This article has multiple issues. Please help improve it or discuss these issues on the talk page. (Learn how and when to remove these template messages)(Learn how and when to remove this template message)
6.11.2 / 16 June 2020
|Type||Remote desktop software|
NX technology, commonly known as NX, is a proprietary suite of products for desktop virtualization and application delivery for servers and client software, developed by the Luxemburg-based company NoMachine.
The enterprise-oriented server products also offer multi compute-node clustering and fail-over functionality, and the ability to run multiple virtual Linux instances on the same machine (Linux Terminal Server functionality).
NX—or NoMachine, as it is often referred to since the release of version 4—is platform-agnostic. It can be installed on Linux, Windows and Mac instances virtualised within popular hypervisors like Xen, KVM or VMware, and integrated with any virtual desktop infrastructure running in private or public clouds, such as Amazon EC2 or Rackspace.
In 2001, the compression and transport protocol NX was created to improve the performance of the native X display protocol so it could be used over slow connections such as dial-up modems. It wrapped remote connections in SSH sessions for encryption.
NX's design was derived from the Differential X Protocol Compressor project (DXPC). NX version 1 was released on February 14, 2003. The last update, version 3.5, was released in 2012.
From v.3.5, NX's core compression technology was made available to the community under the GNU GPL2 license, whilst other components such as the NX Server and NX Client programs remained proprietary.
Starting in 2013, with the release of version 4.0, NX became closed-source.
NX 4 and later versions
NX 4 introduced optimal image compression and caching with the latest video-encoding techniques.
Client applications can connect using the SSH protocol, with the same authentication mechanisms as version 3, by a new SSH system login, or by the new SSL-enabled NX daemon. Once a secure connection is established, clients negotiate a desktop session using a text protocol compatible with that used in version 3. Clients can also use one of the various NoMachine subsystems, such as the file synchronization service, software updates, directory services, voice/video messaging and server clustering.
When connecting hosts across the network, the NX protocol works as a generic tunnel, with additional framing and flow control information, and dynamically adapts compression and bandwidth according to network speed and capacity. For compatibility, multiplexing is based on version 3.
NX 4 added new channel types to handle services such as the new file-system redirection, new printing system, virtual network interfaces, smart cards and USB devices. Most NoMachine components, including the agent program that impersonates the desktop session on the server, embed so-called "slave servers"—lightweight servers that provide inter-process communication and automation that can be used to create additional channels, under the control of the client and server.
Applications can still request that channels carry data using the NX X Window System protocol compression. Version 4 added new channel types for video and audio, allowing multiple codecs in the same stream. Currently, the display (video) channels can handle data in H.264, VP8, MJPEG and other formats, with additional primitives used to implement special encoding operations concurrent with standard audio and video streams.
Once the session is established between client and server, NX data can travel on TCP and UDP streams. The client and server dynamically select which transport to use, based on the type of data and network conditions. If communication over UDP is enabled, client and server can automatically instruct the router to open the necessary ports. UDP uses symmetric Blowfish encryption. The host interface and port, and Blowfish encryption key, are negotiated via a secure TCP link. UDP communication is disabled when using SSH tunneling, so that all data uses the same SSH link.
The display protocol uses a combination of video and image encoding, based on standard codecs and a number of techniques developed by NoMachine. NX monitors display and user activity to adapt quality and buffering to the displayed application.
From version 4.0 on, when the default NX protocol is used, the login can be via password-based authentication, private key or Kerberos ticket authentication.
When NX is configured to send its data by SSH (available only on enterprise-version servers), the following authentication methods are available:
Client to Server
- NX login as NX user using the NX SSH key and user password-based authentication
- System login with password-based authentication
- System login with SSH key-based authentication
- System login with SSH key-based authentication and SSH key stored on a smart card
- System login with Kerberos ticket existing on client side
Server to Node
- Login with password
- Login with SSH key forwarded from client (e.g. NoMachine Player) via server to node
- Login with Kerberos ticket forwarded from client via server to node
- Login with Kerberos ticket requested by Kinit on server host
- Login with Kerberos ticket requested by PAM module on server host.
- Login with password to Kerberos ticket requested by PAM module on node host
Version 3 and earlier
NX compresses the X11 data to minimize the amount of data transmitted, and caches data to keep the session as responsive as possible. For example, the first time a menu is opened, it may take a few seconds, but is subsequently almost instant.
NX is faster than its predecessors, as it eliminates most of the X round trips, while dxpc and MLView only compress data.
The two principal components of NX are nxproxy and nxagent. nxproxy is derived from dxpc and is started on both the remote (client in X terminology) and local (server in X terminology) machines, simulating an X server on the client and forwarding remote X protocol requests to the local X server.
remote clients (xterm, etc.) ↕ nxproxy client ↕ Network ↕ nxproxy server ↕ local X server (monitor/keyboard)
nxproxy alone achieves 1:10 to 1:1000 compression ratios, reducing bandwidth, but does not eliminate most of X's synchronous round trips, responsible for most of X's perceived latency.
nxagent, derived from Xnest (similar to Xephyr), is typically started on the remote (client) machine, thus avoiding most X11 protocol round trips. Together with nxproxy (built into nxagent), this setup performs well over low-bandwidth and high-latency links.
remote clients (xterm, etc.) ↕ nxagent server side \ nxagent client side nxagent executable nxproxy client / ↕ Network ↕ nxproxy server ↕ local X server (monitor/keyboard)
On systems with a functional X11 implementation, nxproxy and nxagent are all that is needed to establish a connection with low-bandwidth requirements between a set of remote X clients and the local X server. SSH can be used to establish a secure tunnel between the hosts. NX 3 relies on SSH functionalities and existing open-source SSH software, making it possible to run contemporary Unix and Windows desktops and arbitrary network applications over the Internet in a secured and controlled way.
FreeNX and the various NX Clients are used for setup, handling suspend and resume, secure tunnelling over SSH, and printing and sound.
Other display protocols
All Enterprise versions of NoMachine's NX protocol allow client connections to hosts via Remote Desktop Protocol (for Windows Remote Desktop Services sessions) and remote Virtual Network Computing sessions (most modern general-purpose operating system platforms), as well as XDM.
Prior to version 4.0, NoMachine released core NX technology under the GNU General Public License, and offered non-free commercial NX solutions, free client and server products for Linux and Solaris, and free client software for Microsoft Windows, Mac OS X and embedded systems.
On December 21, 2010, NoMachine announced that NX 4.0 would be closed-source.
Due to the free-software nature of older NX releases, the FreeNX project was started to provide wrapper scripts for the GPL NX libraries. FreeNX was developed and maintained by Fabian Franz, but has not announced a release since 2008.
On July 7, 2009, Google announced their open-source NX server, Neatx, as an internal project.[which?] The project had no releases and is not actively developed. Its source code is available under the GNU GPL v2 license.
X2Go is based on the 3.x NX libraries, but is not compatible with other implementations. The client and server are released under a combination of GNU GPLv2 or later, and GNU AGPLv3 or later.
The primary NX clients are the official freeware, NoMachine, and NoMachine Enterprise Client. Several open-source projects can also use the NX protocol.
An OS mature project was Lawrence Roufail's nxc client library, a full library which can be used for other clients to build upon. The nxrun application utilizes this library. As of 2006[update], the library does not allow suspending or resuming sessions, and uses only JPEG graphics compression.
The kNX project was a proof-of-concept application written by Joseph Wenninger, with plans for it to eventually become a complete NX client to show that an open-source client could be written. Its development was halted before it was completed. In late 2005, Fabian Franz and George Wright began modifying kNX to use the nxc library, but abandoned the project.
More recent open-source efforts include QtNX, which offers full suspend and resume. However, it has been reported as incompatible with the most recent NX libraries.
Nxcl, an update to nxclientlib, the core of QtNX, was completed by Seb James in September 2007, and works with version 3 of the NX core libraries. It also drops dependency on Qt, which prevented nxclientlib from becoming widely used as a cross-platform basis for NX client programs. nxcl provides a library that can be linked to a client program (libnxcl), and a self-contained NX client with a D-Bus API (the nxcl binary). It is available from the FreeNX Subversion server.
Other recent and actively maintained OSS NX clients include OpenNX, described as a "drop-in replacement for NoMachine's [proprietary] nxclient" with full suspend and resume.
Various open-source terminal server projects, such as X2Go, also use the NX protocol. However, X2Go is not compatible with other NX servers or clients.
Remmina, another recent GTK+ remote desktop client project, announced the ability to use the NX protocol in its release 0.8.
Previous X11 compression schemes
- Low Bandwidth X (lbxproxy; obsolete and of historical interest only)
- Comparison of remote desktop software
- Thinstation – a thin client Linux implementation with optional built-in NX client
- GNU Screen – a terminal multiplexer for console-mode (text-mode) applications
- Xpra – a system for attaching and detaching remote X programs
- xmove – a tool allows you to move programs between X Window System displays (outdated)
- "Building and using NX components". NoMachine. 2015-05-22. Retrieved 2015-08-21.
- Building and using NX components, NoMachine.
- NX Terminal Server and Remote Access Software (product details), NoMachine.
- NoMachine Makes First NX 4.0 Technology Preview Available, NoMachine.
- "FreeNX – the free NX". DE: Berlios. Archived from the original on 2013-11-11. Retrieved 2014-02-14.
- FreeNX (project page), DE: Berlios.
- "2X TerminalServer for Linux Features". 2X. Archived from the original on January 16, 2012. Retrieved 2016-03-30..
- "Releasing Neatx, an Open Source NX Server", Open source (World Wide Web log), Google, Sep 2009.
- "Neatx", Code, Google.
- "X2Go – everywhere@home". 2013-12-28. Retrieved 2014-02-14.
- FAQ, X2go.
- License information, X2go.