There are four common thin-client protocols:
Remote Desktop Protocol (RDP) is a proprietary MS protocol that provides monolithic remote desktop support. It includes encryption and redirection to allow remote applications to access most local hardware, including audio, filesystems and printers. It currently does not allow single applications to be run remotely (without a desktop), but RDP 6.0 is supposed to add this. RDP clients are available for Linux, but there is no functional RDP server, although a nascent product named xrdp is under development.
Independent Computing Architecture (ICA) is a proprietary protocol from Citrix. It is largely similar to RDP, which is based on an earlier version of ICA. ICA includes the ability to run single applications remotely, without the entire desktop, but it requires Citrix Presentation Server, which is available for MS Windows and some UNIX systems.
X Display Manager Control Protocol (XDMCP) is an open standard used by the X Window System (X). It is notably different from RDP and ICA in two respects. First, the same software modules (described below) are used for local and remote sessions. No separate terminal server software is necessary. Second, it is not monolithic. In the UNIX tradition, it does what it does and works with other tools that do what they do. It does not provide compression or the ability for remote applications to access local hardware other than KVM.
NX is an open standard server built on top of X that simplifies thin-client networking. It includes built-in support for encryption (using SSH), access to the local filesystem (using Samba) and local audio (using ESD or aRts). The server also is able to translate foreign protocols to allow connections from RDP and other clients. NX is a product of NoMachine, which develops an open-source core, on which proprietary versions of both the server and client are built. There is also a completely open-source project called FreeNX.
A distinction should be made between these protocols and remote framebuffer protocols like VNC. VNC provides remote control of a desktop that is still local, while thin-client protocols provide remote desktops.
X is nothing if not modular. Modularity is a good thing, but seeing how all the pieces of X fit together can be daunting for a new user. Below is a summary of the main modules and their interactions that will make the rest of this article accessible to readers with no previous X networking experience.
All access to the physical display is through the X server. This is a source of confusion for new users, because the display is intuitively client-side. But, the display is the service to which it provides access, hence the name. The clients for an X server are X applications that use it to display their output. We will see relationships later in this article where the X server acts as a client to other services.
The display manager (DM) is the heart of the terminal server. X servers and DMs have a dual client-server/server-client relationship. An X server can, as a client, initiate a connection to a DM on UDP port 177. The DM will then connect to the X server as a client on TCP port 6000 to display a graphical login screen to the user. A client can have multiple displays (windows or virtual terminals), in which case, the second display would be on port 6001 and so on. The protocol for this communication is XDMCP. If the X server and the DM are on the same system, they communicate using a UNIX socket.
The X server and DM are about displays and pixels. Neither has any concept of a window or a widget. These are handled by the window manager (WM).
Although the window manager provides the fundamental functionality and the major aspects of the look and feel, that is not enough to consider it a fully usable system. The desktop environment (DE) completes the user interface with utilities, such as control panels and toolbars, and basic applications, such as calculators and text editors.
There is often one additional component used: an X font server. The name of this server is xfs. In relation to xfs, an X server is a client that connects to an xfs server on TCP port 7100. X servers also can be configured to retrieve fonts from a filesystem folder.
The main decisions to make when deploying thin clients and a terminal server are the DM and the DE. The X server is built in to the thin client, and the DE will have a default WM that there is usually no reason to change. There are two dominant DEs in use today: GNOME (GNU Network Object Model Environment) and KDE (K Desktop Environment). Both have extensive features, and they are about equal in market share. GNOME is written in C and uses the GTK+ libraries. KDE is written in C++ and uses the Qt libraries. Both GNOME and KDE have their own WMs, named Metacity and KWin, respectively. They each also provide their own DMs, GDM and KDM, one of which is normally used in place of the standard XDM provided with X.
Fast/Flexible Linux OS Recovery
On Demand Now
In this live one-hour webinar, learn how to enhance your existing backup strategies for complete disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible full-system recovery solution for UNIX and Linux systems.
Join Linux Journal's Shawn Powers and David Huffman, President/CEO, Storix, Inc.
Free to Linux Journal readers.Register Now!
- Server Hardening
- EnterpriseDB's EDB Postgres Advanced Server and EDB Postgres Enterprise Manager
- The Death of RoboVM
- BitTorrent Inc.'s Sync
- The Humble Hacker?
- Open-Source Project Secretly Funded by CIA
- The US Government and Open-Source Software
- New Container Image Standard Promises More Portable Apps
- ACI Worldwide's UP Retail Payments
- Canonical and BQ's Aquaris M10 Ubuntu Edition Tablet
In modern computer systems, privacy and security are mandatory. However, connections from the outside over public networks automatically imply risks. One easily available solution to avoid eavesdroppers’ attempts is SSH. But, its wide adoption during the past 21 years has made it a target for attackers, so hardening your system properly is a must.
Additionally, in highly regulated markets, you must comply with specific operational requirements, proving that you conform to standards and even that you have included new mandatory authentication methods, such as two-factor authentication. In this ebook, I discuss SSH and how to configure and manage it to guarantee that your network is safe, your data is secure and that you comply with relevant regulations.Get the Guide