7.6. Virtual Network Computing

One of the attractive features of Mac OS X is the ease with which you can integrate a Mac OS X system into a Unix environment consisting of multiple Unix workstations that typically rely on X11 for their GUI. In the previous section, for example, we explained how to log in to a remote Unix machine, launch an X11 application, and display the application on your Mac. The reverse process is also possible. You can log into a remote Mac OS X machine from another computer, launch an application on the remote Mac OS X machine, and have the application display on your local machine. The local machine, meanwhile, can be running the X Window System, Microsoft Windows, or any another platform supported by Virtual Network Computing (VNC).

VNC consists of two components:

• A VNC server, which must be installed on the remote machine

• A VNC viewer, which is used on the local machine to view and control applications running on the remote machine

The VNC connection is made through a TCP/IP connection.

The VNC server and viewer may not only be on different machines, but they can also be installed on different operating systems. This allows you to, for example, connect from Solaris to Mac OS X. Using VNC, you can launch and run both X11 and Aqua applications on Mac OS X, but view and control them from your Solaris box.

VNC can be installed on Mac OS X with the Fink package manager (look for the vnc package), but that version (the standard Unix version of the VNC server ) only supports X11 programs, not Aqua applications. This standard Unix version of VNC translates X11 calls into the VNC protocol. All you need on the client machine is a VNC viewer. Two attractive Mac-friendly alternatives to the strictly X11-based VNC server are OSXvnc (http://www.redstonesoftware.com/vnc.html), and Apple's powerful desktop management software, Apple Remote Desktop 2.x. (ARD2) OSXvnc is freeware, and although Apple Remote Desktop is commercial software, the client portion of it ships with Tiger and includes a full VNC server, named AppleVNCServer.

The standard Unix version of the VNC server is quite robust. Rather than interacting with your display, it intercepts and translates the X11 network protocol. (In fact, the Unix version of the server is based on the XFree86 source code.) Applications that run under the Unix server are not displayed on the server's screen (unless you set the DISPLAY environment variable to :0.0, in which case it would be displayed only on the remote server, but not on your VNC client). Instead, they are displayed on an invisible X server that relays its virtual display to the VNC viewer on the client machine. OSXvnc and AppleVNCServer work in a similar manner except they support the Mac OS X Aqua desktop instead of X11. With either OSXvnc or AppleVNCServer running on your Mac OS X system, you can use a VNC client on another system for example, a Unix system to display and control your Mac OS X Aqua desktop. You can even tunnel these VNC connections (both X11 and Aqua) through SSH.

7.6.1. Launching VNC

If you installed VNC on your Mac OS X system via Fink (or on any Unix system for that matter), you can start the VNC server by issuing the following command:

          vncserver 

If you don't have physical access to the system on which you want to run the VNC server, you can login into it remotely and enter the command before logging out:

          nohup vncserver 

This starts the VNC server, and nohup makes sure that it continues to run after you log out. In either case, the first time you start vncserver, you need to supply a password, which you need anyway when connecting from a remote machine. (This password can be changed using the command vncpasswd.) You can run several servers; each server is identified by its hostname with a :number appended. For example, suppose you start the VNC server twice on a machine named abbott; the first server is identified as abbott:1 and the second as abbott:2. You need to supply this identifier when you connect from a client machine.

By default, the VNC server runs twm. So, when you connect, you will see an X11 desktop instead of Mac OS X's desktop. You can specify a different window manager in ~/.vnc/xstartup. To terminate the VNC server, use the following command syntax:

          vncserver -kill : display 

For example, to terminate abbott:1, you would issue the following command while logged into abbott as the user who started the VNC server:

          vncserver -kill :1 

7.6.1.1. VNC and SSH

VNC passwords and network traffic are sent over the wire as plaintext. However, you can use SSH with VNC to encrypt this traffic.

There is a derivative of VNC, called TightVNC (http://www.tightvnc.com), which is optimized for bandwidth conservations. (If you are using Fink, you can install it with the command fink install tightvnc). TightVNC also offers automatic SSH tunneling on Unix and backward compatibility with the standard VNC.

If you want to tunnel your VNC connection through SSH, you can do it even without TightVNC. To illustrate this process, let's consider an example using a SUN workstation running Solaris named mrchops and a PowerBook G4 named mug running Mac OS X Tiger. In the following example, the VNC server is running on the Solaris machine and a VNC client on the Mac OS X machine. To display and control the remote Solaris GNOME desktop on your local Mac OS X system, do the following:

1. Log into the Solaris machine, mrchops, via SSH if you need to login remotely.

2. On mrchops, enter the following command to start the VNC server on display :1:

             nohup vncserver :1 

   
   

3. In your ~/.vnc directory, edit the xstartup file so gnome starts when you connect to the VNC server with a VNC client. In particular, your xstartup file should look like this:

        #!/bin/sh     xrdb $HOME/.Xresources     xterm  -geometry 80x24+10+10 -ls -title "$VNCDESKTOP Desktop" &     exec /usr/bin/gnome-session 

   
   

4. Logout from the Solaris box, mrchops.

5. From a Terminal window (or xterm) on your Mac OS X machine, log into mrchops via ssh:

             ssh -L 5902:127.0.0.1:5901 mrchops

   
   

   Any references to display :2 on your Mac will connect to the Solaris machine's display :1 through an SSH tunnel (display :1 uses port 5901, display :2 uses 5902). You may need to add the -l option to this command if your username on the Solaris machine is different from the one you're using on your Mac OS X machine. For example, say your username on mrchops is brian, but on mug it's ernie. The following command would be issued instead of the one above:

             ssh -L 5902:127.0.0.1:5901 mrchops -l brian

   
   

   Additionally, you may need to open ports through any firewalls you may have running. Open ports 5900-5902 for VNC, and 22 for ssh.

6. On your Mac, you can either start X11 or run vncviewer from the command line:

             vncviewer localhost:2

   
   

   You can also run an Aqua VNC client like VNCDimension (http://www.mdimension.com/) or Chicken of the VNC (http://sourceforge.net/projects/cotvnc/). Figure 7-8 shows a Chicken of the VNC connection to a Solaris GNOME desktop.

7.6.2. Connecting to the Mac OS X VNC Server

To connect to a Mac OS X machine that is running a VNC server, you need to install a VNC viewer. We mentioned two Mac OS X viewers (VNCDimension and Chicken of the VNC) earlier, and additional Mac OS X viewers can be found on Version Tracker or MacUpdate (http://www.versiontracker.com/macosx/ or http://www.macupdate.com) by searching for "VNC". VNC or TightVNC provide viewers for Unix systems . These viewers can be used to display and control the Mac OS X client machines.

To connect, start your viewer and specify the hostname and display number, such as chops:1 or chops:2. If all goes well, you'll be asked for your password and then be connected to the remote Mac OS X desktop. VNC connections to Mac OS X Aqua desktops can be established through SSH tunnels.

Figure 7-8. Chicken of the VNC displaying a remote GNOME desktop

To illustrate this process, let's do the reverse of what we did in our last example; let's make an SSH-secured connection from a Solaris machine to the Mac OS X machine running the VNC server. Again, let's assume that the name of the Solaris machine is mrchops and the Mac OS X machine has a hostname of alchops.

1. On alchops, double-click the OSXvnc application. Select a display number (we've selected 1 in this example). The port number will be filled in automatically once you've selected the display number. Next, enter a password that will be used to connect to the VNC server and click the Start Server button. This step is illustrated in Figure 7-9.

   You can also ssh to alchops and start OSXvnc from the command line. For a list of command-line options enter:

             /Applications/OSXvnc.app/OSXvnc-server -help

   
   

2. On the Solaris machine, mrchops, enter:

             ssh -L 5902:localhost:5901 alchops

   
   

3. In another xterm window on mrchops, enter:

             vncviewer -depth 24 -truecolor localhost:2

   
   

4. The resulting VNC connection is shown in shown in Figure 7-10.

Figure 7-9. Starting the OSXvnc server

If you're running OSXvnc on your Mac, you can control the Mac OS X desktop from the SUN Solaris machine, but the image quality of the Mac OS X desktop will be poor unless you invoke the vncviewer with the options -depth 24 -truecolor. In our testing, these options are needed to connect the Solaris vncviewer to the AppleVNCServer.

OSXvnc has several configuration options . If you click the System button when you open OSXvnc, you can select Swap Mouse Buttons 2 and 3, and two energy savings: Allow Display Dimming and Allow machine to Sleep. You can choose from several sharing options under OSXvnc's Sharing button, as shown in Figure 7-11.

If you want OSXvnc-server to run whenever the Mac OS X system is running, OSXvnc provides a way to install and configure a system-wide VNC server that starts when you boot your Mac. To take advantage of this feature, click the Startup button in OSXvnc, click the Configure Startup Item, and authenticate as an administrative user, as shown in Figure 7-12.

Figure 7-10. Mac OS X desktop displayed and controlled on a Solaris GNOME desktop

Configuring OSXvnc as a startup item places OSXvnc in /Library/StartupItems. Subsequently, the OSXvnc-server application starts automatically when you boot up your Mac. In this case, the OSXvnc GUI doesn't run, and you won't have access to the pasteboard between machines.

To enable AppleVNCServer check Apple Remote Desktop in the Sharing System Preference, click the Access Privileges button, check "VNC viewers may control screen with password," select a password, and click OK, as shown in Figure 7-13.

At the time of this writing OSXvnc does not support multiple monitors, while AppleVNCServer does. Though, according to the OSXvnc web site, support for multiple monitors is planned for a future release. You can run both OSXvnc and AppleVNCServer on the same system, but since AppleVNCServer listens for clients on port 5900, you'll need to avoid using this port for OSXvnc.

Figure 7-11. Sharing configuration in OSXvnc

VNC clients and servers are available for Windows machines, so Windows clients can connect to Mac OS X and other UNIX VNC servers. Mac OS X clients can also connect to and control Windows VNC servers. (See http://www.realvnc.com/.) As an alternative to VNC, you can use Microsoft's free Remote Desktop Client (RDC, available at http://www.microsoft.com/mac/otherproducts/otherproducts.aspx?pid=remotedesktopclient) to remotely control a Windows desktop from a Mac OS X machine. An open source X11-based remote desktop client for Windows, named rdesktop (http://www.rdesktop.org), is also available and can be installed with DarwinPorts or Fink. (See Chapters 13 and 14 for information on DarwinPorts and Fink, respectively.)

Figure 7-12. Installing OSXvnc as a Startup Item

Figure 7-13. Enabling AppleVNCServer