Follow Slashdot blog updates by subscribing to our blog RSS feed

 


Forgot your password?
Close
typodupeerror
×
News

WinVNC vs. KVM Extender? 41

Posted by Cliff from the network-software-vs-hardware dept.
systmc asks: "I'm trying to decide between using WinVNC or a KVM extender at a customer's site. I'd like to use WinVNC but I'm concerned about it's CPU usage on a WinNT system (with an inactive client connected CPU usage was at around 8%, even with Raw encoding. PCAnywhere was about 0.5%). Does anyone have experience tweaking VNC? If hardware winds up being necessary, what KVM Extender would you recommend?"
This discussion has been archived. No new comments can be posted.

WinVNC vs. KVM Extender? More

WinVNC vs. KVM Extender?

Comments Filter:

  • TightVNC (Score:4, Informative)

    by Mik!tAAt ( 217976 ) on Thursday November 08, 2001 @05:53AM (#2537038) Homepage
    Have you tried TightVNC [tightvnc.com]? I don't know about it's CPU usage, but IMHO it is much better and faster than normal WinVNC. It can also do JPEG-encoding on the picture data, so it is really bandwidth-efficient.
    • I'm not sure about TightVNC, but plain VNC servers under Windows have to repeatedly read out the entire frame buffer from the video card and compare it with the previous frame to detect changes (because they don't/can't hook Windows to find out just which rectangles changed). For some combinations of video card, bus, resolution, and color depth this can eat a lot of CPU time, regardless of how little network bandwidth it uses. A lower color depth or resolution can speed it up.

      <unix plug> The X-VNC server fixes this problem by design since it knows exactly which pixels are changed by every graphics operation. </unix plug>

      A question: Do you need security? Most VNC servers and clients provide no security. They just broadcast everything you type -- including passwords -- on the network with no encryption. I personally would not use ordinary VNC programs *at all*. If you want to, hey, it's your data.

      • Most VNC servers and clients provide no security. They just broadcast everything you type -- including passwords -- on the network with no encryption.

        If you're accessing over a VPN then you'll have encryption through that - otherwise you should tunnel over SSH.

      • Securing a VNC session is easy with port forwarding. Assuming you have sshd running on the NT box, and the VNC server on ports 5900 and 5800 (default in Windows), just say (on the client):

        ssh -L 5800:<server-ip>:5800 -L 5900:<server-ip>:5900 -N <server-ip>

        And then you can direct your VNC client to localhost:0 instead of <server-ip>:0.

        Oh, the windows VNC client does not allow localhost connections by default. Never fear: add the following key to the registry:

        [HKEY_LOCAL_MACHINE\Software\ORL\WinVNC3]
        "AllowLoopback"=dword:00000001

        Ta-da!
      • It's not freeware, but take a look at Remote Administrator [famatech.com] for Windows. It does hook into the video driver under NT/2000, but even when calculating its own dirty rectangles (Win95+) it's still quite speedy. As a little bonus it has its own root-priv file transfer capability, which saves you from setting up an FTP daemon. I think it's 30$ or so for a single license, a real steal.
      • You can tunnel VNC over SSH to make it secure.
    • TightVNC does pretty bad job on screen updating and can produce really corrupted screen if you need to scroll VNC window (not client app window).

      Speed is great tho.

      Normal VNC can eat even 40% of cpu cycles when client active. These numbers are from quad xeon p3-700 with 2M cache so yeas, it's poorly optimized on windows.
    • TightVNC encoding is very efficient, and the picture consistency is much better than Hextile. HOWEVER, its CPU usage is very high, much higher than other VNC encodings. I run it on about a dozen Xeons from 400 to 700 Mhz, and connecting to the VNC server raises the CPU load by about 20%. Not that those CPU don't have 20% to spare, but the CPU usage is higher. I use the Tight encoding because it alone seems to update the Windows desktop correctly with badly behaved vendor apps. It still screws up the numeric keypad completely (to the point of uselessness) and caps lock can get out of sync between client and server.

      There's also a patch to WinVNC to ignore the Windows desktop pattern, and you're going to want that.

      TridiaVNC is a good source for a windows VNC client. They provide commercial support and could compile a version of WinVNC to your requirements.

      If you've got a manager with money to burn, sure KVMs are nice, but you usually can't use VPN or PPP to connect to them without buying an add-on. Also, KVMs don't scale up without a suit to sign off on the purchase. If you get in new servers, you have to buy more KVM cables and after awhile another KVM switch to tier with your old one. With VNC, you just install it on the new box.

      We use both. KVMs keep the "NT diarrea" to a minimum, letting us drive 16 servers with just a pair of keyboards and screens. Our server room is just too small for a monitor for every server. Consolidating server space is really what KVMs are best at.

      However, PPP/VPN access is something else. Over dialup, VNC sucks, period. Over the standard 26400 connection most people get, VNC isn't really fast enough to do real work and remain calm. Over VPN via DSL or cable, VNC is perfectly fine. PCAnywhere is much better for dial-up telecommuting to Windows hosts. Turn on the maximum compression, no/minimal encryption, and downsample the color palette to 4 colors. The last bit is what does it -- a four color display updates over dialup very quickly, though it takes a little extra CPU time. Even over 19200 PCAnywhere is still usable even with the worst behaved GUI apps, like MS Access or vendorware.

  • What's the application? (Score:4, Informative)

    by Colin ( 1746 ) on Thursday November 08, 2001 @06:19AM (#2537072)

    You haven't explained why you want to use a remote machine.

    If it's to run applications, then the WinVNC/PCAnywhere/etc route is a good one. It's more flexible, because you don't need a cable. You can share the machine between more than one person, and you don't need extra hardware.

    Personally, for remote administration, I'd always use the KVM extender solution. If the machine that you're administrating isn't behaving, then the remote control software probably isn't working properly either. Remote software doesn't let you watch bootup screens, or reconfigure the Bios.

    So, before you make a decision, I think you need to look carefully at the purpose of the solution.

  • Rdesktop (Score:2, Informative)

    by Dashslot ( 23909 )
    What kind of machine is it at the client's site? If it is W2K you could use rdesktop [rdesktop.org]. This is apparently a fairly chatty protocol (compared with Citrix at least) but it is probably more CPU efficient.

    However, as another poster said, I think the KVM is the way to go, for the same reasons.

  • Timbuktu (Score:3, Informative)

    by Ratbert42 ( 452340 ) on Thursday November 08, 2001 @09:11AM (#2537294)
    The old Timbuktu [netopia.com] does a decent job. I have a client that's moved a number of their machines over to that to replace pcAnywhere. They feel it's faster and has less impact on the remote machine. I believe it gives you something that pcAnywhere doesn't have: you can have multiple clients connected at once as long as at most one is in Control mode (vs. Observe mode).

  • 8%? (Score:3, Informative)

    by tzanger ( 1575 ) on Thursday November 08, 2001 @10:13AM (#2537522) Homepage

    Make sure you don't have "poll entire screen" checked. It's a pig.

    My personal setup is TightVNC with everything BUT "poll entire screen" checked. It's pretty zippy, even over dialup, so long as you aren't redrawing the entire screen.

  • Better Solution (Score:2, Informative)

    by uslinux.net ( 152591 )
    Perhaps a better (and more professional) solution is something like Citrix. VNC limits you to one connection at a time, while Citrix allows multiple sessions simultaneously. In addition, Citrix is probably the fastest VNC-style thing I've used, and the Metaframe protocol works reasonably well, even over a modem. It's also more secure - rather than a VNC login, you use your Windows login, just like it's local (except it isn't). It's about the closest thing available for Windows to a remote XDM.
    • VNC does not limit you to one connection at a time. Of course, in most applications, having two people at different computers moving the same mouse and typing into the same window doesn't do much good.

  • Another Recommendation (Score:2, Informative)

    by pruneau ( 208454 )
    Something that is specified into the vnc documentation is that using a flat-color background will improve the performance .

    But I agree : vnc is a lot more efficient on *NIX that on NT...

    And as for security, someone mentionned, there is not so much encryption with vnc. At least, the vnc password is not sent in cleartext on the wire, but after that every keystrokes goes as it is into an udp packet.

    But I'm using VNC through a VPN tunnel to work from home, and since the generated network traffic is relatively light-weight, it's working pretty well to control *NIX-based hosts...

  • Compaq remote Insight Lights-Out Edition. (Score:4, Interesting)

    by kbyrd ( 68962 ) on Thursday November 08, 2001 @10:25AM (#2537565)
    Somebody mentioned the trouble with VNC for remote administration, if the PC isn't working then VNC may not be up either. KVM's don't suffer from this. But they're distance limited. Compaq makes a product [compaq.com] that gives the best of both worlds. It's a PCI card for the "controlled" PC. It hooks into the video, keyboard, mouse, and power. It has it's own power supply and NIC in it. It gives you a KVM-like control over TCP/IP. You control it via java and a web browser. A company I used to work for deployed these in several hundred servers that were located all over the U.S. It got us out of jams where VNC or a KVM would not.

  • KVM choices (Score:3)

    by Tet ( 2721 ) <slashdot AT astradyne DOT co DOT uk> on Thursday November 08, 2001 @10:28AM (#2537574) Homepage Journal
    what KVM Extender would you recommend?


    Anything that isn't made by Belkin. Many people swaer by them, but for me, they've caused no end of trouble. Half the time, they don't switch when you request them to, other times, they'll switch of their own accord. And they suck at handling non-PC hardware. I can't use them with my SPARC, and my Alpha works intermittently at best through them.

    • Re:KVM choices (Score:2, Informative)

      by ksimeon ( 535036 )
      You might want to consider the Cybex AutoView 400 or 424. The AutoView 400 will connect you to 8 PCs and the 424 will connect you to 24 PCs. They are currently in use in our lab environments.

      We also connect all of our AutoViews with a Cybex LongView. Basicly your KVM extender. You can use the LongView with almost any KVM system you already have install. We have them connected to Belkin KVMs. The extenders sends their signal over a standard ethernet cable.

      WARNING - Don't ever patch the ethernet cable through a switch. You will kill the switch. But you can send the signal through a normal patch panel, if you wanted the LongView receive to be at your desk. I am not sure of the distance for the extender, but all in all they work really good.

      Oh, I just looked. Cybex is now called Avocent.

  • Another option for some... (Score:3, Informative)

    by NetJunkie ( 56134 ) <jason.nashNO@SPAMgmail.com> on Thursday November 08, 2001 @10:54AM (#2537664)
    If you happen to have Compaq servers check out their Lights Out Management boards. They are almost a complete PC on a card. Intel i960 CPU, RAM, ATI Vid, and a NIC. They let you completely remote control the system through a web browser. It has its own power supply so you can restart the system and follow it through the POST test and everything.

    Pretty slick. They are $499. I put them in all new servers now.
    • If you happen to have Compaq servers check out their Lights Out Management boards.


      Yeah, but this is the sort of thing that should be built into the machine [sun.com], not an extra option that you have to pay for. Furthermore, it's useless in a 1U rackmount server, which is arguably where you need it most.

      • Pay extra, or have it in the server, either way you pay for it. I just don't HAVE to pay for it if I don't want it.

        Yeah, it sucks using the one slot in a 1U box, but the 1U Compaq boxes have internal SCSI and dual NICs. Not a problem for 99% of customers out there.
    • Compaq servers have the Insight Remote Console, a stripped version of the LOM board. You can connect to the server serially (we do it with a terminal server), reboot the server and follow the POST as well. Better yet, it comes free (if you buy the Proliant series). This coupled with VNC do pretty much what you want with the $499 cost.

  • Use NetMeeting. It's free and included! (Score:3, Informative)

    by fluor2 ( 242824 ) on Thursday November 08, 2001 @11:03AM (#2537694)
    I cannot understand why people talk about WinVNC, Proxy, PcAnywhere etc. Just use the included NetMeeting and enable Remote Desktop. I have it on all my servers and it's fast enough for me. Everywhere I go computers have NetMeeting installed (included in Windows) so you can call the servers. NetMeeting have encryption and uses normal NT accounts for users/password (or Active Directory/domain admins).

    Believe me! I've tried them all! (winvnc, tightvnc...)

    BTW: Don't forget to lower your colors (256color desktop. it's faster).
    • I had quite forgotten about netmeeting. It has definite advantages if you need to support users without accessing a port on their machine (on private network or behind a firewall). That's because all the participants communicate through an ILS or MS Directory server.

      But the C/S design is also a problem. Microsoft no longer provides public ILS servers, and to access the Directory server you have to sign up for Hotmail. (Lovely spam! Wonderful spam!) MS does not provide listings of public servers. Instead they refer you to netmeet.net -- which seems to be down.

      I did find one university ILS server. But I suspect its owners are unaware that it's accessible to the world at large. No thank you, my relationship with the fibbies is already sufficiently complex.

      I'm looking at commercial service providers. Don't seem to be a lot of them.

      And yes, I'm aware of Expertcity. Many advantages, including Mac and Solaris support. (Didn't they use to support Linux?) But they've found low-end customers unprofitable, so you have to be prepared to spend at least $400/month to get their attention.

      I seem to recall that there's an ILS-compatible client for Irix. Anyone know of other non-MS clients?

  • vnc (Score:2)

    by tongue ( 30814 )
    I'm using the tightvnc [tightvnc.org] distribution of VNC on WinNT (and linux as well) and I'm not seeing nearly the cpu usage that you are... when its active, there's a bit of a jump, but inactive my cpu (on a three-monitor system, no less--600mhz P3 with 128 MB RAM. With the Tight compression selected, 8 bit color, and jpeg compression enabled, its very usable even over a modem. The only real advantages PC Anywhere has over it in our office is the built-in file transfer capabilities of PCanywhere, and the ability to dial directly into a computer. aside from that, VNC has it beat, as far as I'm concerned.
  • At my old job, we had Proxy by Funk Software on all the PCs in the two locations, and all of the NT/2000 servers. Worked well, but was a little pricy when dealing with 350 desktops. You can get a 30 day trial of the software to see if you like it, and it supports modem, IP, and IPX. It's a little slow over a modem, and I recogmend disabling the translation effects on 2k machines, like fadeing. It hates PC anywhere though, they don't play well together. It was decent over a t1 connection that had traffic all day, and we could use it on dial-in users as well.

    As for PC Anywhere, we had some service providers who used it, and it worked well, and some times better than Proxy. VNC was something I used as a band-aid for a few rare things like I hinted at above, but works well on a no cash budget.

    Also, Win2k server has a single user license included for remote administration purposes, and both NT and 2k support workstation administration though the tool kits they have. For 2k, you only need the server cd in a 2k workstation to install the package. It is a .asp file I believe, but I forget the name, but then you can admin the entire Active Directory thing and possibly some other things.
    • Sorry, I forgot to mention that I highly recogmend Black Box equipment. It's a little pricy as well, ($700+ for a 8 port KMV switch, no cables included) but very reliable. THey also have KMV extenders which can go ontop of the KMV switches, which have menus on them for selecting and cascading them. Also, there have a PC that they built that acts as a dialin/remote control unit that can plug into the KMV switches as well, or directly to a PC and be used as a software driven KMV extender. Kida cool if you ask me.
  • what KVM Extender would you recommend?

    Tom's Hardware [tomshardware.com] recently did a review [tomshardware.com] of 5 KVM switches. They gave the top nob to, not suprisingly, the Belkin F1DS102T, which has some nifty features such as audio and usb switching.

  • I don't know why nobody ever mentions RemotelyAnywhere [remotelyanywhere.com] when this question comes up.

    It works entirely from a browser, and is quite nice.

    It includes a mobo info page (uses MBM), network graphs, file management, upload/download, SSL, works through firewalls (inc. VNC-like usage), telnet/SSH/FTP server (dunno how (in)secure they are; you can disable them).

    I like it.

  • If it's Windows 2000, enable the Terminal Services with remote management option (which legally allows you to not buy WTS client licenses). You can then use the web-based terminal services ActiveX, or the normal Windows Terminal Server client.

    If it's NT 4.0, see about an upgrade to Win2000.

    Only thing this won't give you is access to the attached terminal process, which if you're running something like SQL or Lotus Domino, and you want to see the process console -- well, that's a walk to the server room.

    Also remember you can admin Win2000 boxes from any Win2000 box. Right-click on My Computer, go to Manage, then Action...Connect to Another Computer. Gives you access to services, logs, storage, user/group accounts....
  • I've used WinVNC (or Tridia's package of it) for some time. It can spike the CPU on slower (PPro, slower PIIs) machines, but IMHO is very good for what it does. We ditched PC Anywhere in favor of VNC and even use in on HP-UX boxes in some cases. Best of all, I can admin all my NT servers from my non-M$ desktop, which tickles me with glee every day.

  • Use the web-browser interface, not the client (Score:1, Informative)

    by Anonymous Coward
    Use the Java interface, not the VNC client. (http://targetbox:5800) Its throughput is better than the native windows client, especially if you use a fast JVM like Jrocket [jrocket.com] or IBM's [ibm.com].


    It's not any less CPU-intensive on the host, unfortunately.

Slashdot Top Deals

On the eighth day, God created FORTRAN.

Close