All you need to know about VNC remote access technology
What is VNC?
VNC stands for Virtual Network Computing. It is a cross-platform screen sharing system that was created to remotely control another computer. This means that a computer’s screen, keyboard, and mouse can be used from a distance by a remote user from a secondary device as though they were sitting right in front of it.
VNC works on a client/server model. A server component is installed on the remote computer (the one you want to control), and a VNC viewer, or client, is installed on the device you want to control from. This can include another computer, a tablet, or a mobile phone. When the server and viewer are connected, the server transmits a copy of the remote computer’s screen to the viewer.
Not only can the remote user see everything on the remote computer’s screen, but the program also allows for keyboard and mouse commands to work on the remote computer from afar, so the connected user has full control (after being granted permission from the remote compute)r.
VNC was created in Cambridge in the late 1990s by the founders of RealVNC, and was commercialized in 2002 when the company was established.
What’s a VNC Server?
A server is a piece of computer hardware or software that provides capabilities for other programs called “clients.” This is called the client-server model, whereas a server can provide services such as data or resource sharing to one or multiple clients. One server can serve multiple clients in this way, and one single client can use multiple servers. A client will send a request to a server, which then sends a response back to the client.
A computer with VNC Server software installed can be accessed and controlled from a different device in a different location. The software allows a broadcast of the device desktop to a secondary device with VNC Viewer installed. Connected VNC Viewer users send a request, and then (with permission) can see the same thing as the person sitting in front of the remote computer.
What’s a VNC Viewer?
A viewer, on the other hand, is a program that renders the contents of a digital file on screen.
VNC Viewer is used for local computers and mobile devices you want to control from. A device such as a computer, tablet, or smart phone with VNC Viewer software installed can access and take control of a computer in another location.
It is a graphical desktop sharing system that allows a user to remotely control the desktop of a remote computer (running VNC Server) from your device, and it transmits the keyboard and mouse or touch events to VNC Server, so that once you are connected, you have control over the computer you’ve accessed. If you’re using your mobile phone, for example, you would be able to use the computer you’ve remotely accessed as though you were sitting right in front of it.
What is the RFB protocol?
Remote Framebuffer, or RFB, is the protocol that governs the format of the data that passes between the client and server within the VNC system. This is what allows a client to view and control another computer remotely. It is applicable to all windowing applications and systems, which means that it works across platforms such as Windows, macOS, Linux, and other popular operating systems.
The place where the user sits, with the display, mouse, and keyboard capabilities, is called the RFB client or viewer. The place where the framebuffer changes originate (as in the windowing system) is called the RFB server. Remote Framebuffer is designed so that clients can run on the widest range of hardware and so that implementing a client is as simple as possible, with very few requirements needed from the client.
RFB started as a very simple protocol but has been enhanced to include features such as file transfer, more refined compression, and stronger security measures as it has developed. Seamless cross-compatibility between VNC clients and servers is made possible because they are able to negotiate a connection which uses the best RFB version, as well as security and compression options that are supported by both.
RFB was developed as a remote display technology in Cambridge, UK, by some of the original developers of VNC and the current RFB protocol specifications for version 6 are published on the RealVNC website.
Similarities between VNC and RDP
The VNC protocol and RDP, the Remote Desktop Protocol developed by Microsoft, share several similarities:
- These protocols both provide access to remote desktops for quick and easy troubleshooting and remote working.
- They both require both client and server-side software to support communication.
- They use direct peer-to-peer communication, which just means that the local user computer can connect directly to the remote computer or device.
- Both support software to manage users and enable secure access.
Differences between VNC and RDP
Both VNC and RDP connect devices through a network, either via server or peer-to-peer. But even though their goals are the same – to provide graphical remote desktop capabilities to a device – they also differ in how they achieve that goal.
- RDP has limited platform capabilities, whereas VNC works across multiple operating systems.
- RDP can be faster than VNC.
- Security levels can vastly differ between the two protocols.
- VNC connects directly to the computer, but RDP connects to a shared server.
- RDP is not very compatible if you need to implement a remote desktop solution across a wide range of devices.
- Because of this, RDP can limit the ability to provide IT help.
VNC Connect remote access software: the evolution of VNC
In 2016, RealVNC launched their latest VNC-based remote access product: VNC Connect. This software combines the convenience of a cloud service with the flexibility of offline connectivity (also known as direct) and provides an optimized strategy for every size business.
Since its initial release, the product has continued to evolve, with features such as high-speed streaming and remote audio being added to the mix, along with continual tweaks to further refine the product to meet the needs of our customers.
VNC Connect’s key features include intuitive remote control, cross-platform support, attended and unattended access, file transfer, multilingual support, online team management and virtual desktop management under Linux. Its sessions are encrypted end-to-end using up to 256-bit AES encryption providing multi-factor authentication, single-sign on (SSO), granular access control and rich session permission
Virtual Network Computing (VNC) is a graphical desktop-sharing system that uses the Remote Frame Buffer protocol (RFB) to remotely control another computer. It transmits the keyboard and mouse input from one computer to another, relaying the graphical-screen updates, over a network.[1]
VNC is platform-independent – there are clients and servers for many GUI-based operating systems and for Java. Multiple clients may connect to a VNC server at the same time. Popular uses for this technology include remote technical support and accessing files on one's work computer from one's home computer, or vice versa.
VNC was originally developed at the Olivetti & Oracle Research Lab in Cambridge, United Kingdom. The original VNC source code and many modern derivatives are open source under the GNU General Public License.
There are a number of variants of VNC[2] which offer their own particular functionality; e.g., some optimised for Microsoft Windows, or offering file transfer (not part of VNC proper), etc. Many are compatible (without their added features) with VNC proper in the sense that a viewer of one flavour can connect with a server of another; others are based on VNC code but not compatible with standard VNC.
VNC and RFB are registered trademarks of RealVNC Ltd. in the US and some other countries.
Operation
- The VNC server is the program on the machine that shares some screen (and may not be related to a physical display – the server can be "headless"), and allows the client to share control of it.
- The VNC client (or viewer) is the program that represents the screen data originating from the server, receives updates from it, and presumably controls it by informing the server of collected local input.
- The VNC protocol (RFB protocol) is very simple, based on transmitting one graphic primitive from server to client ("Put a rectangle of pixel data at the specified X,Y position") and event messages from client to server.
In the normal method of operation a viewer connects to a port on the server (default port: 5900). Alternatively (depending on the implementation) a browser can connect to the server (default port: 5800). And a server can connect to a viewer in "listening mode" on port 5500. One advantage of listening mode is that the server site does not have to configure its firewall to allow access on port 5900 (or 5800); the duty is on the viewer, which is useful if the server site has no computer expertise and the viewer user is more knowledgeable.
The server sends small rectangles of the framebuffer to the client. In its simplest form, the VNC protocol can use a lot of bandwidth, so various methods have been devised to reduce the communication overhead. For example, there are various encodings (methods to determine the most efficient way to transfer these rectangles). The VNC protocol allows the client and server to negotiate which encoding they will use. The simplest encoding, supported by all clients and servers, is raw encoding, which sends pixel data in left-to-right scanline order, and after the original full screen has been transmitted, transfers only rectangles that change. This encoding works very well if only a small portion of the screen changes from one frame to the next (as when a mouse pointer moves across a desktop, or when text is written at the cursor), but bandwidth demands get very high if a lot of pixels change at the same time (such as when scrolling a window or viewing full-screen video).
VNC by default uses TCP port 5900+N,[6][7] where N is the display number (usually :0 for a physical display). Several implementations also start a basic HTTP server on port 5800+N to provide a VNC viewer as a Java applet, allowing easy connection through any Java-enabled web-browser. Different port assignments can be used as long as both client and server are configured accordingly. A HTML5 VNC client implementation for modern browsers (no plugins required) exists too.[8]
Although possible even on low bandwidth, using VNC over the Internet is facilitated if the user has a broadband connection at both ends. However, it may require advanced network address translation (NAT), firewall and router configuration such as port forwarding in order for the connection to go through. Users may establish communication through virtual private network (VPN) technologies to ease usage over the Internet, or as a LAN connection if VPN is used as a proxy, or through a VNC repeater (useful in presence of a NAT).[9] [10]
Xvnc is the Unix VNC server, which is based on a standard X server. To applications, Xvnc appears as an X "server" (i.e., it displays client windows), and to remote VNC users it is a VNC server. Applications can display themselves on Xvnc as if it were a normal X display, but they will appear on any connected VNC viewers rather than on a physical screen.[11] Alternatively, a machine (which may be a workstation or a network server) with screen, keyboard, and mouse can be set up to boot and run the VNC server as a service or daemon, then the screen, keyboard, and mouse can be removed and the machine stored in an out-of-the way location.
In addition, the display that is served by VNC is not necessarily the same display seen by a user on the server. On Unix/Linux computers that support multiple simultaneous X11 sessions, VNC may be set to serve a particular existing X11 session, or to start one of its own. It is also possible to run multiple VNC sessions from the same computer. On Microsoft Windows the VNC session served is always the current user session.[citation needed]
Users commonly deploy VNC as a cross-platform remote desktop system. For example, Apple Remote Desktop for Mac OS X (and more recently, "Back to My Mac" in 'Leopard' - Mac OS X 10.5) interoperates with VNC and will connect to a Unix user's current desktop if it is served with x11vnc, or to a separate X11 session if one is served with TightVNC. From Unix, TightVNC will connect to a Mac OS X session served by Apple Remote Desktop if the VNC option is enabled, or to a VNC server running on Microsoft Windows.[12]
In July 2014 RealVNC published a Wayland developer preview.[13][14]
Security
By default, RFB is not a secure protocol. While passwords are not sent in plain-text (as in telnet), cracking could prove successful if both the encryption key and encoded password were sniffed from a network. For this reason it is recommended that a password of at least 8 characters be used. On the other hand, there is also an 8-character limit on some versions of VNC; if a password is sent exceeding 8 characters, the excess characters are removed and the truncated string is compared to the password.
UltraVNC supports the use of an open-source encryption plugin which encrypts the entire VNC session including password authentication and data transfer. It also allows authentication to be performed based on NTLM and Active Directory user accounts. However, use of such encryption plugins makes it incompatible with other VNC programs. RealVNC offers high-strength AES encryption as part of its commercial package, along with integration with Active Directory. Workspot released AES encryption patches for VNC. According to TightVNC,[15] TightVNC is not secure as picture data is transmitted without encryption. To circumvent this, it should be tunneled through an SSH connection (see below).
VNC may be tunneled over an SSH or VPN connection which would add an extra security layer with stronger encryption. SSH clients are available for most platforms; SSH tunnels can be created from UNIX clients, Microsoft Windows clients, Macintosh clients (including Mac OS X and System 7 and up) – and many others. There are also freeware applications that create instant VPN tunnels between computers.
An additional security concern for the use of VNC is to check whether the version used requires authorization from the remote computer owner before someone takes control of their device. This will avoid the situation where the owner of the computer accessed realizes there is someone in control of their device without previous notice.
No comments:
Post a Comment