Index

ConfiguringVNC

VNC (Virtual Network Computing) is an application that allows access to the cluster using a graphical windowing environment. Generally works better than trying to use ssh -X or similar. For purely terminal applications needing persistent sessions, GNU screen or tmux can be used (see UsingScreen).

"It is based on a standard X server, but it has a 'virtual' screen rather than a physical one. X applications display themselves on it as if it were a normal X display, but they can only be accessed via a VNC viewer."

Each user starts their own VNC server on the cluster, using the 'vncserver' command. The user can then access their VNC server using a Windows, Mac, and/or Linux VNC client application. The VNC servers will continue running indefinitely and thus users can reconnect to their VNC server as needed.

In order to facilitate cluster computing, all VNC servers should be run on kimclust15.

To start a VNC server on kimclust15, you need to first ssh to kimclust15 (ie to kim.bio.upenn.edu). Then use 'vncserver' to start your own VNC server. When you start the VNC server you should specify a display number for your server. Each server must have a unique display value between 1 and 99. If you choose a display that is currently being used by someone else, you will get an error message and try again with a different display value.

[fisher@kimclust15]$ vncserver :33
(this will start a VNC server with display 33 on kimclust15)

If necessary, you can stop your VNC server again using the 'vncserver' command.

[fisher@kimclust15]$ vncserver -kill :33
(this will stop the VNC server with display 33 on kimclust15)

In order to access your VNC server remotely, you need to "tunnel" the connection between your VNC client and server through a SSH connection. This is also known as port forwarding. That is, all connections to a specified port on your local computer will be forwarded by SSH to a specified port on a remote computer. This allows you to bypass the cluster's firewall and will encrypt your VNC connection for security purposes. To do this you need to setup an "outgoing" SSH tunnel between your computer and the computer with your VNC server (ie kimclust15). When configuring the tunnel you will be asked for the "port number" for the tunnel. The VNC client and server communicate through a port that is numbered as 5900 + the display number for your VNC server. When you started your VNC server, you picked a display number, so you just add 5900 to that number. Since here we used display 33, we'd want to use port 5933 for the outgoing tunnel between our computer and kimclust15. You will also be asked for the "Destination Host". In our case this is 192.168.1.15 which is the IP address for kimclust15.

After you configure the tunnel, you enable the tunnel by connecting to the cluster from your computer, at which point ssh will redirect any information from port 5933 on your local computer to port 5933 on kimclust15. On your local computer you then tell the VNC client to connect to "localhost:33" which is the tunnel'd port on your local machine which gets redirected to kimclust15 by ssh.

ssh tunneling from Linux Client
In Linux/Unix, one could try this from the command line:

ssh -f -N -T -L 5933:localhost:5933 -l username kim.bio.upenn.edu sleep 10; vncviewer localhost:5933

You can change the size of the VNC window when you start a VNC server. The default size is 1024x768.

[fisher@kimclust15]$ vncserver -geometry 1152x864 :33
(this will start a VNC server with display 33 on kimclust15 that is 1152x864)

You can set the color depth to 8 bit (the default is 16 bit) when you launch the vncserver. This will decrease the colors available for the VNC display which will speed up the responsiveness of the VNC server for slow connections.
[fisher@kimclust15]$ vncserver -depth 8 :33
(this will start a VNC server with display 33 on kimclust15 using 8 bit color)

Questions:

1. Do I need to set both the incoming and outgoing tunnel?

Nope, only the outgoing.

2. What value do I use for the "listen port" and "destination port?"

You will use 5933 (as in the example above) for both listening and destination ports, and you will use "192.168.1.15" (kimclust15's IP address) as the destination computer. Basically, your computer is being told to forward everything from its 5933 port ("localhost") to port 5933 on the destination computer ("kimclust15").

3. Given this scheme, is my destination host kimclust15?

The destination machine is kimclust15 (IP 192.168.1.15) or whatever machine is running your VNC server. However, the tunnel is only created when you initiate a ssh login to a computer. In our case, the tunnel is created when you ssh to the cluster (kim.bio.upenn.edu). The tunnel will not work if you try to ssh to any other UPenn computers (ex. mail.sas.upenn.edu), because they are not allowed through the firewall.

Note that you need to configure the tunnel before you ssh to the cluster, because the tunnel is actually created during the login process.