VNC Deployment Recipe

This recipe documents the deployment of a VNC sever on a cloud VM

This guide to assumes you have already created a VM running Ubuntu 20.04, noted its IP address (e.g. 10.186.xx.xx), and plan for both admin(s) and users to connect via the gateway machines.

For details about how to launch a new VM and connect as root, see the general documentation.

Procedure

  1. Initial setup to be performed by an admin of the VM:

    Install the necessary software packages:

    apt update
apt upgrade -y
apt install -y xorg icewm nautilus eog evince firefox libturbojpeg
update-alternatives --set x-terminal-emulator /usr/bin/xterm
wget -O /tmp/turbovnc_2.2.6_amd64.deb https://sourceforge.net/projects/turbovnc/files/2.2.6/turbovnc_2.2.6_amd64.deb/download
apt install -y /tmp/turbovnc_2.2.6_amd64.deb

    At this point it is a good idea to reboot the VM.

    Add the pre-made vnc-gates security group to the VM to allow connections from the gateway machines to the VNC server(s).

  2. Initial setup performed by the each user:

    mkdir ~/.vnc
cat << EOF > $HOME/.vnc/xstartup
#!/bin/sh
unset SESSION_MANAGER
unset DBUS_SESSION_BUS_ADDRESS
exec icewm-session
EOF
chmod 755 ~/.vnc/xstartup
cp ~/.vnc/xstartup ~/.vnc/xstartup.turbovnc
/opt/TurboVNC/bin/vncpasswd

3. Users can now launch their own VNC sessions by running /opt/TurboVNC/bin/vncserver -autokill on the VM and then vncviewer -via MPCDF_USER@gate.mpcdf.mpg.de 10.186.XX.XX::PORT from their personal computer. The port number is defined as the display number added to 5900, e.g. 5901 for display :1, 5902 for display :2, and so on.

Alternative (tunneled connection)

A slightly more secure solution is to bind the vnc session to the localhost on the VM and use an ssh tunnel directly to the VM to gain access. This way no VNC connection is required from the gate.mpcdf.mpg.de node to the VM serving the VNC.

  1. Launch the VNC session on the VM as follows /opt/TurboVNC/bin/vncserver -localhost -autokill.

  2. Idnetify the VNC port /opt/TurboVNC/bin/vncserver -list on the VM

  3. Create an ssh tunnle from your local server to the VM ssh -L 2345:localhost:PORT -J <username>@gate.mpcdf.mpg.de <VM-IP-ADDRESS>

  4. Connect to the vnc server from your locaL server vncviewer localhost::2345