summary [was: vnc and security]

Jeff Walker jwalker "at" matchlogic.com
Mon, 18 Jun 2001 19:11:35 +0000


First of all, thanks for the help, I didn't really find an acceptable
solution, but here is what I found.

-Seems like the Tridia version of the viewer seemed to have a problem taking
the "-encodings" flag, but the AT&T version did fine.
-Looks like over ssh, zlib was the best encoding to use (kinda strange,
since I had ssh compression on [low compression])
-I moved the server to another server and it seemed to speed things up.  The
other server is a Sun u2, and about half the speed as the Alpha server that
I went from, so I think the network config is the culprit.  (the sun is on
both the "pc" and the "server" networks, and the alpha is only on the
"server" network, so I assume I have to cross a router to the alpha, and not
the sun.  I didn't see any difference in ping times (both less than 10ms))

So, I guess the answer is to move to the sun server.  The bad news is this
sun server is heavily used, and makes things slow, this is why I switched
servers in the first place.  

Oh well, I still search, but I think it has more to do with the network
config here than VNC related issues.  Thanks for your help.

-- 
Jeff Walker                   MatchLogic, Inc.
jwalker "at" matchlogic.com        7233 Church Ranch Blvd.
Voice 1 (303) 222-2105        Westminster, CO  80021
Fax   1 (303) 222-2001        www.matchlogic.com


> -----Original Message-----
> From: James ''Wez'' Weatherall [mailto:jnw22 "at" cam.ac.uk]
> Sent: Thursday, June 14, 2001 7:11 AM
> To: vnc-list "at" uk.research.att.com
> Subject: Re: vnc and security
> 
> 
> Make sure you supply the parameter:
> 
> -encodings "hextile copyrect"
> 
> to the vncviewer command at the client.  Otherwise, it'll try 
> to use raw.
> If you just say "hextile", then scrolling stuff and dragging 
> will be really
> slow.
> 
> Cheers,
> 
> James "Wez" Weatherall
> --
>           "The path to enlightenment is /usr/bin/enlightenment"
> Laboratory for Communications Engineering, Cambridge - Tel : 766513
> AT&T Labs Cambridge, UK                              - Tel : 343000
> 
> ----- Original Message -----
> From: "Jeff Walker" <jwalker "at" matchlogic.com>
> To: <vnc-list "at" uk.research.att.com>
> Sent: Wednesday, June 13, 2001 6:03 PM
> Subject: vnc and security
> 
> 
> > Sorry if this has been covered before, but I searched the 
> archives, and
> > didn't find anything really relevant.
> >
> > My company is doing a security audit and installing a 
> security policy.
> Vnc
> > isn't going to be allowed, because the traffic isn't encrypted.  I
> > understand how to fix this, using ssh to do port forwarding 
> to tunnel the
> > traffic through a secure channel.  That seems to work okay, but the
> problem
> > is the speed.  It is pretty much unusable to me.  I have 
> the server on a
> > OSF1/alpha box that is pretty fast. I have the viewer 
> running on a very
> fast
> > Pentium III windows 2000 machine.  The network between the 
> viewer and
> server
> > is very fast.  The only ciphers available is idea, 3des, 
> and blowfish.
> All
> > three seem very slow. (and I can't try "none" to see if the 
> encryption
> > overhead is really the problem)  I have tried various levels of
> compression,
> > but it doesn't help.
> >
> > I have read the info on the vnc site about how to do this, 
> including the
> > info about getting out of "raw" mode, I use "hextile", as 
> that seems to be
> > the fastest over non-ssh.
> >
> > Is there something I'm missing, something I can do to make 
> this anywhere
> > near the speed of non-ssh?
> >
> > Thanks.
> >
> > --
> > Jeff Walker                   MatchLogic, Inc.
> > jwalker "at" matchlogic.com        7233 Church Ranch Blvd.
> > Voice 1 (303) 222-2105        Westminster, CO  80021
> > Fax   1 (303) 222-2001        www.matchlogic.com
> > 
> ---------------------------------------------------------------------
> > To unsubscribe, send a message with the line: unsubscribe vnc-list
> > to majordomo "at" uk.research.att.com
> > See also: http://www.uk.research.att.com/vnc/intouch.html
> > 
> ---------------------------------------------------------------------
> ---------------------------------------------------------------------
> To unsubscribe, send a message with the line: unsubscribe vnc-list
> to majordomo "at" uk.research.att.com
> See also: http://www.uk.research.att.com/vnc/intouch.html
> ---------------------------------------------------------------------
---------------------------------------------------------------------
To unsubscribe, send a message with the line: unsubscribe vnc-list
to majordomo "at" uk.research.att.com
See also: http://www.uk.research.att.com/vnc/intouch.html
---------------------------------------------------------------------