Tools UltraVNC Lead image: Anthony DOUANN, 123RF

Remote Desktop with UltraVNC

Windshield Wiper

A bunch of remote access tools for Linux, Mac OS, and Windows are based on the VNC protocol. We show you why UltraVNC is the best of the bunch. By Thomas Drilling

Netviewer, TeamViewer, pcvisit, Radmin, BeamYourScreen, Mikogo, Copilot, ShowMyPC, LogMeIn Rescue – the imaginative names of today's crop of remote control software suggest individuality and technological uniqueness. In fact, they all do more or less the same thing.

The sheer number of remote control solutions for Windows is indicative of either a seemingly huge market for easy-to-handle, powerful, and secure remote control programs or the ease with which these kinds of applications can be developed because the protocols and standards they use are freely available. Marketing departments have put huge efforts into marketing their products as desktop sharing software for online meetings, presentations, remote support, web conferencing, and so on.

In all cases, software of this kind needs to display a computer's desktop over the LAN or the Internet and pass mouse movements and keyboard input through. In individual cases, advanced features also pass the hardware attached to the remote server through or support convenient file transfer operations. Depending on the solution, the server and clients have clear roles, whether they are available as separate programs or are combined in a tool that can handle both, and this difference in turn defines the usage philosophy.

Remote Control Solutions

Many of the available solutions additionally support browser-based web access, either as a built-in feature or via plugins, with no clear-cut borders. In remote control scenarios, users requiring help share their desktop with an expert, who then takes control of the client. On the other hand, the expert can use his or her own computer as a server for displaying and demonstrating interactions on the client screen. In another conceivable deployment scenario, the administrator is given GUI-based, and thus convenient, access to multiple servers, virtual machines, or desktops, without having to leave the office (see also the "Reliability" box). The application of such solutions is virtually unlimited.

Reliability

Remote control programs that rely on Remote Desktop Protocol (RDP) or Virtual Network Computing (VNC) always need a running operating system that is working correctly at the other end. However, remote maintenance means not just providing help desk functionality, but also providing maintenance experts or engineers with a hardware-based diagnostics option that doesn't require a working operating system and network stack at the other end. These circumstances would then support remote diagnostics or maintenance, even if the user at the other end is looking at a bluescreen or browsing the computer's BIOS options.

A scenario of this kind becomes possible with special technology at the processor level, such as Intel's Active Management Technology (AMT). Unfortunately, Intel's AMT feature is available now only for vPro series CPUs with Q series chipsets, such as the Core i5 vPro or Core i7 vPro, which are only built into business PCs. The upside is that you don't need expensive add-on software in a remote KVM scenario; although, for example, the commercial Radmin [1] supports Intel's AMT technology [2].

As you might be aware, Windows 7 integrates a remote desktop technology based on Microsoft's proprietary RDP protocol. If you need to control XP or Vista clients remotely in a Microsoft landscape or would like them to control your computer remotely, you either face a configuration marathon or need to install additional software.

The modern SSTP protocol is only supported by Windows Server 2008 R2, and only Microsoft's server version offers advance remote control functionality. If you need to access a Windows desktop from a non-Windows client and also require a functional scope that goes beyond that of other remote access solutions, UltraVNC [3] is well worth investigating.

UltraVNC

UltraVNC, which was designed for use on Windows, uses the slightly ancient VNC protocol, which is based on the remote framebuffer to transfer screen content, mouse movements, and keyboard input. VNC was originally developed by the Oracle Research Laboratory (ORL) in the mid-1990s; the lab was acquired in 1999 by AT&T but closed again in 2002.

In contrast to other remote control software, the remote framebuffer protocol is platform independent. Because of lack of compression, it is also relatively slow and insecure because VNC didn't support account data or possess the ability to encrypt payload data. In combination with a Secure Shell Server (SSH), you could secure the VNC transmission, but this approach doesn't make handling any easier. UltraVNC solves this problem with additional modules that encrypt the exchange. Additionally, the UltraVNC developers use more efficient compression algorithms and a low-level but powerful technology for capturing the server screen.

On the downside, the UltraVNC server relies heavily on Windows technologies. Various extensions, such as Single Click, even remove the need to install client software. In expert circles, UltraVNC has had a good reputation for years, particularly because of its impressive functional scope – for example, its ability to display graphics on the client, which relies on a separate UltraVNC mirror driver running as a video driver on the remote machine. The driver grabs screen content more or less at kernel level. Additionally, a viewer can use multicast to control multiple servers. In principle, you could also contact a normal VNC server with an UltraVNC viewer or control an UltraVNC server with normal VNC clients, but this method restricts your options to normal VNC functionality on the basis of the remote framebuffer protocol and does not give you the full functional scope of UltraVNC.

UltraVNC also has the ability to route VNC sessions through a NAT gateway via a repeater. The vendor homepage has many interesting, free plugins that let you run UltraVNC through a firewall, install a mini-client version directly over the web, uninstall after use, and more. The video driver mentioned earlier that substantially reduces CPU load on screen transfer is also extremely useful (Figure 1).

Figure 1: The UltraVNC mirror driver reduces the CPU load when transferring screen content.

Of all VNC implementations, UltaVNC has the most active community and developers.

UltraVNC Hands On

UltraVNC comprises a server and a client; it implements normal end-to-end connections via TCP/IP. Among the several client variants, besides the native Windows program, is a Java client that will run on Linux. The feature scope of the Windows client is far greater, however. UltraVNC also comes with its own web server. Additionally, BlackBerries and PDAs have special viewers.

Linux users can, of course, use one of the many VNC clients (e.g., TightVNC); however, this reduces the functional scope to that of vanilla VNC and affects performance because of a lack of compression. Mac users can use either the free Java client or the non-free JollysFastVNC [4] tool to control Windows computers remotely. The server itself is written in C++ and is available for free under the GPL [5].

Incidentally, UltraVNC will also transfer files, and it includes a chat feature to allow experts and users to exchange messages. UltraVNC will protect access with a simple DES password if needed; however, a more secure approach would to be to restrict access to users who have an account on the Windows machine. Besides MS Logon I for NT domains, UltraVNC also supports MS Logon II for Active Directory authentication. The first approach is inherently insecure; the second relies on a Windows domain controller.

The current UltraVNC v1.0.8.2 also understands Vista's user account control, UAC. Alternatively, you can integrate a free DSM plugin to support secure RC4 or AES encryption between the UltraVNC server and viewer with a key length of 128 bits. Thanks to the RC4 DSM plugin, users can generate an individual RC4 keyfile, which has to exist both on the UltraVNC server and on the viewer side to allow encryption to work.

To set up encryption, you can just copy MSRC4Plugin.dsm to the UltraVNC directory and enable the plugin. In the plugin settings, you can create a session key, which is not entirely intuitive. Unfortunately, you cannot use a Linux VNC client in an encrypted session.

Installation and Configuration

By default, UltraVNC server installs as a program that prompts you for various settings, such as the password, when it launches and then disappears into the taskbar for a rest. In the install wizard, you can choose whether to install the UltraVNC server only, the server and the viewer, or the server in silent mode. With silent mode, you can install UltraVNC without any user interaction with batch files and installation routines. At the command line, you can enable silent mode with:

Ultr@VNC-1.0.x-Setup_de.exe /silent /SP- /NORESTART

In the final step of the wizard, you can also choose to launch UltraVNC as a service and register the service if regular access to the server is to be anticipated (Figure 2).

Figure 2: While installing the server, the administrator decides whether to install UltraVNC as a program or a service.

When first launched, the UltraVNC server shows the administrator a configuration dialog in which to define the typically eight-digit administrator password for DES-protected login (in the Security tab) or to enable MS Logon. If you intend to use the DSM plugin, you need to cancel at this point, then download the DSM plugin [6] for AES, MSRC4, or ARC4 encryption, unpack the plugin, and copy it into the UltraVNC directory as described earlier. Next, you can select Edit Settings, enable Encryption by checking the Use box, and select the required plugin in the drop-down box (e.g., MSRC4Plugin.dsm), which you can configure by clicking the Configuration button (Figure 3).

Figure 3: A DSM plugin optionally enables encrypted authentication with up to 128 bits.

The encryption plugin configuration features basically allow you to select the key length and generate new keys for the server and the viewer by pressing the button with the same name. When this article went to press, the latest version of Secure VNC was 1.0.2.0. Of course, you will need to use the same encryption plugin in the UltraVNC viewer configuration.

If you launch UltraVNC as a service, you will not see it running unless you access the Task Manager; if you launch UltraVNC as a program, you will see a systray icon.

The server and viewer configuration dialogs offer the administrator much scope for experimenting. No fewer than six tabs configure the server behavior: Connections, Screen Capture, Misc/logging, Network, Security, and Input/File Transfer.

The server-side dialogs tend to be more clear-cut than the dialogs in the Windows viewer and should not faze an experienced administrator. For example, you might want to enable the Java port in the Connections tab if you will be using the Java viewer (Figure 4).

Figure 4: The Java viewer supports remote control in the browser. UltraVNC implements its own tiny web server for this.

FTP-based file transfers can only be enabled in Input/File Transfer. If you want to run the server and viewer on the same machine for test purposes, you need to support loopback connections under Network (Figure 5).

Figure 5: For local tests, you need to enable a loopback connection.

More configuration settings for the Windows viewer are accessible from the main window via Use; they include the encryption plugin, bandwidth optimization, and other factors, such as the display, mouse, and keyboard behavior of the viewer (Figure 6).

Figure 6: The Windows viewer allows you to access various configuration settings.

Conclusions

Although Windows offers a huge selection of remote control tools, if you prefer to stick with open source software, UltraVNC gives you a solution that removes the disadvantages of VNC, such as lack of encryption and poor performance, without compromising benefits such as platform independence. Because UltraVNC is under active development and has a huge following, the functional scope is impressive. Chat, file transfers in a two-panel file manager (in the Java viewer, too), multicast, infinite scaling of the screen resolution, a graphical toolbar, and an (optional) native DirectX viewer for Windows clients are just the most interesting of the built-in features.

Additionally, UltraVNC offers the option to install as a system service, the UltraVNC Mirror driver that simulates the installation of a Windows graphics adapter on the remote system, an optional single-click version that completely removes the need to install a client, an installation option as a portable application for the USB stick, and the ability – new to the current 1.08 version – to transfer only selected windows on the desktop, thus considerably reducing the bandwidth requirements.

The existence of an INI configuration file, ultravnc.ini, in the server directory removes the need to configure the UltraVNC server in the Windows registry and rounds off a complete package.