VNC Cloud is a connection brokering service that is hosted by RealVNC in its data centers currently in the UK, US East Coast and US West Coast. No, we don’t use Amazon or Google or any managed service – VNC Cloud performs optimally on our own bare metal. Virtualisation architecture just adds another layer of abstraction and we need to drive the network card hard to achieve low latency across thousands of concurrent connections per server.
I said that VNC Cloud is connection brokering service. So what do I mean? Well, without it, a VNC Viewer needs to make a direct TCP connection to a VNC Server listening on TCP port 5900. In order to connect you need to know the IP address of the VNC Server and have a route to it. Normally if you are on the same LAN, that’s fine, but if you’re both in different locations then things become more complex. One public IP address may be shared by a number of networked machines behind a NAT. In this case, to start a VNC session you’d need to port-forward 5900 on the public IP to port 5900 on the right internal IP. It can be a complex process particularly for non-technical users. It can also be limiting (there’s only one port 5900 on one public IP and it can only map to one machine behind the NAT!).
VNC Cloud turns everything on its head. The Viewer and the Server, instead of an IP address, would be assigned a VNC Cloud Address (it looks like an auto-generated token). To establish a session, each endpoint would first make a call to join VNC Cloud, citing its Cloud Address. Once VNC Cloud knows where two endpoints are, it can help to broker the connection between them.
If they’re on the same network, the Viewer and Server will talk directly to one another. If they are behind a NAT, VNC Cloud will use NAT traversal techniques such as UDP hole-punching, and other industry-standard techniques, such as STUN and ICE, to find the best way for the Viewer and Server to communicate. Most of the time, we’ll be able to help them talk directly to each other. If we can’t, VNC Cloud will act as a data relay, passing the data between the two endpoints throughout the duration of the connection.
It’s important to note that, in the rare cases that the data is going through our relay, we still can’t see what that data is (even if we wanted to, which we don’t!), since our VNC SDK requires it to be end-to-end encrypted at all times.
So, in conclusion, VNC Cloud makes it easier than ever to get two endpoints connected securely, regardless of what the network characteristics are at either end. This facilitates much smoother user experiences in your products and doesn’t assume any technical knowledge on the part of your end users.