Just as a heads up, in the 2.3 release we're adding support to define
connection methods on a per image/OS basis.

We have a lot of the code work done and it's fairly stable in the
repository.
See VCL-30 and VCL-526
https://issues.apache.org/jira/browse/VCL-30
https://issues.apache.org/jira/browse/VCL-526

The basic flow would be to start the service and open the defined port in
the OS level firewall.

Aaron

On Mon, Mar 19, 2012 at 2:41 PM, James O'Dell <jod...@fullerton.edu> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> I looked at VNC. I didn't like the security.
>
> > http://en.wikipedia.org/wiki/Virtual_Network_Computing
> > Security
> >
> > By default, RFB is not a secure protocol. While passwords are not sent
> in plain-text (as in telnet), cracking could prove successful if both the
> encryption key and encoded password are sniffed from a network. For this
> reason it is recommended that a password of at least 8 characters be used.
> On the other hand, there is also an 8-character limit on some versions of
> VNC; if a password is sent exceeding 8 characters, the excess characters
> are removed and the truncated string is compared to the password.
> >
> > However, VNC may be tunnelled over an SSH or VPN connection which would
> add an extra security layer with stronger encryption. SSH clients are
> available for all major platforms (and many smaller platforms as well); SSH
> tunnels can be created from UNIX clients, Microsoft Windows clients,
> Macintosh clients (including Mac OS X and System 7 and up) ? and many
> others. There are freeware applications that create instant VPN tunnels
> between computers.
> >
> > UltraVNC supports the use of an open-source encryption plugin which
> encrypts the entire VNC session including password authentication and data
> transfer. It also allows authentication to be performed based on NTLM and
> Active Directory user accounts. However, use of such encryption plugins
> make it incompatible with other VNC programs. RealVNC offers high-strength
> AES encryption as part of its commercial package, along with integration
> with Active Directory. Workspot released AES encryption patches for VNC.
>
> Also, the 4 or 5 vnc clients I tested kept crashing on me. grr!
>
> For me, it was just easier for everyone involved to standardize on rdp
>
> __Jim
>
>
> On 3/19/2012 11:31 AM, Waldron, Michael H wrote:
> > Yes, there is a very simple method of using VNC, which is available with
> > most Linux distros. Make sure you have both vnc and vnc-server packages
> > installed in the image. You don't have to have the VNC client installed
> > on the end-user's desktop, you can use the client in the Linux image.
> >
> > To start a full desktop:
> > - Make sure you are running an X-window manager on the user desktop.
> > - ssh into the Linux machine  (set ssh client to forward X11 packets)
> > - vncserver -localhost
> > - vncviewer localhost:1
> >
> > The vncserver command will start a desktop session, prompting to set a
> > password that will be used to connect to it. The vncviewer command will
> > connect to the desktop session, the user is prompted for the password
> > they just set. The desktop is then displayed on the user's desktop as an
> > X11 display.
> >
> > Mike
> >
> > Mike Waldron
> > Systems Specialist
> > ITS Research Computing
> > University of North Carolina at Chapel Hill
> > CB #3420, ITS Manning, Rm 2509
> > 919-962-9778
> > ------------------------------------------------------------------------
> > *From:* Mike Haudenschild [m...@longsight.com]
> > *Sent:* Monday, March 19, 2012 2:18 PM
> > *To:* vcl-user@incubator.apache.org
> > *Subject:* Full desktop Linux images?
> >
> > Good afternoon, VCL users --
> >
> > I was curious if anyone else is running full Linux desktops (e.g. with
> > GNOME) with VCL.  Specifically, is there an implemented method for
> > connecting to the GUI (i.e. as RDP is used with Windows), or are Linux
> > images restricted only to the shell?  Any tips/tricks?
> >
> > Many thanks,
> > Mike
> >
> > --
> > *Mike Haudenschild*
> > Education Systems Manager
> > Longsight Group
> > (740) 599-5005 x809
> > m...@longsight.com <mailto:m...@longsight.com>
> > www.longsight.com <http://www.longsight.com>
> >
>
>
> - --
> Jim O'Dell
> Network Analyst
> California State University Fullerton
> Email: jod...@fullerton.edu
> Phone: (657) 278-2256
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.9 (MingW32)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>
> iEYEARECAAYFAk9nfe8ACgkQREVHAOnXPYSphwCgjtrISdoOXPZzbNvrlXa5Rx8T
> qSsAn1ekj+79XWhtS/Hy34vASxeUNGfz
> =UysL
> -----END PGP SIGNATURE-----
>



-- 
Aaron Peeler
Program Manager
Virtual Computing Lab
NC State University

All electronic mail messages in connection with State business which are
sent to or received by this account are subject to the NC Public Records
Law and may be disclosed to third parties.

Reply via email to