Virtual Network Computing
|
Virtual Network Computing (VNC) is a desktop protocol to remotely control another computer. It transmits the keyboard presses and mouse clicks from one computer to another relaying the screen updates back in the other direction, over a network.
VNC is platform-independent: a VNC viewer on any operating system can connect to a VNC server on any other operating system. There are clients and servers for almost all operating systems and for Java. Multiple clients may connect to a VNC server at the same time. Popular uses of the technology include remote technical support, and accessing files on your work computer from your home computer.
VNC was originally developed at AT&T. The original VNC source code is open source under the GNU General Public License, as are many of the variants of VNC available today.
Contents |
History
VNC was created at the Olivetti & Oracle Research Lab, which was then owned by Olivetti and Oracle Corporation. In 1999 AT&T acquired the lab, and in 2002 closed down the research part of the lab.
The name originates from a very-thin-client ATM Network Computer called the Videotile, which was essentially an LCD with a pen input and a fast ATM connection to the network. VNC is essentially a software-only version of this 'ATM Network Computer'.
Developers that worked on VNC while still at the AT&T Research Lab:
- Tristan Richardson
- Quentin Stafford-Fraser
- James Weatherall
- Ken Wood
- Andy Harter
- Charlie McLachlan
- Paul Webster
How it works
VNC has two parts, a client and a server. The server is the program on the machine that shares its screen, and the client (or viewer) is the program that watches and interacts with the server.
VNC is a very simple protocol, based one graphic primitive: "Put a rectangle of pixel data at a given x,y position". That is, the server sends small rectangles of the framebuffer to the client. This in its simplest form uses much bandwidth, so various methods are used to reduce it. For example, there are various encodings - methods to determine the most efficient way to transfer these rectangles. The VNC protocol allows the client and server to negotiate which encoding will be used. The simplest encoding, which is supported by all clients and servers, is the raw encoding where pixel data is sent in left-to-right scanline order, and after initial setup, then only transfers rectangles that change. Because of that, this encoding works very well if only a small portion of the screen changes from one frame to the next (like a mouse pointer moving across a desktop, or text being written at the cursor), but bandwidth demands get very high if a lot of pixels change (full screen video is the most radical example for this).
VNC by default uses ports 5900 to 5906, each representing the corresponding X screen (ports 6000 to 6006, for screens :0 to :6). A Java viewer is available in many implementations such as RealVNC on ports 5800 to 5806, following the same pattern. These ports can be changed.
Projects using VNC
- Workspot uses VNC to provide a personal Linux desktop as an encrypted web service. It also uses VNC to provide a free online Linux desktop demo.
- Ndiyo incorporates "lessons learned from VNC" into its ultra-thin-client, the nivo, which it is developing for use in Internet cafes, especially in third world countries, with the help of some of the original VNC team.
Security in VNC
By default, VNC is not a secure protocol. While passwords are not sent in plain-text (as in telnet), brute-force cracking could prove successful if both the encryption key and encoded password are sniffed from a network. For this reason it is recommended that a password of at least 8 characters is used.
However, VNC may be tunnelled over an SSH or VPN connection which would add an extra security layer with stronger encryption. Unfortunately, this isn't always a viable solution; for example, SSH tunnelling can be difficult on Windows machines.
UltraVNC supports the use of an open-source encryption plugin which encrypts the entire VNC session including password authentication and data transfer. It also allows authentication to be performed based on NTLM and Active Directory user accounts.
RealVNC offers high-strength encryption as part of its commercial package.
Workspot released AES encryption patches for VNC.
Although some people believe that VNC can easily be used to hack into a system, usually a user would have to explicitly enable remote access to the ports used by VNC in order to be hacked. In other words, a system running VNC on a network can only be accessed from within that network unless the user specifies otherwise (such as in the router's configuration settings).
Further reading
- Tristan Richardson, Quentin Stafford-Fraser, Kenneth R. Wood & Andy Hopper, "Virtual Network Computing", IEEE Internet Computing, Vol.2 No.1, Jan/Feb 1998 pp33-38 PDF format (http://www.uk.research.att.com/pub/docs/att/tr.98.1.pdf)
External links
- Ask Slashdot: Which VNC Software is Best? (http://ask.slashdot.org/article.pl?sid=04/10/20/0132236&tid=185&tid=201&tid=4)
- Decryption of RealVNC Passwords (http://www.jonaspiela.de/code.html#vncdec)
- UltraVNC Encryption DSM Plugin (http://home.comcast.net/~msrc4plugin/)
- UltraVNC: Links to other VNC flavors (http://ultravnc.sourceforge.net/links.html)
VNC Versions & Implementations
- RealVNC (http://www.realvnc.com/) - the official version maintained by the original team from AT&T Laboratories in Cambridge
- TightVNC (http://www.tightvnc.com/) - known for its more efficient compression algorithms which allow for better responsiveness over slow connections including the internet
- UltraVNC (http://ultravnc.sourceforge.net/) - Windows client/server with added features such as file transfers, NTLM and Active Directory based security, text chat windows, session encryption, and backwards compatibility
- MSRC4 DSM Plugin for UltraVNC (http://home.comcast.net/~msrc4plugin/) - open source encryption plugin for UltraVNC
- TridiaVNC (http://www.tridiavnc.com/)
- ZVNC (http://home.comcast.net/~davedyer/znc/zvnc.html) - An experimental derivative that includes encryption and compression
- OSXvnc (http://www.redstonesoftware.com/vnc.html) - Macintosh server
- Chicken of the VNC (http://sourceforge.net/projects/cotvnc/) - Macintosh client
- VNCDimension (http://www.mdimension.com/cgi-bin/WebObjects/mDimension.woa/wa/software)
- PocketPC VNCViewer (http://www.cs.utah.edu/~midgley/wince/vnc.html) - PocketPC client
- PalmVNC (http://palmvnc2.free.fr/) - Palm OS client
- VNC Viewer for the RiscPC (http://www.bigblue.demon.co.uk/VNC.html)
- ViNCe (http://www.vinc17.org/acorn/#vince) - a VNC client for RISC OS
- VNC Viewer for OS/2 PM (http://www.sra.co.jp/people/akira/os2/vnc-pm/)
- J2ME VNC (http://j2mevnc.sf.net) - VNC client for Java enabled Cell phones
- MetaVNC (http://metavnc.sourceforge.net/)
- VNCScan Enterprise Console (http://www.vncscan.com/vs/) - designed for Enterprise use
- VncSix (http://frequal.com/roku/VncSix/index.html) - Roku PhotoBridge HD Client (for HDTV viewing)
de:Virtual Network Computing he:Virtual Network Computing ja:Virtual Network Computing pl:VNC pt:Virtual Network Computing