NX rather than VNC for EC2 Desktop

The various Amazon EC2 AMIs that I’ve built over the last few years are getting a bit long in the tooth. Most are based on Fedora 4 and nearly all are over-burdened with software I no longer use nor require. Time for some rationalisation.

I figure I need two ‘template’ AMIs, one containing the bare minimum of software, EC2 tools, Python, Perl and Java; the second loaded with the likes of Kettle, Talend, Hamachi VPN, OracleXE , Palo MOLAP Server and Palo ETL Server and a Gnome desktop accessible via VNC.

I’m deciding whether to use Centos or Ubuntu as the basis for one or both templates. I’m more familiar with Centos’s RedHat heritage but Ubuntu’s design goals of ease-of-use and ease-of-update appeal.  Since I was in the process of re-evaluating my EC2 builds I decided to also check out NX as an alternative to VNC. I had tried to install NX Server on a Fedora 4 instance a few years back, but had abandoned the effort having spent the best part of a day on it, reverting back to my VNC comfort zone.

This time I was able to use one of Eric Hammond’s Ubuntu AMIs with NX pre-installed.  Wow, what a difference! It’s much more responsive, even over my tempermental fixed wireless broadband connection. I also tried it using my backup ISDN line, again a huge improvement compared to using VNC. If you’re still using VNC to remotely access EC2 or any other remote server, you’ve got to check out NX.

Advertisements

9 responses to “NX rather than VNC for EC2 Desktop

  1. Gobán, I’m super-pleased to hear that an Ubuntu AMI listed on http://alestic.com worked well for you. I build these using the best knowledge I’ve been able to gather over the last year on EC2, and I agree that NX is amazing compared to VNC.

    I would invite you to join a growing community of Ubuntu EC2 users at http://ec2ubuntu-group.notlong.com

    FYI, both of the current links are broken in the above sentence which mentions my name 🙂

  2. Hi Goban Saor,

    Your blog is excellent and is one I often check (via RSS). I’ve been data smithing for last several years after I got tired of being an accountant!

    I was thinking of setting up an AMI too with Talend, Oracle XE, PERL with all modules needed for Talend (I am not very familiar with Java which is not good). Any chance you would be sharing your image? I would love to start with yours.

    If you are using NX or VNC, what is the purpose of Hamachi VPN? I am just trying to understand.

    And thank you about your posts on SQLITE. It helps me a bunch with my ETL work.

    Regards,
    Sean

  3. Sean,

    Great to see another SQLite convert and to find another datasmith (I sometimes wonder if I’m just talking to myself on this blog). I often think that data smithing should become a sub-discipline within the accounting profession rather than within IT (with data quality and governance high on the agenda).

    I have not yet created a public AMI and would need to do a bit more research into how to securely set one up (don’t want to end up sharing my AWS credentials with the world). But it is definitely on my to-do list. Likewise, my knowledge of Ubuntu (and Debian distros in general) is at an early stage. Having said that, I’m really impressed so far and I think it’s going to be my distro of choice. I will let you know when I’ve something to show.

    Why a VPN (and Hamachi in particular)? A Virtual Private Network allows you to securely pipe communications between two machines. VNC, on the other hand, by default sends data as clear text; some VNC products offer encryption as an add-on but the most common way to protect transmitted traffic is use a VPN such as SSH tunnels. NX is out of the box secure as it is built with an integrated SSH tunneling mechanism (another good reason to use NX).

    But accessing your server’s desktop is only one type of traffic; applications that expose data via network ports such as databases and application servers are another. This is where Hamachi VPN comes in. I could and occasionally do use Putty to set up SSH tunnels and for totally security that is what I would recommend, but Hamachi is drop-dead simple to setup and use and good enough for many situations.

    So, for example, my EC2 hosted OracleXE exposes its Apex control panel via port 8080, I could open this port to the public (or a restricted IP range), but OracleXE is totally unsuitable for public internet facing (lots of un-patched security flaws, doesn’t support SSL, even passwords are sent in the clear).

    So what’s my alternative? Front it with something like Pound (more software, yet another skill to learn); restrict it to an IP range (I’m behind two layers of NAT addressing, wouldn’t work for me). No, the simplest thing is to install Hamachi, open its (secure) port to the internet, join my private network and viola I can now securely access any port within the server.

    I currently use Hamachi to wrap VNC and HTTP traffic (Oracle, Palo and an FTP server) to and from EC2 and I also have it setup on my desktop, laptop and various “virtual machines” to allow me to communicate with any of my machines (virtual or real, Windows or Linux) without bothering with all the usual firewall/file sharing hassles.

    Tom

  4. Tom,

    Thank you for a detailed response. I have looked at most of the recent entries and learned a bunch about new tools for data smithing. I was already using Talend and that’s how I landed at your blog.

    I started as an Accountant, then got into ERP and then into ETL/Informatica. Since I never had any IT training as such, I am pretty much self-taught and like to learn new technologies where possible.

    Thanks to your explanation above, I understand the Hamachi concept. I, of course, use corporate VPN and PuTTY all the time. I also use VNC internally only. Connecting to AMI desktop via NX is a great idea but it will not cover for the XE flaws and who knows what other issues that one might not know at all. But a combination of Hamachi and NX should make it very secure at least for ETL purposes. So now NX and Hamachi go on to my long list TO-DOs.

    Thanks again!

  5. Tom,

    Your Hamachi link above does not go anywhere (I tried it several times).

    And it seems Hamachi is part of LogMeIn and they have made is difficult to find this freeware. It also mentions that it requires a mediation server to establish connection. Is this the same Hamachi you are using?
    https://secure.logmein.com/products/hamachi/howitworks.asp

    I also found this on SourceForge
    http://hamachi-gui.sourceforge.net/

    At your convenience, please post your source for Hamach.
    Thanks!

  6. Got it. Thanks again.

  7. @Eric

    Sorry about the bad links and for not realising that Akismet had relegated your comment to spam!!

    I’ve updated the links but the http://www.alestic.com/ site appears to be down at present.

    Thanks for the AMIs, impressive stuff!

    Tom