Nomad

From openSUSE

Nomad is a set of components that provide an unmatchable remote desktop experience to openSUSE.

This is the core set of components that make up Nomad:

• Proxy X server
• Session manager
• Connection handler
• Client program
• Compositing manager extensions

Contents 1 Terminology 2 Implementation 3 Installation 4 Usage 5 Advantages 6 FAQ 7 See Also

Terminology

• Receiver

This is your laptop/desktop (the machine you are sitting in front of) The host presented to the user. These can be thin-client, netbook, laptop, desktop, workstation, ... Because these have direct access to the graphics/input hardware the acceleration takes place here.

• Sender

Where the actual desktop/applications reside (the remote system you are accessing) That's the system where desktop is actually happening. Not necessarily accessible by the user. These can be servers in data-center, an instance in a cloud, a virtual machine, ... That system does not have direct access to graphics/input hardware.

Implementation

The proxy X server used is DMX2. DMX2 supports modern X extensions like Composite, XVideo, RANDR 1.2 and includes advanced features like X selection sharing and XDND awareness.

The session manager is responsible for spawning and keeping track of desktop sessions that can be accessed remotely.

The RDP protocol is used as a transport and security layer by the connection handler. However, a virtual channel that transfer unfiltered X11 traffic to the local X server where the desktop is displayed is used when supported by the client software. The connection handler is always able to fall back to plain RDP commands when necessary, which means that remote desktops can be accessed from any existing RDP client.

A special RDP client is provided for openSUSE that implement nomad specific extensions for X11 protocol forwarding and the ability to composite remote desktops locally when appropriate compositing manager plug-ins are loaded.

Installation

Install the xrdp package to provide remote desktop access. Remote desktop access is provided through TCP port 3389. This port is by default protected by the firewall so you'll have to add this port to the list of allowed services before you can access your desktop remotely.

Packages that are in openSUSE 11.1 do not work as expected so install/update packages from the following repository:

After installing the xrdp package, you'll need to start the service via the following command:

On systems where you like to display a remote desktop, install the rdesktop package. If you prefer a graphical user interface for accessing remote desktops, install tsclient.

If you intend to use desktop effects on the remote desktop, make sure you also install the compiz-plugins-dmx package on both the system that provides the remote desktop as well as the system where the remote desktop is going to be displayed.

If you using KDE, you may be need to execute:

Otherwise you get an error "Login failed" while trying connect to desktop. This bug was found in the openSUSE 11.1 release.

Usage

Simply point your RDP client to the remote desktop host. In the case of openSUSE, this is the rdesktop command line utility or the Terminal Service Client.

Connect to SERVER in window mode with compression:

Connect to SERVER using user 'gecko' in fullscreen mode with compression:

Advantages

One of the key to unlock broader adoption of Linux as a desktop operating system was the introduction of desktop effects. Many of you reading this are already familiar with the amazing desktop effects provided by the compiz project and its plugins. If not, you can find out more about it here: compiz.

The challenges that virtual desktops and cloud-computing making so that using current remote desktop protocols, you can not continue to take advantage of those effects.

But it doesn't stop there of course. The goal of the Nomad initiative is not simply to make desktop effects available but rather to fully optimizing X-based remote desktop computing.

There are several approaches to make a remote desktop connection efficient. Some apply layers of compression upon layers of compression. Some chose to effectively tunnel all the information into one transport. The Nomad approach is to be versatile and at the same time easily accessible. To achieve that, Nomad is taking advantage of the Remote Desktop Protocol (RDP) and implementing Nomad specific extensions that allow for compositing tasks to be delegated to the receiver. Amongst those extensions you will find Composite, XVideo and RANDR 1.2. Also, it includes advanced features like X selection sharing and XDND awareness over RDP.

FAQ

• Q.1. Will I be able to use desktop effects remotely using Nomad?

A. Yes - By enabling desktop effects on both the local and remote desktop, the local compositing manager will be able to apply effects to the elements coming from the remote desktop.

• Q.2. Will my friends running on Windows be able to access by remote desktop?

A. Yes - Nomad includes a core component which will now allow for virtually any RDP (Microsoft Remote Desktop Protocol) client to connect to your Linux desktop.

• Q.3. Does this apply in any ways to servers as well?

A. Yes - While you should not be running a graphical interface on your servers, sometimes it is just convenient to do so. Nomad makes it extremely convenient even for system administrators running Windows to efficiently access remote Linux servers in their server rooms and data center. Also, because of the implementation of Nomad, it consumes fewer resources on your servers than a standard Xorg server would.

• Q.4. How about security?

A. Remote desktop access is provided through the xrdp service. Allowing access to any kind of service through the firewall has its own set of security implications that you should be aware of before using it in an environment that requires high security. RDP uses RSA key encryption. RDP uses SHA1 and MD5 hash algorithms. RDP uses RC4 cipher algorithm. Low, medium and high encryption levels. The xrdp.ini files provides a setting for the encryption level. Valid setting are 'low,' 'medium,' and 'high.' Low is 40 bit client to server encryption. Medium is 40 bit two way encryption. High is 128 bit two way encryption. In contrast to the X server on a local desktop, the remote desktop X server doesn't require access to devices and can therefor run with normal user privileges instead of super user privileges. Which means that all potential X server exploits are harmless within remote desktop sessions and the system hosting the desktop is in this sense much more secure.

• Q.5. Can I use Nomad even if I am not using a virtual machine?

A. Yes - Nomad is totally independent from any hypersivor or virtualization engine technology. You can absolutely use is on a stand-alone machine just as well.

• Q.6. Are there known limitations?

A. Well of course - We are just getting started here. There are some use-cases which still need to be met. For example, GL application support has not been implemented yet.

• Q.7. What about all my USB devices?

A. USB redirection, while a separate issue altogether had not been addressed yet. We hope to be able to leverage the tremendous work done by the USB over IP project. It's quite possible that USB Mass Storage devices will be handled differently.

• Q.8. Typical open-source question, what's with the name?

A. Nomads are rootless like the idea of being able to take your desktop and connect to it anywhere. In the French culture, nomadic people are also believed to be agile. If someone asks for an acronym: Novell Open Mobile Agile Desktop (NOMAD)

• Q.9. Does Nomad have a logo yet?

A. Not yet no - Feeling creative?

Proposed Logo here

• Q.10. How does the virtual X11 channel work?

A. RDP5 has support for virtual channels. A virtual channel can carry any kind of data. Common use cases are forwarding of storage devices and clipboard data. When establishing an RDP connection, the server and client will determine the set of channels that can be supported. xrdp and rdesktop (RDP server and RDP client in openSUSE) implements support for a virtual channel called 'rdpx11'. This channel provides X forwarding (very similar to what exists in ssh) and makes it possible for an X client on the server side to use the X11 protocol to communicate with an X server on the client side. With a powerful X proxy, like DMX2, on the server side this becomes incredibly useful.

• Q.11. Can I use Nomad to access the console?

A. Yes, first you need to make sure you have a VNC server running that provides access to the console. You can set this up by installing the libvncserver package and running the following command as root:

LinuxVNC 1 -passwd secret

This starts a VNC server that provides access to /dev/tty1 and password 'secret' needs to be provided to access it.

Once you have a VNC server running, add the following section to your /etc/xrdp/xrdp.ini configuration file:

[console]
name=Console
lib=libvnc.so
username=na
password=ask
ip=127.0.0.1
port=5900

"Console" will now be among the sessions available when establishing an RDP connection to this machine.

See Also

• Using Nomad with KIWI-LTSP
• Example of Nomad installation using source code