By: Sadequl Hussain | Updated: 2017-11-21 | Comments (1) | Related: More >Database Administration
- TightVNC - VNC-Compatible Remote Control / Remote Desktop Software.
- Remote Desktop – VNC. Anybody can efficiently use the Remote Desktop – VNC for controlling their desktop with ease. There is no need to pay any amount for using this remote desktop Mac client. Open VNC connections from the Mac to another one as fast as possible without any trouble. The client works fluently with your system without any lag.
Once these settings are enabled on your Mac, you can then connect to it from another Mac using the built-in Mac Screen Sharing app or the paid Apple Remote Desktop tool, using a third-party VNC viewer, or by using the ssh command at the terminal.
Problem
I am a system administrator / DBA using a Windows laptop. I can remotely connectto our Windows servers from my laptop. Some of my colleagues are using non-Windowssystems like Mac or Linux. Sometimes they also need to access these boxes. How canthey connect?
Solution
System administrators or DBAs often need to access Windows servers remotely.This can be for various reasons like:
- Troubleshooting low disk space
- Running Performance Monitor or Profiler
- Monitoring Windows Event Viewer
- Applying service packs
- Creating and troubleshooting scheduled Windows jobs
- Installing software like SQL Server
- Connecting to another instance from a “jump host”
- Administering Active Directory
- Etc.
Windows ships with a tool called the “Remote Desktop Client” to helpconnect to another Windows machine. However, there are users who do not use a Windowsworkstation. Particularly with the spread of open source databases, cloud technologiesand the need for accessing Linux servers, a lot of engineers now use an Apple MacBookor Linux distributions like Fedora or Ubuntu.
Some of these engineers and administrators may need to access Windows hosts.It would make their job much simpler if they had tools similar to the RDP client.
In this tip we will talk about a few remote desktop clients available for Macand Linux. We will talk about their ease of use, features, etc. In a future post,we will talk about Mac and Linux-based database client tools.
Disclaimer
Please be careful when accessing production servers remotely. In most cases,organizations have strict security principles about who can access their servers,so readers need to follow those guidelines. Also, you should not run any commands,queries, or configurations from this tutorial on a production server. In the casewhen you are required to access remote servers and run commands, make sure you areconnected to the right server.
Although we list a number of remote clients from various vendors, this is byno means an exhaustive list. Nor do we endorse any of the products or have any affiliationwith their vendors. The observations made here are purely those of the author.
Also, this tip is not about how to install and configure remote desktop clients.Each software installer package will have its own requirements and dependenciesfor different operating systems; it’s not possible to address every issuewhere the package may be failing to install or the client failing to connect toa remote server. This is more of an overview of the tools available.
Remote Desktop Clients
Before going into details, let’s talk about the features we want in a remotedesktop client. We wanted tools which:
- Are free / open source or at least have a community edition available
- Have active development or product support
- Can map local resources like disk drives or folders to the remote machine
- Allow saving remote desktop sessions for easy future connection
- Allow different screen resolutions
- Enables clipboard sharing between local and remote machines
With these features in mind, let’s first see what’s available forMac users.
Mac Clients
Microsoft Remote Desktop
For Mac users, Microsoft has released the Microsoft Remote Desktop app, downloadablefrom theMac App store. The application features connection saving, easy searching ofsaved connections, connectivity to Azure RemoteApp and remote resources:
Creating a new connection is fairly simple and intuitive:
Standard features like mapping local directories to remote machine, sound andprinter forwarding are also present:
CoRD
Out next option for the Mac platform is CoRD,downloadable from its sourceforge site. CoRD is also easy to use and offers most features found in otherremote desktop tools.
The image below shows a local folder in a Mac system mapped to a remote Windowsmachine.
Royal TSX
Royal TSX is yet another tool available for Mac fromRoyalApplications. The latest version requires at least the Mac OS Yosemite operatingsystem.
What sets RoyalTSX apart is its ability to use plugins for different types ofconnectivity. These plugins are available from Royal Software as well. The remotedesktop client plugin is installed by default. Similarly, other connection typeslike VNC, SSH, HTTP or FTP can be installed with plugins, making it almost a universalconnectivity tool.
Royal TSX allows repetitive command tasks or key sequences to be run automaticallybefore, after or when a connection is made. The images below show this:
Some plugins allow Windows processes, services or events to be accessed remotely.However, this requires the RoyalTSX server component:
As the image below shows, connecting to a Windows server is fairly simple andstandard. The credentials for the connections need to be created first:
The free version of Royal TSX allows up to 10 remote connections. If you arenot managing dozens of Windows servers, the free version can be a good choice.
Linux Clients
Like Mac, there are remote desktop tools available for different flavors of Linux.To use these tools, needless to say, the Linux computer needs to be running in graphicalmode. Here are few of the tools to consider.
KRDC
KRDC or KDE Remote Desktop Client is available for Linux distros running K Desktop,like Fedora. The package is available from KDE repo, so it can be easily installedwith the following command:
KRDC has a simple interface. However, in our opinion, it lacks a basic featureexpected from any RDP client.
For example, once a connection is created, KRDC can “remember” theremote server’s username and password, provided it’s saved in the KDEWallet Manager application.
This obviously means installing another KDE application in your workstation.The default wallet it looks for is called “kdewallet” and in a vanillainstallation of KDE Wallet, users don’t know the password for that wallet,nor can they change it (at least we could not).
This means when connecting from the KRDC tool, users will be prompted for thewallet’s password if the “Remember password (KWallet)” optionwas chosen. Since users would not know the password, they have to bypass this bypressing the “Cancel” button:
Bypassing the wallet password prompt will result in the tool asking for the remoteuser’s password. Not a show-stopper perhaps, but to most regular users thiscan be a time-consuming affair.
Remmina
In our opinion, this is one of the best tools available for debian-based Linuxdistros, and can be downloaded from theRemmina GitHubrepo of FreeRDP. Unfortunately the installation page does not list any RedHat-baseddistros except Fedora. If you are using something like Ubuntu, Gentoo, Fedora orArchLinux, this tool should be yours.
The two images below show a remote Windows desktop displayed in Remmina runningin Ubuntu 16.10:
Other than RDP, this tool also supports NX, VNC and SSH protocols:
Some of the advanced features of Remmina connection properties are shown below:
Like RoyalTSX for Mac, this tool also allows for startup programs to run whena connection is made.
FreeRDP
Another tool from the same repo owner is FreeRDP, a command line tool to startremote desktop sessions. This is available from theGitHubpage of the product. FreeRDP is available for Ubuntu, Debian, Fedora, and OpenSuSEin Linux distributions and for Mac and even Windows. As said, this is a commandline tool, but has a large number of options available as switches.
We installed the tool in a Fedora 26 machine and were able to connect to a WindowsServer. The actual command is xfreerdp and it’s located in the /usr/bin directory.The following code snippet shows a basic form of the command and its output. Inthis case, we can safely ignore the warning:
Other Remote Desktop Sharing Protocols
So far, the tools we have talked about all use the remote desktop protocol. Thisis a proprietary protocol developed by Microsoft and ships with any Windows machine.It runs on port 3389 by default. However, this is not the only protocol availablefor remote connections. We will talk about two other protocols:
- VNC
- NX
VNC
VNC or Virtual Network Computing is a desktop sharing system using the RemoteFrame Buffer (RFB) protocol. Computers running a VNC server can be remotely connectedfrom other computers running a VNC client. This is a platform independent protocol,which means there are servers and clients available for Mac, Linux and Windows.This also means the same VNC client can connect to a remote Windows server or aLinux server, each of which could be running VNC as a service. In fact someof the RDP tools we have discussed so far like Remmina, KRDC or RoyalTSX - all featurea VNC client. The default port for VNC communication is 5900. For Java-based VNCclient, this is 5800.
Although VNC can be an alternative to remote desktop protocol, it means installationof additional software on the Windows server and configuring any firewall to allowtraffic on the VNC port.
There are various VNC client and server packages available for free, some ofthese are:
- TightVNC
- TigerVNC
- RealVNC Home Edition
- UltraVNC
The image below shows the UltraVNC service running in a Windows Server 2016 machine.We downloaded it from UltraVNC’sofficial site.
And here are some of the UltraVNC service configurations:
The image below shows how we are using a TigerVNC Viewer client from a CentOS7.16 machine to connect to the Windows server running UltraVNC.
NX
NX is another remote desktop sharing protocol developed by a company called NoMachine(there are also open source variants like OpenNX and FreeNX). The tool, also calledNoMachine, allows some cool features like recording the remote desktop sessionsor streaming remote multimedia. Unlike VNC or RDP, NoMachine does not have separatesoftware installers for client and server: a NoMachine install creates both thecomponents. Once NoMachine is installed in a Windows server, make sure the serviceis running and the firewall is allowing traffic through the default port of 4000.
In the image below, we can see the nxservice (NoMachine server) running as aWindows service:
The following series of images show a NoMachine client running in Fedora settingup a remote Windows server connection:
Once the connection is set up, subsequent connections are easy: just select theconnection icon and click on the “Connect” button:
Once the credentials are provided (here we are using password authentication),there are a number of options to choose from for logon, display, resolution, sound,multimedia, etc.:
As you can see, NoMachine provides lot of options to configure how you interactwith the remote computer. Once you click through the options, the remote desktopis shown as a locked screen:
You can now press Ctl+Alt+0 to bring out the NoMachine menu, click on the littleicon in the lower right corner and choose Ctl+Alt+Delete from the pop-up menu, thenclick on the “Done” button:
This will bring up the Windows logon screen where you can put the remote server’saccess credentials.
Conclusion
One thing to remember when troubleshooting remote desktop session issues is thenetworking layer. For any remote desktop connection to succeed:
- The service component needs to be running in the remote machine, whetherit is remote desktop service, VNC or NX.
- The remote server needs to have a network path from the client: for example,we cannot remote desktop into a server if it’s only accessible from abastion host.
- The server’s firewall or other network protection layer has to allowremote desktop traffic coming from the client’s network. This is particularlytrue if the machine is running VNC or NX.
- When running the Windows remote desktop protocol and client, the user needsto be a member of the remote desktop users local Windows group other groupswith higher privileges.
- The network bandwidth needs to be good, particularly if there is a largegeographical distance between client and server.
We hope this tip has given you some ideas about choosing the right RDP tool.We leave it up to the reader to make their own choice. Feel free to comment aboutother non-Windows RDP clients you might be using in the comments section below.
Next Steps
If you are using a non-Windows workstation, consider the following:
- Download and install the RDP clients we talked about
- Test the limitations of the “free” editions; for example:
- How many remote sessions you can keep open or
- How many sessions you can save
Last Updated: 2017-11-21
About the author
View all my tips
In computing, Virtual Network Computing (VNC) is a graphical desktop-sharing system that uses the Remote Frame Buffer protocol (RFB) to remotely control another computer. It transmits the keyboard and mouse events from one computer to another, relaying the graphical-screen updates back in the other direction, over a network.[1]
VNC is platform-independent – there are clients and servers for many GUI-based operating systems and for Java. Multiple clients may connect to a VNC server at the same time. Popular uses for this technology include remote technical support and accessing files on one's work computer from one's home computer, or vice versa.
VNC was originally developed at the Olivetti & Oracle Research Lab in Cambridge, United Kingdom. The original VNC source code and many modern derivatives are open source under the GNU General Public License.
There are a number of variants of VNC[2] which offer their own particular functionality; e.g., some optimised for Microsoft Windows, or offering file transfer (not part of VNC proper), etc. Many are compatible (without their added features) with VNC proper in the sense that a viewer of one flavour can connect with a server of another; others are based on VNC code but not compatible with standard VNC.
VNC and RFB are registered trademarks of RealVNC Ltd. in the US and some other countries.
History[edit]
The Olivetti & Oracle Research Lab (ORL)[3] at Cambridge in the UK developed VNC at a time when Olivetti and Oracle Corporation owned the lab. In 1999, AT&T acquired the lab, and in 2002 closed down the lab's research efforts.
Developers who worked on VNC while still at the AT&T Research Lab include:[4]
- Tristan Richardson (inventor)
- Andy Harter (project leader)
- James Weatherall
Following the closure of ORL in 2002, several members of the development team (including Richardson, Harter, Weatherall and Hopper) formed RealVNC in order to continue working on open-source and commercial VNC software under that name.
The original GPLed source code has fed into several other versions of VNC. Such forking has not led to compatibility problems because the RFB protocol is designed to be extensible. VNC clients and servers negotiate their capabilities with handshaking in order to use the most appropriate options supported at both ends.
As of 2013, RealVNC Ltd claims the term 'VNC' as a registered trademark in the United States and in other countries.[5]
Etymology[edit]
The name Virtual Network Computer/Computing (VNC) originated with ORL's work on a thin client called the Videotile, which also used the RFB protocol. The Videotile had an LCD display with pen input and a fast ATM connection to the network. At the time, network computer was commonly used as a synonym for a thin client; VNC is essentially a software-only (i.e. virtual) network computer.[citation needed]
Operation[edit]
- The VNC server is the program on the machine that shares some screen (and may not be related to a physical display – the server can be 'headless'), and allows the client to share control of it.
- The VNC client (or viewer) is the program that represents the screen data originating from the server, receives updates from it, and presumably controls it by informing the server of collected local input.
- The VNC protocol (RFB protocol) is very simple, based on transmitting one graphic primitive from server to client ('Put a rectangle of pixel data at the specified X,Y position') and event messages from client to server.
In the normal method of operation a viewer connects to a port on the server (default port: 5900). Alternatively (depending on the implementation) a browser can connect to the server (default port: 5800). And a server can connect to a viewer in 'listening mode' on port 5500. One advantage of listening mode is that the server site does not have to configure its firewall to allow access on port 5900 (or 5800); the duty is on the viewer, which is useful if the server site has no computer expertise and the viewer user is more knowledgeable.
The server sends small rectangles of the framebuffer to the client. In its simplest form, the VNC protocol can use a lot of bandwidth, so various methods have been devised to reduce the communication overhead. For example, there are various encodings (methods to determine the most efficient way to transfer these rectangles). The VNC protocol allows the client and server to negotiate which encoding they will use. The simplest encoding, supported by all clients and servers, is raw encoding, which sends pixel data in left-to-right scanline order, and after the original full screen has been transmitted, transfers only rectangles that change. This encoding works very well if only a small portion of the screen changes from one frame to the next (as when a mouse pointer moves across a desktop, or when text is written at the cursor), but bandwidth demands get very high if a lot of pixels change at the same time (such as when scrolling a window or viewing full-screen video).
VNC by default uses TCP port 5900+N,[6][7] where N is the display number (usually :0 for a physical display). Several implementations also start a basic HTTPserver on port 5800+N to provide a VNC viewer as a Java applet, allowing easy connection through any Java-enabled web-browser. Different port assignments can be used as long as both client and server are configured accordingly. A HTML5 VNC client implementation for modern browsers (no plugins required) exists too.[8]
Although possible even on low bandwidth, using VNC over the Internet is facilitated if the user has a broadband connection at both ends. However, it may require advanced NAT, firewall and router configuration such as port forwarding in order for the connection to go through. Users may establish communication through Virtual Private Network (VPN) technologies to ease usage over the Internet, or as a LAN connection if VPN is used as a proxy, or through a VNC repeater (useful in presence of a NAT).[9][10]
Xvnc is the Unix VNC server, which is based on a standard X server. To applications, Xvnc appears as an X 'server' (i.e., it displays client windows), and to remote VNC users it is a VNC server. Applications can display themselves on Xvnc as if it were a normal X display, but they will appear on any connected VNC viewers rather than on a physical screen.[11] Alternatively, a machine (which may be a workstation or a network server) with screen, keyboard, and mouse can be set up to boot and run the VNC server as a service or daemon, then the screen, keyboard, and mouse can be removed and the machine stored in an out-of-the way location.
In addition, the display that is served by VNC is not necessarily the same display seen by a user on the server. On Unix/Linux computers that support multiple simultaneous X11 sessions, VNC may be set to serve a particular existing X11 session, or to start one of its own. It is also possible to run multiple VNC sessions from the same computer. On Microsoft Windows the VNC session served is always the current user session.[citation needed]
Users commonly deploy VNC as a cross-platform remote desktop system. For example, Apple Remote Desktop for Mac OS X (and more recently, 'Back to My Mac' in 'Leopard' - Mac OS X 10.5) interoperates with VNC and will connect to a Unix user's current desktop if it is served with x11vnc, or to a separate X11 session if one is served with TightVNC. From Unix, TightVNC will connect to a Mac OS X session served by Apple Remote Desktop if the VNC option is enabled, or to a VNC server running on Microsoft Windows.[12]
In July 2014 RealVNC published a Wayland developer preview.[13][14]
Security[edit]
By default, RFB is not a secure protocol. While passwords are not sent in plain-text (as in telnet), cracking could prove successful if both the encryption key and encoded password were sniffed from a network. For this reason it is recommended that a password of at least 8 characters be used. On the other hand, there is also an 8-character limit on some versions of VNC; if a password is sent exceeding 8 characters, the excess characters are removed and the truncated string is compared to the password.
UltraVNC supports the use of an open-source encryption plugin which encrypts the entire VNC session including password authentication and data transfer. It also allows authentication to be performed based on NTLM and Active Directory user accounts. However, use of such encryption plugins makes it incompatible with other VNC programs. RealVNC offers high-strength AES encryption as part of its commercial package, along with integration with Active Directory. Workspot released AES encryption patches for VNC. According to TightVNC,[15] TightVNC is not secure as picture data is transmitted without encryption. To circumvent this, it should be tunneled through an SSH connection (see below).
VNC may be tunneled over an SSH or VPN connection which would add an extra security layer with stronger encryption. SSH clients are available for most platforms; SSH tunnels can be created from UNIX clients, Microsoft Windows clients, Macintosh clients (including Mac OS X and System 7 and up) – and many others. There are also freeware applications that create instant VPN tunnels between computers.
An additional security concern for the use of VNC is to check whether the version used requires authorization from the remote computer owner before someone takes control of their device. This will avoid the situation where the owner of the computer accessed realizes there is someone in control of their device without previous notice.
See also[edit]
References[edit]
- ^Richardson, T.; Stafford-Fraser, Q.; Wood, K. R.; Hopper, A. (1998). 'Virtual network computing'(PDF). IEEE Internet Computing. 2: 33–38. CiteSeerX10.1.1.17.5625. doi:10.1109/4236.656066.
- ^The VNC family of Remote Control Applications: a list of VNC variants
- ^'VNC Frequently Asked Questions (FAQ)'. 1999. Archived from the original on 15 August 2000.
- ^RealVNC Executive Profiles
- ^Copyright and trademarks RealVNC. Accessed Feb 23, 2018.
- ^'RealVNC - Frequently asked questions'.
- ^'UltraVnc Configuration'.
- ^'noVNC'.
- ^'OpenWRT VNC repeater'.
- ^'uVNC repeater'.
- ^AT&T Laboratories Cambridge (1999). 'X-based VNC server'. Virtual Network Computing. Archived from the original on 19 March 2007. Retrieved 24 March 2007.
- ^'OnlineVNC Server for Windows OSes'.
- ^'VNC® Wayland Developer Preview'. 8 July 2014. Archived from the original on 14 July 2014. Retrieved 10 July 2014.
- ^'RealVNC Wayland developer preview email'. freedesktop.org. 9 July 2014.
- ^How secure is TightVNC? TightVNC Frequently Asked Questions. TightVNC.com Accessed Feb 23, 2018
How To Access Your Mac Remotely From Any Device And Anywhere
External links[edit]
How To Use Apple Remote Desktop
Wikimedia Commons has media related to VNC. |
Wikibooks has a book on the topic of: Internet Technologies/VNC |
- AT&T VNC - Original AT&T-Cambridge VNC website