X server vs Vnc vs W2k terminal services

[drag]

I have limited experiance with networking with both X windows with Linux and VNC with windows. Now VNC passes my acid test, namely it works. And it is stable, the only buggery thing about it is that it is not very pleasent to use, even over a 10Mb lan line it is all herky-jerky with screens that rendered slowly. X is nice, too, and it works. Lag isn't as much as a factor since all the stuff is rendered by the computer you are using. Although I've heard that it is quite the network hog. Trouble is that not all apps are designed to run well in a network enviroment, although most are. Another advantage that X has is that it is very flexible and is usefull in a client, server enviroment were you use X terminals instead of full-blown workstations.

Security is a issue of course, plus ease of use. Once set up both are easy to use, VNC uses a simple server client model, and with X a simple ssh session is all that is needed. X is not secure in it's natural state of networking, however since you can secure it using firewalls and stuff, plus Ssh is designed to allow X to tunnel thru it, it can be secure as any other Unix service. How about VNC? how easy is it's passwords to crack? Is it vunerable to snooping during the authentication stages?

Now how does that compare to newer versions of vnc like TightVNC and also Window's terminal services? I have no experiance with those things and I was wondering if anybody here has experiance using them in a professional enviroment...

 

[LuckyTaxi]

Security is a issue of course, plus ease of use. Once set up both are easy to use, VNC uses a simple server client model, and with X a simple ssh session is all that is needed. X is not secure in it's natural state of networking, however since you can secure it using firewalls and stuff, plus Ssh is designed to allow X to tunnel thru it, it can be secure as any other Unix service. How about VNC? how easy is it's passwords to crack? Is it vunerable to snooping during the authentication stages?

Now how does that compare to newer versions of vnc like TightVNC and also Window's terminal services? I have no experiance with those things and I was wondering if anybody here has experiance using them in a professional enviroment...

First off, what dominates your network? Are you running more windows program or unix progs? At work, we have citrix running on a windows terminal server. I am thinking about incorporating some fat clients running linux to run progs such as office on citrix.

I tried running via VNC and it's just too slow. I only use VNC to do remote administration.

 

[spyordie007]

VNC is not encrypted (the password is sent in clear text). Not a big deal if you are on a switched LAN but I wouldnt reccomend using it for remote administration over networks that arent switched or over the internet (one malicious user with a packet sniffer would be all it would take). The other thing I dont like about VNC is that everything is rendered on the "server" and than transmitted to the "client", this means that every time you move the mouse our anything you have to wait for it to redraw over the lan before you see anything change. Another caveot is that it will only run 256 colors, thats's it. VNC has a simple web-based (java) client that allows you to connect to your server without any specific client-side software, the one thing I dont like about it's web based version is that it doesnt allow you to display your session full screen. Generally speaking VNC works okay across most networks and I have found that lag is ofter a much larger issue than the size of the pipe.

Microsoft Terminal Services Beats VNC hands down. Of course the major problem with Terminal Services is that it requires you to be running a Windows Server (unlike VNC where you could run it on either a Windows or a *Nix Server). Some of the rendering is handled at the client side (such as the mouse movements) and some of it is handled server side (such as application windows). It has lots of features, allowing you to map local drives/printers/ports so you can use devices connected locally within your session and also to copy files over the TS connection. It is also very configurable (XP or later) allowing you to specify color depth or which of those extra features to use. Your session is encrypted, with Windows 2000 TS I think it's a 40bit encryption key (if anyone knows for sure please feel free to correct me), with Windows 2003 TS you are looking at a 128bit encrypted connection (I just learned this while playing with it the other day). Just like an X session MS TS allows for multiple connections running multiple sessions along with local sessions (whereas VNC just allows you to interact with the locally running session). It also has a web-based client (active x) which does allow for full-screen sessions however it requires you run IE (doh!). Depending on what settings you use TS can use a small amount of bandwidth, on the other hand you could set it for 16bit colors with mapped drives and displaying your desktop, etc. (things I would only recommend trying over a LAN). A nice thing about the TS client is it's ability to casche bitmaps locally so that when viewing things repeativly that dont frequently change (ie icons on your desktop) it doesnt have to download them every time you view your desktop.

I've never used remote X sessions so I cant really speak for them, I've heard they work well and imagine (based entirely on what I've heard) that if you are running it through an SSH connection it would be quite comperable to MS's Terminal Services.

EDIT: forgot to talk about bandwidth

-Spy

 

[calpha]

I've not used them in a true enterprise enviornment...

As far as X Tunneling via SSH---the only downside I'm aware of (please someone correct me if I'm wrong) is that the only way I was ever able to get X forwarded on a winders client was by running Cygwin......

 

[sciencewhiz]

There are several commercial x servers for windows that are not free. From what I understand, a recent cygwin install is the easiest free way of getting X on windows.

 

[chsh1ca]

Originally posted by: spyordie007
VNC is not encrypted (the password is sent in clear text). Not a big deal if you are on a switched LAN but I wouldnt reccomend using it for remote administration over networks that arent switched or over the internet (one malicious user with a packet sniffer would be all it would take). The other thing I dont like about VNC is that everything is rendered on the "server" and than transmitted to the "client", this means that every time you move the mouse our anything you have to wait for it to redraw over the lan before you see anything change. Another caveot is that it will only run 256 colors, thats's it. VNC has a simple web-based (java) client that allows you to connect to your server without any specific client-side software, the one thing I dont like about it's web based version is that it doesnt allow you to display your session full screen. Generally speaking VNC works okay across most networks and I have found that lag is ofter a much larger issue than the size of the pipe.

Amusingly, most of your issues with VNC are fixed by TightVNC. Also, the unencryption worries are irrelevant if you implement a simple SSH tunnel.

TightVNC would be the way I'd go for remote amin, but only in an SSH tunneled environment.

 

[spyordie007]

I guess maybe I need to spend a little more time looking at TightVNC. I've used VNC plenty but havent spent much time with TightVNC.

Could you maybe give us some more info about the differances between TightVNC and VNC as developed by AT&T labs?

-Spy

 

[cleverhandle]

Originally posted by: spyordie007
Could you maybe give us some more info about the differances between TightVNC and VNC as developed by AT&T labs?

Heh, like chsh1ca said, just about everything you complained about is fixed in TightVNC. It's been a while since I looked at it, but IIRC the password is encrypted, though the rest of the session is not. You can have at least 16-bit depth, maybe more. And mouse rendering and such is handled client-side. Don't know about the web client - is there one in TightVNC?

 

[spyordie007]

I'll have to play around with TightVNC next time I get a chance.

Also according to their website there is a java-based web client for tightvnc.

-Spy