Hack 38 Run X Remotely with FreeNX

Use FreeNX to connect to a remote desktop that's responsive even over a slow dial-up connection.

Before exploring the technical details of NX, you should run the test drive first to see the performance NX offers; NX Client 1.3.2 is already included with Knoppix 3.4. To start NX Client, click K MenuInternetNX Client for Linux.

NX technology is new. It's actually so new that the newest developments are (at the writing of this book) not yet included in Knoppix. However, this hack gives you an overview of what to expect with the Knoppix Version 3.6.

The NX Connection Wizard starts and allows you to create a new session. It asks for a name for the session, nxserver host, and, optionally, a port, which in most cases is just the SSH port (22). You can also select the speed of your connection. Even if you have a very fast connection, it's worthwhile to try modem speed first.

If you don't have an NX Server to which to connect, visit NoMachine's web site at http://www.nomachine.com/testdrive.php and sign up for its test drive. You'll receive an email with details on how to connect to its test server.

You can select the type of the connection (Windows, Unix, VNC) and the preferred Desktop in the next step. NX can connect to other servers at the backend, so it's also useful as a secure and fast gateway to Windows or VNC machines.

You can use a full screen (in which case, you can click on the top-right pixel to minimize the session) or a specified size for the session window. You can also select "SSL encryption" to tunnel all traffic over SSH.

The advantages are clear:

• You don't have to open any port other than SSH, which, in most cases, is open for remote shell access anyway.

• Users don't have to fiddle with complicated SSH client and forwarding setups. Just installing NXClient is enough. NXClient is of course available for all major operating systems, such as Windows, Linux, and MacOS X.

As the last step, you can choose to create an icon on your desktop for that session automatically (which is recommended) and to configure advanced options.

Don't worry; you can always select the advanced options dialog from nxclient later.

As soon as you've finished, you should see the Login dialog of NX Client. Open up a web browser to http://www.nomachine.com/testdrive.php, and then enter your name and email address. Some minutes later, you'll receive an email with your test-account data to enter in a test drive's client.

Insert the account data and press Login. The NX Client then creates a connection, authenticates the user, and establishes the X-Server connection. Then a window appears and a normal KDE session is started—in Italy.

If the user authenticates, but it then times out, try to activate SSL encryption by checking "Enable SSL encryption of all traffic" on the Desktop screen of the NX Connection Wizard, and then reconnect.

The session should be very fast, and you should be able to browse the Web, write email, and do your office work on it. Indeed, I do this regularly. Wherever I am, I can connect to my PC at home and graphically read my email—even if it's just a modem uplink.

5.3.1 The NX Technology

How can NX achieve this speedup of X?

There are five major reasons:

Very efficient X Protocol compression

The X Protocol is highly compressible. Each X-Request or Confirmation has a fixed part and a variable part. With Differential X Protocol Compression (DXPC), you can transmit what has changed only on the display, instead of the complete desktop.

Caching of the protocol

The X Protocol compression makes it possible to cache the data to improve responsiveness. For example, in VNC it takes equally long to open the same menu multiple times while NX sessions get faster with time. For example, the first time the menu opens in NX it takes some time, but the second time, the menu just pops up as if it were opened locally. Also, due to a disk cache, this effect is also preserved if you start a new session.

Round-trip suppression

A round trip in the X11 protocol is a request plus the wait for confirmation. While you can increase bandwidth without problems, it's not possible to reduce latency (as the speed of light, and in this case electricity, has a maximum speed).

One round trip is tolerable, but imagine that you have to make 1000 round trips, and you have to wait each time for the answer over a link with high latency, which is very slow. This effect is especially bad with modern tool kits, such as QT or GTK, because they are typically programmed to run on the same machine—not over the network.

NX solves round-trip problems locally by usage of an nxagent that groups requests and then sends them chunked to the client.

Compression of X-Images

NX uses state-of-the-art compression techniques like PNG and JPEG to compress huge bitmaps. VNC uses this technique too, but VNC always compresses the entire screen along with fonts, because it cannot distinguish between the different elements on the desktop. With NX, just the X-Images are compressed, and the fonts and most other elements on the desktop are crystal clear.

Chunking of image data

Image data is the biggest part of a desktop to be transferred over the network. Even if it's possible to compress it, you still want to use the desktop while a huge image transfers. NX never uses all of the bandwidth and always has a small control channel so that it can stop the transfer of the chunked images to react to a mouse click or similar events. As a result, the desktop is more responsive.

5.3.2 Set Up NX Server

NoMachine sells a commercial server with support but has also put all core components under the GPL, which allows anyone to write a free server, which I did.

The following instructive details were not programmed at the writing of this book, so it is possible that the actual program differs in some ways from what is described here.

To set up the NX server, click K MenuKNOPPIXServicesManage NX Server. This informs you that you are starting a service that allows other users to access this computer. The server then creates a user called nxfree and starts the SSH service.

Then it starts an interface, and you can manage your server:

Add user

Before users can use your NX terminal server, add them to your server.

Remove user

If you no longer want a certain user to use your NX server, remove her.

Stop server

Stop the NX server.

Quit

Quit the management program but leave the server running.

As it is not currently clear how the NX server interface will handle these functions, the following shows you how to perform them from the command line.

5.3.3 User Management

To add a new user joe to Knoppix, open a console and type:

knoppix@ttyp0[knoppix]$ sudo adduser joe

You are then asked a number of questions about this user, including his full name. Fill in the fields, and then choose a password for the account. Joe can now log in to this server with ssh. However, if he wants to use NX, you must activate his account for the NX server. First, I add joe to the NX user database, then I give him a password:

knoppix@ttyp0[knoppix]$ sudo nxserver --useradd joe

knoppix@ttyp0[knoppix]$ sudo nxserver --passwd joe

Joe can now use the NX Client on his laptop to connect to this machine.

5.3.4 Server Management

The NX server has a number of command-line options:

--help

Shows a small help page.

--useradd

Adds a user.

--userdel

Deletes a user.

--userlist

Lists all configured users.

--passwd

Sets a password for a user.

--start

Starts NX server.

--stop

Stops NX server. This option does not stop the SSH daemon.

--restart

Restarts NX server.

--status

Shows whether the server is currently running.

--list

Each session that starts on the server receives a unique session ID. This option lists all running sessions.

--terminate

Terminates all sessions for a user. Alternatively, you can terminate users based on the display number they use to connect.

--suspend

Suspends a session to be reconnected later.

--send

Sends a message to the specified user.

--broadcast

Enables you to send a message to all connected users.

--lock

Locks the display of a user.

--unlock

Unlocks the display of a user.

NX can help you as a tool for remote administration. Knoppix offers the NX server so setting it up is very easy.

—Fabian Franz