1 Legal Information

This document and all associated illustrations are licensed under the Creative Commons Attribution 2.5 License. Any works that contain material derived from this document must cite The VirtualGL Project as the source of the material and list the current URL for the VirtualGL web site.

The TurboVNC Windows packages include PuTTY, which is released under this license.

TurboVNC is licensed under the GNU General Public License, v2.

2 Overview

TurboVNC is a derivative of VNC (Virtual Network Computing) that is tuned to provide peak performance for full-screen video and 3D workloads. TurboVNC is based on the TightVNC 1.3.x and xf4vnc code bases, and on the surface, it behaves similarly to its parents. However, TurboVNC compresses 3D and video workloads better than the “tightest” compression mode of TightVNC 1.3.x while using only typically 15-20% of the CPU time of the latter.

All VNC implementations, including TurboVNC, use the RFB (remote framebuffer) protocol to send “framebuffer updates” from the VNC server to any connected “viewers.” Each framebuffer update can contain multiple “rectangles” (regions that have changed since the last update.) As with TightVNC, TurboVNC analyzes each rectangle, splits it into multiple “subrectangles”, and attempts to encode each subrectangle using the “subencoding type” that will provide the most efficient compression, given the number of unique colors in the subrectangle. The process by which TurboVNC does this is referred to as an “encoding method.” A rectangle is first analyzed to determine if any significant portion of it is solid, and if so, that portion is encoded as a bounding box and a fill color (“Solid subencoding.”) Of the remaining subrectangles, those with only two colors are encoded as a 1-bit-per-pixel bitmap with a 2-color palette (“Mono subencoding”), those with low numbers of unique colors are encoded as a color palette and an indexed bitmap containing 8 index bits per pixel (“Indexed color subencoding”), and subrectangles with high numbers of unique colors are encoded using either JPEG or arrays of RGB pixels (“Raw subencoding”), depending on the encoding method. Zlib can optionally be used to compress the indexed color, mono and raw subrectangles.

Part of TurboVNC’s speedup comes from the use of libjpeg-turbo, the same high-speed SIMD-optimized JPEG codec used by VirtualGL. However, TurboVNC also eliminates the CPU-hungry smoothness detection routines that TightVNC uses to determine whether a subrectangle is a good candidate for JPEG compression, and TurboVNC’s encoding methods tend to favor the use of JPEG more, since it is now generally the fastest subencoding type. Furthermore, TurboVNC eliminates buffer copies, it maximizes network efficiency by splitting framebuffer updates into relatively large subrectangles, and it uses only the Zlib compression levels that can be shown to have a measurable performance benefit. TurboVNC can compress 3D and video workloads somewhat better and many times faster than any mode that TightVNC 1.3.x provided, and (using non-default settings) TurboVNC can also compress 2D workloads nearly as well as TightVNC while using only half of the CPU time.

TurboVNC is the product of extensive research, in which many different permutations of the TightVNC encoder were benchmarked at the low level against a variety of captured RFB sessions that simulated real-world application workloads, both 2D and 3D. For more information on the research leading to TurboVNC’s encoder design, see this report.

In addition to high performance, other notable features of TurboVNC include:

• Fine-grained control over the JPEG image quality and the level of chrominance subsampling
• Double buffering on the client side to reduce tearing artifacts in 3D and video applications
• TurboVNC has the ability to hide network latency by decompressing and drawing a frame on the client while the next frame is being fetched from the server. This can improve performance dramatically on high-latency connections.
• TurboVNC supports authentication with one-time passwords or Unix login credentials. Access control lists can be used to share VNC sessions with only certain users.
• TurboVNC allows security/authentication policies to be set globally for a particular server machine.
• TurboVNC provides a “lossless refresh” feature, which sends a lossless copy of the current screen image. This is useful in situations in which image quality is critical but the network is too slow to support sending a high-quality image for every frame. Lossless refreshes can be performed manually when a certain hotkey is pressed, or the TurboVNC Server can be configured to send a lossless refresh automatically if the user stops interacting with the application for a certain period of time.

TurboVNC, when used with VirtualGL, provides a highly performant and robust solution for remotely displaying 3D applications over all types of networks.

TurboVNC is capable of sending 50+ Megapixels/second of image data over a 100 Megabit/second local area network with perceptually lossless image quality. TurboVNC can deliver between 10 and 12 Megapixels/second of image data over a 5 Megabit/second broadband connection at reduced (but usable) image quality.

TurboVNC is compatible with other VNC distributions. See Chapter 9 for more information. TurboVNC can be installed onto the same system as other VNC distributions without interference.

3 System Requirements

3.1 Linux/x86 and Other x86 Un*x Operating Systems

3.2 Mac/x86

3.3 Windows

4 Obtaining and Installing TurboVNC

4.1 Installing TurboVNC on Linux

Font Dependencies

On some Linux distributions, most notably Fedora 10 and later, the basic X11 bitmap fonts are not installed by default. Thus, it is necessary to install the xorg-x11-fonts-misc package on these distributions prior to starting a TurboVNC session for the first time. Otherwise, TurboVNC will fail with the following error:

Fatal server error:
could not open default font 'fixed'

Installing TurboVNC

1. Download the appropriate TurboVNC binary package for your system from the Files area of the VirtualGL SourceForge project page. Packages are provided for Linux distributions in the Red Hat, SuSE, or Debian families that contain GLIBC 2.3.2 or later (including Fedora, CentOS 3 and later, Ubuntu Linux v6.0 or later, and White Box.)
   
2. Log in as root, cd to the directory where you downloaded the binary package, and issue one of the following commands:

   RPM-based systems

   rpm -U turbovnc*.rpm
   

   Debian-based systems

   dpkg -i turbovnc*.deb
   

4.2 Installing the TurboVNC Viewer on OS X

1. Download the TurboVNC Mac disk image (TurboVNC-{version}.dmg) from the Files area of the VirtualGL SourceForge project page.
2. Open the disk image, then open TurboVNC-{version}.pkg inside the disk image. Follow the instructions to install the Mac client.

4.3 Installing the TurboVNC Viewer on Windows

1. Download the TurboVNC Windows installer package (TurboVNC-{version}.exe for 32-bit systems or TurboVNC64-{version}.exe for 64-bit systems) from the Files area of the VirtualGL SourceForge project page.
2. Run the TurboVNC installer. The installation of TurboVNC should be self-explanatory. The only configuration option is the directory into which you want the files to be installed.

4.4 Installing TurboVNC from Source

If you are using a Unix platform for which there is not a pre-built TurboVNC binary package available, then log in as root, download the TurboVNC source tarball (turbovnc-{version}.tar.gz) from the Files area of the VirtualGL SourceForge project page, uncompress it, cd vnc/unix, and read BUILDING.txt for further instructions on how to build TurboVNC from source.

4.5 Uninstalling TurboVNC

Linux

As root, issue one of the following commands:

RPM-based systems

rpm -e turbovnc

Debian-based systems

dpkg -r turbovnc

OS X

Use the “Uninstall TurboVNC” application provided in the TurboVNC disk image, or issue the following command from the Terminal:

sudo /opt/TurboVNC/bin/uninstall

Windows

Use the “Programs and Features” applet in the Control Panel (or the “Add or Remove Programs” applet if you are running Windows XP), or “Uninstall TurboVNC” in the “TurboVNC” Start Menu group.

5 Using TurboVNC

5.1 Starting and Connecting to a TurboVNC Session

Procedure

1. Mac clients: Start the Mac X11 application.
2. Open a new Command Prompt/terminal window on your client machine. (Mac clients: in the X11 application, start a new xterm [Command-N] if one isn’t already started.)
3. In the new Command Prompt/terminal/xterm window, open a Secure Shell (SSH) session into the TurboVNC server machine:

   Linux/Unix/Mac clients

   ssh {user}@{server}
   

   Windows clients

   "c:\program files\turbovnc\putty" {user}@{server}
   

   Replace {user} with your user account name on the TurboVNC server machine and {server} with the hostname or IP address of that machine.

4. In the SSH session, start a TurboVNC session:

   /opt/TurboVNC/bin/vncserver
   

5. Make a note of the X display number that the TurboVNC session is occupying, for instance:
   
   New 'X' desktop is my_server:1
   
   If this is the first time that a TurboVNC session has ever been run under this user account, and if VNC password authentication is enabled for the session, then TurboVNC will prompt for a VNC password.
6. The SSH session can now be exited, if desired.
7. On the client machine, start the TurboVNC Viewer.

   Linux/Unix/Mac clients

   Open a new terminal/xterm and type

   /opt/TurboVNC/bin/vncviewer
   

   Windows clients

   Select TurboVNC Viewer in the TurboVNC Start Menu group.

8. A small dialog box will appear.
   
   

   Windows TurboVNC Viewer	Linux/Unix/Mac TurboVNC Viewer

   
   Enter the X display name (hostname/IP address and display number) of the TurboVNC session in the “VNC server” field, then click “Connect” (Windows) or press Enter (Linux/Unix/Mac.)
9. Another dialog box appears, prompting for the password (if standard VNC authentication is being used) or for the username and password (if Unix login authentication is being used.)
   
   

   	Windows TurboVNC Viewer	Linux/Unix/Mac TurboVNC Viewer
   Standard VNC Authentication Dialog
   Unix Login Authentication Dialog

   
   Enter the VNC session password or the Unix username/password and click “OK” (Windows) or press Enter (Linux/Unix/Mac.)
   
   A TurboVNC desktop window should appear on your client machine. This window contains a virtual desktop with which you can interact to launch X-Windows applications on the TurboVNC server machine.

5.2 Disconnecting and Killing a TurboVNC Session

Closing the TurboVNC Viewer disconnects from the TurboVNC session, but the TurboVNC session will remain running on the TurboVNC server machine (as will any applications that you may have started in the session), and you can reconnect to the session at any time.

To kill a TurboVNC session:

1. Using SSH (c:\Program Files\TurboVNC\putty.exe on Windows clients), log into the server that is running the TurboVNC session that you wish to kill.
   … or …
   Using the TurboVNC Viewer, connect to the TurboVNC session that you wish to kill, and open a new terminal in that TurboVNC session.
2. Type the following command:

   /opt/TurboVNC/bin/vncserver -kill :{n}
   

   Replace {n} with the X display number of the TurboVNC session you wish to kill.

To list the X display numbers and process ID’s of all TurboVNC sessions that are currently running under your user account on a particular machine, type the following command:

/opt/TurboVNC/bin/vncserver -list

5.3 Using TurboVNC in a Web Browser

When a TurboVNC session is created, it automatically launches a miniature web server that serves up a Java TurboVNC Viewer applet. This Java TurboVNC Viewer can be used to connect to the TurboVNC session from a machine that does not have a native TurboVNC Viewer installed (or a machine for which no native TurboVNC Viewer is available.) The Java viewer is significantly slower than the native viewer on high-speed networks, but on low-speed networks the Java viewer and native viewers have comparable performance.

To use the Java TurboVNC Viewer, point your web browser to:

http://{turbovnc_server}:{5800+n}

where {turbovnc_server} is the hostname or IP address of the TurboVNC server machine, and n is the X display number of the TurboVNC session to which you want to connect.

Example: If the TurboVNC session is occupying X display my_server:1, then point your web browser to:

http://my_server:5801

5.4 Optimizing TurboVNC’s Performance for Different Network Types

The level of image compression in TurboVNC can be adjusted to balance the (sometimes conflicting) goals of high image quality and high performance. There are four options that control the manner in which TurboVNC compresses images:

Allow JPEG compression

If this option is enabled, then TurboVNC will use JPEG compression for subrectangles that have a high number of unique colors and indexed color subencoding for subrectangles that have a low number of unique colors. If this option is disabled, then TurboVNC will select between indexed color or raw subencoding, depending on the size of the subrectangle and its color count.

JPEG image quality

Lower quality levels produce grainier JPEG images with more noticeable compression artifacts, but lower quality levels also use less network bandwidth and CPU time.

JPEG chrominance subsampling

When compressing an image using JPEG, the RGB pixels are first converted to the YUV colorspace, a colorspace in which each pixel is represented as a brightness (Y, or “luminance”) value and a pair of color (U & V, or “chrominance”) values. After this colorspace conversion, chrominance subsampling can be used to discard some of the chrominance components in order to save bandwidth. 1X subsampling (the default in TurboVNC) retains the chrominance components for all pixels, and thus it provides the best image quality but also uses the most network bandwidth and CPU time. 2X subsampling retains the chrominance components for every other pixel, and 4X subsampling retains the chrominance components for every fourth pixel (this is typically implemented as 2X subsampling in both X and Y directions.) Grayscale throws out all of the chrominance components, leaving only luminance. 2X and 4X subsampling will typically produce noticeable aliasing of lines and other sharp features, but with photographic or other “smooth” image content, it may be difficult to detect any difference between 1X, 2X, and 4X.

Zlib compression level

If Zlib compression is enabled, then indexed color, mono, and raw-encoded subrectangles will be compressed with Zlib prior to transmission. This decreases network bandwidth usage at the expense of increased CPU usage. If JPEG compression is enabled, then Zlib compression is always used with non-JPEG subrectangles.

In the Windows TurboVNC Viewer, these parameters can be adjusted by accessing the Options dialog box (click on the “Options” button in the “TurboVNC Connection” dialog box or, after connecting to the server, click on the Connection Options button in the toolbar.) In the Unix TurboVNC Viewer, press F8 after connecting to bring up the options menu. In the Java viewer, click on the Options button at the top of the viewer window.

The TurboVNC Viewer provides five “encoding methods”, corresponding to the most useful combinations of the image compression options described above:

In the Windows TurboVNC Viewer, the encoding method can be set using the Options dialog box (click on the “Options” button in the “TurboVNC Connection” dialog box or, after connecting to the server, click on the Connection Options button in the toolbar.) In the Java viewer, the same thing is accomplished by clicking on the “Options” button at the top of the browser window. With the Linux/Unix/Mac TurboVNC Viewer, the “Perceptually Lossless” encoding method is the default, and you can use the following command-line switches to select another encoding method:

-medqual = select the “Tight + Medium Quality JPEG” encoding method
-lowqual = select the “Tight + Low Quality JPEG” encoding method
-lossless = select the “Lossless Tight” encoding method
-losslesswan = select the “Lossless Tight + Zlib” encoding method

You can also press the F8 key after connecting to pop up a menu from which you can select a different encoding method.

5.4.1 Lossless Refresh

Since both of TurboVNC’s mathematically lossless encoding methods have performance drawbacks, another option for image-quality-critical applications is the “Lossless Refresh” feature. When a lossless refresh is requested by a TurboVNC viewer, the server will send a mathematically lossless image of the current TurboVNC desktop to the requesting viewer. So, for instance, a user can rotate/pan/zoom an object in their 3D application using a very low-quality JPEG setting, then when that user is ready to interpret or analyze the object, they can request a lossless refresh of TurboVNC’s virtual screen.

To perform a lossless refresh in the Windows or Unix TurboVNC Viewers, press CTRL-ALT-SHIFT-L (in the Windows TurboVNC Viewer, you can also click on the Lossless Refresh toolbar icon.) In the Java TurboVNC Viewer, click on the “Lossless Refresh” button at the top of the viewer window.

5.4.2 Automatic Lossless Refresh

Passing an argument of -alr {timeout} to vncserver will enable the automatic lossless refresh (ALR) feature for the TurboVNC session. ALR will monitor all of the VNC viewer connections, and if more than {timeout} seconds have elapsed since the last framebuffer update was sent to a given viewer, then the TurboVNC Server will send to that viewer a mathematically lossless copy of screen regions that have been affected by lossy compression. You can also pass arguments of -alrqual and -alrsamp to vncserver to specify that automatic lossless refreshes should be sent using JPEG instead (see the Xvnc man page for details.)

The ALR feature is designed mainly for use by interactive visualization applications. The idea is that, on a low-bandwidth connection, low-quality JPEG can be used while the user is rotating/panning/zooming a 3D scene, but when the user stops manipulating the scene, then a fully lossless copy of the 3D image is sent for them to study in detail.

The default ALR behavior is to monitor and send lossless copies of only the screen regions that were drawn using X[Shm]PutImage(). When used with VirtualGL, this means that ALRs will mainly be sent for just the 3D screen regions. This should be fine for most 3D applications, since the 3D regions are the ones that are quality-critical. The default ALR behavior also prevents what might best be termed the “blinking cursor dilemma.” Certain ill-behaved window managers update a small region of the taskbar continuously, even though none of the pixels in that region have changed. Also, certain programs have a blinking cursor that may update more frequently than the ALR timeout. Since an ALR is triggered based on a period of inactivity relative to the last framebuffer update, these continuous updates prevent an ALR from ever being sent. Fortunately, these ill-behaved window managers and blinking cursors do not typically use X[Shm]PutImage() to perform their continuous updates, so the problem can be worked around by limiting the regions that are “eligible” for ALR to just the subset of regions that were drawn with the X[Shm]PutImage() functions.

You can override the default ALR behavior, thus making all screen regions eligible for ALR, by setting the TVNC_ALRALL environment variable to 1 on the TurboVNC server machine prior to starting a TurboVNC session.

5.5 Securing a TurboVNC Connection

Normally, the connection between the TurboVNC Server and the TurboVNC Viewer is completely unencrypted, but securing that connection can be easily accomplished by using the port forwarding feature of Secure Shell (SSH.) After you have started a TurboVNC session on the TurboVNC server machine, open a new SSH connection into the TurboVNC server machine using the following command line:

Linux/Unix/Mac clients

ssh -L {5900+n}:localhost:{5900+n} {user}@{server}

Windows clients

"c:\program files\turbovnc\putty" -L {5900+n}:localhost:{5900+n} {user}@{server}

Replace {user} with your user account name on the TurboVNC server machine and {server} with the hostname or IP address of that machine. Replace n with the X display number of the TurboVNC session to which you want to connect.

For instance, if you wish to connect to display :1 on server my_server using user account my_user, you would type:

Linux/Unix/Mac clients

ssh -L 5901:localhost:5901 my_user@my_server

Windows clients

"c:\program files\turbovnc\putty" -L 5901:localhost:5901 my_user@my_server

After the SSH connection has been established, you can then launch the TurboVNC Viewer and point it to localhost:{n} (localhost:1 in the above example.)

The -via Command-Line Option

If you are using the Unix/Linux TurboVNC Viewer, then you can simplify the above by using the -via command-line option to vncviewer. For instance, running

/opt/TurboVNC/bin/vncviewer -via {user}@{server} localhost:{n}

is the equivalent of running

/usr/bin/ssh -L {5900+n}:localhost:{5900+n} {user}@{server}
/opt/TurboVNC/bin/vncviewer localhost:{n}

The command used to establish the SSH tunnel is configurable by way of environment variables. See the vncviewer man page for more details.

Forcing Secure Connections

Passing an argument of -localhost to vncserver will force the TurboVNC Server session to accept inbound connections only from the server machine. This effectively forces SSH tunneling to be used for remote connections. If the no-remote-connections directive is set in the TurboVNC authentication configuration file, then that has the effect of enabling the -localhost option for all new TurboVNC sessions that are started on the machine.

Passing an argument of -noreverse to vncserver will disable the ability to make outbound (reverse) connections from the TurboVNC Server session. If the no-reverse-connections directive is set in the TurboVNC authentication configuration file, then that has the effect of enabling the -noreverse option for all new TurboVNC sessions that are started on the machine.

Performance Notes

For LAN connections and other high-speed networks, tunneling the TurboVNC connection over SSH will reduce performance by as much as 20-40%. For wide-area networks, however, there is no performance penalty for using SSH tunneling with TurboVNC.

5.6 Further Reading

For more detailed instructions on the usage of TurboVNC:

Linux/Unix/Mac

Refer to the TurboVNC man pages:

man -M /opt/TurboVNC/man {vncserver | Xvnc | vncviewer | vncconnect | vncpasswd}

Windows

Use the embedded help feature (the question mark button in the upper right of the TurboVNC Viewer dialogs.)

6 TurboVNC Authentication Extensions

The TurboVNC Server supports four “authentication methods”, which are used to validate authentication credentials sent from a VNC viewer:

No Authentication

Any viewer may connect without sending any authentication credentials.

VNC Password Authentication

A valid VNC password must be sent from the VNC viewer using the “Standard VNC” authentication scheme (see below) before it is allowed to connect. The VNC password is typically stored in a file under the user’s home directory on the server machine. It is separate from any other login credentials and thus represents less of a security threat if compromised (that is, assuming the VNC password and the Unix login password are not set to the same value.)

One-Time Password (OTP) Authentication

Using vncpasswd, a unique password is generated “on the fly” for the TurboVNC session and is printed on the server’s command line (see the man page for vncpasswd for more details.) The user enters this password in the VNC viewer as if it were a VNC password, and the viewer sends the OTP using the “Standard VNC” authentication scheme (see below.) However, once the OTP has been used once to authenticate a viewer, it is forgotten and cannot be reused. OTP authentication can be used, for instance, to launch or connect to TurboVNC sessions from an automated web portal or from a job scheduler. OTP authentication is also useful for allowing temporary access to a TurboVNC session for collaboration purposes.

PAM User/Password Authentication

The TurboVNC Server uses Pluggable Authentication Modules (PAM) to validate a username and password received from a VNC viewer via the “Unix login” authentication scheme (see below.) The username and password received from the VNC viewer need not necessarily be validated against Unix login credentials. Generally, the server can be configured to use any user/password authentication credentials that can be accessed through PAM. Since the “Unix login” authentication scheme sends the password as plain text, it is strongly recommended that this authentication method be enabled only if the server is restricted to only allow loopback (SSH) connections and to disallow reverse connections (see Section 5.5.)

The TurboVNC Viewer supports three “authentication schemes”, which are protocols used to validate authentication credentials with a VNC server:

None

No authentication credentials are sent to the server.

Standard VNC Authentication

A password is sent to the server using a DES-encrypted challenge-response scheme. The password can be up to 8 characters long, so the DES key length is 56 bits. This is not a particularly strong form of encryption by today’s standards (56-bit DES was broken by brute force attack in the late 90’s.)

Unix Login Authentication

Both the username and password are sent to the server as plain text. Thus, it is strongly recommended that this authentication scheme be used only with an SSH-encrypted TurboVNC connection (see Section 5.5.)

6.1 Enabling Authentication Methods

The default behavior of the TurboVNC Server is for all authentication methods to be enabled and for VNC password authentication and OTP to be preferred over PAM user/password authentication. However, the system administrator can disable one or more of the authentication methods or set the preferred order of the authentication methods by editing the server’s authentication configuration file. See the Xvnc man page for more details.

If the server allows multiple authentication methods that support multiple authentication schemes, then the client’s default authentication scheme will be determined by the preferred authentication method on the server. In this case, the user can override the default by passing command-line arguments to vncviewer. If the server prefers an authentication method that supports standard VNC authentication, then the user can force the use of Unix login authentication by passing an argument of -user {user_name} to vncviewer when connecting to the TurboVNC session. Similarly, if the server prefers an authentication method that supports Unix login authentication, then the user can force the use of standard VNC authentication by passing an argument of -nounixlogin to vncviewer. Both of these command-line options work with both the Unix and Windows versions of vncviewer. Note that if using the Java TurboVNC Viewer, the same thing can be accomplished by setting the USER parameter or setting the No Unix Login parameter to Yes in /opt/TurboVNC/vnc/classes/index.vnc.

If the system administrator has not restricted any of the authentication methods on a system-wide basis, then the user can choose to disable some or all of them for a single TurboVNC session by passing command-line arguments to vncserver. See the vncserver man page for more details.

6.2 Further Reading

For more detailed information about the TurboVNC authentication extensions, refer to the TurboVNC man pages:

man -M /opt/TurboVNC/man {vncserver | Xvnc | vncviewer | vncpasswd}

7 Multithreading in TurboVNC

The TurboVNC Server can use multiple threads to perform image encoding and compression, thus allowing it to take advantage of multi-core or multi-processor systems. The server splits the screen vertically into N tiles, where N is the number of threads, and assigns each tile to a separate thread. The scalability of this algorithm is nearly linear when used with demanding 3D or video applications that fill most of the screen. However, whether or not multithreading improves the overall performance of TurboVNC depends largely on the performance of the client and the network. If either the client or the network are the primary performance bottlenecks, then multithreading the server will not help. It will almost certainly have no effect on networks slower than 100 Megabit Ethernet or when using the Java TurboVNC Viewer.

To enable server-side multithreading, set the TVNC_MT environment variable to 1 on the server prior to starting vncserver. The default behavior is to use as many threads as there are cores on the server machine, but you can set the TVNC_NTHREADS environment variable to override this.

8 Using TurboVNC with VirtualGL

Referring to the VirtualGL User’s Guide, VirtualGL’s X11 Transport draws 3D images onto an X display using standard X11 drawing commands. Since this results in the images being sent uncompressed to the X server, the X11 Transport is designed to be used with an “X Proxy.” An X proxy acts as a virtual X server, receiving X11 commands from the application (and from VirtualGL), rendering the X11 commands into images, compressing the resulting images, and sending the compressed images over the network to a client or clients.

Since VirtualGL is sending rendered 3D images to the X proxy at a very fast rate, the proxy must be able to compress the images very quickly in order to keep up. Unfortunately, however, most X proxies can’t. They simply aren’t designed to compress, with any degree of performance, the large and complex images generated by 3D applications.

Enter TurboVNC. Although TurboVNC can be used with all types of applications, it was initially designed as a fast X proxy for VirtualGL. TurboVNC provides an alternate means of delivering rendered 3D images from VirtualGL to a client machine without using VirtualGL’s embedded VGL Transport.

Advantages of TurboVNC (when compared to the VGL Transport)

• When using the VGL Transport, non-3D portions of the application’s GUI are sent over the network using remote X11, which will create performance problems on high-latency networks (such as broadband or long-haul fibre.) Non-3D portions of the application’s GUI will load and render much faster (perhaps even orders of magnitude faster) with TurboVNC than with the VGL Transport on such connections.
• For 3D applications whose rendered images do not contain very many unique colors (for instance, CAD applications in wireframe mode), the hybrid encoding methods used by TurboVNC will generally use less network bandwidth than the pure JPEG encoding method used by the VGL Transport.
• TurboVNC provides two lossless compression modes, one of which is designed to reduce server CPU usage on gigabit networks and the other of which is designed to provide reasonable performance on wide-area networks (at the expense of higher server CPU usage.) The VGL Transport’s only lossless option is uncompressed RGB.
• TurboVNC includes a lossless refresh feature that will, on demand, send a mathematically lossless image of the current VNC desktop to the client. A user connecting over a low-bandwidth connection can use low-quality JPEG to achieve the best performance when manipulating the 3D model, then they can request a lossless refresh when they are ready to study the model in detail.
• The TurboVNC Server can be configured to send a mathematically lossless copy of certain regions of the screen during periods of inactivity (Automatic Lossless Refresh.)
• TurboVNC provides rudimentary collaboration capabilities. Multiple clients can simultaneously view the same TurboVNC session and pass around control of the keyboard and mouse.
• The TurboVNC Viewer is stateless. If the network hiccups or the viewer is otherwise disconnected, the session continues to run on the server and can be rejoined from any machine on the network.
• No X server is required on the client machine. This reduces the deployment complexity for Windows clients.
• Any web browser or PDA can be used as a TurboVNC client (with reduced performance.)

Disadvantages of TurboVNC (when compared to the VGL transport)

• No seamless windows. All application windows are constrained to a “virtual desktop”, which displays in a single window on the client machine.
• TurboVNC will generally require about 20% more server CPU cycles to maintain the same frame rate as the VGL Transport, both because it has to compress more pixels in each frame (an entire desktop rather than a single window) and because it has to perform 2D (X11) rendering as well as 3D rendering.
• TurboVNC does not support quad-buffered stereo or transparent overlays.

8.1 Using TurboVNC and VirtualGL on the Same Server

The most common (and optimal) way to use TurboVNC is to set it up on the same server that is running VirtualGL. This allows VirtualGL to send its rendered 3D images to TurboVNC through shared memory rather than sending them over a network.

The following procedure describes how to launch a 3D application using this configuration.

Procedure

1. Follow the procedure described in Chapter 5 for starting a TurboVNC session and connecting to it.
2. Open a new terminal inside the TurboVNC desktop.
3. In the terminal, start a 3D application using VirtualGL:

   /opt/VirtualGL/bin/vglrun [vglrun options] {application_executable_or_script} {arguments}
   

   The TurboVNC startup script sets the VGL_COMPRESS environment variable to 0, which will automatically enable the X11 Transport within VirtualGL.

8.2 Using TurboVNC When VirtualGL Is Running on a Different Machine

If TurboVNC and VirtualGL are running on different servers, then it is desirable to use the VGL Transport to send images from the VirtualGL server to the TurboVNC server. It is also desirable to disable image compression in the VGL Transport. Otherwise, the images would have to be compressed by the VirtualGL server, decompressed by the VirtualGL Client, then recompressed by the TurboVNC Server, which is a waste of CPU resources. However, sending images uncompressed over a network requires a fast network (generally, Gigabit Ethernet or faster), so there needs to be a fast link between the VirtualGL server and the TurboVNC server for this procedure to perform well.

Procedure

1. Follow the procedure described in Chapter 5 for starting a TurboVNC session and connecting to it.
2. Open a new terminal inside the TurboVNC desktop.
3. In the same terminal window, open a Secure Shell (SSH) session into the VirtualGL server:

   /opt/VirtualGL/bin/vglconnect {user}@{server}
   

   Replace {user} with your user account name on the VirtualGL server and {server} with the hostname or IP address of that server. Refer to the VirtualGL User’s Guide for additional vglconnect options.
4. In the SSH session, set the VGL_COMPRESS environment variable to rgb

   Passing an argument of -c rgb to vglrun achieves the same effect.

5. In the SSH session, start a 3D application using VirtualGL:

   /opt/VirtualGL/bin/vglrun [vglrun options] {application_executable_or_script} {arguments}
   

9 Compatibility Guide

In order to realize the full performance benefits of TurboVNC, it is necessary to use a TurboVNC server and a TurboVNC viewer in concert. However, TurboVNC is fully compatible with TigerVNC, TightVNC, RealVNC, and other VNC flavors. You can use the TurboVNC Viewer to connect to a non-TurboVNC server (or vice versa), although this will generally result in some decrease in performance.

The following sections list additional things to bear in mind when mixing TurboVNC with other VNC flavors.

9.1 TightVNC or TigerVNC Servers

• TightVNC and TigerVNC specify the JPEG quality level on a scale from 0 to 9. This translates to actual JPEG quality as follows:

  TightVNC JPEG Quality Levels

  JPEG quality level	0	1	2	3	4	5	6	7	8	9
  Actual JPEG quality	5	10	15	25	37	50	60	70	75	80
  Actual YUV subsampling	2X	2X	2X	2X	2X	2X	2X	2X	2X	2X

  TigerVNC JPEG Quality Levels

  JPEG quality level	0	1	2	3	4	5	6	7	8	9
  Actual JPEG quality	15	29	41	42	62	77	79	86	92	100
  Actual YUV subsampling	4X	4X	4X	2X	2X	2X	1X	1X	1X	1X
  Average compression ratio *	100	80	70	60	50	40	30	25	20	10

  * Experimentally determined by compressing every 10th frame in the SPECviewperf 9 benchmark suite

  TurboVNC, on the other hand, includes extensions to the Tight protocol that allow the JPEG quality to be specified on the standard 1-100 scale and allow the JPEG chrominance subsampling to be specified seperately. TigerVNC 1.2 and later includes the same extensions on the server side, so the TigerVNC 1.2 Server will behave like the TurboVNC Server when a TurboVNC Viewer is connected to it.
  
  When a TurboVNC viewer is connected to a TightVNC or TigerVNC 1.0/1.1 server, setting the JPEG quality to N in the TurboVNC Viewer sets the JPEG quality level to N/10 in the TightVNC or TigerVNC server. For instance, if you set the JPEG quality to 95 in the TurboVNC Viewer, this would translate to a JPEG quality level of 9, which would set the actual JPEG quality/subsampling to 80/2X if connected to a TightVNC server or 100/1X if connected to a TigerVNC 1.0/1.1 server.
  
  
• Changing the JPEG chrominance subsampling option in the TurboVNC Viewer has no effect when connecting to a TightVNC or TigerVNC 1.0/1.1 server.
  
  
• Although compression levels 2-9 cannot be set using the TurboVNC Viewer GUI, you can still specify these higher compression levels from the TurboVNC Viewer command line. It should be noted, however, that our experiments have shown that compression levels higher than 5 are generally not useful in the TightVNC or TigerVNC Servers. They increase CPU usage exponentially without providing any significant savings in bandwidth relative to Compression Level 5.
  
  
• TurboVNC supports an extension to the TightVNC protocol that allows the server to tell the viewer not to use Zlib to decompress a particular rectangle. Zlib introduces a tremendous amount of performance overhead, even when compression level 0 (no compression) is used. Thus, when a TurboVNC viewer requests Zlib compression level 0 from the TurboVNC Server, the TurboVNC Server bypasses Zlib altogether. TightVNC and TigerVNC servers do not support this extension, and thus they will still use Zlib to “compress” data even if you request no Zlib compression using the TurboVNC Viewer.
  
  
• The TightVNC Server will use much more CPU time across the board than the TurboVNC Server, all else being equal. TigerVNC 1.2 can be made to perform similarly to TurboVNC, barring the absense of multithreading in the former, but this requires using non-default settings in TigerVNC. The default TigerVNC settings are roughly equivalent to Compression Level 2 in TurboVNC, which will use significantly more CPU time than Compression Level 1. Additionally, TigerVNC does inter-frame comparison by default whenever Compression Level 2 or above is selected, and this increases CPU time even more. Compression Level 1 should be used in TigerVNC in order to simulate the behavior of TurboVNC’s “Tight + JPEG” encoding methods.

9.2 TightVNC or TigerVNC Viewers

• The TurboVNC Server will attempt to emulate the behavior of a TigerVNC server and will translate JPEG quality levels into actual JPEG quality and subsampling as specified in Section 9.1.
  
  
• When either a TightVNC or TigerVNC viewer is connected to a TurboVNC server, setting the compression level to 0 in the viewer will, in certain cases, cause the connection to abort with a “bad subencoding value” error. This is because the TurboVNC Server is attempting to send the image tiles with no Zlib compression, and the TightVNC and TigerVNC viewers don’t support this.
  
  
• The TurboVNC Server only supports compression levels 1-2 if JPEG encoding is enabled, and compression levels 0-1 if JPEG encoding is disabled. Extensive experimentation has shown that TurboVNC’s encoding methods cannot produce significantly tighter output by increasing the Zlib compression level beyond this, except on rare corner cases (such as the console output of a large compilation) that are not performance-critical to begin with. In general, increasing the Compression Level from 1 to 2 with JPEG enabled will increase the CPU usage for most 3D and video workloads without providing any significant bandwidth savings. However, Compression Level 2 can be shown to reduce bandwidth by 20-40% (with a commensurate increase in CPU usage) for certain types of workloads that have low numbers of unique colors.
  
  

9.3 RealVNC

The TurboVNC Viewer supports the Hextile and Raw encoding types, which are compatible with RealVNC. Neither of these encoding types can be selected from the TurboVNC Viewer GUI, but Hextile will be selected automatically when connecting to a RealVNC server. Raw will be automatically selected when connecting to a VNC server running on the same machine as the viewer. Both Raw and Hextile can also be manually selected from the vncviewer command line. The TurboVNC Server additionally supports the CoRRE, RRE, Zlib, and ZRLE encoding types, for compatibility with RealVNC viewers.

The Raw encoding type can perform well on gigabit links, if you can spare the bandwidth. Hextile, however, uses very small tiles, which causes it to incur a large amount of computational overhead. It compresses too poorly to perform well on slow links but uses too much CPU time to perform well on fast links. Thus, neither Raw nor Hextile should be used unless absolutely necessary. One interesting note, however, is that many of the TurboVNC viewer enhancements (including optimized blitting, hiding network latency, and double buffering) are available even when using these legacy encoding types.

10 Advanced Configuration

10.1 Server Settings

Description

See Section 5.4.2

Description

See Chapter 7

Description

See Chapter 7

Description

If profiling output is enabled, then the TurboVNC Server will continuously benchmark itself and periodically print the throughput of various stages in its image pipeline to the Xvnc log file.

10.2 Client Settings

Description

If profiling output is enabled, then the TurboVNC Viewer will continuously benchmark itself and periodically print the throughput of various stages in its image pipeline to the console.