NX technology

NX technology is a computer program that handles remote X Window System connections, and attempts to greatly improve on the performance of the native X display protocol to the point that it can be usable over a slow link such as a dial-up modem. It wraps remote connections in SSH sessions for encryption.

It is developed by Gian Filippo Pinzari at the Italian software company NoMachine. The NX scheme was derived from that of DXPC – the Differential X Protocol Compressor project.[1]

NX software is currently available for Windows, Mac OS X, Linux, and Solaris. NoMachine has clients available for Windows and Mac OS X, and Google makes a freely available Open Source GPL2 version of the server called NeatX.[2]

Contents

Technical details

NX compresses the X11 data to minimize the amount of data transmitted. NX takes full advantage of modern hardware by caching all manner of data to make the session as responsive as possible. For example the first time a menu is opened it may take a few seconds, but on each subsequent opening the menu will appear almost instantly.

NX is faster than its predecessors, as it eliminates most of the X round-trips, while dxpc and MLView only compress data.

The two principal components of NX are nxproxy and nxagent. nxproxy is derived from dxpc and is started on both the remote (client in X terminology) and the local (server in X terminology) machines simulating an X server on the client and forwarding remote X protocol requests to the local X server.

Typical setup:

remote clients (xterm, etc.)
            ↕
      nxproxy client
            ↕
         Network
            ↕
      nxproxy server
            ↕
local X server (monitor/keyboard)

nxproxy alone achieves 1:10 to 1:1000 compression ratios[3] reducing bandwidth, but does not eliminate most of X's synchronous round trips, which are mostly responsible for X's perceived latency.

nxagent in turn is derived from Xnest and is typically started on the remote (client) machine, thus avoiding most X11 protocol round trips. Together with nxproxy (which is built into nxagent) this setup performs well over low bandwidth/high latency links:

 remote clients (xterm, etc.)
            ↕
  nxagent server side \
  nxagent client side   nxagent executable
     nxproxy client   /
            ↕
         Network
            ↕
      nxproxy server
            ↕
local X server (monitor/keyboard)

On systems with a functional X11 implementation, nxproxy and nxagent are all that is needed to establish a connection with low-bandwidth requirements between a set of remote X clients and the local X server. SSH can be used to establish a secure tunnel between the two hosts involved.

FreeNX and the various NX Clients are used for setup, handling suspend and resume, secure tunnelling over SSH, and for printing and sound.

Other display protocols

Although designed primarily to optimize X11 sessions, NX server can be configured as a proxy server to tunnel Remote Desktop Protocol (for Windows Remote Desktop Services sessions) and remote Virtual Network Computing sessions (most modern general-purpose operating system platforms), giving them some of the same speed improvements.

Use of SSH protocol and how SSH tunneling works in NX

NX uses the SSH protocol to send its data. SSH was chosen as a base for NX because of its excellent security record. NX relies on both the SSH functionalities and the existing OpenSource SSH software, to make it possible to run contemporary Unix and Windows desktops and arbitrary network applications, across the Internet, in a secured and controlled way.

The way NX works (NX 3.x) is by creating an 'nx' user on the server machine whose shell is executed any time a remote NX user connects to SSH using NX Client. The initial login between client and server happens using a DSA key-pair. The public key-part is provided during the installation of the server: the private key-part is distributed together with NX Client. The SSH server is forced by the NX key to execute the nxserver shell and enables SSH X11 forwarding. Due to performance deterioration of SSHD, X11 forwarding was introduced in NX 2.0.0.

The SSH secure channel is established once the client has been authenticated on the server. Authentication of the user on the system and negotiation of session parameters happen on this channel. By default, NX Client is configured with encryption of all traffic enabled, i.e. NX tunnels all the session traffic over the encrypted SSH channel used to authenticate and negotiate the session with the server.

Starting from version 4.0, NX will also allow system login as an alternative method, so that users can choose if they want to rely on NX or SSH authentication..

In addition to simply allowing users to log in remotely over a slow internet link to a server graphically, NX also allows them to suspend and resume sessions. During suspension, the processes invoked inside the session continue to run, and so many people have come to use NX as a graphical alternative to SSH and the 'screen' application - in order to run applications such as XChat permanently on a computer with a fixed internet link. Another program that serves this purpose is xpra.

License

Up until version 4.0, NoMachine used the GNU General Public License for the core NX technology, while at the same time offering non-free commercial NX solutions for the enterprise,[4] free client and server products for Linux and Solaris and free client software for Microsoft Windows, Mac OS X and embedded systems.

On December 21, 2010, NoMachine announced that the upcoming NX 4.0 release would be closed-source only.[5]

Due to the free software nature of older releases of NX, the FreeNX project was started in order to provide the wrapper scripts for the GPL NX libraries. FreeNX is developed and maintained by Fabian Franz.

2X develops another commercial terminal server for Linux that also uses the NX protocol.[6]

On July 7, 2009, Google announced their open-source NX server, Neatx.[7]

Clients

The primary client for use with NX is the official freeware NoMachine NX Client, but there are several projects underway to produce an open source client.

The most mature of the projects used to be Lawrence Roufail's nxc client library. This is a full library which can be used for other clients to build upon, and another application, 'nxrun', is provided which makes use of this library. As of 2006, the library does not support suspending or resuming sessions, nor does it support using any compression method other than JPEG for the graphics.

The kNX project was a proof-of-concept application written by Joseph Wenninger. This was meant to eventually become a complete NX client, showing that an open-source client could be written. However, this implementation got stuck in an incomplete stage; to date it lacks many important features. As such, kNX was effectively useless. In late 2005, Fabian Franz and George Wright started to change kNX to use the nxc library, but quickly abandoned the project.

More recent open-source efforts include QtNX, which offers full suspend and resume support. However, this has been reported not to work with the most recent NX libraries.

An update to nxclientlib (which was the core of QtNX) called nxcl has been completed by Seb James in September 2007. nxcl is an update to nxclientlib and works with version 3 of the NX core libraries. It also drops the Qt dependency which prevented nxclientlib from becoming widely used as a cross-platform basis for NX client programs. nxcl provides both a library which can be linked to in a client program (libnxcl), and a self-contained NX client with a D-Bus API (the nxcl binary). nxcl is available from the FreeNX Subversion server.

Other recent and actively maintained OSS NX clients include OpenNX a "drop-in replacement for Nomachine's [proprietary] nxclient". OpenNX supports full suspend and resume.

Various open source terminal server projects such as x2go also use the NX protocol; however, x2go is not compatible with other NX servers and clients.

Another recent GTK+ remote desktop client project Remmina announced NX protocol support in its latest release 0.8.

Previous X11 compression schemes

See also

References

External links