![[Top bar]](../../common/images/Topbar-en.gif){kind=small}
![[Bottom bar]](../../common/images/Bottombar-en.gif){kind=small}
| This article is available in: English Castellano Deutsch Francais Nederlands Russian Turkce |
![[Photo of the Author]](../../common/images/Georges-Tarbouriech.jpg)
by Georges Tarbouriech About the author: Georges is a long time Unix user (commercial and free). VNC changed his life:-). Content: |
![[Illustration]](../../common/images/vnc.gif)
Abstract:
VNC is the dream of the network administrator come true.
We could say it's a remote display system, but it's much more than
that.
Visiting
http://www.uk.research.att.com allows you to get this great
piece of software for FREE. VNC is distributed under GPL and it's
available for a lot of platforms.
Obviously you can contribute and many ports on different OSes have
been done by contributors.
Let's try to discover the many features of VNC.
The server side
Current version of vnc is 3.3.3 with different release number according to the platform.The client side (the viewer)
The client is a single executable called vncviewer.
To connect to a VNC server you just have to launch vncviewer
specifying the display number. For instance, if you want to connect
to a server called linux on display number 2, you just have to type
"vncviewer linux:2". Then you're asked for the server password and
you're on the linux machine desktop like if you were working on
that machine. If you logged as root, you can fully administrate
that machine. Well, take care, you better know what you are
doing!
This is available for each viewer on every platform. Just a word:
fantastic!
On a local (because of the speed) network, VNC allows you to do
quite unusual things.
Everything seems possible: you can launch any type of application
on any OSes.
For instance, if you run vncserver on a Windows NT machine and
launch a viewer on BeOS, you're able to use every software
available from the NT machine.
Let's say, if you own a Photoshop license you can run Photoshop on
your BeOS machine as you would on the NT machine. This means, a
window opens in your BeOS desktop representing the NT desktop: that
is, you are working on the NT machine!
Photoshop on BeOS!
Or Gimp on Windows?
Once again, this can be done from any machine running a VNC
viewer.
Another example: if you're working on a machine without Internet
access, you can connect to a vncserver having an Internet connection
and use its browser to visit an URL. Obviously you can as well use
its mailer to check the mailbox or send a message.
The vncviewer has no Internet access, nevertheless...
Going further, you can connect to a vncserver and from there
connect to any other machine of the network, and why not, running a
new vncviewer from that machine and connect to another vncserver,
and so on!
If you run a vncserver on an Unix machine, many other machines
running vncviewer can connect to this server at the same time,
using different display numbers. This won't work on Windows
machines as you only have one display available.
Well, that doesn't mean what we said before wasn't serious!
For instance, every SysAdmin can appreciate Windows NT
administration: you don't even know who is connected to a server
and, of course who is doing what... unless you bought the resource
kit, this, at least allows you to get the list of running processes on a
specific machine (but without being able to kill most of them). No
comment!
Vnc allows to turn around this great "feature".
Let's take an example.
You're developing and maintaining different Windows applications
(My fellow Javi says: when you're a poor man you can't choose!).
Every new version requires an update on the server and on the
clients. The machines are more or less far from your office.
Obviously, you can't update the application if it's running on one
or more clients.
With vnc, you can stop the application on every clients, install
the update, check it... without leaving your office. Well, it's
much better to do this when nobody works, but many users forget to
quit the application after use, then you'll have to check if the
application is running or not.
As soon as VNC is installed as a service on the workstations, you
can start vncserver remotely from the NT server and then connect to
them and do what you have to. That is, you can stop the running
application, install the upgrade, (even from a different NT server than the
one you're working on and which is connected to the vncserver), and
check if the upgrade works right. Then you can stop the vncserver
on the remote machine and do the same work on another
workstation.
This wouldn't be possible that way with an X emulation on the
Windows machines, because even the installer is proprietary.
Another difference: Other then uder X11 no state is stored on the
viewer side. You can disconnect from the vncserver, go to another
machine, connect again to the vncserver and continue your work!
Something important: VNC allows you to send a Ctrl-Alt-Del to
unlock the remote NT workstation. (It wasn't possible on previous
releases).
This example assumed we were working from an NT server. You can do
exactly the same from an Unix workstation, running a vncviewer
connected to the NT server running vncserver.
Obviously you can administrate the whole network that way, using
remote commands (if they exist) to launch the vncservers on the
remote machines as soon as you have the rights to do so.
Going further, "remote" means anywhere else. That is, you could do
this from home!
That leads us to security.
Every communication task within a network can be considered as a
potential security hole.
It's a fact! The only thing you can do is to try to reduce the
risk.
Don't be fooled: security is only a word. If someone tells you his
network is 100% secure, don't believe him! Hackers are much more
clever than people think: it's another fact.
Accordingly, to secure VNC you must secure your network. Firewalls,
SSL, SSH... can be used to improve security.
SSL and SSH allow to encrypt the traffic in two different ways. We
won't talk about SSL or SSH as it is a completely different
subject. If you want to know more about them, you can have a look
at SSH website http://www.ssh.fi or
at the open source SSL at
http://www.openssl.org
Extras, patches and add-ons for security are available from the AT&T website.
Among them you can find a way to access a server behind a
firewall.
Also available is a version of VNC using SSLeay public key
encryption.
Another security feature is to restrict connections by IP address.
There are much more and we won't list them all. You can check
http://www.uk.research.att.com/vnc/extras.html
VNC has also a Java implementation. That means you can use a Java
compliant web browser as a viewer as soon as you use the right port
(58**, where ** means display number: ex. 5802 corresponds to
display 2). This had to be mentioned, but it's awfully slow and
it's a security whole. But it does exist and
deserves some testing.
To close the security chapter, in short, "as is", VNC is not a
bigger security hole than telnet or rlogin.
If you don't know VNC, it's worth testing. We hope this article
will be able to make VNC attractive to you. It's probably one of
the greatest piece of software in this category.
It's small in size, rather fast (of course, it depends on the
network or on the type of connection) and it's FREE!
VNC is quite reliable, and the only problem I had with the latest
release concerned the Windows version: if the user of a remote NT
workstation has left the CapsLock key down the send Ctrl-Alt-Del
command seems not to work (my co-worker suggests to write the
password into an editor, copy it, and paste it into the password
field... and it works!). That's all I was able to find!
Nevertheless I use VNC on Solaris Sparc, Irix, Linux, BeOS, AmigaOS
and NT. The least developed version is the AmigaOS version.
What you just read only represents a small part of VNC
capabilities.
VNC begins to appear in some Linux distributions, a sign of a more wider
interest in this software.
If you have a small network at home or a big one at work, just try
VNC. It's great!
When I told you we were living a great time...
|
|
Webpages maintained by the LinuxFocus Editor team
© Georges Tarbouriech, FDL LinuxFocus.org Click here to report a fault or send a comment to LinuxFocus |
2001-01-27, generated by lfparser version 2.8
