VNC

Introduction

VNC (Virtual Network Computing) is a graphical remote desktop system that uses the RFB protocol (Remote Frame Buffer) to control a graphical desktop session on another computer over a network. It transmits the keyboard and mouse events from one computer to another and sends the graphical screen updates back in the other direction. Open-source implementations exist for all relevant operating systems.

VNC usage scenarios at the MPCDF

VNC is useful to transmit the content of graphical user interfaces from one computer (the server) to another computer (the client). Technically, on a Linux platform, running a VNC session involves an X-VNC server that is used to draw X11 applications locally. Only bitmaps are then sent to the client. In most cases, the performance of VNC is superior compared to traditional X forwarding, especially when dealing with complex graphical interfaces on wide-area networks.

At the MPCDF, a typical scenario would be to run a graphical tool (e.g. a debugger, a performance analysis tool, or data analysis software) interactively on a HPC cluster in a VNC session.

A particularly useful feature of a VNC session is its persistence. Users may disconnect from the VNC session and reconnect later, potentially from different computers at different locations. Programs that run within the session continue to run as long as the VNC session is not shut down or killed.

For plain text applications, the GNU screen tool offers similar persistent functionality at a much smaller resource footprint. Please consider using screen instead of VNC in case you don’t need to run GUI applications.

How to launch VNC sessions on HPC clusters at the MPCDF

Important: Please read and follow the separate instructions for remote visualization in case you need GPU acceleration for OpenGL-enabled (3D) applications. Moreover, the remote visualization service allows to conveniently launch a non-accelerated VNC session on dedicated resources, however with a limited run time.

VNC sessions can be launched manually on most interactive Linux machines. As a general rule, the session should be run as close to the workload as possible in order to minimize the need for X forwarding to the X-VNC server.

How to launch a VNC server manually on a login node

On a login node please proceed as follows to start a VNC session.

module load turbovnc
module load vncsetup   # Set up the VNC environment and password,
vncsetup               # is required only once.
vncserver -geometry 1200x980

At the launch of vncserver its X display is reported, e.g. ‘toks01:10’. Expand the hostname to be fully qualified and note the information to be able to connect later, e.g. ‘toks01.bc.rzg.mpg.de:10’. On Cobra and Raven, please note that it is necessary to append an ‘i’ to the hostname reported for network reasons: E.g., when the vncserver reported ‘cobra02:10’ at launch time, the fully qualified hostname and X display would read ‘cobra02i.mpcdf.mpg.de:10’. The VNC session uses the lightweight IceWM window manager by default.

How to shut down a VNC server

To terminate a VNC session, log in to the machine it is running on and enter the following command (where “:10” is the X display of our example which needs to be adapted to the actual X display of your session).

module load turbovnc
vncserver -kill :10

How to connect to VNC servers running on Linux systems at the MPCDF

For security reasons it is necessary to establish an SSH connection to gate1 (or gate2) and tunnel the VNC connection through that connection. On Linux, recent VNC viewers support a “-via” command line option that can be used to establish the SSH tunnel conveniently. On other platforms and with different VNC viewers, it is necessary to create the SSH tunnel manually. Users need to make sure to have a vncviewer locally installed (TigerVNC, TightVNC, or TurboVNC are recommended).

Starting from the launch examples in the previous section, the steps necessary to connect to VNC sessions are described in the following. This example uses the server ‘cobra01i.mpcdf.mpg.de’ on X display 10, which you would need to adapt to your actual session.

How to connect from Linux clients using TurboVNC viewer (or compatible viewers)

Proceed as follows to connect if you have a vncviewer that supports the “-via” option. (Make sure to adapt the hostname and the X display to your actual session.)

vncviewer -via USER@gate2.mpcdf.mpg.de cobra01i.mpcdf.mpg.de:10

You will be prompted several times for a password: Enter your MPCDF password followed by an OTP to log in to gate2, and then enter your VNC password to connect to the session.

How-to connect from Linux, Mac, or Windows clients using SSH and a generic VNC viewer

For VNC clients that don’t support the “-via” option a two-step process is necessary.

  1. Open a new terminal window and establish an SSH connection to gate2:

    ssh -L 5999:cobra01i.mpcdf.mpg.de:5910 USER@gate2.mpcdf.mpg.de

    Note that the “-L” option needs the target hostname and the TCP port of the VNC server. The TCP port is obtained by adding the X display number (here “10”) to 5900, which gives 5910 in our example. On Windows, the ssh command is in general not available. The “plink.exe” binary from PuTTY provides comparable functionality and uses a similar syntax.

  2. Once the SSH connection is established, open a second terminal window and connect vncviewer to the local port of the SSH tunnel.

    vncviewer 127.0.0.1::5999

Security considerations

In general, VNC (RFB) packets are not encrypted. It is the user’s responsibility to establish transport encryption by tunneling VNC connections though SSH. Firewall rules at the MPCDF prevent plain VNC connections from external networks and enforce SSH connections, anyway.