HREF="http://cgi.linuxfocus.org/cgi-bin/lftalkback?anum=155&lang=en">Talkback form for this article</A></LI>
</UL>
</TD></TR></TABLE>
<!-- HEAD OF THE ARTICLE -->
<H2>Virtual Network Computing, as known as VNC</H2>
<img src="../../common/images/vnc.gif" alt="[Illustration]" hspace=
"10" height="64" width="64">
<!-- ABSTRACT OF THE ARTICLE -->
<P><i>Abstract</i>:
<P>
VNC is the dream of the network administrator come true. <br>
We could say it's a remote display system, but it's much more than
that. <br>
Visiting <a href="http://www.uk.research.att.com">
http://www.uk.research.att.com</a> allows you to get this great
piece of software for FREE. VNC is distributed under GPL and it's
available for a lot of platforms. <br>
Obviously you can contribute and many ports on different OSes have
been done by contributors. <br>
Let's try to discover the many features of VNC. <br></P>
<HR size="2" noshade align="right"><BR>
<!-- BODY OF THE ARTICLE -->
<A NAME="lfindex0"> </A>
<H2>Introduction</H2>
At the beginning of 1999 AT&T acquired the Olivetti Research
Laboratory and carried on with the work on VNC. <br>
As explained on AT&T web-site, the name VNC comes from the
original development of very-thin-client ATM network computers and
"because the VNC viewer is a software-only version of this ATM
Network Computer, and so provides workstations which can be created
or deleted at will, we named the system Virtual Network Computing".
<br>
To use VNC, you need a network TCP/IP connection, a vncserver and a
vncviewer to connect to the machine running the vncserver. <br>
X-based VNCserver works according to the client-server architecture
like X does. As a matter of fact you have two servers in one: an X
server and a VNC server. This allows to keep the same display
number for the X server and the VNC server. To connect to a VNC
server, you need to give the machine name and the display number.
The command would be something like "vncviewer machinename:2".
Clearly speaking, it means if your X server has display number 2 then
the VNC server will have display number 2. On the client side, the
viewer, you can then connect to the server specifying that display
number. If a user is working on display 1 on the server and you
connect on display 2, this user won't even notice you're working on
his machine. <br>
VNC is able to find the first display number available and informs
you about this number, but nothing prevents you from using another
display number. If vncserver gives you display number 2, you can
connect on display number 3, 4... as soon as you specify that
number when you start the viewer. <br>
On Windows machines it'll be different as you won't be able to
create a new desktop. The existing desktop is made available
remotely. If we take the previous example of the working user, once
you are connected to his machine this user can see everything you
do, just like if his machine was working alone! <br>
Of course, default display number will be 0. If you connect two NT
machines you don't even have to specify this number. <br>
VNC is available for many different OSes, sometimes only as a
client, that's to say the viewer. BeOS for instance has no VNC
server. Many Unixes, MacOS, AmigaOS, ... can use VNC. To check the
available platforms go to <a href=
"http://www.uk.research.att.com/vnc/platforms.html">
http://www.uk.research.att.com/vnc/platforms.html</a> <br>
You can get vnc as source code or as binary, depending on the
platform. The programs are very small in size and quite easy to
install. <br>
Now, let's see how vnc works. <br>
<br>
<A NAME="lfindex1"> </A>
<H2>Presentation</H2>
<br>
<br>
<p><strong>The server side</strong></p>
Current version of vnc is 3.3.3 with different release number
according to the platform. <br>
On Unixes (or machines using X) you get a program called vncserver
and another one named Xvnc. vncserver is a Perl script you can
modify to suit your needs. It launches Xvnc. It's not recommended
to launch directly Xvnc. <br>
These programs can be installed where you want as soon as their
directory is in your path. <br>
Any window manager can be used as soon as you define it as the
default for the viewer in the xstartup script (found in the .vnc
directory). <br>
Running vncserver for the first time will ask for a password. This
password will be necessary to connect to this server. <br>
Vncserver provides you with many options like any X server. Typing
Xvnc --help will list them all. If you use these arguments, they
will be passed from vncserver to Xvnc, hence the preferred use of
the first one. <br>
That's enough to run VNC server! <br>
On Microsoft machines, it's a bit different. Using NT4.0 allows you
to run vncserver as a service. Using Windows 95 or 98 you'll have
to launch it from its icon or menu. <br>
As for X-based servers a lot of settings can be defined. You just
have to check the provided menu. <br>
We won't mention all the specificities of the different vncservers
for the numerous supported platforms as it would require a whole
article. <br>
<br>
<p><strong>The client side (the viewer)</strong></p>
<p>The client is a single executable called vncviewer.<br>
To connect to a VNC server you just have to launch vncviewer
specifying the display number. For instance, if you want to connect
to a server called linux on display number 2, you just have to type
"vncviewer linux:2". Then you're asked for the server password and
you're on the linux machine desktop like if you were working on
that machine. If you logged as root, you can fully administrate
that machine. Well, take care, you better know what you are
doing!<br>
This is available for each viewer on every platform. Just a word:
fantastic!</p>
<br>
<A NAME="lfindex2"> </A>
<H2>The funny side (up!)</H2>
<br>
<p>On a local (because of the speed) network, VNC allows you to do
quite unusual things.<br>
Everything seems possible: you can launch any type of application
on any OSes.<br>
For instance, if you run vncserver on a Windows NT machine and
launch a viewer on BeOS, you're able to use every software
available from the NT machine.<br>
Let's say, if you own a Photoshop license you can run Photoshop on
your BeOS machine as you would on the NT machine. This means, a
window opens in your BeOS desktop representing the NT desktop: that
is, you are working on the NT machine!<br>
</p>
<p><a href="../../common/images/article155/bewin.jpg"><img src=
"../../common/images/article155/bewinth.jpg" alt="bewin.jpg" align=
"TEXTTOP"></a><br>
Photoshop on BeOS!</p>
<p><a href="../../common/images/article155/winlin.jpg"><img src=
"../../common/images/article155/winlinth.jpg" alt="winlin.jpg"
align="TEXTTOP"></a><br>
Or Gimp on Windows?</p>
<p>Once again, this can be done from any machine running a VNC
viewer.<br>
Another example: if you're working on a machine without Internet
access, you can connect to a vncserver having an Internet connection
and use its browser to visit an URL. Obviously you can as well use
its mailer to check the mailbox or send a message.<br>
</p>
<p><a href="../../common/images/article155/linsgi.jpg"><img src=
"../../common/images/article155/linsgith.jpg" alt="linsgi.jpg"
align="TEXTTOP"></a><br>
The vncviewer has no Internet access, nevertheless...</p>
<p>Going further, you can connect to a vncserver and from there
connect to any other machine of the network, and why not, running a
new vncviewer from that machine and connect to another vncserver,
and so on!<br>
If you run a vncserver on an Unix machine, many other machines
running vncviewer can connect to this server at the same time,
using different display numbers. This won't work on Windows
machines as you only have one display available.</p>
<A NAME="lfindex3"> </A>
<H2>The serious side</H2>
<p>Well, that doesn't mean what we said before wasn't serious!<br>
For instance, every SysAdmin can appreciate Windows NT
administration: you don't even know who is connected to a server
and, of course who is doing what... unless you bought the resource
kit, this, at least allows you to get the list of running processes on a
specific machine (but without being able to kill most of them). No
comment!<br>
Vnc allows to turn around this great "feature".<br>
Let's take an example.<br>
You're developing and maintaining different Windows applications
(My fellow Javi says: when you're a poor man you can't choose!).
Every new version requires an update on the server and on the
clients. The machines are more or less far from your office.<br>
Obviously, you can't update the application if it's running on one
or more clients.<br>
With vnc, you can stop the application on every clients, install
the update, check it... without leaving your office. Well, it's
much better to do this when nobody works, but many users forget to
quit the application after use, then you'll have to check if the
application is running or not.<br>
As soon as VNC is installed as a service on the workstations, you
can start vncserver remotely from the NT server and then connect to
them and do what you have to. That is, you can stop the running
application, install the upgrade, (even from a different NT server than the
one you're working on and which is connected to the vncserver), and
check if the upgrade works right. Then you can stop the vncserver
on the remote machine and do the same work on another
workstation.<br>
This wouldn't be possible that way with an X emulation on the
Windows machines, because even the installer is proprietary.
Another difference: Other then uder X11 no state is stored on the
viewer side. You can disconnect from the vncserver, go to another
machine, connect again to the vncserver and continue your work!<br>
Something important: VNC allows you to send a Ctrl-Alt-Del to
unlock the remote NT workstation. (It wasn't possible on previous
releases).<br>
This example assumed we were working from an NT server. You can do
exactly the same from an Unix workstation, running a vncviewer
connected to the NT server running vncserver.<br>
Obviously you can administrate the whole network that way, using
remote commands (if they exist) to launch the vncservers on the
remote machines as soon as you have the rights to do so.<br>
Going further, "remote" means anywhere else. That is, you could do
this from home!<br>
That leads us to security.</p>
<A NAME="lfindex4"> </A>
<H2>Security</H2>
<p>Every communication task within a network can be considered as a
potential security hole.<br>
It's a fact! The only thing you can do is to try to reduce the
risk.
Don't be fooled: security is only a word. If someone tells you his
network is 100% secure, don't believe him! Hackers are much more
clever than people think: it's another fact.<br>
Accordingly, to secure VNC you must secure your network. Firewalls,
SSL, SSH... can be used to improve security.<br>
SSL and SSH allow to encrypt the traffic in two different ways. We
won't talk about SSL or SSH as it is a completely different
subject. If you want to know more about them, you can have a look
at SSH website <a href="http://www.ssh.fi">http://www.ssh.fi</a> or
at the open source SSL at <a href="http://www.openssl.org">
http://www.openssl.org</a><br>
Extras, patches and add-ons for security are available from the AT&T website.
Among them you can find a way to access a server behind a
firewall.<br>
Also available is a version of VNC using SSLeay public key
encryption.<br>
Another security feature is to restrict connections by IP address.<br>
There are much more and we won't list them all. You can check <a
href="http://www.uk.research.att.com/vnc/extras.html">
http://www.uk.research.att.com/vnc/extras.html</a><br>
VNC has also a Java implementation. That means you can use a Java
compliant web browser as a viewer as soon as you use the right port
(58**, where ** means display number: ex. 5802 corresponds to
display 2). This had to be mentioned, but it's awfully slow and
it's a security whole. But it does exist and
deserves some testing.<br>
To close the security chapter, in short, "as is", VNC is not a
bigger security hole than telnet or rlogin.</p>
<A NAME="lfindex5"> </A>
<H2>It's all over</H2>
<p>If you don't know VNC, it's worth testing. We hope this article
will be able to make VNC attractive to you. It's probably one of
the greatest piece of software in this category.<br>
It's small in size, rather fast (of course, it depends on the
network or on the type of connection) and it's FREE!<br>
VNC is quite reliable, and the only problem I had with the latest
release concerned the Windows version: if the user of a remote NT
workstation has left the CapsLock key down the send Ctrl-Alt-Del
command seems not to work (my co-worker suggests to write the
password into an editor, copy it, and paste it into the password
field... and it works!). That's all I was able to find!
Nevertheless I use VNC on Solaris Sparc, Irix, Linux, BeOS, AmigaOS
and NT. The least developed version is the AmigaOS version.
<br>
What you just read only represents a small part of VNC
capabilities.<br>
VNC begins to appear in some Linux distributions, a sign of a more wider
interest in this software.<br>
If you have a small network at home or a big one at work, just try
VNC. It's great!<br>
<br>
When I told you we were living a great time...</p>
<!-- vim: set sw=2 ts=2 et: -->
<!-- 2pdaIgnoreStart -->
<A NAME="talkback"> </a>
<h2>Talkback form for this article</h2>
Every article has its own talkback page. On this page you can submit a comment or look at comments from other readers:
<center>
<table border="0" CELLSPACING="2" CELLPADDING="1">
<tr BGCOLOR="#C2C2C2"><td align=center>
<table border="3" CELLSPACING="2" CELLPADDING="1">
<tr BGCOLOR="#C2C2C2"><td align=center>
<A href="http://cgi.linuxfocus.org/cgi-bin/lftalkback?anum=155&lang=en"><b> talkback page </b></a>
</td></tr></table>
</td></tr></table>
</center>
<HR size="2" noshade>
<!-- ARTICLE FOOT -->
<CENTER><TABLE WIDTH="95%">
<TR><TD ALIGN=CENTER BGCOLOR="#9999AA">
<A HREF="../../common/lfteam.html">Webpages maintained by the LinuxFocus Editor team</A>
<BR><FONT COLOR="#FFFFFF">© Georges Tarbouriech, <a href="../../common/copy.html">FDL</a> <BR><a href="http://www.linuxfocus.org">LinuxFocus.org</a></FONT>
<BR><a href="http://cgi.linuxfocus.org/cgi-bin/lfcomment?lang=en&article=article155.shtml" target="_TOP">Click here to report a fault or send a comment to LinuxFocus</A><BR></TD>
<!-- OLD FORMAT, NO TRANSLATION INFO -->
</TR></TABLE></CENTER>
<p><font size=1>2001-01-27, generated by lfparser version 2.8</font></p>
<!-- 2pdaIgnoreStop -->
</BODY>
</HTML>