|This article relies too much on references to primary sources. (January 2013) (Learn how and when to remove this template message)|
5.0.63 / 16 January 2016
|Type||Remote desktop software|
NX technology, developed by NoMachine, and commonly known as 'NX' is a proprietary computer program for hosted desktop and remote access scenarios. It constitutes a suite of NoMachine software products related to desktop virtualization & application delivery for server-based computing and cloud-based environments. Available as a free version for personal remote access use, there is also a comprehensive range of products for commercial use which allow the individuals of an enterprise to work and collaborate remotely regardless of device or network.
The enterprise-oriented server products available additionally offer multi-node clustering and failover functionality as well as the ability to run multiple virtual Linux instances on the same machine (Linux Terminal Server functionality).
NX, or NoMachine as it is often referred to since the release of version 4, is environment-agnostic in that it operates with any physical, virtualized or in the cloud infrastructures meaning that it can be installed on Linux, Windows and Mac instances virtualised on top of popular hypervisors like Xen, KVM or VMware or integrated with any Virtual Desktop Infrastructure running in private or public clouds, such as Amazon EC2 or Rackspace.
Brief history of NX
In 2001, the compression and transport protocol NX was created to improve on the performance of the native X display protocol to the point that it could be usable over a slow link such as a dial-up modem. It wrapped remote connections in SSH sessions for encryption. The NX scheme was derived from that of DXPC – the Differential X Protocol Compressor project. NX 1.x was released to the general public on February 14th 2003, the final version of 'NX' being 3.5 of which the last update was in 2012. The core compression technology up until NX 3.5 was made available to the community under the GNU GPL2 license whilst other components such as the NX Server and NX Client programs were proprietary.
From 2013, with the release of version 4.0, NX technology became closed source.
Technical details of recent versions
Released in 2013, the eponymous NoMachine 4.0 saw the introduction of the NX protocol as a security protocol in addition to the already supported SSH, and a complete redesign of the NX compression and transport protocol used in version 3 and earlier. NoMachine 4, and subsequent later versions of the software, implements its own protocol for secure communication over the network, additionally supporting the SSH protocol out of the box. All products, including the free version, use the NX protocol as default.
Client applications can connect using the SSH protocol, with the same authentication mechanisms as version 3, or a new SSH system login or by using the new SSL-enabled NX daemon. Once the secure connection is established, clients can negotiate a desktop session, by means of a text protocol compatible with the one used in version 3, or request one of the various NoMachine sub-systems, such as the file synchronization service, software updates, directory services, voice a video messaging and clustering.
When connecting different hosts across the network, the NX protocol works as a generic tunnel, with additional framing and flow control information used to dynamically adapt compression and bandwidth in real-time, according to the network conditions. To preserve compatibility, multiplexing is based on the same version 3 schema. NX 4 adds new channel types to handle additional services such as the new file-system redirection, new printing system, virtual network interfaces, smart-cards and USB devices. Most NoMachine components, including the agent program impersonating the desktop session on the server, embed so called "slave servers". These are light-weight servers providing IPC and automation services which can be used to create additional channels, under the control of the client and the server.
Applications can still request channels to carry data using the NX X Window protocol compression, but version 4 nodes and clients add new channel types for display and audio and only use the old X11 channels as place-holders for the remote display session. The new display and audio channels use a binary protocol for efficiency. The protocol allows for multiple codecs in the same stream. The NX protocol is not dependent on the codec used. Currently, the display channels support data in H.264, VP8 and JPEG format with additional primitives used to implement special encoding operations besides the standard image and video streams.
Once the session has been negotiated between the client and the server, NX data can travel on TCP and UDP streams. The client and server select dynamically what transport to use, based on the type of data and the network conditions. If communication over UDP is enabled, client and server can automatically instruct the router to open the necessary ports. UDP uses symmetric Blowfish encryption. Host interface and port, as well as the Blowfish encryption key, are negotiated using the secure TCP link. UDP communication is disabled when using SSH tunneling, so that all data goes through the same SSH link.
The display protocol uses a combination of video and image encoding, based on standard codecs and a number of techniques developed by NoMachine. NoMachine monitors the content of the display and the user activity to adapt quality and buffering to the displayed application. In this way NoMachine can automatically adapt to widely different use-cases and scenarios.
From version 4.0 onwards, when the default NX protocol is used, the login can be via password-based authentication, private key or kerberos ticket authentication.
When NX is configured to send its data by the SSH protocol (SSH authentication is available only on enterprise-version servers), the following methods of authentication are supported:
Client to Server
- NX login as nx user using the NX SSH key and user password based authentication on the system.
- System login with password based authentication.
- System login with SSH key based authentication.
- System login with SSH key based authentication and SSH key stored on a smart card.
- System login with Kerberos ticket existing on client side.
Server to Node
- Login with the NX SSH key.
- Login with password.
- Login with SSH key forwarded from client (e.g. NoMachine Player) via Server to Node.
- Login with Kerberos ticket forwarded from client via Server to Node.
- Login with Kerberos ticket requested on Server host by Kinit on server host.
- Login with Kerberos ticket requested by PAM module on Server host.
- Login with password to Kerberos ticket requested by PAM module on Node host.
Technical details of legacy version NX 3 and earlier
NX compresses the X11 data to minimize the amount of data transmitted. NX takes full advantage of modern hardware by caching all manner of data to make the session as responsive as possible. For example the first time a menu is opened it may take a few seconds, but on each subsequent opening the menu will appear almost instantly.
NX is faster than its predecessors, as it eliminates most of the X round trips, while dxpc and MLView only compress data.
The two principal components of NX are nxproxy and nxagent. nxproxy is derived from dxpc and is started on both the remote (client in X terminology) and the local (server in X terminology) machines simulating an X server on the client and forwarding remote X protocol requests to the local X server.
remote clients (xterm, etc.) ↕ nxproxy client ↕ Network ↕ nxproxy server ↕ local X server (monitor/keyboard)
nxproxy alone achieves 1:10 to 1:1000 compression ratios reducing bandwidth, but does not eliminate most of X's synchronous round trips, which are mostly responsible for X's perceived latency.
nxagent in turn is derived from Xnest and is typically started on the remote (client) machine, thus avoiding most X11 protocol round trips. Together with nxproxy (which is built into nxagent) this setup performs well over low bandwidth/high latency links:
remote clients (xterm, etc.) ↕ nxagent server side \ nxagent client side nxagent executable nxproxy client / ↕ Network ↕ nxproxy server ↕ local X server (monitor/keyboard)
On systems with a functional X11 implementation, nxproxy and nxagent are all that is needed to establish a connection with low-bandwidth requirements between a set of remote X clients and the local X server. SSH can be used to establish a secure tunnel between the two hosts involved. NX 3 relies on both the SSH functionalities and the existing open-source SSH software, to make it possible to run contemporary Unix and Windows desktops and arbitrary network applications, across the Internet, in a secured and controlled way.
FreeNX and the various NX Clients are used for setup, handling suspend and resume, secure tunnelling over SSH, and for printing and sound.
Other display protocols
All Enterprise versions of NoMachine's NX protocol support client connections to hosts via Remote Desktop Protocol (for Windows Remote Desktop Services sessions) and remote Virtual Network Computing sessions (most modern general-purpose operating system platforms) as well as XDM.
Prior to version 4.0, NoMachine used the GNU General Public License for the core NX technology, while at the same time offering non-free commercial NX solutions for the enterprise, free client and server products for Linux and Solaris and free client software for Microsoft Windows, Mac OS X and embedded systems.
On December 21, 2010, NoMachine announced that the upcoming NX 4.0 release would be closed-source only.
Due to the free software nature of older releases of NX, the FreeNX project was started in order to provide the wrapper scripts for the GPL NX libraries. FreeNX was developed and maintained by Fabian Franz, but has not made a release since 2008.
On July 7, 2009, Google announced their open-source NX server, Neatx. Neatx was developed as part of an internal project[which?] which has now finished, had no releases and is not being actively developed. The source code is available under the GNU GPL v2 license.
X2Go is based on the 3.x NX libraries, but is not compatible with other implementations. The client and server are released under a combination of GNU GPLv2 or later, and GNU AGPLv3 or later.
The primary clients for use are the official freeware, NoMachine and NoMachine Enterprise Client, but there are several open source projects which added support for the NX protocol.
The most mature of the projects used to be Lawrence Roufail's nxc client library. This is a full library which can be used for other clients to build upon, and another application, 'nxrun', is provided which makes use of this library. As of 2006[update], the library does not support suspending or resuming sessions, nor does it support using any compression method other than JPEG for the graphics.
The kNX project was a proof-of-concept application written by Joseph Wenninger. This was meant to eventually become a complete NX client, showing that an open-source client could be written. However, this implementation got stuck in an incomplete stage; to date it lacks many important features. As such, kNX was effectively useless. In late 2005, Fabian Franz and George Wright started to change kNX to use the nxc library, but quickly abandoned the project.
More recent open-source efforts include QtNX, which offers full suspend and resume support. However, this has been reported not to work with the most recent NX libraries.
An update to nxclientlib (which was the core of QtNX) called nxcl has been completed by Seb James in September 2007. nxcl is an update to nxclientlib and works with version 3 of the NX core libraries. It also drops the Qt dependency which prevented nxclientlib from becoming widely used as a cross-platform basis for NX client programs. nxcl provides both a library which can be linked to in a client program (libnxcl), and a self-contained NX client with a D-Bus API (the nxcl binary). nxcl is available from the FreeNX Subversion server.
Other recent and actively maintained OSS NX clients include OpenNX, a "drop-in replacement for NoMachine's [proprietary] nxclient". OpenNX supports full suspend and resume.
Various open source terminal server projects such as X2Go also use the NX protocol; however, X2Go is not compatible with other NX servers and clients.
Another recent GTK+ remote desktop client project Remmina announced NX protocol support in its release 0.8.
Previous X11 compression schemes
- Low Bandwidth X (lbxproxy; obsolete and of historical interest only)
- dxpc – the Differential X Protocol Compressor
- Comparison of remote desktop software
- Thinstation – a thin client Linux implementation with optional built-in NX client
- GNU Screen – a terminal multiplexer for console-mode (text-mode) applications
- Xpra – a system for attaching and detaching remote X programs
- xmove – a tool allows you to move programs between X Window System displays (outdated)
- "Building and using NX components". NoMachine. 2015-05-22. Retrieved 2015-08-21.
- Building and using NX components, NoMachine.
- NX Terminal Server and Remote Access Software (product details), NoMachine.
- NoMachine Makes First NX 4.0 Technology Preview Available, NoMachine.
- "FreeNX – the free NX". DE: Berlios. Retrieved 2014-02-14.
- FreeNX (project page), DE: Berlios.
- "2X TerminalServer for Linux Features". 2X. Archived from the original on January 16, 2012. Retrieved 2016-03-30..
- "Releasing Neatx, an Open Source NX Server", Open source (World Wide Web log), Google, Sep 2009.
- "Neatx", Code, Google.
- "X2Go – everywhere@home". 2013-12-28. Retrieved 2014-02-14.
- FAQ, X2go.
- License information, X2go.