VNC - Virtual Network Computing

Author: Jennifer Eakins <jeakins@ucsd.edu>

Visit the VNC homepage

Using VNC

VNC stands for Virtual Network Computing. It is, in essence, a remote display system which allows you to view a computing 'desktop' environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures.

VNC consists of two types of component. A server, which generates a display, and a viewer, which actually draws the display on your screen.

There are two important features of VNC:

So, to get started with VNC you need to run a server, and then connect to it with a viewer. The current VNC software requires a TCP/IP connection between the server and the viewer, though there is no reason why the software couldn't be modified to use, for example, RS232 or Firewire. You'll need to know the name or the IP address of the server machine.

Download sites

http://www.uk.research.att.com/vnc/

VNC FAQ

Q: Is there a mailing list?

A: Yes, the mailing list website is at http://www.uk.research.att.com/vnc/intouch.html

There is a comprehensive list of FAQs at the VNC website. The address of the FAQ page is http://www.uk.research.att.com/vnc/faq.html

How do I get a web display of my real-time data?

Use the freeware program, VNC from AT&T Labs in Cambridge in conjunction with the orbmonrtd program of the Antelope software package(BRTT). Setting up this process is a little ugly, so the instructions below are an attempt to walk you through the process. There are 7 main steps:

1. Get the UNIX source code or precompiled code for your system from AT&T labs

http://www.uk.research.att.com/vnc/download.html

Follow the download and installation procedures recommended from this site. I am currently running v3.3.3 r2

2. Modify the vncserver script to point to the proper Perl installation and to include the "-xstartup" and "-rfbauth" features.

This will allow one user to have multiple "xstartup" scripts in their $HOME/.vnc directories and allows you the option of multiple passwords for logins to those different instances of vnc. See an example of the modified vncserver script and compare it to an original vncserver script. Key updates include:

Line 01

#!/opt/antelope/perl/bin/perl

Lines 60-61

# Add xstartup and rfbauth to available options
&ParseOptions("-geometry",1,"-depth",1,"-pixelformat",1,"-name",1,"-kill",1, 
"-xstartup",1,"-rfbauth",1,"-help",0,"-h",0,"--help",0);

Lines 82-94

# Added to support multiple XVnc's run by a single user
if ($opt{'-xstartup'}) {
    $xstartup = $opt{'-xstartup'};
} else {
    $xstartup = "$vncUserDir/xstartup";
}
if ($opt{'-rfbauth'}) {
    $rfbauth = $opt{'-rfbauth'};
} else {
    $rfbauth = "$vncUserDir/rfbauth";
}

Lines 111-120

# Make sure the user has a password.
($z,$z,$mode) = stat("$rfbauth");
if (!(-e "$rfbauth) || ($mode & 077)) {
    warn "\nYou will require a password to access your desktops.\n\n";
    system("vncpasswd $rfbauth");
    if (($? >> 8) != 0) {
        exit 1;
    }
}

Lines 165

$cmd .= " -rfbauth $rfbauth";

Lines 168-174

# Add font path and color database stuff here, e.g.:
#
# Changed these lines for our local setup. Don't know if it matters (J. Eakins 3/8/2001)
$cmd.#="-fp/usr/X/lib/X11/fonts/misc/,/ usr/openwin/lib/X11/fonts/75dpi/,/usr/X/lib/X11/fonts/TrueType";
# $cmd .= " -co /usr/openwin/lib/X11/rgb";
#

Lines 192-217

# Create the user's xstartup script if necessary.
if (!(-e "$xstartup")) {
    warn "Creating default startup script $xstartup\n";
    open(XSTARTUP, ">$xstartup");
    print XSTARTUP $defaultXStartup;
    close(XSTARTUP);
    chmod 0755, "$xstartup";
}
# Run the X startup script.  warn "Starting applications specified in $xstartup\n";

3. Get sys-admin to allow read/write permissions for world on /tmp/.X11-unix

For instance:

%chmod 01777 /tmp/.X11-unix

Without this you will get error messages like this when you try running vncviewer:

rtquake% vncviewer :1
vncviewer: ConnectToTcpAddr: connect: Connection refused
Unable to connect to VNC server

From rtquake:1.log file:

_XSERVTransSocketCreateListener: failed to bind listener
_XSERVTransSocketUNIXCreateListener: ...SocketCreateListener() failed
_XSERVTransMakeAllCOTSServerListeners: failed to create listener for local
Fatal server error:
Failed to establish all listening sockets
xsetroot: unable to open display 'rtquake:1'
couldn't connect to display "rtquake:1"

4. Change default xstartup

Copy the default xstartup file from /usr/local/bin/xstartup to your local $HOME/.vnc directory. Remove references to cde/kde/xrdb/xsetroot in the defaults xstartup. Replace with the following:

xterm -geometry 
80x24+10+10 -ls -title "$VNCDESKTOP Desktop - TESTING" &

5. Test vncserver

Start with a simple test to see if you can start a Xvnc session that shows an xterm.

Upon the first execution of vncserver, you will be asked to select a password. Choose one that is at least 6 characters in length. This password will be stored in $HOME/.vnc/passwd unless you specify an alternate filename (see discussion of rfbauth).

rtquake% vncserver
You will require a password to access your desktops.
Password:
Verify: rtquake% vncserverNew 'X' desktop is rtquake:1
Starting applications specified in /export/rtquake/rt/.vnc/xstartup
Log file is /export/rtquake/rt/.vnc/rtquake:1.log

Now test that you can view the desktop that is being served: rtquake% vncviewer :1

Ideally, you will see an xterm window that you can type various commands in. However, you will not be able to launch any other programs that need a running X server because you have not started a window manager with this session.

As my pages are going to be available on the web with a visible password, or a password that has been broadcast to many users, I choose not to have a running window manager or xterm. You never know what nasty ideas might be acted upon by those viewing your webpage if you give them a wide open door to your systems. I feel that by having only the orbmonrtd window displayed, I am limiting some of the more basic/obvious forms of attack.

See the FAQ on "VNC security issues" (external site) if you have questions on the security of VNC. Also see one VNC user's opinion on why it is not a good idea to run your vncservers with /etc/passwd as the authentication.

For the paranoid among us, you could create a "vnc" user and group that has no write permissions other than in the home directory. Talk to your sys-admin if you are concerned.

You can now kill the vncserver for this session. The basic startup script is going to be replaced with a site-specific xstartup file.

rtquake% vncserver -kill :1

6. Setup your xstartup script, html directory and index.vnc

This is the guts of the customization that you will make. For each webpage you want to create, you will make a unique xstartup script and a unique html directory which is going to contain your modified webpages. You may choose to create unique passwords for each page and then supply the vncserver command with the -rfbauth option.

What follows below is a detailed example of my setup for displaying both a 1 hour and 12 hour orbmonrtd display.

A listing of my $HOME/.vnc shows the startup files for two vncservers and two HTML directories. Follow the links to see the contents of the 12 hour (startup file | html page) or the 1 hour (startup file | html page)

%pwd
/export/rt/rtquake/.vnc
%ll *anza*
-rwxr-xr-x 1 rt rt 552 Jan 23 17:10 xstartup_anza12hr*
-rwxr-xr-x 1 rt rt 281 Jan 23 16:55 xstartup_anza1hr*anza12hr:
-rw-rw-r-- 1 rt rt 3105 Jan 23 17:12 anza12hrindex.html
lrwxrwxrwx 1 rt rt 18 Feb 4 2000 index.vnc -> anza12hrindex.html
lrwxrwxrwx 1 rt rt 42 Feb 3 2000 vncviewer.class -> /usr/local/vnc/classes/vncviewer.class
lrwxrwxrwx 1 rt rt 40 Feb 3 2000 vncviewer.jar -> /usr/local/vnc/classes/vncviewer.jar
anza1hr:
-rw-rw-r-- 1 rt rt 3102 Apr 12 2000 anza1hrindex.html
lrwxrwxrwx 1 rt rt 17 Feb 4 2000 index.vnc -> anza1hrindex.html
lrwxrwxrwx 1 rt rt 42 Feb 3 2000 vncviewer.class -> /usr/local/vnc/classes/vncviewer.class
lrwxrwxrwx 1 rt rt 40 Feb 3 2000 vncviewer.jar -> /usr/local/vnc/classes/vncviewer.jar

NOTE

The vncviewer.class and vncviewer.jar files must exist (or be linked to) the existing files in each of the HTML directories (anza12hr and anza1hr).

NOTE

The Java based viewer expects a webpage called "index.vnc". I suppose I could have found where this was hardwired into the code and modified it, but I haven't bothered. Instead I create a unique html file and create a link (ln -s anza1hrindex.html index.vnc).

The xstartup file

The xstartup file is a csh script. I assume that the user who is launching vncserver has have already sourced the $ANTELOPE/setup.csh file and can thus find the orbmonrtd program. If this is not the case, you can add a line to the modified xstartup file to source /opt/antelope/setup.csh. I remove all lines referring to xsetroot and xrdb:  they aren't necessary and can cause problems if you don't have a .Xresources file in $HOME.

In both of the startup files there are references to different orbmonrtd parameter files. I use separate files in order to specify unique time windows and amplitude ranges for orbmonrtd. See orbmonrtd_anza12hr.pf or orbmonrtd_anza1hr.pf and for more information you should read the manpage for orbmonrtd.

Note that the values for -wmax and -hmax specified in the orbmonrtd command line will help determine the size of your orbmonrtd window and will be guides for the geometry option of vncserver (see "Starting a new vncserver").

Potential Pitfalls

  1. Are you allowed access to the orb data you are trying to display?
    You may be denied access via the orbserver.pf file on the system you are trying to access. Contact the person in charge of the orb you are trying to access with the IP from which you are trying to retrieve data.
  2. The orb you are trying to access is not running or has large latencies
    Try an "orbstat -s host:port to see if there is any current data. This is also useful when you aren't sure if you have permission to connect to an orb.
  3. You have not specified the proper orb name in the parameter file
    If no orb name is specified in the orbmonrtd.pf file, orbmonrtd assumes you are looking at an orb running on your localhost. Make sure the proper name is specified (may need IP if you can't translate names with a nameserver).
  4. You see either a flat line trace or a yellow blurry mess
    Your scale isn't set properly. Experiment with increasing or decreasing the amplitude of the trace. Once you are satisfied with the results, save the changes to your orbmonrtd.pf parameter file.

When I am starting an orbmonrtd window for the first time, I try to run the command that is going to be used in the xstartup file from the command line. That way I can work on any of the scaling and access denied issues discussed above before I try publishing the orbmonrtd to the web. Give each xstartup file you create a unique name.

The html dir

Create a directory for each modified xstartup file. In the example listing above, I have two "html" directories: anza12hr and anza1hr. Each of these directories willhave their own index.vnc pages.
I have had problems accessing the vncviewer.jar and vncviewer.class files if I do not create an explicit link to them in each html directory.

The index.vnc file

I make major modifications to the default index.vnc web page that is included with the distribution. Copy the file from /usr/local/vnc/classes/index.vnc (or wherever you put the vnc distribution) to your html directory and save it as index.html or anza12hrindex.html.

Make modifications to the page:

The modifications made to the html page are up to you and can be much more extensive than what I have suggested. Have fun customizing!

7. Start a new vncserver

Now that you have made all necessary modifications, try to run your vncserver with the updated files. As user rt , cd into user rt's $HOME/.vnc directory and try the following.

rtquake% vncserver :7 -httpd ~/.vnc/anza4hr -desktop "TESTING- Jen's 4 hr anza display"
-alwaysshared -xstartup ~/.vnc/start_anza4hr -rfbauth /export/rtquake/rt/.vnc/webpass
New 'X' desktop is rtquake:7
Starting applications specified in /export/rtquake/rt/.vnc/start_anza4hr
Log file is /export/rtquake/rt/.vnc/rtquake:7.log

I have chosen port 7, my html directory is "anza4hr", my vncviewer window will have "TESTING- Jen's 4 hr anza display" as a title. I ask that the window is always shared so that multiple users can view at one time. The startup script is ~/.vnc/start_anza4hr and the password that is going to be used is found at /export/rtquake/rt/.vnc/webpass.

One option that I didn't use here, but can be very useful is "-viewonly". That allows no keyboard interaction from the viewer.

rtquake% vncviewer :7
VNC server supports protocol version 3.3 (viewer 3.3)
Password:
VNC authentication succeeded
Desktop name "rt's TESTING- Jen's 4 hr anza display desktop (rtquake:7)"
Connected to VNC server, using protocol version 3.3
VNC server default format:
8 bits per pixel.
True colour: max red 7 green 7 blue 3, shift red 0 green 3 blue 6
Using default colormap and translating from BGR233. Pixel format:
8 bits per pixel.
True colour: max red 7 green 7 blue 3, shift red 0 green 3 blue 6
Got 181 exact BGR233 colours out of 256
Using 9 existing shared colours
Same machine: preferring raw encoding

If you want to view the webpage, try

netscape http://rtquake.ucsd.edu:5807

Read the vnc documentation if you really want to know why 5807 is used as a port number.

8. Add to rtexec.pf?

I haven't tested it, but ideally you would want your orbdisplay restarted if your system went down. Alternately, there is an option under Xvnc to start an Xvnc process under inetd control. I have not tested either method.

This FAQ is a work-in-progress. Please let me know of any additions, corrections, or clarifications that need to be made!

URL: http://eqinfo.ucsd.edu/faq/vnc.php [Last updated: 2009-10-20 (293) 22:23:07 UTC]