5.7 Virtual Network Computer | Mac OS X Panther for Unix Geeks

One of the attractive features of Mac OS X is the ease with which you can integrate a Mac OS X system into a Unix environment consisting of multiple Unix workstations that typically rely on X11 for their GUI. In the previous section, for example, we explained how to log in to a remote Unix machine, launch an X11 application, and display the application on your Mac. The reverse process is also possible. You can log into a remote Mac OS X machine from another computer, launch an application on the remote Mac OS X machine, and have the application display on your local machine. The local machine, meanwhile, can be running the X Window System, Microsoft Windows, or any another platform supported by Virtual Network Computer (VNC).

VNC consists of two components :

A VNC server, which must be installed on the remote machine
A VNC viewer, which is used on the local machine to view and control applications running on the remote machine

The VNC connection is made through a TCP/IP connection.

The VNC server and viewer may not only be on different machines, but they can also be installed on different operating systems. This allows you to, for example, connect from Solaris to Mac OS X. Using VNC, you can launch and run both X11 and Aqua applications on Mac OS X, but view and control them from your Solaris box.

VNC can be installed on Mac OS X with the Fink package manager (look for the vnc package), but that version (the standard Unix version of the VNC server) only supports X11 programs, not Aqua applications. This standard Unix version of VNC translates X11 calls into the VNC protocol. All you need on the client machine is a VNC viewer. An attractive Mac-friendly alternative to the strictly X11-based VNC server is OSXvnc (http://www.redstonesoftware.com/vnc.html).

The standard Unix version of the VNC server is quite robust. Rather than interacting with your display, it intercepts and translates the X11 network protocol. (In fact, the Unix version of the server is based on the XFree86 source code.) Applications that run under the Unix server are not displayed on the server's screen (unless you set the DISPLAY environment variable to :0.0, in which case it would be displayed only on the remote server, but not on your VNC client). Instead, they are displayed on an invisible X server that relays its virtual display to the VNC viewer on the client machine. OSXvnc works in a similar manner except it supports the Mac OS X Aqua desktop instead of X11. With the OSXvnc server running on your Mac OS X system, you can use a VNC client on another system, for example, a Unix system, to display and control your Mac OS X Aqua desktop. You can even tunnel these VNC connections (both X11 and Aqua) through SSH.

5.7.1 Launching VNC

If you installed VNC on your Mac OS X system via Fink (or on any Unix system for that matter), you can start the VNC server by issuing the following command:

 vncserver

If you don't have physical access to the system on which you want to run the VNC server, you can login into it remotely and enter the command before logging out:

 nohup vncserver

This starts the VNC server, and nohup makes sure that it continues to run after you log out. In either case, the first time you start vncserver , you need to supply a password, which you need anyway when connecting from a remote machine. (This password can be changed using the command vncpasswd .) You can run several servers; each server is identified by its hostname with a :number appended. For example, suppose you start the VNC server twice on a machine named abbott ; the first server will be identified as abbott:1 and the second as abbott:2 . You will need to supply this identifier when you connect from a client machine.

By default, the VNC server runs twm . So, when you connect, you will see an X11 desktop instead of the Mac OS X desktop. You can specify a different window manager in ~/.vnc/xstartup . To terminate the VNC server, use the following command syntax:

 vncserver -kill :   display

For example, to terminate abbott:1 , you would issue the following command while logged into abbott as the user who started the VNC server:

 vncserver -kill :1.

5.7.1.1 VNC and SSH

VNC passwords and network traffic are sent over the wire as plaintext. However, you can use SSH with VNC to encrypt this traffic.

There is a derivative of VNC, called TightVNC, which is optimized for bandwidth conservations. (If you are using Fink, you can install it with the command fink install tightvnc ). TightVNC also offers automatic SSH tunneling on Unix and backward compatibility with the standard VNC.

If you want to tunnel your VNC connection through SSH, you can do it even without TightVNC. To illustrate this process, let's consider an example using a SUN workstation running Solaris named mrchops and a PowerBook G4 named tichops running Panther. In the following example, the VNC server is running on the Solaris machine and a VNC client on the Mac OS X machine. To display and control the remote Solaris GNOME desktop on your local Mac OS X system, do the following:

Log into the Solaris machine, mrchops , via SSH if you need login remotely.
On mrchops , enter the following command to start the VNC server on display :1 :
```
 nohup vncserver :1 
```
In your ~/.vnc directory, edit the xstartup file so that the gnome will start when you connect to the VNC server with a VNC client. In particular, your xstartup file should look like this:
```
 #!/bin/sh xrdb $HOME/.Xresources xterm  -geometry 80x24+10+10 -ls -title "$VNCDESKTOP Desktop" & exec /usr/bin/gnome-session & 
```
Logout from the Solaris box, mrchops.
From a Terminal window (or xterm ) on your Mac OS X machine, log into mrchops via ssh:
```
 ssh -L 5902:localhost:5901 mrchops 
```
Any references to display :2 on your Mac will connect to the Solaris machine's display :1 through an SSH tunnel ( display :1 uses port 5901, display :2 uses 5902). You may need to add the - l option to this command if your username on the Solaris machine is different from the one you're using on your Mac OS X machine. For example, say your username on mrchops is brian, but on tichops it's ernie. The following command would be issued instead of the one above:
```
 ssh -L 5902:localhost:5901 mrchops -l brian 
```
Additionally, you may need to open ports through any firewalls you may have running. Open ports 5900-5902 for VNC, and 22 for ssh .
On your Mac, you can either start X11 or run vncviewer from the command line:
```
 vncviewer localhost:2 
```
You can also run an Aqua VNC client like VNCDimension (http://www.mdimension.com/) or Chicken of the VNC (http:// sourceforge .net/projects/cotvnc/). Figure 5-8 shows a VNCDimension connection to a Solaris GNOME desktop.

Figure 5-8. VNCDimension displaying a remote GNOME desktop

5.7.2 Connecting to the Mac OS X VNC Server

To connect to a Mac OS X machine that is running a VNC server, you will need a VNC viewer. We mentioned two Mac OS X viewers ( VNCDimension and Chicken of the VNC ) earlier, and additional Mac OS X viewers can be found on Version Tracker or MacUpdate (http://www. versiontracker .com/macosx/ or http://www.macupdate.com) by searching for "VNC". VNC or TightVNC provide viewers for Unix systems. These viewers can be used to display and control the Mac OS X Aqua desktop.

To connect, start your viewer and specify the hostname and display number, such as chops:1 or chops:2 . If all goes well, you'll be asked for your password and then be connected to the remote Mac OS X desktop. VNC connections to Mac OS X Aqua desktops can be established through SSH tunnels.

To illustrate this process, let's do the reverse of what we did in our last example; let's make an SSH-secured connection from a Solaris machine to the Mac OS X machine running the VNC server. Again, let's assume that the name of the Solaris machine is mrchops and the Mac OS X machine has a hostname of tichops.

On tichops double-click the OSXvnc application. Select a display number (we've selected 1 in this example). The port number will be filled in automatically once you've selected the display number. Next, enter a password that will be used to connect to the VNC server and click the Start Server button. This step is illustrated in Figure 5-9.

You can also ssh to tichops and start OSXvnc from the command line. For a list of command-line options enter:
```
 /Applications/OSXvnc.app/OSXvnc-server -help 
```

Figure 5-9. Starting the OSXvnc server

On the Solaris machine, mrchops , enter:
```
 ssh -L 5902:localhost:5901 tichops 
```
In another xterm window on mrchops, enter:
```
 vncviewer localhost:2 
```
The resulting VNC connection is shown in shown in Figure 5-10.

Figure 5-10. Mac OS X desktop displayed and controlled on a Solaris GNOME desktop

Although we were able to control the Mac OS X desktop from the SUN Solaris machine, the image quality of the Mac OS X desktop shown in Figure 5-10 is rather poor on the systems that we used (SUN Ultra 10-440 running Solaris 8 and a PowerBook G4 running Mac OS X Panther).

A wrapper application for OSXvnc, Share My Desktop (SMD), is available from Bombich Software (http://www.bombich.com/software/smd.html) and is licensed under the GNU General Public License. This handy little application reduces launching the OSXvnc server to a one-click operation. To start the VNC server, just launch the SMD application and click the "Start Sharing" button as shown in Figure 5-11. A random password and port for the VNC server is automatically chosen . You can modify the default setting in SMD's Preferences. In particular, you can keep the password private (it is displayed as asterisks in the SMD main window), and either generate a random password (default) or specify your own password. Additionally, you can select two energy saving settings: allow the screen to dim, and allow the computer to sleep.

Figure 5-11. Share My Desktop's one click to start/stop the VNC server

If you want the VNC server to run whenever the Mac OS X system is running, SMD provides a way to install and configure a system-wide VNC server that will, optionally , start on when you boot up your Mac OS X system. To take advantage of this feature, you'll need to be logged in as an administrative user. Assuming this is the case, open the SMD application, and select File Manage System VNC Server to open the dialog window as shown in Figure 5-12.

Figure 5-12. Installing a System VNC Server with Share My Desktop

Click the lock to make changes and supply your administrative password (you must be an administrative user to do this). This pop-up window will allow you to install the VNC server and startup item, configure settings (password, port, display name, start VNC server on startup, allow the screen to dim, allow the computer to sleep), and to turn on/off the System VNC Server. If you click the Install System VNC button, the OSXvnc-server and storepasswd binaries will be installed in /usr/local/bin and a startup item in /Library/StartupItems /. A backup of the /etc/hostconfig file is also made, in case you later want to uninstall the system-wide VNC server and return to the settings you had prior to the installation of the system VNC.

The settings for the system-wide VNC server are stored in /etc/vnc_settings , and the password is stored in /etc/vnc_pass . Changing the "Start VNC server on startup" option resets the value of VNCSERVER in the / etc/hostconfig file. If you've installed the system-wide VNC server using this procedure, you can uninstall it (along with its configuration files) by clicking the "Uninstall System VNC" button in the same Manage System VNC Server pop-up window. This uninstall procedure will also restore the /etc/hostconfig , which was backed up when you installed VNC server. Since this can overwrite system configuration changes you've made since installing VNC, we suggest that you instead edit the VNCSERVER line so that it is set to -NO- instead of -YES- and restart (see Chapter 2 for more information on the hostconfig file).

VNC clients and servers are available for Windows machines, so Windows clients can connect to Mac OS X and other UNIX VNC servers. Mac OS X clients can also connect to and control Windows VNC servers. (See http://www.realvnc.com/.) As an alternative to VNC, you can use Microsoft's free Remote Desktop Client (RDC, available at http://www.microsoft.com/mac/otherproducts/otherproducts.aspx?pid=remotedesktopclient) to remotely control a Windows desktop from a Mac OS X machine.