<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html lang="en"> <head> <meta http-equiv="content-type" content="text/html; charset=ISO-8859-1"> <meta name="language" content="en"> <meta name="date" content="2025-03-18T08:09:44"> <meta name="generator" content="deplate.rb 0.8.5"> <title>User’s Guide for TurboVNC 3.2</title> <link rel="start" href="index.html" title="Frontpage"> <link rel="chapter" href="index.html#hd001" title="1 Legal Information"> <link rel="chapter" href="index.html#hd002" title="2 Conventions Used in This Document"> <link rel="chapter" href="index.html#hd003" title="3 Overview"> <link rel="chapter" href="index.html#hd004" title="4 System Requirements"> <link rel="chapter" href="index.html#hd005" title="5 Obtaining and Installing TurboVNC"> <link rel="chapter" href="index.html#hd006" title="6 Using TurboVNC"> <link rel="chapter" href="index.html#hd007" title="7 Performance and Image Quality"> <link rel="chapter" href="index.html#hd008" title="8 TurboVNC Security Extensions"> <link rel="chapter" href="index.html#hd009" title="9 GPU-Accelerated OpenGL (Using VirtualGL with TurboVNC)"> <link rel="chapter" href="index.html#hd0010" title="10 GPU-Accelerated OpenGL and Vulkan (Using the DRI3 X11 Extension)"> <link rel="chapter" href="index.html#hd0011" title="11 Compatibility Guide"> <link rel="chapter" href="index.html#hd0012" title="12 Advanced Configuration"> <link rel="stylesheet" type="text/css" href="turbovnc.css" title="turbovnc"> </head> <body > <a name="#pagetop"></a> <div class="title"> <p class="title">User’s Guide for TurboVNC 3.2</p> </div> <div id="hd"> <div id="hdBlock" class="hd"> <ul class="hd"> <li class="Itemize-1 hd"> <a href="#hd001" class="hd">1 Legal Information</a> </li> <li class="Itemize-1 hd"> <a href="#hd002" class="hd">2 Conventions Used in This Document</a> <ul class="hd"> <li class="Itemize-3 hd"> <a href="#hd002001" class="hd">2.1 Terminology</a> </li> </ul> </li> <li class="Itemize-1 hd"> <a href="#hd003" class="hd">3 Overview</a> </li> <li class="Itemize-1 hd"> <a href="#hd004" class="hd">4 System Requirements</a> <ul class="hd"> <li class="Itemize-3 hd"> <a href="#hd004001" class="hd">4.1 Linux and Other Un*x Operating Systems</a> </li> <li class="Itemize-3 hd"> <a href="#hd004002" class="hd">4.2 Mac</a> </li> <li class="Itemize-3 hd"> <a href="#hd004003" class="hd">4.3 Windows</a> </li> </ul> </li> <li class="Itemize-1 hd"> <a href="#hd005" class="hd">5 Obtaining and Installing TurboVNC</a> <ul class="hd"> <li class="Itemize-3 hd"> <a href="#hd005001" class="hd">5.1 Installing TurboVNC on Linux</a> </li> <li class="Itemize-3 hd"> <a href="#hd005002" class="hd">5.2 Installing the TurboVNC Viewer on macOS</a> </li> <li class="Itemize-3 hd"> <a href="#hd005003" class="hd">5.3 Installing the TurboVNC Viewer on Windows</a> </li> <li class="Itemize-3 hd"> <a href="#hd005004" class="hd">5.4 Installing TurboVNC from Source</a> </li> <li class="Itemize-3 hd"> <a href="#hd005005" class="hd">5.5 Uninstalling TurboVNC</a> </li> </ul> </li> <li class="Itemize-1 hd"> <a href="#hd006" class="hd">6 Using TurboVNC</a> <ul class="hd"> <li class="Itemize-3 hd"> <a href="#hd006001" class="hd">6.1 The TurboVNC Session Manager</a> </li> <li class="Itemize-3 hd"> <a href="#hd006002" class="hd">6.2 Manually Starting a TurboVNC Session</a> </li> <li class="Itemize-3 hd"> <a href="#hd006003" class="hd">6.3 Choosing a Window Manager</a> </li> <li class="Itemize-3 hd"> <a href="#hd006004" class="hd">6.4 Manually Connecting to a VNC Server</a> </li> <li class="Itemize-3 hd"> <a href="#hd006005" class="hd">6.5 Disconnecting and Killing a TurboVNC Session</a> </li> <li class="Itemize-3 hd"> <a href="#hd006006" class="hd">6.6 Using TurboVNC in a Web Browser</a> </li> <li class="Itemize-3 hd"> <a href="#hd006007" class="hd">6.7 Using SSH to Manually Secure a TurboVNC Connection</a> </li> <li class="Itemize-3 hd"> <a href="#hd006008" class="hd">6.8 Requiring SSH Tunneling</a> </li> <li class="Itemize-3 hd"> <a href="#hd006009" class="hd">6.9 Running OpenGL Applications</a> </li> <li class="Itemize-3 hd"> <a href="#hd0060010" class="hd">6.10 Further Reading</a> </li> </ul> </li> <li class="Itemize-1 hd"> <a href="#hd007" class="hd">7 Performance and Image Quality</a> <ul class="hd"> <li class="Itemize-3 hd"> <a href="#hd007001" class="hd">7.1 Interframe Comparison</a> </li> <li class="Itemize-3 hd"> <a href="#hd007002" class="hd">7.2 Advanced Compression Options</a> </li> <li class="Itemize-3 hd"> <a href="#hd007003" class="hd">7.3 Lossless Refresh</a> </li> <li class="Itemize-3 hd"> <a href="#hd007004" class="hd">7.4 Automatic Lossless Refresh</a> </li> <li class="Itemize-3 hd"> <a href="#hd007005" class="hd">7.5 Multithreading</a> </li> </ul> </li> <li class="Itemize-1 hd"> <a href="#hd008" class="hd">8 TurboVNC Security Extensions</a> <ul class="hd"> <li class="Itemize-3 hd"> <a href="#hd008001" class="hd">8.1 Terminology</a> </li> <li class="Itemize-3 hd"> <a href="#hd008002" class="hd">8.2 TurboVNC Server Authentication Methods</a> </li> <li class="Itemize-3 hd"> <a href="#hd008003" class="hd">8.3 TurboVNC Viewer Authentication Schemes</a> </li> <li class="Itemize-3 hd"> <a href="#hd008004" class="hd">8.4 Supported Encryption Methods</a> </li> <li class="Itemize-3 hd"> <a href="#hd008005" class="hd">8.5 Supported Security Types</a> </li> <li class="Itemize-3 hd"> <a href="#hd008006" class="hd">8.6 Enabling Security Types</a> </li> <li class="Itemize-3 hd"> <a href="#hd008007" class="hd">8.7 Further Reading</a> </li> </ul> </li> <li class="Itemize-1 hd"> <a href="#hd009" class="hd">9 GPU-Accelerated OpenGL (Using VirtualGL with TurboVNC)</a> <ul class="hd"> <li class="Itemize-3 hd"> <a href="#hd009001" class="hd">9.1 Using VirtualGL on a TurboVNC Host</a> <ul class="hd"> <li class="Itemize-5 hd"> <a href="#hd009001002" class="hd">9.1.2 Running the Window Manager Using VirtualGL</a> </li> </ul> </li> <li class="Itemize-3 hd"> <a href="#hd009002" class="hd">9.2 Using VirtualGL on a Machine Other Than a TurboVNC Host</a> </li> <li class="Itemize-3 hd"> <a href="#hd009003" class="hd">9.3 NV-CONTROL Emulation</a> </li> </ul> </li> <li class="Itemize-1 hd"> <a href="#hd0010" class="hd">10 GPU-Accelerated OpenGL and Vulkan (Using the DRI3 X11 Extension)</a> </li> <li class="Itemize-1 hd"> <a href="#hd0011" class="hd">11 Compatibility Guide</a> <ul class="hd"> <li class="Itemize-3 hd"> <a href="#hd0011001" class="hd">11.1 TightVNC or TigerVNC Servers</a> </li> <li class="Itemize-3 hd"> <a href="#hd0011002" class="hd">11.2 TightVNC or TigerVNC Viewers</a> </li> <li class="Itemize-3 hd"> <a href="#hd0011003" class="hd">11.3 RealVNC</a> </li> </ul> </li> <li class="Itemize-1 hd"> <a href="#hd0012" class="hd">12 Advanced Configuration</a> <ul class="hd"> <li class="Itemize-3 hd"> <a href="#hd0012001" class="hd">12.1 Server Settings</a> </li> <li class="Itemize-3 hd"> <a href="#hd0012002" class="hd">12.2 Viewer Settings</a> </li> </ul> </li> </ul> </div></div> <a name="file000"></a> <p><br /></p> <hr class="break" /> <h1 id="hd001"><a name="file001"></a>1 Legal Information</h1> <p><img src="somerights20.png" alt="somerights20" class="inline" id="imgid_0" name="imgid_0"/></p> <p>This document and all associated illustrations are licensed under the <span class="remote"><a href="https://creativecommons.org/licenses/by/2.5" target="_blank" class="remote">Creative Commons Attribution 2.5 License</a></span><a name="idx001"></a>. Any works that contain material derived from this document must cite The VirtualGL Project as the source of the material and list the current URL for the TurboVNC web site.</p> <p>The official TurboVNC binaries contain libjpeg-turbo, which is based in part on the work of the Independent JPEG Group.</p> <p>TurboVNC is licensed under the <a href="LICENSE.txt" target="_blank">GNU General Public License, v2</a><a name="idx002"></a>.</p> <p><br /></p> <hr class="break" /> <h1 id="hd002"><a name="file002"></a>2 Conventions Used in This Document</h1> <p>This document assumes that TurboVNC will be installed in the default directory (<strong class="filename">/opt/TurboVNC</strong> on Linux/Un*x and Mac systems and <strong class="filename">c:\Program Files\TurboVNC</strong> on Windows systems.) If your installation of TurboVNC resides in a different directory, then adjust the instructions accordingly.</p> <h2 id="hd002001">2.1 Terminology</h2> <dl class="Description"> <dt class="Description-1 Description">VNC server (sometimes just “server”)</dt> <dd class="Description-1 Description"> A computer program, implementing the Remote Framebuffer (RFB) protocol and usually designed to run as a background process, that provides an interactive remote desktop environment through which authenticated users can run graphical programs remotely from other computers on the network. VNC servers can be implemented as single-user screen scrapers, which transmit the contents of the host’s physical display (most common with Windows and Mac VNC servers), or as virtual display servers, which provide isolated remote desktop environments for an arbitrary number of simultaneous users on the same host (most common with Un*x VNC servers.) </dd> <dt class="Description-1 Description">VNC host (sometimes just “host”)</dt> <dd class="Description-1 Description"> The machine on which a VNC server is running </dd> <dt class="Description-1 Description">VNC viewer (sometimes just “viewer”)</dt> <dd class="Description-1 Description"> A computer program, implementing the Remote Framebuffer (RFB) protocol, that connects to a VNC server running on another computer, thus allowing users to run graphical programs remotely. </dd> <dt class="Description-1 Description">client machine (sometimes just “client”)</dt> <dd class="Description-1 Description"> The machine on which a VNC viewer is running </dd> <dt class="Description-1 Description">VNC session (sometimes just “session”)</dt> <dd class="Description-1 Description"> A specific instance of a Un*x VNC server (Xvnc.) Each instance of an Xvnc server, including the TurboVNC Server, acts as an independent virtual X server, listening on a unique X11 display number for connections from X11 clients and listening on a unique TCP port number or Unix domain socket for connections from VNC viewers. Multiple simultaneous VNC sessions can exist on a given host, under any number of different user accounts. </dd> </dl> <p><br /></p> <hr class="break" /> <h1 id="hd003"><a name="file003"></a>3 Overview</h1> <p>TurboVNC is a derivative of VNC (Virtual Network Computing) that is tuned to provide peak performance for 3D and video workloads. TurboVNC was originally a fork of <span class="remote"><a href="https://tightvnc.com" target="_blank" class="remote">TightVNC</a></span><a name="idx003"></a> 1.3.x. However, the current version of TurboVNC contains a modern X server code base (based on X.org) and a variety of other <span class="remote"><a href="https://turbovnc.org/About/Features" target="_blank" class="remote">notable features</a></span><a name="idx004"></a> and fixes relative to TightVNC 1.3.x, including a high-performance cross-platform VNC viewer with session management capabilities, as well as some unique features designed specifically for visualization applications. Some of those features are not available in any other open source Linux/Un*x remote display solutions. TurboVNC compresses 3D and video workloads significantly better than the “tightest” compression mode in TightVNC 1.3.x while using only typically 15-20% of the CPU time of the latter. Using non-default settings, TurboVNC can also match the best compression ratios produced by TightVNC 1.3.x for 2D workloads. (See Section <a href="#AdvancedCompression" class="ref">7.2</a>.)</p> <p>All VNC implementations, including TurboVNC, use the RFB (remote framebuffer) protocol to send “framebuffer updates” from the VNC server to any connected viewers. Each framebuffer update can contain multiple “rectangles” (regions that have changed since the last update.) As with TightVNC, TurboVNC analyzes each rectangle, splits it into multiple “subrectangles”, and attempts to encode each subrectangle using the “subencoding type” that will provide the most efficient compression, given the number of unique colors in the subrectangle. The process by which TurboVNC does this is referred to as an “encoding method.” A rectangle is first analyzed to determine if any significant portion of it is solid, and if so, that portion is encoded as a bounding box and a fill color (“Solid subencoding.”) Of the remaining subrectangles, those with only two colors are encoded as a 1-bit-per-pixel bitmap with a 2-color palette (“Mono subencoding”), those with low numbers of unique colors are encoded as a color palette and an 8-bit-per-pixel bitmap (“Indexed color subencoding”), and subrectangles with high numbers of unique colors are encoded using either JPEG or arrays of RGB pixels (“Raw subencoding”), depending on the encoding method. zlib can optionally be used to compress the indexed color, mono and raw subrectangles.</p> <p>Part of TurboVNC’s speedup comes from the use of <span class="remote"><a href="https://libjpeg-turbo.org" target="_blank" class="remote">libjpeg-turbo</a></span><a name="idx005"></a>, a SIMD-accelerated JPEG codec. However, TurboVNC also eliminates the CPU-hungry smoothness detection routines that TightVNC uses to determine whether a subrectangle is a good candidate for JPEG compression, and TurboVNC’s encoding methods tend to favor the use of JPEG more, since it is now generally the fastest subencoding type. Furthermore, TurboVNC eliminates buffer copies, it maximizes network efficiency by splitting framebuffer updates into relatively large subrectangles, and it uses only the zlib compression levels that can be shown to have a measurable performance benefit.</p> <p>TurboVNC is the product of <span class="remote"><a href="https://TurboVNC.org/pmwiki/uploads/About/tighttoturbo.pdf" target="_blank" class="remote">extensive research</a></span><a name="idx006"></a>, in which many different permutations of the TightVNC encoder were benchmarked at the low level against a variety of RFB session captures that simulate real-world application workloads, both 2D and 3D. TurboVNC’s encoding methods have been adopted by <span class="remote"><a href="https://tigervnc.org" target="_blank" class="remote">TigerVNC</a></span><a name="idx007"></a>, <span class="remote"><a href="https://libvnc.github.io" target="_blank" class="remote">LibVNC</a></span><a name="idx008"></a>, <span class="remote"><a href="https://uvnc.com/" target="_blank" class="remote">UltraVNC</a></span><a name="idx009"></a>, and other projects.</p> <p>TurboVNC, when used with <span class="remote"><a href="https://VirtualGL.org" target="_blank" class="remote">VirtualGL</a></span><a name="idx0010"></a>, provides a highly performant and robust solution for remotely displaying 3D applications over all types of networks.</p> <p>On “modern” hardware, TurboVNC is capable of streaming 50+ Megapixels/second over a 100 Megabit/second local area network with perceptually lossless image quality. TurboVNC can stream between 10 and 12 Megapixels/second over a 5 Megabit/second broadband connection at reduced (but usable) image quality.</p> <p>TurboVNC is compatible with other VNC distributions. See Chapter <a href="#Compatibility" class="ref">11</a> for more information. The official TurboVNC binaries can be installed onto the same system as other VNC distributions without interference.</p> <p><br /></p> <hr class="break" /> <h1 id="hd004"><a name="file004"></a>4 System Requirements</h1> <h2 id="hd004001">4.1 Linux and Other Un*x Operating Systems</h2> <div class="table"> <table class="standard"> <thead class="standard"> <tr class="head "> <th class="head standard"></th> <th class="head standard">Host</th> <th class="head standard">Client (Linux)</th> <th class="head standard">Client (non-Linux)</th> </tr> </thead> <tr class="standard"> <td class="high standard">CPU</td> <td class="standard"><ul class="Itemize"><li class="Itemize-0"> x86-64 or AArch64 required </li> <li class="Itemize-0"> At least two processors or cores recommended </li></ul></td> <td class="standard" colspan="2">x86-64 or AArch64 required</td> </tr> <tr class="standard"> <td class="high standard">O/S</td> <td class="standard" colspan="4">TurboVNC should work with a variety of Linux distributions and <span class="remote"><a href="https://freebsd.org" target="_blank" class="remote">FreeBSD</a></span><a name="idx0011"></a>, but currently-supported versions of <span class="remote"><a href="https://redhat.com/products/enterprise-linux" target="_blank" class="remote">Red Hat Enterprise Linux</a></span><a name="idx0012"></a> and its derivatives, <span class="remote"><a href="https://ubuntu.com" target="_blank" class="remote">Ubuntu</a></span><a name="idx0013"></a> LTS, and <span class="remote"><a href="https://suse.com" target="_blank" class="remote">SUSE</a></span><a name="idx0014"></a> Linux Enterprise tend to receive the most attention from the TurboVNC community.</td> </tr> <tr class="standard"> <td class="high standard">Other</td> <td class="standard">SSH server (if using the <a href="#TurboVNC_Session_Manager">TurboVNC Session Manager</a><a name="idx0015"></a>)</td> <td class="standard">For optimal performance, the X server should be configured to export True Color (24-bit or 32-bit) visuals.</td> <td class="standard"><ul class="Itemize"><li class="Itemize-0"> For optimal performance, the X server should be configured to export True Color (24-bit or 32-bit) visuals. </li> <li class="Itemize-0"> <span class="remote"><a href="https://www.java.com" target="_blank" class="remote">Oracle Java</a></span><a name="idx0016"></a> or OpenJDK </li></ul></td> </tr> </table> </div> <h2 id="hd004002">4.2 Mac</h2> <div class="table"> <table class="standard"> <thead class="standard"> <tr class="head "> <th class="head standard"></th> <th class="head standard">Client</th> </tr> </thead> <tr class="standard"> <td class="high standard">CPU</td> <td class="standard">64-bit Intel or Apple silicon required</td> </tr> <tr class="standard"> <td class="high standard">O/S</td> <td class="standard">macOS 10.12 “Sierra” or later (Intel); macOS 11 “Big Sur” or later (Apple silicon)</td> </tr> </table> </div> <h2 id="hd004003">4.3 Windows</h2> <div class="table"> <table class="standard"> <thead class="standard"> <tr class="head "> <th class="head standard"></th> <th class="head standard">Client</th> </tr> </thead> <tr class="standard"> <td class="high standard">CPU</td> <td class="standard">x86-64 required</td> </tr> <tr class="standard"> <td class="high standard">O/S</td> <td class="standard">Windows 7 or later</td> </tr> <tr class="standard"> <td class="high standard">Other</td> <td class="standard">For optimal performance, the client display should have a 24-bit or 32-bit (True Color) color depth.</td> </tr> </table> </div> <p><br /></p> <hr class="break" /> <h1 id="hd005"><a name="file005"></a>5 Obtaining and Installing TurboVNC</h1> <h2 id="hd005001">5.1 Installing TurboVNC on Linux</h2> <h3 id="hd005001001">Installing TurboVNC</h3> <ol class="Ordered numeric"> <li class="Ordered-1 Ordered"> Download the appropriate TurboVNC binary package for your system from the <span class="remote"><a href="https://github.com/TurboVNC/turbovnc/releases" target="_blank" class="remote">Releases area</a></span><a name="idx0017"></a> of the <span class="remote"><a href="https://github.com/TurboVNC/turbovnc" target="_blank" class="remote">TurboVNC GitHub project page</a></span><a name="idx0018"></a>. RPM and Debian packages are provided for Linux distributions that contain GLIBC 2.17 or later. <br /> </li> <li class="Ordered-1 Ordered"> <code>cd</code> to the directory where you downloaded the binary package, and issue one of the following commands as root: <dl class="Description"> <dt class="Description-3 Description">RPM-based systems using YUM</dt> <dd class="Description-3 Description"> <pre class="verbatim"> yum install turbovnc*.rpm </pre> </dd> <dt class="Description-3 Description">RPM-based systems using DNF</dt> <dd class="Description-3 Description"> <pre class="verbatim"> dnf install turbovnc*.rpm </pre> </dd> <dt class="Description-3 Description">RPM-based systems using YaST2</dt> <dd class="Description-3 Description"> <pre class="verbatim"> yast2 --install turbovnc*.rpm </pre> </dd> <dt class="Description-3 Description">Other RPM-based systems (dependencies will not be installed automatically)</dt> <dd class="Description-3 Description"> <pre class="verbatim"> rpm -U turbovnc*.rpm </pre> </dd> <dt class="Description-3 Description">Debian-based systems</dt> <dd class="Description-3 Description"> <pre class="verbatim"> dpkg -i turbovnc*.deb apt install -f </pre> </dd> </dl> </li> </ol> <h3 id="hd005001002">Installing TurboVNC for a Single User</h3> <p>Download the appropriate binary package, as above, then execute the following commands:</p> <dl class="Description"> <dt class="Description-1 Description">RPM-based systems</dt> <dd class="Description-1 Description"> <pre class="verbatim">mkdir ~/turbovnc<br />cd ~/turbovnc<br />rpm2cpio <em>full/path/of/turbovnc*.rpm</em> | cpio -idv</pre> </dd> <dt class="Description-1 Description">Debian-based systems</dt> <dd class="Description-1 Description"> <pre class="verbatim">dpkg-deb –extract <em>full/path/of/turbovnc*.deb</em> ~/turbovnc</pre> </dd> </dl> <p>Add <strong class="filename">~/turbovnc</strong> to any paths specified in this document.</p> <div class="important"><p class="important"> If using the TurboVNC Session Manager, set the TurboVNC Viewer’s <code>ServerDir</code> parameter to <code>"~/turbovnc/opt/TurboVNC"</code>. (<code>~</code> must be quoted or escaped if the parameter is specified on the command line.) </p></div> <div class="important"><p class="important"> The TurboVNC security configuration file will not work when TurboVNC is installed in this manner. </p></div> <h2 id="hd005002">5.2 Installing the TurboVNC Viewer on macOS</h2> <ol class="Ordered numeric"> <li class="Ordered-1 Ordered"> Download the TurboVNC Mac disk image (<strong class="filename">TurboVNC-3.1.91-x86_64.dmg</strong> for Intel CPUs or <strong class="filename">TurboVNC-3.1.91-arm64.dmg</strong> for Apple silicon CPUs) from the <span class="remote"><a href="https://github.com/TurboVNC/turbovnc/releases" target="_blank" class="remote">Releases area</a></span><a name="idx0019"></a> of the <span class="remote"><a href="https://github.com/TurboVNC/turbovnc" target="_blank" class="remote">TurboVNC GitHub project page</a></span><a name="idx0020"></a>. </li> <li class="Ordered-1 Ordered"> Open the disk image, then open <strong class="filename">TurboVNC.pkg</strong> inside the disk image. Follow the instructions to install the Mac TurboVNC Viewer. </li> </ol> <h2 id="hd005003">5.3 Installing the TurboVNC Viewer on Windows</h2> <ol class="Ordered numeric"> <li class="Ordered-1 Ordered"> Download the TurboVNC Windows installer package (<strong class="filename">TurboVNC-3.1.91.exe</strong>) from the <span class="remote"><a href="https://github.com/TurboVNC/turbovnc/releases" target="_blank" class="remote">Releases area</a></span><a name="idx0021"></a> of the <span class="remote"><a href="https://github.com/TurboVNC/turbovnc" target="_blank" class="remote">TurboVNC GitHub project page</a></span><a name="idx0022"></a>. </li> <li class="Ordered-1 Ordered"> Run the TurboVNC installer. The installation of TurboVNC should be self-explanatory. The only configuration option is the directory into which you want the files to be installed. </li> </ol> <h2 id="hd005004">5.4 Installing TurboVNC from Source</h2> <p>If you are using a Linux/Un*x platform for which there is not a pre-built TurboVNC binary package available, then download the TurboVNC source tarball (<strong class="filename">turbovnc-3.1.91.tar.gz</strong>) from the <span class="remote"><a href="https://github.com/TurboVNC/turbovnc/releases" target="_blank" class="remote">Releases area</a></span><a name="idx0023"></a> of the <span class="remote"><a href="https://github.com/TurboVNC/turbovnc" target="_blank" class="remote">TurboVNC GitHub project page</a></span><a name="idx0024"></a>, uncompress it, <code>cd turbovnc-3.1.91</code>, and read <strong class="filename">BUILDING.md</strong> for further instructions on how to build TurboVNC from source.</p> <h2 id="hd005005">5.5 Uninstalling TurboVNC</h2> <h3 id="hd005005001">Linux</h3> <p>As root, issue one of the following commands:</p> <dl class="Description"> <dt class="Description-1 Description">RPM-based systems</dt> <dd class="Description-1 Description"> <pre class="verbatim"> rpm -e turbovnc </pre> </dd> <dt class="Description-1 Description">Debian-based systems</dt> <dd class="Description-1 Description"> <pre class="verbatim"> dpkg -r turbovnc </pre> </dd> </dl> <h3 id="hd005005002">macOS</h3> <p>Open the <strong class="filename">Uninstall TurboVNC</strong> application, located in the <strong class="filename">TurboVNC</strong> Applications folder. You can also open a terminal and execute:</p> <pre class="verbatim"> sudo /opt/TurboVNC/bin/uninstall </pre> <h3 id="hd005005003">Windows</h3> <p>Use the <strong class="filename">Programs and Features</strong> applet in the Control Panel (or the <strong class="filename">Apps & Features</strong> applet if you are running Windows 10), or select <strong class="filename">Uninstall TurboVNC</strong> in the <strong class="filename">TurboVNC</strong> Start Menu group.</p> <p><br /></p> <hr class="break" /> <h1 id="hd006"><a name="file006"></a>6 Using TurboVNC</h1> <p><a name="TurboVNC_Usage"></a></p> <h2 id="hd006001">6.1 The TurboVNC Session Manager</h2> <p><a name="TurboVNC_Session_Manager"></a></p> <p>The TurboVNC Viewer, like any VNC viewer, can be used to connect to any VNC server. However, the TurboVNC Viewer also includes the TurboVNC Session Manager, which can be used with the TurboVNC Server to remotely start or kill a TurboVNC session, list all TurboVNC sessions running under a particular user account on a particular host, and choose a TurboVNC session to which to connect. The TurboVNC Session Manager uses the TurboVNC Viewer’s built-in SSH client, which supports OpenSSH config files and password-less public key authentication (using ssh-agent or Pageant.)</p> <h3 id="hd006001001">Procedure</h3> <ul class="Itemize"> <li class="Itemize-1 Itemize asterisk"> On the client machine, start the TurboVNC Viewer. <dl class="Description"> <dt class="Description-3 Description">Linux/Un*x clients</dt> <dd class="Description-3 Description"> Open a new terminal/xterm and type <pre class="verbatim"> /opt/TurboVNC/bin/vncviewer </pre> </dd> <dt class="Description-3 Description">Mac clients</dt> <dd class="Description-3 Description"> Open the <strong class="filename">TurboVNC Viewer</strong> application, located in the <strong class="filename">TurboVNC</strong> Applications folder, or open a new terminal and type <pre class="verbatim"> /opt/TurboVNC/bin/vncviewer </pre> </dd> <dt class="Description-3 Description">Windows clients</dt> <dd class="Description-3 Description"> Select <strong class="filename">TurboVNC Viewer</strong> in the <strong class="filename">TurboVNC</strong> Start Menu group, or open a new command prompt and type <pre class="verbatim"> c:\Program Files\TurboVNC\vncviewer.bat </pre> </dd> </dl> </li> <li class="Itemize-1 Itemize asterisk"> A small dialog box will appear. <br /><br /> <img src="newconn-sessmgr.png" alt="newconn-sessmgr" class="inline" id="imgid_1" name="imgid_1"/> <br /><br /> Enter the hostname or IP address of the TurboVNC host in the “VNC server” field, then click “Connect”. <br /><br /> </li> <li class="Itemize-1 Itemize asterisk"> The TurboVNC Session Manager will connect to the host using SSH, and it will prompt for an SSH private key passphrase or an SSH password, if necessary. (The TurboVNC Viewer’s built-in SSH client will first try to fetch the private key passphrase from ssh-agent or Pageant, if either is running.) <div class="important"><p class="important"> You can specify the SSH username, if it differs from your local username, by prefixing the hostname/IP address with <code><em>user</em>@</code>, where <em><code>user</code></em> is the SSH username. </p></div> </li> <li class="Itemize-1 Itemize asterisk"> If no TurboVNC sessions are currently running under your user account on the TurboVNC host, then the session manager will: <br /><br /> <ul class="Itemize"> <li class="Itemize-3 Itemize asterisk"> start a new session </li> <li class="Itemize-3 Itemize asterisk"> generate a new one-time password (OTP) for the session </li> <li class="Itemize-3 Itemize asterisk"> automatically configure the TurboVNC Viewer so that it tunnels the VNC connection through SSH (reusing the SSH channel that the session manager already opened) and authenticates using the newly-generated OTP </li> <li class="Itemize-3 Itemize asterisk"> connect to the session </li> </ul> <br class="itempara" />Once connected, a TurboVNC desktop window should appear on your client machine. This window contains a virtual desktop with which you can interact to launch X-Windows applications on the TurboVNC host. <br /><br /> </li> <li class="Itemize-1 Itemize asterisk"> If one or more TurboVNC sessions are currently running under your user account on the TurboVNC host, then the session manager will enumerate the sessions and display a dialog similar to the following, allowing you to manage the sessions remotely, to start a new session, or to choose a session to which to connect: <br /><br /> <img src="sessmgr.png" alt="sessmgr" class="inline" id="imgid_2" name="imgid_2"/> <br /><br /> Upon choosing a session to which to connect, the session manager will (as described above) automatically generate a new OTP for the session and configure the TurboVNC Viewer so that it tunnels the VNC connection through SSH and authenticates using the newly-generated OTP. <br /><br /> One-time passwords can be used with any VNC viewer, so generating a new OTP for a TurboVNC session (using the “New OTP” button) is a convenient way of allowing colleagues to temporarily access the session. Generating a new OTP for a TurboVNC session is also useful when using <a href="#noVNC">noVNC</a><a name="idx0025"></a>. If “View-only” is checked, then users who authenticate using the new OTP will not be able to remotely control the session. <div class="important"><p class="important"> The TurboVNC Session Manager automatically uses SSH tunneling and OTP authentication by default, but you can set the TurboVNC Viewer’s <code>NoSessMgrAuto</code> parameter to disable this behavior, thus allowing any authentication/encryption method to be used. Additional parameters can be used to specify the port on which the SSH server is listening and the location of the SSH private key file. The OpenSSH config file (<strong class="filename">~/.ssh/config</strong> by default) can also be used to specify those parameters persistently for a given host. </p></div> <div class="important"><p class="important"> The TurboVNC Viewer’s <code>ServerDir</code> and <code>ServerArgs</code> parameters can be used to specify a non-default installation path for the TurboVNC Server or additional arguments to pass to the TurboVNC Server when starting new sessions. TurboVNC Server arguments can also be specified on the host using the system-wide or per-user <strong class="filename">turbovncserver.conf</strong> file. </p></div> </li> </ul> <h2 id="hd006002">6.2 Manually Starting a TurboVNC Session</h2> <h3 id="hd006002001">Procedure</h3> <ol class="Ordered numeric"> <li class="Ordered-1 Ordered"> Open a new Command Prompt/terminal window on your client machine. </li> <li class="Ordered-1 Ordered"> In the new Command Prompt/terminal window, open a Secure Shell (SSH) session into the TurboVNC host: <pre class="verbatim">ssh <em>user</em>@<em>host</em></pre> Replace <em><code>user</code></em> with your username on the TurboVNC host and <em><code>host</code></em> with the hostname or IP address of the host. </li> <li class="Ordered-1 Ordered"> In the SSH session, start a TurboVNC session: <pre class="verbatim"> /opt/TurboVNC/bin/vncserver </pre> </li> <li class="Ordered-1 Ordered"> Make a note of the X display number that the TurboVNC session is occupying, for instance: <br /><br /> <code>Desktop 'TurboVNC: my_host:1 (my_user)' started on display my_host:1</code> <br /><br /> If this is the first time that a TurboVNC session has ever been run under this user account, and if VNC password authentication is enabled for the session, then TurboVNC will prompt for a VNC password. </li> <li class="Ordered-1 Ordered"> The SSH session can now be exited, if desired. </li> </ol> <h2 id="hd006003">6.3 Choosing a Window Manager</h2> <p>By default, a window manager is launched in a TurboVNC session after the session is started. You can specify the window manager by passing <code>-wm <em>window-manager</em></code> to <code>vncserver</code> or setting <code>$wm=“<em>window-manager</em>”;</code> in <strong class="filename">turbovncserver.conf</strong>, where <em><code>window-manager</code></em> corresponds to a session desktop file located in the X sessions directory (<strong class="filename">/usr/share/xsessions</strong> or <strong class="filename">/usr/local/share/xsessions</strong>) without the <strong class="filename">.desktop</strong> extension. (For example, pass <code>-wm xfce</code> to <code>vncserver</code> or set <code>$wm="xfce";</code> in <strong class="filename">turbovncserver.conf</strong> to launch the window manager specified in <strong class="filename">xfce.desktop</strong>.) If unspecified, the window manager defaults to</p> <ul class="Itemize"> <li class="Itemize-1 Itemize asterisk"> <code>gnome</code> if <strong class="filename">gnome.desktop</strong> exists in the X sessions directory, or </li> <li class="Itemize-1 Itemize asterisk"> <code>ubuntu</code> if <strong class="filename">ubuntu.desktop</strong> exists in the X sessions directory, or </li> <li class="Itemize-1 Itemize asterisk"> <code>mate</code> if <strong class="filename">mate.desktop</strong> exists in the X sessions directory, or </li> <li class="Itemize-1 Itemize asterisk"> <code>xfce</code> if <strong class="filename">xfce.desktop</strong> exists in the X sessions directory. </li> </ul> <p>Specifying <code>2d</code> as the window manager launches GNOME Classic or Flashback if <strong class="filename">gnome-classic.desktop</strong> or <strong class="filename">gnome-flashback-metacity.desktop</strong> exists in the X sessions directory.</p> <p>The TurboVNC Server can run compositing window managers, such as GNOME 3+ or KDE 5+, using its <a href="#SoftwareOpenGL">built-in software OpenGL implementation</a><a name="idx0026"></a>. However, for performance reasons, it is recommended that GPU acceleration (with <a href="#VGLWM">VirtualGL</a><a name="idx0027"></a> or <a href="#DRI3">DRI3</a><a name="idx0028"></a>) be used with compositing window managers. A non-compositing window manager such as MATE or Xfce is recommended if GPU acceleration will not be used.</p> <p>Refer to <span class="remote"><a href="https://www.turbovnc.org/Documentation/Compatibility32" target="_blank" class="remote">this report</a></span><a name="idx0029"></a> for an up-to-date list of window managers that have been tested with this version of the TurboVNC Server, how to configure the TurboVNC Server to use those window managers, and a list of known compatibility issues.</p> <h2 id="hd006004">6.4 Manually Connecting to a VNC Server</h2> <h3 id="hd006004001">Procedure</h3> <ol class="Ordered numeric"> <li class="Ordered-1 Ordered"> On the client machine, start the TurboVNC Viewer. <dl class="Description"> <dt class="Description-3 Description">Linux/Un*x clients</dt> <dd class="Description-3 Description"> Open a new terminal/xterm and type <pre class="verbatim"> /opt/TurboVNC/bin/vncviewer </pre> </dd> <dt class="Description-3 Description">Mac clients</dt> <dd class="Description-3 Description"> Open the <strong class="filename">TurboVNC Viewer</strong> application, located in the <strong class="filename">TurboVNC</strong> Applications folder, or open a new terminal and type <pre class="verbatim"> /opt/TurboVNC/bin/vncviewer </pre> </dd> <dt class="Description-3 Description">Windows clients</dt> <dd class="Description-3 Description"> Select <strong class="filename">TurboVNC Viewer</strong> in the <strong class="filename">TurboVNC</strong> Start Menu group, or open a new command prompt and type <pre class="verbatim"> c:\Program Files\TurboVNC\vncviewer.bat </pre> </dd> </dl> </li> <li class="Ordered-1 Ordered"> A small dialog box will appear. <br /><br /> <img src="newconn.png" alt="newconn" class="inline" id="imgid_3" name="imgid_3"/> <br /><br /> Enter the X display name (hostname, or IP address, and display number) of the VNC server or TurboVNC session in the “VNC server” field, then click “Connect”. </li> <li class="Ordered-1 Ordered"> Another dialog box appears, prompting for the password (if Standard VNC authentication is being used) or for the username and password (if Unix Login authentication is being used.) <br /><br /> <div class="table"> <table class="standard"> <tr class="standard"> <td class="standard">Standard VNC Authentication Dialog</td> <td class="standard"><img src="vncauth.png" alt="vncauth" class="inline" id="imgid_4" name="imgid_4"/></td> </tr> <tr class="standard"> <td class="standard">Unix Login Authentication Dialog</td> <td class="standard"><img src="unixauth.png" alt="unixauth" class="inline" id="imgid_5" name="imgid_5"/></td> </tr> </table> </div> <br /> Enter the VNC server password or the Unix username/password and press Enter. <br /><br /> A VNC desktop window should appear on your client machine. This window contains a virtual desktop with which you can interact to launch graphical applications on the VNC host. <div class="important"><p class="important"> If you are connecting to a non-VeNCrypt-compatible VNC server, then the authentication dialog will warn you that the connection is not encrypted: <br /><br /> <img src="vncauth-insecure.png" alt="vncauth-insecure" class="inline" id="imgid_6" name="imgid_6"/> <br /><br /> You should never use Unix Login authentication with an unencrypted connection. Instead, tunnel the connection through SSH. (See Section <a href="#Secure_TurboVNC_Usage" class="ref">6.7</a> below for more details.) </p></div> </li> </ol> <h2 id="hd006005">6.5 Disconnecting and Killing a TurboVNC Session</h2> <p>Closing the TurboVNC Viewer disconnects from the TurboVNC session, but the TurboVNC session will remain running on the TurboVNC host (as will any applications that you may have started within the session), and you can reconnect to the session at any time.</p> <p>If the TurboVNC session was created with default settings, then the easiest way to kill it is to log out of the window manager running in the session. You can also use the <a href="#TurboVNC_Session_Manager">TurboVNC Session Manager</a><a name="idx0030"></a> to remotely kill TurboVNC sessions, or you can type the following command:</p> <pre class="verbatim">/opt/TurboVNC/bin/vncserver -kill :<em>n</em></pre> <p>from a terminal in the TurboVNC session or from an SSH session on the host. Replace <em><code>n</code></em> with the X display number of the TurboVNC session you want to kill.</p> <p>To list the X display numbers and process ID’s of all TurboVNC sessions currently running under your user account on a particular host, type the following command:</p> <pre class="verbatim"> /opt/TurboVNC/bin/vncserver -list </pre> <p>from a terminal in the TurboVNC session or from an SSH session on the host.</p> <h2 id="hd006006">6.6 Using TurboVNC in a Web Browser</h2> <p><a name="noVNC"></a></p> <p>When a TurboVNC session is started, the <code>vncserver</code> script can optionally start a simple web server that serves up <span class="remote"><a href="https://novnc.com" target="_blank" class="remote">noVNC</a></span><a name="idx0031"></a>, an HTML 5/JavaScript VNC viewer that works in any web browser (with reduced performance and features relative to the TurboVNC Viewer.) This allows you to easily connect to a TurboVNC session from a machine that does not have the TurboVNC Viewer installed (including mobile devices.)</p> <p>To launch noVNC along with a TurboVNC session, pass <code>-novnc <em>dir</em></code> to <code>vncserver</code> when starting the session, where <em><code>dir</code></em> is the directory containing noVNC. (Setting the <code>$noVNC</code> variable in <strong class="filename">turbovncserver.conf</strong> has the same effect.) The <code>vncserver</code> script will print the noVNC URL, which will be of the form:</p> <pre class="verbatim">http://<em>host</em>:<em>5800+n</em>/vnc.html?host=<em>host</em>&port=<em>5900+n</em></pre> <p>or</p> <pre class="verbatim">https://<em>host</em>:<em>5800+n</em>/vnc.html?host=<em>host</em>&port=<em>5900+n</em>&encrypt=1</pre> <p>where <em><code>host</code></em> is the hostname or IP address of the TurboVNC host and <em><code>n</code></em> is the X display number of the TurboVNC session.</p> <p>Point your web browser to that URL in order to access the TurboVNC session. You can optionally pass <code>-x509cert <em>certificate-file</em> -x509key <em>private-key-file</em></code> to <code>vncserver</code> (or set the <code>$x509CertFile</code> and <code>$x509KeyFile</code> variables in <strong class="filename">turbovncserver.conf</strong>) to encrypt both the HTTP and RFB connections. See the <code>vncserver</code> man page for more details.</p> <div class="important"><p class="important"> NOTE: noVNC only supports VNC Password authentication, so it is strongly recommended that it be used only with one-time passwords unless the connections are encrypted. </p></div> <h2 id="hd006007">6.7 Using SSH to Manually Secure a TurboVNC Connection</h2> <p><a name="Secure_TurboVNC_Usage"></a></p> <p>If the <a href="#TurboVNC_Session_Manager">TurboVNC Session Manager</a><a name="idx0032"></a> is not being used, then the connection between the TurboVNC Server and the TurboVNC Viewer will, by default, use Anonymous TLS encryption. (Refer to Chapter <a href="#Security_Extensions" class="ref">8</a>.) However, it may be preferable to secure the TurboVNC connection using SSH rather than Anonymous TLS encryption, particularly if one does not want to open additional ports in the host’s firewall. This can easily be accomplished using the TurboVNC Viewer’s <code>Tunnel</code> and <code>Jump</code> parameters (or the equivalent GUI options, which are located under the “Security” tab in the TurboVNC Viewer Options dialog.)</p> <p>The TurboVNC Viewer’s <code>Tunnel</code> and <code>Jump</code> parameters take advantage of the port forwarding feature in SSH. For instance, running</p> <pre class="verbatim"><em>vncviewer</em> -tunnel <em>user</em>@<em>host</em>:<em>n</em></pre> <p>is the equivalent of running</p> <pre class="verbatim">ssh -L <em>fp</em>:localhost:<em>5900+n</em> <em>user</em>@<em>host</em> <em>vncviewer</em> localhost::<em>fp</em></pre> <p>where <em><code>fp</code></em> is a free TCP port on the client machine (this is automatically determined by the TurboVNC Viewer.) Similarly, running</p> <pre class="verbatim"><em>vncviewer</em> -jump <em>jump-user</em>@<em>jump-host</em>:<em>jump-port</em> <em>vnc-user</em>@<em>vnc-host</em>:<em>n</em></pre> <p>is the equivalent of running</p> <pre class="verbatim">ssh -J <em>jump-user</em>@<em>jump-host</em>:<em>jump-port</em> -L <em>fp</em>:localhost:<em>5900+n</em> <em>vnc-user</em>@<em>vnc-host</em> <em>vncviewer</em> localhost::<em>fp</em></pre> <div class="important"><p class="important"> In the above examples, <em><code>vncviewer</code></em> is the command used to launch the TurboVNC Viewer– <code>/opt/TurboVNC/bin/vncviewer</code> on Linux/Un*x and Mac systems and <code>c:\Program Files\TurboVNC\vncviewer.bat</code> on Windows systems. </p></div> <div class="important"><p class="important"> When using the <code>Jump</code> parameter, the VNC host is specified from the point of view of the gateway host. </p></div> <h2 id="hd006008">6.8 Requiring SSH Tunneling</h2> <p>Passing an argument of <code>-localhost</code> to <code>vncserver</code> will force the TurboVNC session to accept inbound connections only from the TurboVNC host. This effectively forces SSH tunneling to be used for remote connections. If the <code>no-remote-connections</code> directive is set in the TurboVNC security configuration file, then that has the effect of enabling the <code>-localhost</code> option for all new TurboVNC sessions that are started on the host.</p> <p>Passing an argument of <code>-noreverse</code> to <code>vncserver</code> will disable the ability to make outbound (reverse) connections from the TurboVNC session. If the <code>no-reverse-connections</code> directive is set in the TurboVNC security configuration file, then that has the effect of enabling the <code>-noreverse</code> option for all new TurboVNC sessions that are started on the host.</p> <p>If the host is configured such that it only allows SSH connections, then disallowing the TLS* security types on a system-wide basis (by setting the <code>permitted-security-types</code> directive in the TurboVNC security configuration file) is recommended. Otherwise, when using the TurboVNC Viewer with default settings, the connection will have redundant encryption.</p> <p><img src="vncauth-redundant.png" alt="vncauth-redundant" class="inline" id="imgid_7" name="imgid_7"/></p> <p>Note that only the OTP security type is needed when using the <a href="#TurboVNC_Session_Manager">TurboVNC Session Manager</a><a name="idx0033"></a> with its default settings.</p> <h2 id="hd006009">6.9 Running OpenGL Applications</h2> <p><a name="SoftwareOpenGL"></a></p> <p>The TurboVNC Server includes a software GLX/OpenGL implementation that can be used for casual 3D rendering. This implementation uses the swrast DRI driver provided by Mesa 8.x and later, and it supports only direct rendering. In general, if the TurboVNC host has a GPU, then you should use <a href="#VGL">VirtualGL</a><a name="idx0034"></a> or <a href="#DRI3">DRI3</a><a name="idx0035"></a> rather than relying on TurboVNC’s software OpenGL implementation.</p> <p>Passing <code>-extension GLX</code> to <code>vncserver</code> disables the built-in GLX/OpenGL implementation, thus restoring the behavior of TurboVNC 2.1.x and earlier (which required VirtualGL in order to run OpenGL applications.) If the built-in GLX/OpenGL implementation is not functioning properly, then pass <code>-verbose</code> to <code>vncserver</code> to log informational messages that may reveal the source of the problem.</p> <h2 id="hd0060010">6.10 Further Reading</h2> <p>For more detailed instructions on the usage of TurboVNC:</p> <dl class="Description"> <dt class="Description-1 Description">TurboVNC Server</dt> <dd class="Description-1 Description"> Refer to the TurboVNC man pages: <pre class="verbatim"> man -M /opt/TurboVNC/man vncserver man -M /opt/TurboVNC/man Xvnc man -M /opt/TurboVNC/man vncconnect man -M /opt/TurboVNC/man vncpasswd man -M /opt/TurboVNC/man tvncconfig </pre> </dd> <dt class="Description-1 Description">TurboVNC Viewer</dt> <dd class="Description-1 Description"> Run <pre class="verbatim"> /opt/TurboVNC/bin/vncviewer -? </pre> on Linux/Un*x and Mac systems or <pre class="verbatim"> c:\Program Files\TurboVNC\vncviewer.bat -? </pre> on Windows systems to display a list of command-line options and commonly-used parameters and their descriptions. Replace <code>-?</code> with <code>-??</code> to display a list of advanced parameters and their descriptions. </dd> </dl> <p><br /></p> <hr class="break" /> <h1 id="hd007"><a name="file007"></a>7 Performance and Image Quality</h1> <p>The level of image compression in TurboVNC can be adjusted to balance the (sometimes conflicting) goals of high image quality and high performance. There are four options that control the manner in which TurboVNC compresses images:</p> <dl class="Description"> <dt class="Description-1 Description">Allow JPEG compression</dt> <dd class="Description-1 Description"> If this option is enabled, then TurboVNC will use JPEG compression for subrectangles that have a high number of unique colors, and it will use indexed color subencoding for subrectangles that have a low number of unique colors. If this option is disabled, then TurboVNC will select between indexed color or raw subencoding, depending on the size of the subrectangle and its color count. </dd> <dt class="Description-1 Description">JPEG image quality</dt> <dd class="Description-1 Description"> Lower quality levels produce grainier JPEG images with more noticeable compression artifacts, but lower quality levels also use less network bandwidth and CPU time. </dd> <dt class="Description-1 Description">JPEG chrominance subsampling</dt> <dd class="Description-1 Description"> When compressing an image using JPEG, the RGB pixels are first converted to the YCbCr colorspace, a colorspace in which each pixel is represented as a brightness (Y, or “luminance”) value and a pair of color (Cb & Cr, or “chrominance”) values. After this colorspace conversion, chrominance subsampling can be used to discard some of the chrominance components in order to save bandwidth. This works because the human eye is more sensitive to changes in brightness than to changes in color. 1X subsampling (the default in TurboVNC) retains the chrominance components for all pixels, and thus it provides the best image quality but also uses the most network bandwidth and CPU time. 2X subsampling retains the chrominance components for every other pixel, and 4X subsampling retains the chrominance components for every fourth pixel. (This is typically implemented as 2X subsampling in both X and Y directions.) Grayscale throws out all of the chrominance components, leaving only luminance. 2X and 4X subsampling typically produce noticeable blurring of lines and other sharp features, but with photographic or other “smooth” image content, it may be difficult to detect any difference between 1X, 2X, and 4X. </dd> <dt class="Description-1 Description">Compression level</dt> <dd class="Description-1 Description"> In TurboVNC, the compression level specifies: <ol class="Ordered numeric"><li class="Ordered-0"> the level of zlib compression that will be used with indexed color, mono, and raw subrectangles </li> <li class="Ordered-0"> the “palette threshold” (the minimum number of colors that a subrectangle must have before it is encoded as JPEG or raw instead of indexed color) </li> <li class="Ordered-0"> whether or not <a href="#InterframeComparison">interframe comparison</a><a name="idx0036"></a> should be used </li></ol> See Section <a href="#AdvancedCompression" class="ref">7.2</a> below for more details. </dd> </dl> <p>These parameters can be adjusted by accessing the TurboVNC Viewer Options dialog box. (Click on the “Options” button in the New TurboVNC Connection dialog box or, after connecting to the server, click on the Connection Options button in the toolbar.)</p> <p>The TurboVNC Viewer provides five preset “encoding methods” corresponding to the most useful combinations of the image compression options described above:</p> <a name="tab007001"></a> <div class="table"> <table class="standard" summary="TurboVNC Encoding Methods"> <caption>Table 7.1: TurboVNC Encoding Methods</caption> <thead class="standard"> <tr class="head "> <th class="head standard">Encoding method</th> <th class="head standard">Allow JPEG</th> <th class="head standard">JPEG image quality</th> <th class="head standard">JPEG chrominance subsampling</th> <th class="head standard">Compression level</th> <th class="head standard">Notes</th> </tr> </thead> <tr class="standard"> <td class="standard">“Tight + Perceptually Lossless JPEG”</td> <td class="standard">Yes</td> <td class="standard">95</td> <td class="standard">1x</td> <td class="standard">1</td> <td class="standard">This encoding method should be perceptually lossless (that is, any image compression artifacts it produces should be imperceptible to human vision) under most viewing conditions. This encoding method requires a great deal of network bandwidth, however, and is generally not recommended except on 50 Megabit/second and faster networks.</td> </tr> <tr class="standard"> <td class="standard">“Tight + Medium-Quality JPEG”</td> <td class="standard">Yes</td> <td class="standard">80</td> <td class="standard">2x</td> <td class="standard">6</td> <td class="standard">For subrectangles that have a high number of unique colors, this encoding method produces some minor, but generally not very noticeable, image compression artifacts. All else being equal, this encoding method typically uses about twice the network bandwidth of the “Tight + Low-Quality JPEG” encoding method and about half the bandwidth of the “Tight + Perceptually Lossless JPEG” encoding method, making it appropriate for medium-speed networks such as 10 Megabit Ethernet. Interframe comparison is enabled with this encoding method. (Compression Level 6 = Compression Level 1 + interframe comparison.)</td> </tr> <tr class="standard"> <td class="standard">“Tight + Low-Quality JPEG”</td> <td class="standard">Yes</td> <td class="standard">30</td> <td class="standard">4x</td> <td class="standard">7</td> <td class="standard">For subrectangles that have a high number of unique colors, this encoding method produces very noticeable image compression artifacts. However, it performs optimally on low-bandwidth connections. If image quality is more critical than performance, then use one of the other encoding methods or take advantage of the <a href="#LR">Lossless Refresh feature</a><a name="idx0037"></a>. In addition to reducing the JPEG quality to a “minimum usable” level, this encoding method also enables interframe comparison and Compression Level 2. (CL 7 = CL 2 + interframe comparison.) Compression Level 2 can reduce network usage for low-color application workloads that are not good candidates for JPEG compression.</td> </tr> <tr class="standard"> <td class="standard">“Lossless Tight”</td> <td class="standard">No</td> <td class="standard">N/A</td> <td class="standard">N/A</td> <td class="standard">0</td> <td class="standard">This encoding method uses indexed color subencoding for subrectangles that have a low number of unique colors and raw subencoding for subrectangles that have a high number of unique colors. If the VNC viewer supports the “Tight Encoding Without Zlib” RFB extension, then zlib is bypassed, and all subrectangles are sent without compression. Otherwise, all subrectangles are “compressed” using zlib with zlib compression level 0. (Zlib compression level 0 maintains the zlib state but does not perform any actual compression. However, the overhead of maintaining the zlib state reduces overall Tight encoding performance by 10-60% vs. bypassing zlib, depending on the zlib implementation.) Lossless Tight uses significantly less CPU time than any of the JPEG-based encoding methods, but it is suitable only for gigabit and faster networks.</td> </tr> <tr class="standard"> <td class="standard">“Lossless Tight + Zlib”</td> <td class="standard">No</td> <td class="standard">N/A</td> <td class="standard">N/A</td> <td class="standard">6</td> <td class="standard">This encoding method uses indexed color subencoding for subrectangles that have a low number of unique colors and raw subencoding for subrectangles that have a high number of unique colors. It compresses all subrectangles using zlib with zlib compression level 1. For certain types of low-color workloads (CAD applications, in particular), this encoding method may use less network bandwidth than the “Tight + Perceptually Lossless JPEG” encoding method, but it also uses significantly more CPU time than any of the JPEG-based encoding methods. Interframe comparison is enabled with this encoding method. (Compression Level 6 = Compression Level 1 + interframe comparison.)</td> </tr> </table> </div> <p>The encoding method can be set in the TurboVNC Viewer Options dialog box. (Click on the “Options” button in the New TurboVNC Connection dialog box or, after connecting to the server, click on the Connection Options button in the toolbar.)</p> <h2 id="hd007001">7.1 Interframe Comparison</h2> <p><a name="InterframeComparison"></a></p> <p>Certain ill-behaved applications can sometimes draw the same thing over and over again, and this can cause redundant framebuffer updates to be sent to the VNC viewer. Additionally, modern GUI toolkits often use image-based drawing methods (the X Rendering Extension, for instance), which can result in an entire window being redrawn even if only a few pixels in the window have changed. The TurboVNC Server can guard against this by maintaining a copy of the remote framebuffer for each connected viewer, comparing each new framebuffer update rectangle against the pixels in the framebuffer copy, and discarding any redundant portions of the rectangle before they are sent to the viewer.</p> <p>Interframe comparison has some tradeoffs. Perhaps the most important of these is that it increases the memory usage of the TurboVNC Server by a factor of N, where N is the number of connected viewers. This can prove to be quite significant if the remote desktop size is relatively large. 2D applications are most often the ones that generate duplicate framebuffer updates, so using interframe comparison with such applications can significantly reduce the network usage and the host CPU usage (since fewer rectangles are actually being encoded.) However, with 3D applications, the benefits of interframe comparison are less clear, since it is less common for those applications to generate duplicate framebuffer updates. Interframe comparison may benefit certain classes of 3D applications, such as design applications that render a model against a static background– particularly when the model is not zoomed in enough to fill the entire window. In real-world tests, however, interframe comparison rarely reduces the network usage for 3D applications by more than 5-10%. Furthermore, with games and other immersive applications that modify most of the pixels on the screen each time a frame is rendered, interframe comparison can actually increase both CPU usage and network usage. Furthermore, the effects of duplicate framebuffer updates are not typically noticeable on high-speed networks, but an increase in host CPU usage might be.</p> <p>For these reasons, interframe comparison is not enabled by default and should not generally be enabled except on bandwidth-constrained networks and with applications for which it can be shown to be beneficial. Interframe comparison can be enabled by passing an argument of <code>-interframe</code> to <code>vncserver</code> when starting a TurboVNC session, by using <code>tvncconfig</code> to set the <code>Interframe</code> parameter for a running TurboVNC session, or by requesting a compression level of 5 or higher from the viewer (see below.)</p> <h2 id="hd007002">7.2 Advanced Compression Options</h2> <p><a name="AdvancedCompression"></a></p> <p>One of the underlying principles of TurboVNC’s design is to expose only the options that have proven to be useful (that is, the options that have proven to have good performance tradeoffs.) Thus, the TurboVNC Viewer Options dialog normally only allows you to select Compression Levels 1-2 if JPEG subencoding is enabled (6-7 if interframe comparison is also enabled) or Compression Levels 0-1 if JPEG subencoding is disabled (5-6 if interframe comparison is enabled.) Other compression levels can, however, be specified using the TurboVNC Viewer’s <code>CompressLevel</code> parameter, and doing so will enable a compatibility mode in the TurboVNC Viewer Options dialog that allows any compression level from 0 to 9 to be requested.</p> <p>When connected to a TurboVNC session, requesting a particular compression level has the following effect:</p> <a name="tab007002"></a> <div class="table"> <table class="standard" summary="Compression Levels Supported by the TurboVNC Server (JPEG Enabled)"> <caption>Table 7.2: Compression Levels Supported by the TurboVNC Server (JPEG Enabled)</caption> <thead class="standard"> <tr class="head "> <th class="head standard">Compression level</th> <th class="head standard">Zlib compression level (non-JPEG subrectangles)</th> <th class="head standard">Palette threshold</th> <th class="head standard">Interframe comparison</th> <th class="head standard">Notes</th> </tr> </thead> <tr class="standard"> <td class="standard">0</td> <td class="standard">1</td> <td class="standard">24</td> <td class="standard">No</td> <td class="standard">Same as Compression Level 1. Bypassing zlib when JPEG is enabled would only reduce the CPU usage for non-JPEG subrectangles, which is of limited usefulness. Furthermore, bypassing zlib requires an RFB protocol extension that is not supported by non-TurboVNC viewers (as of this writing.) It is presumed that, if one wants to reduce the CPU usage, then one wants to do so for all subrectangles, so CL 0 without JPEG (AKA “Lossless Tight”) should be used.</td> </tr> <tr class="standard"> <td class="standard">1</td> <td class="standard">1</td> <td class="standard">24</td> <td class="standard">No</td> <td class="standard">See the description of the “Tight + JPEG” encoding methods above.</td> </tr> <tr class="standard"> <td class="standard">2</td> <td class="standard">3</td> <td class="standard">96</td> <td class="standard">No</td> <td class="standard">A higher palette threshold causes indexed color subencoding to be used more often than with CL 1, and indexed color subrectangles are compressed using a higher zlib compression level. This can provide typically 20-40% better compression than CL 1 (with a commensurate increase in CPU usage) for workloads that have a low number of unique colors. However, Compression Level 2 can increase the CPU usage for some high-color workloads without providing significantly better compression.</td> </tr> <tr class="standard"> <td class="standard">3-4</td> <td class="standard">3</td> <td class="standard">96</td> <td class="standard">No</td> <td class="standard">Same as Compression Level 2 (reserved for future expansion)</td> </tr> <tr class="standard"> <td class="standard">5-6</td> <td class="standard">1</td> <td class="standard">24</td> <td class="standard">Yes</td> <td class="standard">Same as Compression Level 1 but with interframe comparison enabled</td> </tr> <tr class="standard"> <td class="standard">7-8</td> <td class="standard">3</td> <td class="standard">96</td> <td class="standard">Yes</td> <td class="standard">Same as Compression Level 2 but with interframe comparison enabled</td> </tr> <tr class="standard"> <td class="standard">9</td> <td class="standard">7</td> <td class="standard">256</td> <td class="standard">Yes</td> <td class="standard">This mode is included only for backward compatibility with TightVNC. It provides approximately the same level of compression for 2D applications as Compression Level 9 in TightVNC 1.3.x while using much less CPU time. It also provides much better compression than TightVNC for 3D and video applications. However, relative to Compression Level 2, this mode uses approximately twice as much CPU time and only achieves about 10-20% better average compression for 2D applications (and has no noticeable benefit for 3D and video applications.) Thus, its usefulness is generally very limited.</td> </tr> </table> </div> <p></p> <a name="tab007003"></a> <div class="table"> <table class="standard" summary="Compression Levels Supported by the TurboVNC Server (JPEG Disabled)"> <caption>Table 7.3: Compression Levels Supported by the TurboVNC Server (JPEG Disabled)</caption> <thead class="standard"> <tr class="head "> <th class="head standard">Compression Level</th> <th class="head standard">Zlib compression level (indexed color subrectangles)</th> <th class="head standard">Zlib compression level (raw subrectangles)</th> <th class="head standard">Palette threshold</th> <th class="head standard">Interframe comparison</th> <th class="head standard">Notes</th> </tr> </thead> <tr class="standard"> <td class="standard">0</td> <td class="standard">None</td> <td class="standard">None</td> <td class="standard">Subrectangle size / 4</td> <td class="standard">No</td> <td class="standard">See the description of the “Lossless Tight” encoding method above.</td> </tr> <tr class="standard"> <td class="standard">1</td> <td class="standard">1</td> <td class="standard">1</td> <td class="standard">Subrectangle size / 96</td> <td class="standard">No</td> <td class="standard">See the description of the “Lossless Tight + Zlib” encoding method above.</td> </tr> <tr class="standard"> <td class="standard">2-4</td> <td class="standard">1</td> <td class="standard">1</td> <td class="standard">Subrectangle size / 96</td> <td class="standard">No</td> <td class="standard">Same as Compression Level 1 (reserved for future expansion)</td> </tr> <tr class="standard"> <td class="standard">5</td> <td class="standard">None</td> <td class="standard">None</td> <td class="standard">Subrectangle size / 4</td> <td class="standard">Yes</td> <td class="standard">Same as Compression Level 0 but with interframe comparison enabled</td> </tr> <tr class="standard"> <td class="standard">6-8</td> <td class="standard">1</td> <td class="standard">1</td> <td class="standard">Subrectangle size / 96</td> <td class="standard">Yes</td> <td class="standard">Same as Compression Level 1 but with interframe comparison enabled</td> </tr> <tr class="standard"> <td class="standard">9</td> <td class="standard">7</td> <td class="standard">5</td> <td class="standard">Subrectangle size / 96</td> <td class="standard">Yes</td> <td class="standard">This mode is included only for backward compatibility with TightVNC. It provides approximately the same level of compression for 2D applications as Compression Level 9 in TightVNC 1.3.x, while using much less CPU time. It also provides much better compression than TightVNC for 3D and video applications. However, relative to Compression Level 1, this mode uses approximately twice as much CPU time and only achieves about 10% better average compression for 2D applications (and has no noticeable benefit for 3D and video applications.) Thus, its usefulness is generally very limited.</td> </tr> </table> </div> <h2 id="hd007003">7.3 Lossless Refresh</h2> <p><a name="LR"></a></p> <p>Since both of TurboVNC’s mathematically lossless encoding methods have performance drawbacks, another option for image-quality-critical applications is the Lossless Refresh feature. When a lossless refresh is requested by a TurboVNC viewer, the VNC server will send a mathematically lossless image of the remote desktop to the requesting viewer. A user could, for instance, use the “Tight + Low-Quality JPEG” encoding method on a low-bandwidth network to improve the performance of rotating/panning/zooming an object in a 3D application, then the user could request a lossless refresh when they are ready to interpret or analyze the object.</p> <p>To perform a lossless refresh, press CTRL-ALT-SHIFT-L or click on the Lossless Refresh toolbar icon.</p> <h2 id="hd007004">7.4 Automatic Lossless Refresh</h2> <p><a name="ALR"></a></p> <p>Passing an argument of <code>-alr <em>timeout</em></code> to <code>vncserver</code> (or using <code>tvncconfig</code> to set the <code>ALR</code> parameter for a running TurboVNC session) enables the Automatic Lossless Refresh (ALR) feature for the TurboVNC session. ALR monitors all of the VNC viewer connections, and if more than <em><code>timeout</code></em> seconds have elapsed since the last framebuffer update was sent to a given viewer, then the TurboVNC Server sends that viewer a mathematically lossless copy of any “ALR-eligible” screen regions that have been affected by lossy compression. You can also pass arguments of <code>-alrqual</code> and <code>-alrsamp</code> to <code>vncserver</code> (or use <code>tvncconfig</code> to set the <code>ALRQual</code> and <code>ALRSamp</code> parameters for a running TurboVNC session) to specify that automatic lossless refreshes should be sent using JPEG instead. (See the <code>Xvnc</code> man page for details.)</p> <p>The ALR feature is designed mainly for use with interactive visualization applications. The idea is that, on a low-bandwidth connection, low-quality JPEG can be used while the 3D scene is rotated/panned/zoomed, but when the motion stops, a fully lossless copy of the 3D image is sent and can be studied in detail.</p> <p>The default is for any regions drawn with <code>X[Shm]PutImage()</code> to be ALR-eligible– as well as any regions drawn with CopyRect, if the source of the CopyRect operation was affected by lossy compression. (CopyRect is an RFB encoding that allows the VNC server to request that a VNC viewer move a rectangle of pixels from one location to another.) When used with VirtualGL, this means that ALRs will mainly just be sent for the OpenGL-rendered regions of the remote desktop. That should be fine for most 3D applications, since the OpenGL-rendered regions are the ones that are quality-critical. The default ALR behavior also prevents what might best be called the “blinking cursor dilemma.” Certain programs have a blinking cursor that may update more frequently than the ALR timeout. Since an ALR is triggered based on a period of inactivity relative to the last framebuffer update, these frequent updates prevent an ALR from ever being sent. Fortunately, blinking cursors are not typically drawn using <code>X[Shm]PutImage()</code>, so the problem is effectively worked around by limiting the ALR-eligible regions to just the subset of regions that were drawn using <code>X[Shm]PutImage()</code> and CopyRect.</p> <div class="important"><p class="important"> NOTE: Ill-behaved applications that continuously render the same image will cause a variation of the “blinking cursor dilemma” and thus defeat ALR unless <a href="#InterframeComparison">interframe comparison</a><a name="idx0038"></a> is enabled. </p></div> <p>You can override the default ALR behavior, thus making all screen regions eligible for ALR, by setting the <code>TVNC_ALRALL</code> environment variable to <code>1</code> on the TurboVNC host prior to starting a TurboVNC session or by using <code>tvncconfig</code> to set the <code>ALRAll</code> parameter for a running TurboVNC session.</p> <h2 id="hd007005">7.5 Multithreading</h2> <p><a name="Multithreading"></a></p> <p>By default, the TurboVNC Server uses multiple threads to perform image encoding and compression, thus allowing it to take advantage of multi-core or multi-processor systems. The server splits the screen vertically into N tiles, where N is the number of threads, and assigns each tile to a separate thread. The scalability of this algorithm is nearly linear when used with demanding 3D or video applications that fill most of the screen. However, whether or not multithreading improves the overall performance of TurboVNC depends largely on the performance of the viewer and the network. If either the viewer or the network is the primary performance bottleneck, then enabling multithreading in the server will not help. Multithreading is also not currently implemented with non-Tight encoding types.</p> <p>To disable server-side multithreading, set the <code>TVNC_MT</code> environment variable to <code>0</code> on the host prior to starting <code>vncserver</code>, or pass an argument of <code>-nomt</code> to <code>vncserver</code>. The default behavior is to use as many threads as there are cores on the TurboVNC host (up to a maximum of 4), but you can set the <code>TVNC_NTHREADS</code> environment variable or pass an argument of <code>-nthreads</code> to <code>vncserver</code> to override this.</p> <p><br /></p> <hr class="break" /> <h1 id="hd008"><a name="file008"></a>8 TurboVNC Security Extensions</h1> <p><a name="Security_Extensions"></a></p> <h2 id="hd008001">8.1 Terminology</h2> <p>In an attempt to be consistent with other VNC implementations, TurboVNC uses the following terminology when referring to its security extensions:</p> <dl class="Description"> <dt class="Description-1 Description">Authentication Method</dt> <dd class="Description-1 Description"> A technique that the VNC server uses to validate authentication credentials sent from a VNC viewer. If the credentials sent from a particular VNC viewer are not valid, then that viewer is not allowed to connect. </dd> <dt class="Description-1 Description">Authentication Scheme</dt> <dd class="Description-1 Description"> A protocol used to send authentication credentials from a VNC viewer to a VNC server for validation. Some authentication schemes are required by the RFB protocol specification, and others are implemented as extensions to that specification. </dd> <dt class="Description-1 Description">Encryption Method</dt> <dd class="Description-1 Description"> A technique used to encrypt the data sent between the VNC server and the VNC viewer </dd> <dt class="Description-1 Description">Security Type</dt> <dd class="Description-1 Description"> A specific combination of an authentication method, an authentication scheme, and an encryption method </dd> </dl> <h2 id="hd008002">8.2 TurboVNC Server Authentication Methods</h2> <dl class="Description"> <dt class="Description-1 Description">No Authentication</dt> <dd class="Description-1 Description"> The VNC server does not authenticate the VNC viewer at all. </dd> <dt class="Description-1 Description">VNC Password Authentication</dt> <dd class="Description-1 Description"> A session password sent from the VNC viewer is validated against a password file, which is typically located under the user’s home directory on the VNC host. The VNC password is separate from any other login credentials and thus represents less of a security threat if compromised (that is, assuming the VNC password and the user’s account password are not the same.) </dd> <dt class="Description-1 Description">One-Time Password (OTP) Authentication</dt> <dd class="Description-1 Description"> Using the <code>vncpasswd</code> program, a unique password is generated “on the fly” for the TurboVNC session, and the password is printed on the command line. (See the <code>vncpasswd</code> man page for more details.) The user enters this password into the VNC viewer, and the VNC viewer sends the password to the server as if it were a VNC password. However, once the OTP has been used to authenticate a viewer, the OTP is forgotten and cannot be reused. OTP authentication can be used, for instance, to launch or connect to TurboVNC sessions from an automated web portal or from a job scheduler. OTP authentication is also useful for allowing temporary access to a TurboVNC session for collaboration purposes. The <a href="#TurboVNC_Session_Manager">TurboVNC Session Manager</a><a name="idx0039"></a> uses OTP authentication by default, which allows it to securely authenticate with a TurboVNC session without prompting for additional credentials. </dd> <dt class="Description-1 Description">PAM User/Password Authentication</dt> <dd class="Description-1 Description"> The VNC server uses Pluggable Authentication Modules (PAM) to validate a username and password received from a VNC viewer. The password received from the VNC viewer need not necessarily be validated against the user’s account password. Generally, the TurboVNC Server can validate the username and password using any authentication credentials that can be accessed through PAM. Since the user/password authentication schemes supported by TurboVNC (see below) transmit the password from the VNC viewer to the VNC server as plain text, it is strongly recommended that the PAM User/Password authentication method be used only with session encryption or if the session is restricted to allow only loopback (SSH) connections and to disallow reverse connections (see Section <a href="#Secure_TurboVNC_Usage" class="ref">6.7</a>.) </dd> </dl> <h2 id="hd008003">8.3 TurboVNC Viewer Authentication Schemes</h2> <dl class="Description"> <dt class="Description-1 Description">None</dt> <dd class="Description-1 Description"> No authentication credentials are sent to the server. </dd> <dt class="Description-1 Description">Standard VNC Authentication</dt> <dd class="Description-1 Description"> A password is sent to the server using a DES-encrypted challenge/response scheme. The password can be up to 8 characters long, so the DES key length is 56 bits. This is not a particularly strong form of encryption by today’s standards. (56-bit DES was broken by brute force attack in the late 1990s.) </dd> <dt class="Description-1 Description">Unix Login/Plain Authentication</dt> <dd class="Description-1 Description"> Both the username and password are sent to the VNC server as plain text. Thus, it is <em>strongly</em> recommended that this authentication scheme be used only with VNC connections that are encrypted using TLS (see below) or SSH (see Section <a href="#Secure_TurboVNC_Usage" class="ref">6.7</a>.) Per the RFB spec, this authentication scheme is referred to as “Unix Login” when used with a TightVNC-compatible server and “Plain” when used with a VeNCrypt-compatible server. </dd> </dl> <h2 id="hd008004">8.4 Supported Encryption Methods</h2> <p>TurboVNC supports three encryption methods:</p> <dl class="Description"> <dt class="Description-1 Description">None</dt> <dd class="Description-1 Description"> No encryption </dd> <dt class="Description-1 Description">Anonymous TLS Encryption</dt> <dd class="Description-1 Description"> The connection is encrypted using TLS (Transport Layer Security) without authentication (i.e. without a certificate.) </dd> <dt class="Description-1 Description">TLS/X.509 Encryption</dt> <dd class="Description-1 Description"> The connection is encrypted using TLS with a specified X.509 certificate. </dd> </dl> <h2 id="hd008005">8.5 Supported Security Types</h2> <p>TurboVNC supports the following security types:</p> <div class="table"> <table class="standard"> <thead class="standard"> <tr class="head "> <th class="head standard">Server Security Type</th> <th class="head standard">Authentication Method</th> <th class="head standard">Encryption Method</th> <th class="head standard">Viewer Security Type</th> <th class="head standard">Authentication Scheme</th> <th class="head standard">Compatibility</th> </tr> </thead> <tr class="standard"> <td class="high standard">None</td> <td class="standard">None</td> <td class="standard">None</td> <td class="high standard">None</td> <td class="standard">None</td> <td class="standard">RFB 3.3+</td> </tr> <tr class="standard"> <td class="high standard">VNC</td> <td class="standard">VNC Password</td> <td class="standard">None</td> <td class="high standard" rowspan="2">VNC</td> <td class="standard" rowspan="2">Standard VNC</td> <td class="standard" rowspan="2">RFB 3.3+</td> </tr> <tr class="standard"> <td class="high standard">OTP</td> <td class="standard">One-Time Password</td> <td class="standard">None</td> </tr> <tr class="standard"> <td class="high standard">Plain</td> <td class="standard">PAM User/Password</td> <td class="standard">None</td> <td class="high standard">Plain</td> <td class="standard">Plain</td> <td class="standard">RFB 3.7+ with VeNCrypt extensions</td> </tr> <tr class="standard"> <td class="high standard">TLSNone</td> <td class="standard">None</td> <td class="standard">Anonymous TLS</td> <td class="high standard">TLSNone</td> <td class="standard">None</td> <td class="standard">RFB 3.7+ with VeNCrypt extensions</td> </tr> <tr class="standard"> <td class="high standard">TLSVnc</td> <td class="standard">VNC Password</td> <td class="standard">Anonymous TLS</td> <td class="high standard" rowspan="2">TLSVnc</td> <td class="standard" rowspan="2">Standard VNC</td> <td class="standard" rowspan="2">RFB 3.7+ with VeNCrypt extensions</td> </tr> <tr class="standard"> <td class="high standard">TLSOtp</td> <td class="standard">One-Time Password</td> <td class="standard">Anonymous TLS</td> </tr> <tr class="standard"> <td class="high standard">TLSPlain</td> <td class="standard">PAM User/Password</td> <td class="standard">Anonymous TLS</td> <td class="high standard">TLSPlain</td> <td class="standard">Plain</td> <td class="standard">RFB 3.7+ with VeNCrypt extensions</td> </tr> <tr class="standard"> <td class="high standard">X509None</td> <td class="standard">None</td> <td class="standard">TLS/X.509</td> <td class="high standard">X509None</td> <td class="standard">None</td> <td class="standard">RFB 3.7+ with VeNCrypt extensions</td> </tr> <tr class="standard"> <td class="high standard">X509Vnc</td> <td class="standard">VNC Password</td> <td class="standard">TLS/X.509</td> <td class="high standard" rowspan="2">X509Vnc</td> <td class="standard" rowspan="2">Standard VNC</td> <td class="standard" rowspan="2">RFB 3.7+ with VeNCrypt extensions</td> </tr> <tr class="standard"> <td class="high standard">X509Otp</td> <td class="standard">One-Time Password</td> <td class="standard">TLS/X.509</td> </tr> <tr class="standard"> <td class="high standard">X509Plain</td> <td class="standard">PAM User/Password</td> <td class="standard">TLS/X.509</td> <td class="high standard">X509Plain</td> <td class="standard">Plain</td> <td class="standard">RFB 3.7+ with VeNCrypt extensions</td> </tr> <tr class="standard"> <td class="high standard">UnixLogin</td> <td class="standard">PAM User/Password</td> <td class="standard">None</td> <td class="high standard">UnixLogin</td> <td class="standard">Unix Login</td> <td class="standard">RFB 3.7+ with TightVNC extensions</td> </tr> </table> </div> <div class="important"><p class="important"> NOTE: The security type names are case-insensitive. The capitalization conventions above are used for consistency with the RFB protocol specification. </p></div> <h2 id="hd008006">8.6 Enabling Security Types</h2> <p>The default behavior of the TurboVNC Server is for all security types except TLSNone, X509None, and None to be enabled and for VNC Password and OTP authentication to be preferred over PAM User/Password authentication. However, the system administrator can disable one or more of the security types or change their preferred order by editing the TurboVNC security configuration file. See the <code>Xvnc</code> man page for more details. Note that only the OTP security type is needed when using the <a href="#TurboVNC_Session_Manager">TurboVNC Session Manager</a><a name="idx0040"></a> with its default settings.</p> <p>If the VNC server allows multiple security types, then the TurboVNC Viewer’s default security type will be determined by the server’s preferred security type. In this case, the user can override the default by using the TurboVNC Viewer’s <code>SecurityTypes</code>, <code>User</code>, and <code>NoUnixLogin</code> parameters. If the VNC server prefers a security type that supports Standard VNC authentication, then the user can force the use of Unix Login/Plain authentication by setting the TurboVNC Viewer’s <code>User</code> parameter to <em><code>user-name</code></em> when connecting to the VNC server. Similarly, if the VNC server prefers a security type that supports Unix Login/Plain authentication, then the user can force the use of Standard VNC authentication by setting the <code>NoUnixLogin</code> parameter. The same thing can also be accomplished by unchecking specific security types in the “Security” tab of the TurboVNC Viewer Options dialog or by using the <code>SecurityTypes</code> parameter to limit the available security types or change their preferred order.</p> <p>If the system administrator has not restricted any of the server security types on a system-wide basis, then the user can disable some of them, or change their preferred order, for a particular TurboVNC session by using the <code>-securitytypes</code> command-line argument when starting the session (or by setting the <code>$securityTypes</code> variable in <strong class="filename">turbovncserver.conf</strong>.) See the <code>Xvnc</code> man page for more details.</p> <h2 id="hd008007">8.7 Further Reading</h2> <p>For more detailed information about the TurboVNC security extensions, refer to the TurboVNC man pages:</p> <pre class="verbatim"> man -M /opt/TurboVNC/man vncserver man -M /opt/TurboVNC/man Xvnc man -M /opt/TurboVNC/man vncpasswd </pre> <p><br /></p> <hr class="break" /> <h1 id="hd009"><a name="file009"></a>9 GPU-Accelerated OpenGL (Using VirtualGL with TurboVNC)</h1> <p><a name="VGL"></a></p> <p>Referring to the VirtualGL User’s Guide, VirtualGL’s X11 Transport draws OpenGL-rendered frames to an X display using standard X11 drawing commands. Since this results in the frames being sent uncompressed to the X server, the X11 Transport is designed to be used with an “X proxy.” An X proxy acts as a virtual X server, receiving X11 commands from applications (and from VirtualGL), rendering the X11 commands into images, compressing the resulting images, and sending the compressed images over the network to a client or clients.</p> <p>Since VirtualGL sends rendered frames to the X proxy at a very fast rate, the X proxy must be able to compress the frames very quickly in order to keep up. When VirtualGL was first released, most X proxies couldn’t. They simply weren’t designed to compress, with any degree of performance, the large and complex images generated by 3D applications. Enter TurboVNC. Although TurboVNC can be used with all types of applications, it was initially designed as a fast X proxy for VirtualGL. TurboVNC provides an alternate means of delivering rendered frames from VirtualGL to a client machine without using VirtualGL’s built-in VGL Transport.</p> <h3 id="hd009000001">Advantages of TurboVNC (when compared to the VGL Transport)</h3> <ul class="Itemize"> <li class="Itemize-1 Itemize asterisk"> When using the VGL Transport, non-OpenGL elements of the 3D application’s GUI are sent over the network using remote X11, which does not perform well on high-latency networks such as broadband or long-haul fibre. On such networks, non-OpenGL elements of the 3D application’s GUI will load and render much faster (perhaps even orders of magnitude faster) with TurboVNC than with the VGL Transport. </li> <li class="Itemize-1 Itemize asterisk"> For 3D applications whose rendered frames do not contain very many unique colors (for instance, CAD applications in wireframe mode), the hybrid encoding methods used by TurboVNC generally require less network bandwidth than the pure JPEG encoding method used by the VGL Transport. </li> <li class="Itemize-1 Itemize asterisk"> TurboVNC provides two lossless compression modes, one of which is designed to reduce host CPU usage on gigabit networks and the other of which is designed to provide reasonable performance on wide-area networks (at the expense of higher host CPU usage.) The VGL Transport’s only lossless option is uncompressed RGB. </li> <li class="Itemize-1 Itemize asterisk"> TurboVNC includes a Lossless Refresh feature that will, automatically (during periods of inactivity) or on demand, send a mathematically lossless copy of remote desktop regions that were previously sent using lossy compression. Refer to Sections <a href="#LR" class="ref">7.3</a> and Section <a href="#ALR" class="ref">7.4</a>. </li> <li class="Itemize-1 Itemize asterisk"> TurboVNC provides rudimentary collaboration capabilities. Multiple users can simultaneously view the same TurboVNC session and pass around control of the keyboard and mouse. </li> <li class="Itemize-1 Itemize asterisk"> From the point of view of the 3D application, the TurboVNC session is stateless. If the network hiccups or the viewer is otherwise disconnected, then the TurboVNC session continues to run on the host and can be rejoined from any machine on the network. </li> <li class="Itemize-1 Itemize asterisk"> No X server is required on the client machine. This reduces the deployment complexity for Windows clients. </li> <li class="Itemize-1 Itemize asterisk"> Any machine with a web browser, and any mobile device, can be used as a TurboVNC client (with reduced performance and features relative to the TurboVNC Viewer.) Refer to Section <a href="#noVNC" class="ref">6.6</a>. </li> </ul> <h3 id="hd009000002">Disadvantages of TurboVNC (when compared to the VGL transport)</h3> <ul class="Itemize"> <li class="Itemize-1 Itemize asterisk"> No seamless windows. All application windows are constrained to a virtual desktop, which is displayed in a single window on the client machine. </li> <li class="Itemize-1 Itemize asterisk"> TurboVNC generally requires about 20% more host CPU cycles to maintain the same frame rate as the VGL Transport, both because it has to compress more pixels in each frame (an entire desktop rather than a single window) and because it has to perform 2D (X11) rendering as well as 3D rendering. </li> <li class="Itemize-1 Itemize asterisk"> TurboVNC does not support quad-buffered stereo. </li> </ul> <h2 id="hd009001">9.1 Using VirtualGL on a TurboVNC Host</h2> <p>The most common (and optimal) way to use VirtualGL with TurboVNC is to configure the same machine as a TurboVNC host and a VirtualGL server. This allows VirtualGL to send rendered frames to TurboVNC through shared memory rather than over a network.</p> <div class="figure"> <img src="x11transport.png" alt="x11transport" class="figure" id="imgid_8" name="imgid_8"/> </div> <p>The following procedure describes how to launch a 3D application using this configuration.</p> <h3 id="hd009001001">Procedure</h3> <ol class="Ordered numeric"> <li class="Ordered-1 Ordered"> Follow the procedure described in Chapter <a href="#TurboVNC_Usage" class="ref">6</a> for starting a TurboVNC session and connecting to it. </li> <li class="Ordered-1 Ordered"> Open a new terminal inside the remote desktop. </li> <li class="Ordered-1 Ordered"> In the terminal, start a 3D application using VirtualGL: <pre class="verbatim">/opt/VirtualGL/bin/vglrun <em>[vglrun options]</em> <em>3D-application-executable-or-script</em> <em>[arguments]</em></pre> </li> </ol> <h3 id="hd009001002">9.1.2 Running the Window Manager Using VirtualGL</h3> <p><a name="VGLWM"></a></p> <p>If the TurboVNC host is also a VirtualGL server, then you can pass <code>-vgl</code> to <code>vncserver</code> or set the <code>$useVGL</code> variable in <strong class="filename">turbovncserver.conf</strong> to enable VirtualGL for all OpenGL applications launched in the TurboVNC session, including the window manager. This improves the performance of compositing window managers and enables GPU acceleration for OpenGL applications without the need to invoke <code>vglrun</code>.</p> <div class="important"><p class="important"> To change VirtualGL’s configuration for a specific 3D application, start the application with <code>vglrun</code>, per above, or set one of the <code>VGL_*</code> configuration environment variables prior to starting the application. (Refer to the VirtualGL User’s Guide.) </p></div> <div class="important"><p class="important"> To disable VirtualGL for a specific 3D application, unset the <code>LD_PRELOAD</code> environment variable prior to starting the application. </p></div> <h2 id="hd009002">9.2 Using VirtualGL on a Machine Other Than a TurboVNC Host</h2> <div class="figure"> <img src="vgltransportservernetwork.png" alt="vgltransportservernetwork" class="figure" id="imgid_9" name="imgid_9"/> </div> <p>If the TurboVNC host and VirtualGL server are different machines, then it is desirable to use the VGL Transport to send rendered frames from the VirtualGL server to the TurboVNC session. It is also desirable to disable image compression in the VGL Transport. Otherwise, the images would have to be compressed by the VirtualGL server, decompressed by the VirtualGL Client, then recompressed by the TurboVNC Server, which is a waste of CPU resources. However, sending images uncompressed over a network requires a fast network (generally, Gigabit Ethernet or faster), so there needs to be a fast link between the VirtualGL server and the TurboVNC host for this procedure to perform well.</p> <h3 id="hd009002001">Procedure</h3> <ol class="Ordered numeric"> <li class="Ordered-1 Ordered"> Follow the procedure described in Chapter <a href="#TurboVNC_Usage" class="ref">6</a> for starting a TurboVNC session and connecting to it. </li> <li class="Ordered-1 Ordered"> Open a new terminal inside the remote desktop. </li> <li class="Ordered-1 Ordered"> In the same terminal window, open a Secure Shell (SSH) session into the VirtualGL server: <pre class="verbatim">/opt/VirtualGL/bin/vglconnect <em>[vglconnect options]</em> <em>user</em>@<em>server</em></pre> Replace <em><code>user</code></em> with your username on the VirtualGL server and <em><code>server</code></em> with the hostname or IP address of that server. Refer to the VirtualGL User’s Guide for additional <code>vglconnect</code> options. </li> <li class="Ordered-1 Ordered"> In the SSH session, set the <code>VGL_COMPRESS</code> environment variable to <code>rgb</code>. <div class="important"><p class="important"> Passing an argument of <code>-c rgb</code> to <code>vglrun</code> achieves the same result. </p></div> </li> <li class="Ordered-1 Ordered"> In the SSH session, start a 3D application using VirtualGL: <pre class="verbatim">/opt/VirtualGL/bin/vglrun <em>[vglrun options]</em> <em>3D-application-executable-or-script</em> <em>[arguments]</em></pre> </li> </ol> <h2 id="hd009003">9.3 NV-CONTROL Emulation</h2> <p>This version of TurboVNC includes partial emulation of the <code>NV-CONTROL</code> X11 extension provided by nVidia’s proprietary Un*x drivers. Certain 3D applications rely on this extension to query and set low-level GPU properties, and unfortunately the library (libXNVCtrl) used by applications to interact with the extension is static, making it impossible to interpose using VirtualGL.</p> <p>Passing an argument of <code>-nvcontrol <em>display</em></code> to <code>vncserver</code> causes the TurboVNC Server to create a fake <code>NV-CONTROL</code> extension in the TurboVNC session and redirect all <code>NV-CONTROL</code> requests to <em><code>display</code></em>. <em><code>display</code></em> should be the X display/screen of the 3D X server you plan to use with VirtualGL (<code>:0.0</code>, for instance.) The TurboVNC Server does not attempt to open a connection to this display until an application uses the <code>NV-CONTROL</code> extension. If a connection to the 3D X server cannot be opened, if the 3D X server does not have the <code>NV-CONTROL</code> extension, or if other issues are encountered when attempting to redirect <code>NV-CONTROL</code> requests, then an X11 BadRequest error will be returned to the application, and the TurboVNC session log will display an error message explaining why the request failed. It is assumed that you have already followed the procedure in the VirtualGL User’s Guide to allow access to the 3D X server. If access to the 3D X server is restricted to members of the <code>vglusers</code> group, then you may need to execute</p> <pre class="verbatim"> xauth merge /etc/opt/VirtualGL/vgl_xauth_key </pre> <p>in order to use the <code>NV-CONTROL</code> extension prior to invoking <code>vglrun</code> for the first time.</p> <p>You can change the 3D X server for a particular TurboVNC session after the session has been started. For instance, if you wanted to redirect both <code>NV-CONTROL</code> requests and OpenGL to a GPU attached to Screen 1 of Display :0, then you could execute</p> <pre class="verbatim">xprop -root -f VNC_NVCDISPLAY 8s -set VNC_NVCDISPLAY :0.1 vglrun -d :0.1 <em>3D-application-executable-or-script</em></pre> <p><br /></p> <hr class="break" /> <h1 id="hd0010"><a name="file010"></a>10 GPU-Accelerated OpenGL and Vulkan (Using the DRI3 X11 Extension)</h1> <p><a name="DRI3"></a></p> <p>The TurboVNC Server supports built-in GPU acceleration when using open source (Mesa-based) GPU drivers. This is implemented through the <code>DRI3</code> X11 extension, which can be enabled by passing <code>-drinode <em>DRM-render-node</em></code> to <code>vncserver</code> or adding the same command-line arguments to the value of the <code>$serverArgs</code> variable in <strong class="filename">turbovncserver.conf</strong> (or to the value of the TurboVNC Viewer’s <code>ServerArgs</code> parameter, if using the TurboVNC Session Manager.) <em><code>DRM-render-node</code></em> is the DRM render node corresponding to a GPU on the TurboVNC host (for example, <code>/dev/dri/renderD128</code>.) Specifying a DRM render node of <code>auto</code> is the equivalent of specifying the first DRM render node under <strong class="filename">/dev/dri</strong>.</p> <h3 id="hd0010000001">Advantages of DRI3 (when compared to <a href="#VGL">VirtualGL</a><a name="idx0041"></a>)</h3> <ul class="Itemize"> <li class="Itemize-1 Itemize asterisk"> No additional software or setup required </li> <li class="Itemize-1 Itemize asterisk"> Supports GPU acceleration with Vulkan applications </li> </ul> <h3 id="hd0010000002">Disadvantages of DRI3 (when compared to <a href="#VGL">VirtualGL</a><a name="idx0042"></a>)</h3> <ul class="Itemize"> <li class="Itemize-1 Itemize asterisk"> Requires open source (Mesa-based) GPU drivers (does not work with nVidia’s proprietary Un*x drivers) </li> <li class="Itemize-1 Itemize asterisk"> Generally has worse performance and more CPU overhead with OpenGL applications </li> </ul> <p>DRI3 is particularly useful with virtualization environments, such as VMware and Parallels Desktop, that redirect 3D rendering from the guest to the host. (The performance advantages of VirtualGL are less pronounced in such environments.)</p> <p>VirtualGL’s performance is generally affected very little or not at all by the presence of the <code>DRI3</code> X11 extension, so using DRI3 for Vulkan applications and VirtualGL for OpenGL applications is a viable approach.</p> <div class="important"><p class="important"> By default, Mesa-based GPU drivers synchronize 3D rendering to the vertical refresh rate (always 60 Hz in TurboVNC.) Set the <code>vblank_mode</code> environment variable to <code>1</code> to disable vertical refresh rate synchronization by default while allowing applications to override the default. Set the <code>vblank_mode</code> environment variable to <code>0</code> to force-disable vertical refresh rate synchronization. </p></div> <p><br /></p> <hr class="break" /> <h1 id="hd0011"><a name="file011"></a>11 Compatibility Guide</h1> <p><a name="Compatibility"></a></p> <p>In order to realize the full benefits of TurboVNC, it is necessary to use the TurboVNC Server and the TurboVNC Viewer together. However, TurboVNC is compatible with TigerVNC, TightVNC, RealVNC, and other VNC flavors. You can use the TurboVNC Viewer to connect to a non-TurboVNC server (or vice versa), although this will generally result in some decrease in performance, and features such as the <a href="#TurboVNC_Session_Manager">TurboVNC Session Manager</a><a name="idx0043"></a> will not be available.</p> <p>The following sections list additional things to bear in mind when mixing TurboVNC with other VNC flavors.</p> <h2 id="hd0011001">11.1 TightVNC or TigerVNC Servers</h2> <ul class="Itemize"> <li class="Itemize-1 Itemize asterisk"> TightVNC and TigerVNC specify the JPEG quality level on a scale from 0 to 9. This translates to actual JPEG quality as follows: <dl class="Description"> <dt class="Description-3 Description">TightVNC JPEG Quality Levels</dt> <dd class="Description-3 Description"> <div class="table"> <table class="standard"> <thead class="standard"> <tr class="head "> <th class="head standard">JPEG quality level</th> <th class="head standard">0</th> <th class="head standard">1</th> <th class="head standard">2</th> <th class="head standard">3</th> <th class="head standard">4</th> <th class="head standard">5</th> <th class="head standard">6</th> <th class="head standard">7</th> <th class="head standard">8</th> <th class="head standard">9</th> </tr> </thead> <tr class="standard"> <td class="high standard">Actual JPEG quality</td> <td class="standard">5</td> <td class="standard">10</td> <td class="standard">15</td> <td class="standard">25</td> <td class="standard">37</td> <td class="standard">50</td> <td class="standard">60</td> <td class="standard">70</td> <td class="standard">75</td> <td class="standard">80</td> </tr> <tr class="standard"> <td class="high standard">Actual chrominance subsampling</td> <td class="standard">2X</td> <td class="standard">2X</td> <td class="standard">2X</td> <td class="standard">2X</td> <td class="standard">2X</td> <td class="standard">2X</td> <td class="standard">2X</td> <td class="standard">2X</td> <td class="standard">2X</td> <td class="standard">2X</td> </tr> </table> </div> <a name="TigerVNC_JPEG_Qual"></a> </dd> <dt class="Description-3 Description">TigerVNC JPEG Quality Levels</dt> <dd class="Description-3 Description"> <div class="table"> <table class="standard"> <thead class="standard"> <tr class="head "> <th class="head standard">JPEG quality level</th> <th class="head standard">0</th> <th class="head standard">1</th> <th class="head standard">2</th> <th class="head standard">3</th> <th class="head standard">4</th> <th class="head standard">5</th> <th class="head standard">6</th> <th class="head standard">7</th> <th class="head standard">8</th> <th class="head standard">9</th> </tr> </thead> <tr class="standard"> <td class="high standard">Actual JPEG quality</td> <td class="standard">15</td> <td class="standard">29</td> <td class="standard">41</td> <td class="standard">42</td> <td class="standard">62</td> <td class="standard">77</td> <td class="standard">79</td> <td class="standard">86</td> <td class="standard">92</td> <td class="standard">100</td> </tr> <tr class="standard"> <td class="high standard">Actual chrominance subsampling</td> <td class="standard">4X</td> <td class="standard">4X</td> <td class="standard">4X</td> <td class="standard">2X</td> <td class="standard">2X</td> <td class="standard">2X</td> <td class="standard">1X</td> <td class="standard">1X</td> <td class="standard">1X</td> <td class="standard">1X</td> </tr> <tr class="standard"> <td class="high standard">Average compression ratio *</td> <td class="standard">100</td> <td class="standard">80</td> <td class="standard">70</td> <td class="standard">60</td> <td class="standard">50</td> <td class="standard">40</td> <td class="standard">30</td> <td class="standard">25</td> <td class="standard">20</td> <td class="standard">10</td> </tr> </table> </div> <div class="important"><p class="important"> * Experimentally determined by compressing every 10th frame in the SPECviewperf 9 benchmark suite </p></div> </dd> </dl> TurboVNC, on the other hand, includes extensions to Tight encoding that allow the JPEG quality to be specified on the standard 1-100 scale and that allow the JPEG chrominance subsampling to be specified seperately. TigerVNC 1.2 and later includes the same extensions on the server side, so in this regard, the TigerVNC 1.2+ Server behaves like the TurboVNC Server when a TurboVNC viewer is connected to it. <br /><br /> When a TurboVNC viewer is connected to a TightVNC or TigerVNC 1.0/1.1 server, setting the JPEG quality to N in the TurboVNC Viewer sets the JPEG quality level to N/10 in the TightVNC or TigerVNC server. For instance, if you set the JPEG quality to 95 in the TurboVNC Viewer, this would translate to a JPEG quality level of 9, which would set the actual JPEG quality/subsampling to 80/2X if connected to a TightVNC server and 100/1X if connected to a TigerVNC 1.0/1.1 server. <br /><br /> </li> <li class="Itemize-1 Itemize asterisk"> Changing the JPEG chrominance subsampling option in the TurboVNC Viewer has no effect when connected to a TightVNC or TigerVNC 1.0/1.1 server. <br /><br /> </li> <li class="Itemize-1 Itemize asterisk"> Normally, the TurboVNC Viewer Options dialog only allows you to select the compression levels that are useful for the TurboVNC Server, but you can use the TurboVNC Viewer’s <code>CompressLevel</code> parameter to specify additional compression levels. You can also set the TurboVNC Viewer’s <code>CompatibleGUI</code> parameter to expose all 10 compression levels in the TurboVNC Viewer Options dialog, which is useful when connecting to non-TurboVNC servers. It should be noted, however, that our experiments have shown that compression levels higher than 5 are generally not useful in the TightVNC and TigerVNC Servers. They increase CPU usage exponentially without significantly reducing network usage relative to Compression Level 5. <br /><br /> </li> <li class="Itemize-1 Itemize asterisk"> Zlib introduces a significant amount of performance overhead, even when zlib compression level 0 (no compression) is used, so TurboVNC supports a Tight encoding extension that allows the server to bypass zlib when encoding a particular subrectangle. The extension is enabled when a VNC viewer advertises support for it and requests Compression Level 0. As of this writing, TightVNC and TigerVNC do not support the extension, so the TightVNC and TigerVNC servers will use zlib to “compress” framebuffer updates if you request Compression Level 0 using the TurboVNC Viewer. <br /><br /> </li> <li class="Itemize-1 Itemize asterisk"> When properly configured, version 1.2 and later (except versions 1.4.0 - 1.4.2, which contained a performance regression) of the TigerVNC Server can be made to perform similarly to a single-threaded instance of the TurboVNC Server. However, all other versions of TigerVNC and TightVNC will use much more CPU time across the board than the TurboVNC Server, all else being equal. With JPEG enabled, Compression Levels 1 and 2 in TigerVNC are roughly equivalent to the same compression levels in TurboVNC, except that TigerVNC enables interframe comparison automatically with Compression Level 2 and above. </li> </ul> <h2 id="hd0011002">11.2 TightVNC or TigerVNC Viewers</h2> <ul class="Itemize"> <li class="Itemize-1 Itemize asterisk"> When either a TightVNC or TigerVNC viewer is connected to a TurboVNC session, the TurboVNC Server emulates the behavior of a TigerVNC server, translating JPEG quality levels into actual JPEG quality and subsampling as specified in Section <a href="#TigerVNC_JPEG_Qual" class="ref">11.1</a>. <br /><br /> </li> <li class="Itemize-1 Itemize asterisk"> Zlib introduces a significant amount of performance overhead, even when zlib compression level 0 (no compression) is used, so TurboVNC supports a Tight encoding extension that allows the server to bypass zlib when encoding a particular subrectangle. The extension is enabled when a VNC viewer advertises support for it and requests Compression Level 0. As of this writing, TightVNC and TigerVNC do not support the extension, so the TurboVNC Server will use zlib to “compress” framebuffer updates if you request Compression Level 0 using the TightVNC or TigerVNC Viewer. <br /><br /> </li> <li class="Itemize-1 Itemize asterisk"> Refer to Section <a href="#AdvancedCompression" class="ref">7.2</a> for a description of how the TurboVNC Server implements Compression Levels 0-9. <br /><br /> </li> </ul> <h2 id="hd0011003">11.3 RealVNC</h2> <p>The TurboVNC Viewer supports the Hextile, Raw, and ZRLE encoding types, which are compatible with RealVNC. None of those encoding types can be selected from the TurboVNC Viewer Options dialog, but Hextile or ZRLE will be selected automatically when connecting to a RealVNC server. Non-Tight encoding types, such as Hextile and Raw, can also be specified using the TurboVNC Viewer’s <code>Encoding</code> parameter. In addition to Hextile, Raw, and ZRLE, the TurboVNC Server also supports the RRE, CoRRE, and Zlib legacy encoding types, for compatibility with older VNC viewers.</p> <p>All of the non-Tight encoding types have performance drawbacks. Raw encoding requires a gigabit or faster network in order to achieve decent performance, and it can easily take up all of the bandwidth on a gigabit network. (It also doesn’t perform particularly well in the TurboVNC Viewer, because of the need to convert pixels from bytes to ints in Java.) Hextile uses very small tiles, which causes it to incur a large amount of computational overhead. It compresses too poorly to perform well on slow networks but uses too much CPU time to perform well on fast networks. ZRLE improves upon this, but it is still too computationally intense for fast networks. The <code>vncviewer</code> man page contains additional information about how Hextile and ZRLE work.</p> <p><br /></p> <hr class="break" /> <h1 id="hd0012"><a name="file012"></a>12 Advanced Configuration</h1> <h2 id="hd0012001">12.1 Server Settings</h2> <p>The TurboVNC Server is normally configured in the following ways, in increasing order of precedence:</p> <ol class="Ordered numeric"> <li class="Ordered-1 Ordered"> A system-wide configuration file (<strong class="filename">/etc/turbovncserver.conf</strong>), which can be used to modify the default values of certain <code>vncserver</code> and <code>Xvnc</code> command-line options </li> <li class="Ordered-1 Ordered"> A per-user configuration file (<strong class="filename">~/.vnc/turbovncserver.conf</strong>), which can be used to modify the default values of certain <code>vncserver</code> and <code>Xvnc</code> command-line options </li> <li class="Ordered-1 Ordered"> <code>vncserver</code> and <code>Xvnc</code> command-line options </li> <li class="Ordered-1 Ordered"> <code>tvncconfig</code>, which can be used to modify certain TurboVNC Server parameters in a running TurboVNC session </li> <li class="Ordered-1 Ordered"> A system-wide security configuration file (<strong class="filename">/etc/turbovncserver-security.conf</strong>), which can be used to configure certain TurboVNC Server security features as well as restrict the scope of TurboVNC Server features that users are allowed to configure </li> </ol> <p>Refer to the TurboVNC man pages for more information:</p> <pre class="verbatim"> man -M /opt/TurboVNC/man vncserver man -M /opt/TurboVNC/man Xvnc man -M /opt/TurboVNC/man vncconnect man -M /opt/TurboVNC/man vncpasswd man -M /opt/TurboVNC/man tvncconfig </pre> <p><br /> This section documents rarely-used advanced TurboVNC Server settings that can be configured using environment variables.</p> <div class="table"> <table class="standard"> <tr class="standard"> <td class="high standard">Environment Variable</td> <td class="standard"><code>TVNC_ALRALL = <em>0 | 1</em></code></td> </tr> <tr class="standard"> <td class="high standard">TurboVNC Server Parameter</td> <td class="standard"><code>ALRAll = <em>False | True</em></code></td> </tr> <tr class="standard"> <td class="high standard">Summary</td> <td class="standard">Disable/Enable automatic lossless refresh for regions that were drawn using X11 functions other than <code>X[Shm]PutImage()</code></td> </tr> <tr class="standard"> <td class="high standard">Default Value</td> <td class="standard">Disabled</td> </tr> </table> </div> <dl class="Description"> <dt class="Description-1 Description">Description</dt> <dd class="Description-1 Description"> See Section <a href="#ALR" class="ref">7.4</a> </dd> </dl> <div class="table"> <table class="standard"> <tr class="standard"> <td class="high standard">Environment Variable</td> <td class="standard"><code>TVNC_ALRCOPYRECT = <em>0 | 1</em></code></td> </tr> <tr class="standard"> <td class="high standard">Summary</td> <td class="standard">Disable/Enable automatic lossless refresh for regions that were drawn using CopyRect</td> </tr> <tr class="standard"> <td class="high standard">Default Value</td> <td class="standard">Enabled</td> </tr> </table> </div> <dl class="Description"> <dt class="Description-1 Description">Description</dt> <dd class="Description-1 Description"> See Section <a href="#ALR" class="ref">7.4</a> </dd> </dl> <div class="table"> <table class="standard"> <tr class="standard"> <td class="high standard">Environment Variable</td> <td class="standard"><code>TVNC_COMBINERECT = <em>{c}</em></code></td> </tr> <tr class="standard"> <td class="high standard">Summary</td> <td class="standard">Combine framebuffer updates with more than <em><code>{c}</code></em> rectangles into a single rectangle spanning the bounding box of all of the constituent rectangles</td> </tr> <tr class="standard"> <td class="high standard">Default Value</td> <td class="standard"><code>100</code></td> </tr> </table> </div> <dl class="Description"> <dt class="Description-1 Description">Description</dt> <dd class="Description-1 Description"> Applications can sometimes draw many thousands of points or tiny lines using individual X11 calls, and this can cause the VNC server to send many thousands of tiny rectangles to the VNC viewer. The overhead associated with this can bog down the viewer, and in extreme cases, the number of rectangles may even exceed the maximum number that is allowed in a single framebuffer update (65534.) Thus, if a framebuffer update contains more than <em><code>{c}</code></em> rectangles, the TurboVNC Server will coalesce it into a single rectangle that covers all of the rectangles in the update. For applications that generate many tiny rectangles, increasing the value of <code>TVNC_COMBINERECT</code> may significantly increase the number of pixels sent to the viewer, which will increase network usage. However, for those same applications, lowering the value of <code>TVNC_COMBINERECT</code> will increase the number of rectangles sent to the viewer, which will increase the CPU usage of both the server and the viewer. </dd> </dl> <div class="table"> <table class="standard"> <tr class="standard"> <td class="high standard">Environment Variable</td> <td class="standard"><code>TVNC_ICEBLOCKSIZE = <em>{s}</em></code></td> </tr> <tr class="standard"> <td class="high standard">Summary</td> <td class="standard">Set the block size for the interframe comparison engine (ICE) to <em><code>{s}</code></em> x <em><code>{s}</code></em> pixels. Setting <em><code>{s}</code></em> to 0 causes the ICE to compare full rectangles, as TurboVNC 1.2.x did.</td> </tr> <tr class="standard"> <td class="high standard">Default Value</td> <td class="standard"><code>256</code></td> </tr> </table> </div> <dl class="Description"> <dt class="Description-1 Description">Description</dt> <dd class="Description-1 Description"> If interframe comparison is enabled (see Section <a href="#InterframeComparison" class="ref">7.1</a>), then the TurboVNC Server compares each rectangle of each framebuffer update on a block-by-block basis and sends only the blocks that have changed. This prevents large rectangles from being re-transmitted if only a few pixels in the rectangle have changed. Using smaller block sizes can decrease network usage if only a few pixels have changed between updates. However, using smaller block sizes can also interfere with the Tight encoder’s ability to efficiently split rectangles into subrectangles, thus increasing host CPU usage (and sometimes increasing network usage as well, which defeats the purpose of interframe comparison.) Setting the block size to 0 causes the ICE to compare full framebuffer update rectangles, as TurboVNC 1.2.x did. <br /><br /> The default block size of 256x256 was chosen based on extensive low-level experiments using the same set of RFB session captures that were used when designing the TurboVNC encoder. For most of those datasets, 256x256 blocks produced the lowest network and CPU usage, but actual mileage may vary. There were rare cases in which 64x64 blocks or full-rectangle comparison produced better network and CPU usage. </dd> </dl> <div class="table"> <table class="standard"> <tr class="standard"> <td class="high standard">Environment Variable</td> <td class="standard"><code>TVNC_ICEDEBUG = <em>0 | 1</em></code></td> </tr> <tr class="standard"> <td class="high standard">Summary</td> <td class="standard">Disable/Enable the ICE debugger</td> </tr> <tr class="standard"> <td class="high standard">Default Value</td> <td class="standard">Disabled</td> </tr> </table> </div> <dl class="Description"> <dt class="Description-1 Description">Description</dt> <dd class="Description-1 Description"> If interframe comparison is enabled (see Section <a href="#InterframeComparison" class="ref">7.1</a>), then setting this environment variable to <code>1</code> will cause the interframe comparison engine (ICE) to change the color of duplicate screen regions without culling them from the framebuffer update stream. This allows you to easily see which applications are generating duplicate updates. </dd> </dl> <div class="table"> <table class="standard"> <tr class="standard"> <td class="high standard">Environment Variable</td> <td class="standard"><code>TVNC_MT = <em>0 | 1</em></code></td> </tr> <tr class="standard"> <td class="high standard">Summary</td> <td class="standard">Disable/Enable multithreaded image encoding</td> </tr> <tr class="standard"> <td class="high standard">Default Value</td> <td class="standard">Enabled</td> </tr> </table> </div> <dl class="Description"> <dt class="Description-1 Description">Description</dt> <dd class="Description-1 Description"> See Section <a href="#Multithreading" class="ref">7.5</a> </dd> </dl> <div class="table"> <table class="standard"> <tr class="standard"> <td class="high standard">Environment Variable</td> <td class="standard"><code>TVNC_NTHREADS = <em>{n}</em></code></td> </tr> <tr class="standard"> <td class="high standard">Summary</td> <td class="standard">Use <em><code>{n}</code></em> threads (1 <= <em><code>{n}</code></em> <= 4) to perform image encoding</td> </tr> <tr class="standard"> <td class="high standard">Default Value</td> <td class="standard"><em><code>{n}</code></em> = the number of CPU cores in the system, up to a maximum of 4</td> </tr> </table> </div> <dl class="Description"> <dt class="Description-1 Description">Description</dt> <dd class="Description-1 Description"> See Section <a href="#Multithreading" class="ref">7.5</a> </dd> </dl> <div class="table"> <table class="standard"> <tr class="standard"> <td class="high standard">Environment Variable</td> <td class="standard"><code>TVNC_PROFILE = <em>0 | 1</em></code></td> </tr> <tr class="standard"> <td class="high standard">TurboVNC Server Parameter</td> <td class="standard"><code>Profile = <em>False | True</em></code></td> </tr> <tr class="standard"> <td class="high standard">Summary</td> <td class="standard">Disable/enable profiling output</td> </tr> <tr class="standard"> <td class="high standard">Default Value</td> <td class="standard">Disabled</td> </tr> </table> </div> <dl class="Description"> <dt class="Description-1 Description">Description</dt> <dd class="Description-1 Description"> If profiling output is enabled, then the TurboVNC Server will continuously benchmark itself and periodically print the throughput of various stages in its image pipeline to the TurboVNC session log. </dd> </dl> <h2 id="hd0012002">12.2 Viewer Settings</h2> <p>The TurboVNC Viewer is normally configured in the following ways, in increasing order of precedence:</p> <ol class="Ordered numeric"> <li class="Ordered-1 Ordered"> A per-user configuration file (<strong class="filename">~/.vnc/default.turbovnc</strong>), which can be used to modify the default values of TurboVNC Viewer parameters </li> <li class="Ordered-1 Ordered"> TurboVNC Viewer parameters, which can be set on the command line or in a connection info file </li> </ol> <p>Run</p> <pre class="verbatim"> /opt/TurboVNC/bin/vncviewer -? </pre> <p>on Linux/Un*x and Mac systems or</p> <pre class="verbatim"> c:\Program Files\TurboVNC\vncviewer.bat -? </pre> <p>on Windows systems to display a list of command-line options and commonly-used parameters and their descriptions. Replace <code>-?</code> with <code>-??</code> to display a list of advanced parameters and their descriptions.</p> <p><br /> This section documents rarely-used advanced TurboVNC Viewer settings that can be configured using environment variables or Java system properties.</p> <p>Java system properties can be set using the <code>JAVA_TOOL_OPTIONS</code> environment variable. For instance, on Linux/Un*x and Mac systems, you could execute:</p> <pre class="verbatim"> JAVA_TOOL_OPTIONS=-Dturbovnc.sessmgr=0 /opt/TurboVNC/bin/vncviewer </pre> <p>to start the TurboVNC Viewer with the TurboVNC Session Manager disabled. The Java system properties listed below can also be specified in <strong class="filename">~/.vnc/default.turbovnc</strong>.</p> <div class="table"> <table class="standard"> <tr class="standard"> <td class="high standard">Java System Property</td> <td class="standard"><code>turbovnc.fshidedock = <em>0 | 1</em></code></td> </tr> <tr class="standard"> <td class="high standard">Summary</td> <td class="standard">Always show/always hide the menu bar and dock in full-screen mode</td> </tr> <tr class="standard"> <td class="high standard">Platforms</td> <td class="standard">Mac</td> </tr> <tr class="standard"> <td class="high standard">Default Value</td> <td class="standard">Hide the menu bar and dock in full-screen mode if bump scrolling is enabled</td> </tr> </table> </div> <dl class="Description"> <dt class="Description-1 Description">Description</dt> <dd class="Description-1 Description"> By default, the Mac TurboVNC Viewer hides the menu bar and dock in full-screen mode if bump scrolling is enabled. Setting this property to <code>0</code> or <code>1</code> causes the viewer to always show or always hide the menu bar and dock in full-screen mode, irrespective of bump scrolling. </dd> </dl> <div class="table"> <table class="standard"> <tr class="standard"> <td class="high standard">Java System Property</td> <td class="standard"><code>turbovnc.primary = <em>0 | 1</em></code></td> </tr> <tr class="standard"> <td class="high standard">Summary</td> <td class="standard">Disable/enable the use of the X11 PRIMARY clipboard selection</td> </tr> <tr class="standard"> <td class="high standard">Default Value</td> <td class="standard">Enabled</td> </tr> </table> </div> <dl class="Description"> <dt class="Description-1 Description">Description</dt> <dd class="Description-1 Description"> X11 has two ways of copying/pasting text. When text is selected in most X11 applications, it is copied to the PRIMARY selection, and it can be pasted by pressing the middle mouse button. When text is explicitly copied using a “Copy” menu option or a hotkey (such as CTRL-C), it is copied to the CLIPBOARD selection, and it can only be pasted using a “Paste” menu option or a hotkey (such as CTRL-V.) Normally, on X11 platforms, the TurboVNC Viewer transfers the PRIMARY selection from client to server, and when receiving a clipboard update from the server, it sets both the PRIMARY and CLIPBOARD selections with the server’s clipboard contents. Disabling this property causes only the CLIPBOARD selection to be transferred from client to server. (In other words, the clipboard will not be transferred unless you explicitly copy something using a menu option or a hotkey.) Also, if this property is disabled, then clipboard changes from the server will only affect the client’s CLIPBOARD selection. (In other words, you will have to use a menu option or a hotkey to paste the server’s clipboard contents.) </dd> </dl> <div class="table"> <table class="standard"> <tr class="standard"> <td class="high standard">Java System Property</td> <td class="standard"><code>turbovnc.sessmgr = <em>0 | 1</em></code></td> </tr> <tr class="standard"> <td class="high standard">Summary</td> <td class="standard">Disable/enable the TurboVNC Session Manager</td> </tr> <tr class="standard"> <td class="high standard">Default Value</td> <td class="standard">Enabled</td> </tr> </table> </div> <dl class="Description"> <dt class="Description-1 Description">Description</dt> <dd class="Description-1 Description"> Disabling this property will completely disable the TurboVNC Session Manager. </dd> </dl> <div class="table"> <table class="standard"> <tr class="standard"> <td class="high standard">Environment Variable</td> <td class="standard"><code>TVNC_SINGLESCREEN = <em>0 | 1</em></code></td> </tr> <tr class="standard"> <td class="high standard">Java System Property</td> <td class="standard"><code>turbovnc.singlescreen = <em>0 | 1</em></code></td> </tr> <tr class="standard"> <td class="high standard">Summary</td> <td class="standard">Disable/enable forcing a single-screen layout when using automatic desktop resizing</td> </tr> <tr class="standard"> <td class="high standard">Default Value</td> <td class="standard">Disabled</td> </tr> </table> </div> <dl class="Description"> <dt class="Description-1 Description">Description</dt> <dd class="Description-1 Description"> If automatic desktop resizing and multi-screen spanning are enabled, then the TurboVNC Viewer normally requests a screen layout from the server that fits within the viewer window without using scrollbars and that aligns the server’s screen boundaries with the client’s when the viewer window is in its default position. Setting this environment variable or property to <code>1</code> restores the automatic desktop resizing behavior of version 2.1.x and prior of the TurboVNC Viewer, requesting a single-screen layout from the server even if it supports multi-screen layouts. </dd> </dl> <div class="table"> <table class="standard"> <tr class="standard"> <td class="high standard">Java System Property</td> <td class="standard"><code>turbovnc.sshbannerdlg = <em>0 | 1</em></code></td> </tr> <tr class="standard"> <td class="high standard">Summary</td> <td class="standard">Display the banner message from the SSH server in a dialog box</td> </tr> <tr class="standard"> <td class="high standard">Default Value</td> <td class="standard">Disabled</td> </tr> </table> </div> <dl class="Description"> <dt class="Description-1 Description">Description</dt> <dd class="Description-1 Description"> The default behavior of the TurboVNC Viewer is to display the banner message from the SSH server on the command line. Enabling this property causes the viewer to display the banner message in a dialog box instead. </dd> </dl> <p><br /></p> </body> </html>