vnc . vnc demo windows tightvnc ajklinux1.uncc.edu ubuntu gtk vnc viewer
TRANSCRIPT
VNC demo
Windows TightVNC ajklinux1.uncc.edu
Ubuntu Gtk VNC Viewer
VNC
Virtual Network Computing
VNC - Overview
Virtual Network Computing (VNC) A graphical desktop sharing system
Uses the RFB protocol Remotely “control” another computer
Use another computer via a GUI environment
Uses a network Transmit keyboard and mouse events from one
computer to another Relays the graphical screen updates back
VNC - Overview
Platform-independent VNC viewer resides any operating system
Can connect to a VNC server of any other operating system Clients and servers available for almost all GUI operating
systems and for Java Multiple clients may connect to a VNC server at the same
time Popular uses for this technology include:
Remote technical support Accessing files on one's work computer from one's home
computer
VNC - Overview
Developed at “AT&T” Original VNC source code and many modern
derivatives are: Open source GNU General Public License
History
History
Created at the Olivetti & Oracle Research Lab Originally owned by Olivetti and Oracle Corporation In 1999 AT&T acquired the lab
2002 closed down the lab's research efforts Following the closure of ORL in 2002
Several members of the development team formed RealVNC Continued working on open source and commercial VNC software
under that name Several other versions of VNC have been developed from the
original GPLed source code. Forking has not led to compatibility problems
RFB protocol is designed to be extensible VNC clients and servers negotiate their capabilities when
handshaking Make use of the most appropriate options supported at both ends
Etymology
Etymology
'Virtual Network Computer/Computing' Originates from ORL's work on a thin client
Called Videotile Used the RFB protocol
Essentially an LCD display with: A pen input A fast ATM connection to the network
At the time a network computer was commonly used as a synonym for 'thin client' VNC is essentially a software-only (i.e virtual) version of
this network computer
Operation
Operation
VNC system requires: A server A client A communication protocol
Operation Where:
VNC server Program on the machine that shares its “screen” Does all the core processing
VNC client (or viewer) Program that monitors and interacts with the server Displays results
VNC protocol Very simple protocol
Based on one graphic primitive: "Put a rectangle of pixel data at the specified X,Y position"
Operation
Server sends small rectangles of the framebuffer to the client
In simplest form: VNC protocol can use a lot of bandwidth Methods devised to reduce communication overhead For example, various encodings
Methods to determine the most efficient way to transfer rectangles
VNC protocol Allows client and server to negotiate which encoding
to be used
Operation Simplest encoding: raw encoding
Pixel data is sent in left-to-right scanline order First sends complete image After original full screen has been transmitted
Only transfer rectangles that change Supported by all clients and servers
Raw Encoding works well if: Only a small portion of the screen changes from frame to frame
Mouse pointer moving across a desktop Text being written at the cursor
Bandwidth demands get very high when a lot of pixels change at the same time Scrolling a window Viewing full-screen video
Operation
VNC uses TCP ports 5900 through 5906 (default) Each port corresponds to a separate screen (:0 to :6)
Java viewer available for many implementations RealVNC allows clients to interact through a Java-enabled
web browser Ports 5800 through 5806
Other ports can be used Both client and server must be configured accordingly
Some operating systems only support a single VNC session at a time Base operating system supports only a single session at a time
E.g. Windows XP
Operation
On some machines: Server does not have to have a physical display Xvnc is the Unix VNC server
Based on a standard X server Xvnc can be considered to be two servers in one
to applications: it is an X server to remote VNC users: it is a VNC server
Applications can display themselves on Xvnc as if it were a normal X display Will appear on any connected VNC viewers rather than
on a physical screen
Operation
Display served by VNC Not necessarily the same display seen by a user on
the server’s monitor Unix/Linux computers that support multiple
simultaneous X11 sessions VNC may be set to serve a particular existing X11
session Start one of its own
Multiple VNC sessions can be run from the same computer
Microsoft Windows VNC session served is always current user session
Operation
VNC is commonly used as a cross-platform remote desktop system Apple Remote Desktop for Mac OS X interoperates with
VNC Will connect to a Linux user's current desktop if it is served
with x11vnc As a separate X11 session if one is served with TightVNC
From Linux TightVNC will connect to an OS X session served by:
Apple Remote Desktop If the VNC option is enabled
VNC server running on Microsoft Windows
Security
Security
By default, VNC is not a secure protocol Passwords are not sent in plain-text (as in telnet) but…
Brute-force cracking could prove successful if both the encryption key and encoded password are sniffed from a network
Recommended that a password of at least 8 characters be used Limit of 8-characters on some versions of VNC
If a password exceeds 8 characters: Excess characters are removed Truncated string is compared to the password
Security
VNC may be tunneled over an SSH or VPN connection Adds an extra security layer with stronger
encryption SSH clients are available for all major platforms
(and many smaller platforms as well) SSH tunnels can be created from
UNIX clients Microsoft Windows clients Macintosh clients many others
Security
UltraVNC supports the use of an open-source encryption plugin Encrypts the entire VNC session Including password authentication and data transfer
Allows authentication to be performed Based on NTLM and Active Directory user accounts
RealVNC offers high-strength encryption as part of its commercial package
Workspot released AES encryption patches for VNC
The original
http://www.cl.cam.ac.uk/research/dtg/attarchive/
RFBRemote Frame Buffer
RFB
RFB (“remote framebuffer”) A simple protocol for remote access to graphical user interfaces Works at the framebuffer level
Applicable to all windowing systems and applications Including X11, Windows and Macintosh
Used in Virtual Network Computing (VNC) and its derivatives RFB started as a relatively simple protocol
Has been enhanced with additional features (such as file transfers) and more sophisticated compression and security techniques as it has developed
To maintain seamless cross-compatibility between different VNC client and server implementations: Clients and servers negotiate a connection using the best RFB
version Use the most appropriate compression and security options they can
both support
History
RFB was originally developed at Olivetti Research Laboratory Remote display technology
used by a simple thin client with ATM connectivity called a Videotile To keep the device as simple as possible
RFB was developed and used in preference of existing remote display technologies
RFB found a second, more enduring use when VNC was developed VNC was released as open source software and the RFB
specification published on the web. Since then RFB has been a free protocol which anybody can
use. ORL was closed in 2002
Some key people behind VNC and RFB formed RealVNC Ltd Continued development of VNC Maintain the RFB protocol
Current RFB protocol is published on the RealVNC website
Protocol versions
Published versions of the RFB protocol are shown below: Developers are free to add additional encoding and security types
Must book unique identification numbers for these with the maintainers of the protocol so that the numbers do not clash.
Clashing type numbers would cause confusion when handshaking a connection and break cross-compatibility between implementations
The list of encoding and security types is maintained by RealVNC Ltd Separate from the protocol specification New types can be added without requiring the specification to be reissued
Version Source Date Specification
RFB 3.3 ORL January 1998 The Remote Framebuffer Protocol 3.3
RFB 3.7 RealVNC Ltd July 2003
RFB 3.8 (current)
RealVNC Ltd July 2005 The Remote Framebuffer Protocol 3.8
Encoding
Pixel data can be encoded to compress data Raw Hextile Zlib Many others…
Can reduce the amount of data sent Various encoding have different efficiencies Can vary by screen content Has a cost of the time to encode/decode
Note: encoding is NOT encrypting!
EncodingNumber Encoding
0x00000000 Raw
0x00000001 CopyRect
0x00000002 RRE (Rising Rectangle)
0x00000004 CoRRE (Compact Rising Rectangle)
0x00000005 Hextile
0x00000006 Zlib
0x00000007 Tight
0x00000008 ZlibHex
0x00000009 Ultra
0x00000010 ZRLE
0x00000011 ZYWRLE
0xFFFF0001 CacheEnable
0xFFFF0006 XOREnable
0xFFFF8000 ServerState (UltraVNC)
0xFFFF8001 EnableKeepAlive (UltraVNC)
0xFFFF8002 FTProtocolVersion (File Transfer Protocol Version - UltraVNC)
0xFFFFFF00–0xFFFFFF09 CompressLevel (Tight encoding)
0xFFFFFF10 XCursor
0xFFFFFF11 RichCursor
0xFFFFFF18 PointerPos
0xFFFFFF20 LastRect
0xFFFFFF21 NewFBSize
0xFFFFFFE0–0xFFFFFFE9 QualityLevel (Tight encoding)
VNC
1. 2. 3. 4.
10%
0%0%
90%1. Uses a desktop on the client
2. Displays an image of a server “desktop” on the client
3. Is, by default, secure
4. Should never be used on modern computers