Published on Documentation (http://docs.testplant.com) Home > Getting Started > Creating the eggplant Functional Environment > Installing a VNC Server Installing a VNC Server Installing a VNC Server VNC stands for Virtual Network Computing. The VNC Server is installed on the System-Under-Test (SUT) and works with eggplant Functional to allow control of this second machine. VNC Checklist VNC server installation varies from system to system, but this section contains a checklist for general VNC configuration, and notes about specific VNC servers. Install a standard VNC server (up to RFB protocol 3.8.) Verify that your network security will allow the SUT to receive connections from eggplant Functional on one of the VNC ports: 5900-5909. If the VNC server requires that clients have a user account on the SUT, create an account that the eggplant Functional users can log in to. Make a note of the following information to enter in eggplant Functional s Connection List: The SUT s IP address or host name The SUT s VNC port number The name and password of a user account on the SUT, if the VNC server requires it The VNC server password (if there is no user-account password) Common VNC Servers Platform Server Notes Linux Mac OS X Windows 7, Windows Vista Windows XP Built-in VNC servers Vine Server from TestPlant RealVNC Personal Edition, RealVNC Enterprise Edition, and UltraVNC RealVNC Free Edition, RealVNC Personal Edition, RealVNC Enterprise Edition, and UltraVNC If Apple Remote Desktop is running on your SUT, port 5900 is not available for VNC connections. If you do not need to run Apple Remote Desktop, we recommend that you turn it off; otherwise, remember to use a VNC port other than 5900. RealVNC Personal Edition must be run in User mode. RealVNC Personal Edition runs in both User mode and Service mode on Windows XP. Step-By-Step Instructions for VNC Server Installation Installing RealVNC Server 5.0.2 on Windows 1
(The example below is on Windows 7) 1. Go to realvnc.com and download RealVNC 5.0.2 for Windows. You can use the Free version, or one of the commercial versions. The commercial versions offer more features but these are not strictly necessary for VNC connection with eggplant Functional. 2. Get a license from the website by clicking on the button shown below (you can also obtain a license later in the process after installation). 3. Open the downloaded package from the downloads folder on your machine. 4. Follow the installation instructions. 5. To configure a password, open the RealVNC Server and click More, then select Options. This will bring up a panel that allows you to set a password for the connection. 2
6. To license, click More, then select Licensing, and follow the instructions, using the license key you have obtained from the RealVNC website. Installing Vine 4.0 on Mac (The example below is on Mac OS 10.7 Lion) 3
1. Download the latest version of Vine VNC from the TestPlant Downloads page. 2. Open the.dmg package. 3. In Finder, drag the Vine Server icon that appears into your Applications folder, and/or your Dock. 4. Launch Vine. Make sure that it is set up to communicate on the correct port (usually 5900). Using Built-In VNC on Ubuntu (The example below is on Ubuntu 12.04) 1. Open Desktop Sharing, which can be found under Applications. 2. Select Allow other users to view your desktop. 4
Optional - de-select You must confirm each access to this machine, so that you do not have to approve the connection from the Ubuntu machine every time. 3. If you are not seeing updates in the Remote Screen Window from the eggplant side, log out of the Ubuntu user account, and click the gear next to the log in field. Then select Ubuntu 2D. This will disable some desktop effects, and allow the VNC to send updates of the screen to eggplant Functional. VNC Security VNC Security This article answers many frequently asked questions for customers who are concerned about security when using VNC. It discusses some different steps that can be taken to make the VNC server secure. We have customers using VNC in secure environments including DoD labs around the country, and in those cases the issues of security have been addressed to everyone s satisfaction. It is easy to deploy the VNC server securely, but how that is done is up to individual network infrastructure. The most important thing to understand is that the security of the VNC server is controlled by the network and not the other way around. If the machine that VNC is running on is behind a network firewall and the ports used by the VNC server are closed by that firewall, then the VNC server on that machine is as secure as anything else on the LAN. VNC Server Security 5
The VNC server itself can be secured in a couple of ways; First by using a password, and second through SSH encryption. Password The first and most obvious is that it can be protected with a password, so that only those with the password can initiate a connection. The second is that the server can be set up to accept connections only from a specific IP address (or addresses) or addresses within a designated subnet. SSH Encryption Taking things a step further, the server can be configured to only accept connections via SSH (the secure shell). This requires the installation of some additional (freely available) software on Windows, but in this way the connection between eggplant Functional and the VNC server is fully encrypted. If the server is then configured to accept connections only from localhost (127.0.0.1), which is unspoofable because it is not routable, the only connection the server will accept is one made via the SSH tunnel, thus creating a completely secure connection. Using SSH to Ensure VNC Security Note: To read about making an SSH connection through the Connection List in eggplant Functional, see Opening Secure Connections [1]. 6
Network Security The Network configuration can also be set up in a secure manner, outside of the VNC server: Virtual Machines Another approach, which is in some ways simpler to implement, is to run a virtual machine (VM) on the eggplant Functional machine. A NATted network can be set up between the eggplant Functional machine and the VM(s) and then the VNC server can be run on the VM to serve as the SUT. The NATted network is behind the firewall on the eggplant Functional machine and the VNC server is running inside a program pretending to be a computer on a separate network. All the other security measures could be still be applied to configuring the VNC server for an even more secure approach. Isolation Using a NATted Network to Ensure VNC Security A final approach is to have the test environment on its own network with no external connections. Obviously this is only viable for scenarios that don t require access to other network resources such as web servers, but when practicable it does produce a secure test environment. In its most basic form, an eggplant Functional test environment is just two machines networked to each other. Source URL: http://docs.testplant.com/?q=content/installing-vnc-server Powered by Drupal Links 7
[1] http://docs.testplant.com/?q=content/connection-list#opening-secure-connections 8