User’s Guide for TurboVNC 2.2.6



1 Legal Information

somerights20

This document and all associated illustrations are licensed under the Creative Commons Attribution 2.5 License. Any works that contain material derived from this document must cite The VirtualGL Project as the source of the material and list the current URL for the TurboVNC web site.

The official TurboVNC binaries contain libjpeg-turbo, which is based in part on the work of the Independent JPEG Group.

TurboVNC is licensed under the GNU General Public License, v2.



2 Conventions Used in This Document

This document assumes that TurboVNC will be installed in the default directory (/opt/TurboVNC on Linux/Un*x and Mac systems and c:\Program Files\TurboVNC on Windows systems.) If your installation of TurboVNC resides in a different directory, then adjust the instructions accordingly.

2.1 Terminology

VNC server (sometimes just “server”)
A computer program, implementing the Remote Framebuffer (RFB) protocol and usually designed to run as a background process, that provides an interactive remote desktop environment through which authenticated users can run graphical programs remotely from other computers on the network. VNC servers can be implemented as single-user screen scrapers, which transmit the contents of the host’s physical display (most common with Windows and Mac VNC servers), or as virtual display servers, which provide isolated remote desktop environments for an arbitrary number of simultaneous users on the same host (most common with Un*x VNC servers.)
VNC host (sometimes just “host”)
The machine on which a VNC server is running
VNC viewer (sometimes just “viewer”)
A computer program, implementing the Remote Framebuffer (RFB) protocol, that connects to a VNC server running on another computer, thus allowing users to run graphical programs remotely.
client machine (sometimes just “client”)
The machine on which a VNC viewer is running
VNC session (sometimes just “session”)
A specific instance of a Un*x VNC server (Xvnc.) Each instance of an Xvnc server, including the TurboVNC Server, acts as an independent virtual X server, listening on a unique X11 display number for connections from X11 clients and listening on a unique RFB port number for connections from VNC viewers. Multiple simultaneous VNC sessions can exist on a given host, under any number of different user accounts.



3 Overview

TurboVNC is a derivative of VNC (Virtual Network Computing) that is tuned to provide peak performance for 3D and video workloads. TurboVNC was originally a fork of TightVNC 1.3.x, and on the surface, the X server and Windows viewer still behave similarly to their parents. However, the current version of TurboVNC contains a much more modern X server code base (based on X.org) and a variety of other features and fixes, including a high-performance zero-install Java viewer. TurboVNC compresses 3D and video workloads significantly better than the “tightest” compression mode in TightVNC 1.3.x while using only typically 15-20% of the CPU time of the latter. Using non-default settings, TurboVNC can also match the best compression ratios produced by TightVNC 1.3.x for 2D workloads (see Section 7.2.)

All VNC implementations, including TurboVNC, use the RFB (remote framebuffer) protocol to send “framebuffer updates” from the VNC server to any connected viewers. Each framebuffer update can contain multiple “rectangles” (regions that have changed since the last update.) As with TightVNC, TurboVNC analyzes each rectangle, splits it into multiple “subrectangles”, and attempts to encode each subrectangle using the “subencoding type” that will provide the most efficient compression, given the number of unique colors in the subrectangle. The process by which TurboVNC does this is referred to as an “encoding method.” A rectangle is first analyzed to determine if any significant portion of it is solid, and if so, that portion is encoded as a bounding box and a fill color (“Solid subencoding.”) Of the remaining subrectangles, those with only two colors are encoded as a 1-bit-per-pixel bitmap with a 2-color palette (“Mono subencoding”), those with low numbers of unique colors are encoded as a color palette and an 8-bit-per-pixel bitmap (“Indexed color subencoding”), and subrectangles with high numbers of unique colors are encoded using either JPEG or arrays of RGB pixels (“Raw subencoding”), depending on the encoding method. zlib can optionally be used to compress the indexed color, mono and raw subrectangles.

Part of TurboVNC’s speedup comes from the use of libjpeg-turbo, the same high-speed SIMD-optimized JPEG codec used by VirtualGL. However, TurboVNC also eliminates the CPU-hungry smoothness detection routines that TightVNC uses to determine whether a subrectangle is a good candidate for JPEG compression, and TurboVNC’s encoding methods tend to favor the use of JPEG more, since it is now generally the fastest subencoding type. Furthermore, TurboVNC eliminates buffer copies, it maximizes network efficiency by splitting framebuffer updates into relatively large subrectangles, and it uses only the zlib compression levels that can be shown to have a measurable performance benefit.

TurboVNC is the product of extensive research, in which many different permutations of the TightVNC encoder were benchmarked at the low level against a variety of RFB session captures that simulate real-world application workloads, both 2D and 3D. For more information on the research leading to TurboVNC’s encoder design, see this report.

In addition to high performance, other notable features of TurboVNC include:

TurboVNC, when used with VirtualGL, provides a highly performant and robust solution for remotely displaying 3D applications over all types of networks.

On “modern” hardware, TurboVNC is capable of streaming 50+ Megapixels/second over a 100 Megabit/second local area network with perceptually lossless image quality. TurboVNC can stream between 10 and 12 Megapixels/second over a 5 Megabit/second broadband connection at reduced (but usable) image quality.

TurboVNC is compatible with other VNC distributions. See Chapter 10 for more information. The official TurboVNC binaries can be installed onto the same system as other VNC distributions without interference.



4 System Requirements

4.1 Linux/x86 and Other x86 Un*x Operating Systems

Host (x86) Host (x86-64) Client
Recommended CPU
  • For optimal performance, the CPU should support SSE2 extensions.
  • Dual processors or dual cores recommended
Dual processors or dual cores recommended For optimal performance, the CPU should support SSE2 extensions.
O/S TurboVNC should work with a variety of Linux distributions, FreeBSD, and Solaris, but currently-supported versions of Red Hat Enterprise Linux (and its work-alikes, including CentOS, Oracle Linux, and Scientific Linux), Ubuntu LTS, and SuSE Linux Enterprise tend to receive the most attention from the TurboVNC community.
Other
  • For optimal performance, the X server should be configured to export True Color (24-bit or 32-bit) visuals.
  • Oracle Java or OpenJDK (Oracle Java 8 or IcedTea-Web is required if using Java Web Start.)

4.2 Mac/x86

Client
Recommended CPU Any 64-bit Intel-based Mac
O/S OS X/macOS 10.7 “Lion” or later
Other Software Oracle Java 8u40 or later, or OpenJDK 8 or later (Oracle Java 8 or IcedTea-Web is required if using Java Web Start.)

4.3 Windows

Client
Recommended CPU For optimal performance, the CPU should support SSE2 extensions.
O/S Windows 2000 SP1 or later
Other
  • For optimal performance, the client display should have a 24-bit or 32-bit (True Color) color depth.
  • SSH client (MSYS2 or Cygwin implementation preferred, since those implementations work with the -via and -tunnel options in the native Windows TurboVNC Viewer, but other SSH implementations will work without the -via and -tunnel options. ssh.exe should be in the PATH.)
  • Oracle Java 8 or IcedTea-Web is required if using Java Web Start.



5 Obtaining and Installing TurboVNC

5.1 Installing TurboVNC on Linux

Installing TurboVNC

  1. Download the appropriate TurboVNC binary package for your system from the Files area of the TurboVNC SourceForge project page. Packages are provided for RPM-based and Debian-based Linux distributions that contain GLIBC 2.5 or later.
  2. cd to the directory where you downloaded the binary package, and issue one of the following commands as root:
    RPM-based systems using YUM
    yum install turbovnc*.rpm
    
    RPM-based systems using DNF
    dnf install turbovnc*.rpm
    
    RPM-based systems using YaST2
    yast2 --install turbovnc*.rpm
    
    Other RPM-based systems (dependencies will not be installed automatically)
    rpm -U turbovnc*.rpm
    
    Debian-based systems
    dpkg -i turbovnc*.deb
    apt install -f
    

Installing TurboVNC for a Single User

Download the appropriate binary package, as above, then execute the following commands:

RPM-based systems
mkdir ~/turbovnc
cd ~/turbovnc
rpm2cpio full/path/of/turbovnc*.rpm | cpio -idv
Debian-based systems
dpkg-deb –extract full/path/of/turbovnc*.deb ~/turbovnc

Add ~/turbovnc to any paths specified in this document. Note that the TurboVNC security configuration file will not work when TurboVNC is installed in this manner.

5.2 Installing the TurboVNC Viewer on macOS

  1. Download the TurboVNC Mac disk image (TurboVNC-2.2.6.dmg) from the Files area of the TurboVNC SourceForge project page.

    This package requires Oracle Java or OpenJDK.

  2. Open the disk image, then open TurboVNC.pkg inside the disk image. Follow the instructions to install the Mac TurboVNC Viewer.

5.3 Installing the TurboVNC Viewer on Windows

  1. Download the TurboVNC Windows installer package (TurboVNC-2.2.6-x86.exe for 32-bit systems or TurboVNC-2.2.6-x64.exe for 64-bit systems) from the Files area of the TurboVNC SourceForge project page.
  2. Run the TurboVNC installer. The installation of TurboVNC should be self-explanatory. The only configuration option is the directory into which you want the files to be installed.

5.4 Installing TurboVNC from Source

If you are using a Linux/Un*x platform for which there is not a pre-built TurboVNC binary package available, then download the TurboVNC source tarball (turbovnc-2.2.6.tar.gz) from the Files area of the TurboVNC SourceForge project page, uncompress it, cd turbovnc-2.2.6, and read BUILDING.md for further instructions on how to build TurboVNC from source.

5.5 Uninstalling TurboVNC

Linux

As root, issue one of the following commands:

RPM-based systems
rpm -e turbovnc
Debian-based systems
dpkg -r turbovnc

macOS

Open the Uninstall TurboVNC application, located in the TurboVNC Applications folder. You can also open a terminal and execute:

sudo /opt/TurboVNC/bin/uninstall

Windows

Use the Programs and Features applet in the Control Panel (or the Apps & Features applet if you are running Windows 10), or select Uninstall TurboVNC in the TurboVNC Start Menu group.



6 Using TurboVNC

6.1 Starting and Connecting to a TurboVNC Session

Procedure

  1. Open a new Command Prompt/terminal window on your client machine.
  2. In the new Command Prompt/terminal window, open a Secure Shell (SSH) session into the TurboVNC host:
    ssh user@host
    Replace user with your username on the TurboVNC host and host with the hostname or IP address of the host.
  3. In the SSH session, start a TurboVNC session:
    /opt/TurboVNC/bin/vncserver
    
  4. Make a note of the X display number that the TurboVNC session is occupying, for instance:

    Desktop 'TurboVNC: my_host:1 (my_user)' started on display my_host:1

    If this is the first time that a TurboVNC session has ever been run under this user account, and if VNC password authentication is enabled for the session, then TurboVNC will prompt for a VNC password.
  5. The SSH session can now be exited, if desired.
  6. On the client machine, start the TurboVNC Viewer.
    Linux/Un*x clients
    Open a new terminal/xterm and type
    /opt/TurboVNC/bin/vncviewer
    
    Mac clients
    Open the TurboVNC Viewer application, located in the TurboVNC Applications folder.
    Windows clients
    Select TurboVNC Viewer in the TurboVNC Start Menu group.
  7. A small dialog box will appear.

    Windows TurboVNC Viewer Linux/Un*x/Mac (Java) TurboVNC Viewer
    newconn-win newconn-java

    Enter the X display name (hostname, or IP address, and display number) of the TurboVNC session in the “VNC server” field, then click “Connect”.
  8. Another dialog box appears, prompting for the password (if Standard VNC authentication is being used) or for the username and password (if Unix Login authentication is being used.)

    Windows TurboVNC Viewer Linux/Un*x/Mac (Java) TurboVNC Viewer
    Standard VNC Authentication Dialog vncauth-win vncauth-java
    Unix Login Authentication Dialog unixauth-win unixauth-java

    Enter the VNC session password or the Unix username/password and click “OK” (Windows) or press Enter (Linux/Un*x/Mac.)

    A TurboVNC desktop window should appear on your client machine. This window contains a virtual desktop with which you can interact to launch X-Windows applications on the TurboVNC host.

6.1.2 Window Manager Compatibility

This version of the TurboVNC Server can run 3D (compositing) window managers (such as Unity or GNOME 3+ or KDE 5+) using its built-in software OpenGL implementation, and it also provides an option (-vgl) that allows for running 3D window managers using VirtualGL. However, for performance reasons, it is generally recommended that you use a 2D window manager with the TurboVNC Server (even with VirtualGL, 3D window managers have a lot of overhead.) As of this writing, Ubuntu, RHEL 7+, and Fedora provide an optional 2D window manager called “GNOME Fallback”, “GNOME Flashback”, or “GNOME Classic”, which will automatically be used if it is installed and the TVNC_WM environment variable is set to 2d. For other systems that lack a 2D window manager, it is recommended that you install MATE. Refer to this report for an up-to-date list of window managers that have been tested with this version of the TurboVNC Server, how to configure the TurboVNC Server to use those window managers, and a list of known compatibility issues.

6.2 Disconnecting and Killing a TurboVNC Session

Closing the TurboVNC Viewer disconnects from the TurboVNC session, but the TurboVNC session will remain running on the TurboVNC host (as will any applications that you may have started within the session), and you can reconnect to the session at any time.

To kill a TurboVNC session:

  1. Using SSH, log into the host that is running the TurboVNC session you want to kill.
    … or …
    Using the TurboVNC Viewer, connect to the TurboVNC session that you want to kill, and open a new terminal in that TurboVNC session.
  2. Type the following command:
    /opt/TurboVNC/bin/vncserver -kill :n
    Replace n with the X display number of the TurboVNC session you want to kill.

To list the X display numbers and process ID’s of all TurboVNC sessions currently running under your user account on a particular host, type the following command:

/opt/TurboVNC/bin/vncserver -list

6.3 Launching the TurboVNC Viewer from a Web Browser

When a TurboVNC session is created, it automatically starts a miniature web server that serves up the Java TurboVNC Viewer as a Java Web Start app. This allows you to easily connect to the TurboVNC session from a machine that does not have the TurboVNC Viewer installed locally. If one of the official TurboVNC binary packages is installed on the host, then the miniature web server will automatically send the appropriate x86 or x86-64 libjpeg-turbo JNI library for Linux, macOS, or Windows clients when launching the TurboVNC Viewer. This provides most of the advantages of the standalone TurboVNC viewers, including native levels of performance on popular client platforms.

To launch the Java TurboVNC Viewer from a web browser, point your web browser to:

http://host:5800+n

where host is the hostname or IP address of the TurboVNC host, and n is the X display number of the TurboVNC session to which you want to connect.

Example: If the TurboVNC session is occupying X display my_host:1, then point your web browser to:

http://my_host:5801

This will download a JNLP file to your computer, which you can open in Java Web Start.

You can add viewer parameters to the URL using the following format:

http://host:5800+n?param1=value1&param2=value2

Example:

http://my_host:5801?tunnel=1&samp=2x&quality=80

will tunnel the VNC connection through SSH and enable Medium-Quality JPEG.

NOTE: As of Java 7 Update 51, self-signed JARs are not allowed to run in Java Web Start by default. This is not an issue if you are using the official TurboVNC binary packages, but if you are building a self-signed version of the Java TurboVNC Viewer for development purposes, then you will need to add http://host:http-port (for example, http://my_host:5801) to Java’s Exception Site List, which can be found under the “Security” tab in the Java Control Panel.

NOTE: On some newer macOS systems, downloading a JNLP file may result in an error: “xxxxxxxx.jnlp can’t be opened because it it from an unidentified developer.” To work around this, you can either open the JNLP file directly from your Downloads folder, or you can change the application security settings in the Security & Privacy section of System Preferences to allow applications downloaded from anywhere.

6.4 Deploying the Java TurboVNC Viewer Using Java Web Start

Accessing the Java TurboVNC Viewer through TurboVNC’s built-in HTTP server, as described above, is a quick and easy way of running the TurboVNC Viewer on machines that don’t already have a VNC viewer installed (for instance, for the purpose of collaborating with colleagues who don’t normally use TurboVNC.)

To set up a large-scale deployment of the Java TurboVNC Viewer, however, it is desirable to serve up the JAR files from a dedicated web server.

For the purposes of this guide, it is assumed that the reader has some knowledge of web server administration.

6.5 Using SSH to Secure a TurboVNC Connection

If you are using the Java TurboVNC Viewer, then the connection between the TurboVNC Server and the TurboVNC Viewer will be encrypted by default (refer to Chapter 8.) Otherwise, the connection can easily be secured with SSH by using the -via and -tunnel command-line options in the TurboVNC Viewer (or, if you are using the Java TurboVNC Viewer, the equivalent GUI options, which are located under the “Security” tab in the Options dialog.) SSH is also preferable to TurboVNC’s built-in encryption if one does not want to open additional ports in the host’s firewall.

The -via and -tunnel options in the TurboVNC Viewer take advantage of the port forwarding feature in SSH. For instance, running

vncviewer -via user@host localhost:n

or

vncviewer -tunnel user@host

is the equivalent of running

ssh -L fp:localhost:5900+n user@host
vncviewer localhost::fp

where fp is a free TCP port on the client machine (this is automatically determined by the TurboVNC Viewer.)

In the above examples, vncviewer is the command used to launch the TurboVNC Viewer– /opt/TurboVNC/bin/vncviewer on Mac/Linux/Un*x systems, or c:\Program Files\TurboVNC\vncviewer-java.bat if running the Java TurboVNC Viewer on Windows systems, or c:\Program Files\TurboVNC\cvncviewer.exe if running the native Windows TurboVNC Viewer.

-tunnel can be used as a shortcut whenever the SSH and VNC hosts are the same machine. -via is more flexible, since it allows you to specify the VNC server to which to connect. The VNC server is specified from the point of view of the SSH server, which is why we used localhost in the above example.

The command used to establish the SSH tunnel is configurable by way of environment variables. See Section 11.2 for more details.

NOTE: Since the Java TurboVNC Viewer contains an embedded SSH client, the -via and -tunnel command-line options can also be used when the viewer is deployed using Java Web Start. These options would be specified as <argument> elements under the <application-desc> element in the JNLP file.

Currently the use of the -via and -tunnel command-line options in the Windows TurboVNC Viewer requires Cygwin or MSYS2, since those are the only known Windows SSH implementations that support detaching the SSH process once the tunnel has been established. When using -via or -tunnel, it is recommended that you use the console version of the Windows TurboVNC Viewer (cvncviewer.exe) rather than vncviewer.exe. Otherwise, a new console window will pop up and remain for the duration of the VNC connection.

Forcing SSH Connections

Passing an argument of -localhost to vncserver will force the TurboVNC session to accept inbound connections only from the TurboVNC host. This effectively forces SSH tunneling to be used for remote connections. If the no-remote-connections directive is set in the TurboVNC security configuration file, then that has the effect of enabling the -localhost option for all new TurboVNC sessions that are started on the host.

Passing an argument of -noreverse to vncserver will disable the ability to make outbound (reverse) connections from the TurboVNC session. If the no-reverse-connections directive is set in the TurboVNC security configuration file, then that has the effect of enabling the -noreverse option for all new TurboVNC sessions that are started on the host.

If the host is configured such that it only allows SSH connections, then disallowing the TLS* security types on a system-wide basis (by setting the permitted-security-types directive in the TurboVNC security configuration file) is recommended. Otherwise, when using the Java TurboVNC Viewer with default settings, the connection will have redundant encryption.

6.6 Running OpenGL Applications

The TurboVNC Server includes a software GLX/OpenGL implementation that can be used for casual 3D rendering. This implementation uses the swrast DRI driver provided by Mesa 8.x and later. On systems that do not have vendor-specific GPU drivers installed, or on systems that provide a libglvnd-enabled build of Mesa, TurboVNC’s software OpenGL implementation can use direct rendering. Otherwise, it falls back to indirect rendering, which is limited to the OpenGL 1.4 API and which may perform sluggishly (particularly with continuous mouse input.) In general, if the TurboVNC host has a GPU, then you should use VirtualGL rather than relying on TurboVNC’s software OpenGL implementation.

Passing -extension GLX to vncserver disables the built-in GLX/OpenGL implementation, thus restoring the behavior of TurboVNC 2.1.x and earlier (which required VirtualGL in order to run OpenGL applications.) Passing -iglx to vncserver disables indirect rendering. If the built-in GLX/OpenGL implementation is not functioning properly, then pass -verbose to vncserver to log informational messages that may reveal the source of the problem.

6.7 Further Reading

For more detailed instructions on the usage of TurboVNC:

TurboVNC Server
Refer to the TurboVNC man pages:
man -M /opt/TurboVNC/man vncserver
man -M /opt/TurboVNC/man Xvnc
man -M /opt/TurboVNC/man vncconnect
man -M /opt/TurboVNC/man vncpasswd
Windows TurboVNC Viewer
Use the embedded help feature (the question mark button in the upper right of the TurboVNC Viewer dialogs.) You can also run vncviewer.exe /? from a command prompt to get a full list of supported command-line options and their descriptions.
Linux/Un*x/Mac (Java) TurboVNC Viewer
Run
/opt/TurboVNC/bin/vncviewer -?
to display a full list of supported command-line options/parameters and their descriptions.
Java TurboVNC Viewer on Windows
Run
c:\Program Files\TurboVNC\vncviewer-java.bat -?
to display a full list of supported command-line options/parameters and their descriptions.



7 Performance and Image Quality

The level of image compression in TurboVNC can be adjusted to balance the (sometimes conflicting) goals of high image quality and high performance. There are four options that control the manner in which TurboVNC compresses images:

Allow JPEG compression
If this option is enabled, then TurboVNC will use JPEG compression for subrectangles that have a high number of unique colors, and it will use indexed color subencoding for subrectangles that have a low number of unique colors. If this option is disabled, then TurboVNC will select between indexed color or raw subencoding, depending on the size of the subrectangle and its color count.
JPEG image quality
Lower quality levels produce grainier JPEG images with more noticeable compression artifacts, but lower quality levels also use less network bandwidth and CPU time.
JPEG chrominance subsampling
When compressing an image using JPEG, the RGB pixels are first converted to the YCbCr colorspace, a colorspace in which each pixel is represented as a brightness (Y, or “luminance”) value and a pair of color (Cb & Cr, or “chrominance”) values. After this colorspace conversion, chrominance subsampling can be used to discard some of the chrominance components in order to save bandwidth. This works because the human eye is more sensitive to changes in brightness than to changes in color. 1X subsampling (the default in TurboVNC) retains the chrominance components for all pixels, and thus it provides the best image quality but also uses the most network bandwidth and CPU time. 2X subsampling retains the chrominance components for every other pixel, and 4X subsampling retains the chrominance components for every fourth pixel (this is typically implemented as 2X subsampling in both X and Y directions.) Grayscale throws out all of the chrominance components, leaving only luminance. 2X and 4X subsampling will typically produce noticeable blurring of lines and other sharp features, but with photographic or other “smooth” image content, it may be difficult to detect any difference between 1X, 2X, and 4X.
Compression level
In TurboVNC, the compression level specifies:
  1. the level of zlib compression that will be used with indexed color, mono, and raw subrectangles
  2. the “palette threshold” (the minimum number of colors that a subrectangle must have before it is encoded as JPEG or raw instead of indexed color)
  3. whether or not interframe comparison should be used
See Section 7.2 below for more details.

These parameters can be adjusted by accessing the TurboVNC Viewer Options dialog box (click on the “Options” button in the “TurboVNC Connection” dialog box or, after connecting to the server, click on the Connection Options button in the toolbar.)

The TurboVNC Viewer provides five preset “encoding methods”, corresponding to the most useful combinations of the image compression options described above:

Table 7.1: TurboVNC Encoding Methods
Encoding method Allow JPEG JPEG image quality JPEG chrominance subsampling Compression level Notes
“Tight + Perceptually Lossless JPEG” Yes 95 1x 1 This encoding method should be perceptually lossless (that is, any image compression artifacts it produces should be imperceptible to human vision) under most viewing conditions. This encoding method requires a great deal of network bandwidth, however, and is generally not recommended except on 50 Megabit/second and faster networks.
“Tight + Medium-Quality JPEG” Yes 80 2x 6 For subrectangles that have a high number of unique colors, this encoding method produces some minor, but generally not very noticeable, image compression artifacts. All else being equal, this encoding method typically uses about twice the network bandwidth of the “Tight + Low-Quality JPEG” encoding method and about half the bandwidth of the “Tight + Perceptually Lossless JPEG” encoding method, making it appropriate for medium-speed networks such as 10 Megabit Ethernet. Interframe comparison is enabled with this encoding method (Compression Level 6 = Compression Level 1 + interframe comparison.)
“Tight + Low-Quality JPEG” Yes 30 4x 7 For subrectangles that have a high number of unique colors, this encoding method produces very noticeable image compression artifacts. However, it performs optimally on low-bandwidth connections. If image quality is more critical than performance, then use one of the other encoding methods or take advantage of the Lossless Refresh feature. In addition to reducing the JPEG quality to a “minimum usable” level, this encoding method also enables interframe comparison and Compression Level 2 (CL 7 = CL 2 + interframe comparison.) Compression Level 2 can reduce bandwidth for low-color application workloads that are not good candidates for JPEG compression.
“Lossless Tight” No N/A N/A 0 This encoding method uses indexed color subencoding for subrectangles that have a low number of unique colors, but it otherwise does not perform any image compression at all. Lossless Tight is thus suitable only for gigabit and faster networks. This encoding method uses significantly less CPU time than any of the JPEG-based encoding methods. Lossless Tight requires an RFB protocol extension that is, as of this writing, only supported by the TurboVNC Viewer.
“Lossless Tight + Zlib” No N/A N/A 6 This encoding method uses indexed color subencoding for subrectangles that have a low number of unique colors and raw subencoding for subrectangles that have a high number of unique colors. It compresses all subrectangles using zlib with zlib compression level 1. For certain types of low-color workloads (CAD applications, in particular), this encoding method may use less network bandwidth than the “Tight + Perceptually Lossless JPEG” encoding method, but it also uses significantly more CPU time than any of the JPEG-based encoding methods. Interframe comparison is enabled with this encoding method (Compression Level 6 = Compression Level 1 + interframe comparison.)

The encoding method can be set in the TurboVNC Viewer Options dialog box (click on the “Options” button in the “TurboVNC Connection” dialog box or, after connecting to the server, click on the Connection Options button in the toolbar.)

7.1 Interframe Comparison

Certain ill-behaved applications can sometimes draw the same thing over and over again, and this can cause redundant framebuffer updates to be sent to the VNC viewer. Additionally, modern GUI toolkits often use image-based drawing methods (the X Rendering Extension, for instance), which can result in an entire window being redrawn, even if only a few pixels in the window have changed. The TurboVNC Server can guard against this by maintaining a copy of the remote framebuffer for each connected viewer, comparing each new framebuffer update rectangle against the pixels in the framebuffer copy, and discarding any redundant portions of the rectangle before they are sent to the viewer.

Interframe comparison has some tradeoffs associated with it. Perhaps the most important of these is that it increases the memory usage of the TurboVNC Server by a factor of N, where N is the number of connected viewers. This can prove to be quite significant if the remote desktop size is relatively large.

2D applications are most often the ones that generate duplicate framebuffer updates, so using interframe comparison with such applications can significantly reduce the network usage and the host CPU usage (since fewer rectangles are actually being encoded.) However, with 3D applications, the benefits of interframe comparison are less clear, since it is less common for those applications to generate duplicate framebuffer updates. Interframe comparison may benefit certain classes of 3D applications, such as design applications that render a model against a static background– particularly when the model is not zoomed in enough to fill the entire window. In real-world tests, however, interframe comparison rarely reduces the network usage for 3D applications by more than 5-10%. Furthermore, with games and other immersive applications that modify most of the pixels on the screen each time a frame is rendered, interframe comparison can actually increase both CPU usage and network usage. Furthermore, the effects of duplicate framebuffer updates are not typically noticeable on high-speed networks, but an increase in host CPU usage might be.

For these reasons, interframe comparison is not enabled by default and should not generally be enabled except on bandwidth-constrained networks and with applications for which it can be shown to be beneficial. Interframe comparison can be enabled by either passing an argument of -interframe to vncserver when starting a TurboVNC session or by requesting a compression level of 5 or higher from the viewer (see below.)

7.2 Advanced Compression Options

One of the underlying principles of TurboVNC’s design is to expose only the options that have proven to be useful (that is, the options that have proven to have good performance tradeoffs.) Thus, the TurboVNC Viewer GUI will normally only allow you to select Compression Levels 1-2 if JPEG subencoding is enabled (6-7 if interframe comparison is also enabled) or Compression Levels 0-1 if JPEG subencoding is disabled (5-6 if interframe comparison is enabled.) Other compression levels can, however, be specified on the command line (or as a parameter, if using the Java TurboVNC Viewer), and doing so will enable a compatibility mode in the TurboVNC Viewer GUI that allows any compression level from 0 to 9 to be requested.

When connecting to a TurboVNC server, requesting a particular compression level has the following effect:

Table 7.2: Compression Levels Supported by the TurboVNC Server (JPEG Enabled)
Compression level Zlib compression level (non-JPEG subrectangles) Palette threshold Interframe comparison Notes
0 1 24 No Same as Compression Level 1. Bypassing zlib when JPEG is enabled would only reduce the CPU usage for non-JPEG subrectangles, which is of limited usefulness. Further, bypassing zlib requires an RFB protocol extension that is not supported by non-TurboVNC viewers. It is presumed that, if one wants to reduce the CPU usage, then one wants to do so for all subrectangles, so CL 0 without JPEG (AKA “Lossless Tight”) should be used.
1 1 24 No See the description of the “Tight + JPEG” encoding methods above.
2 3 96 No A higher palette threshold causes indexed color subencoding to be used more often than with CL 1, and indexed color subrectangles are compressed using a higher zlib compression level. This can provide typically 20-40% better compression than CL 1 (with a commensurate increase in CPU usage) for workloads that have a low number of unique colors. However, Compression Level 2 can increase the CPU usage for some high-color workloads without providing significantly better compression.
3-4 3 96 No Same as Compression Level 2 (reserved for future expansion)
5-6 1 24 Yes Same as Compression Level 1, but with interframe comparison enabled
7-8 3 96 Yes Same as Compression Level 2, but with interframe comparison enabled
9 7 256 Yes This mode is included only for backward compatibility with TightVNC. It provides approximately the same level of compression for 2D applications as Compression Level 9 in TightVNC 1.3.x, while using much less CPU time. It also provides much better compression than TightVNC for 3D and video applications. However, relative to Compression Level 2, this mode uses approximately twice as much CPU time and only achieves about 10-20% better average compression for 2D apps (and has no noticeable benefit for 3D and video apps.) Thus, its usefulness is generally very limited.

Table 7.3: Compression Levels Supported by the TurboVNC Server (JPEG Disabled)
Compression Level Zlib compression level (indexed color subrectangles) Zlib compression level (raw subrectangles) Palette threshold Interframe comparison Notes
0 None None Subrectangle size / 4 No See the description of the “Lossless Tight” encoding method above.
1 1 1 Subrectangle size / 96 No See the description of the “Lossless Tight + Zlib” encoding method above.
2-4 1 1 Subrectangle size / 96 No Same as Compression Level 1 (reserved for future expansion)
5 None None Subrectangle size / 4 Yes Same as Compression Level 0, but with interframe comparison enabled
6-8 1 1 Subrectangle size / 96 Yes Same as Compression Level 1, but with interframe comparison enabled
9 7 5 Subrectangle size / 96 Yes This mode is included only for backward compatibility with TightVNC. It provides approximately the same level of compression for 2D applications as Compression Level 9 in TightVNC 1.3.x, while using much less CPU time. It also provides much better compression than TightVNC for 3D and video applications. However, relative to Compression Level 1, this mode uses approximately twice as much CPU time and only achieves about 10% better average compression for 2D apps (and has no noticeable benefit for 3D and video apps.) Thus, its usefulness is generally very limited.

7.3 Lossless Refresh

Since both of TurboVNC’s mathematically lossless encoding methods have performance drawbacks, another option for image-quality-critical applications is the “Lossless Refresh” feature. When a lossless refresh is requested by a TurboVNC viewer, the server will send a mathematically lossless image of the current TurboVNC desktop to the requesting viewer. So, for instance, a user can rotate/pan/zoom an object in their 3D application using a very low-quality JPEG setting, then when that user is ready to interpret or analyze the object, they can request a lossless refresh of TurboVNC’s virtual screen.

To perform a lossless refresh, press CTRL-ALT-SHIFT-L or click on the Lossless Refresh toolbar icon.

7.4 Automatic Lossless Refresh

Passing an argument of -alr timeout to vncserver will enable the automatic lossless refresh (ALR) feature for the TurboVNC session. ALR will monitor all of the VNC viewer connections, and if more than timeout seconds have elapsed since the last framebuffer update was sent to a given viewer, then the TurboVNC Server will send to that viewer a mathematically lossless copy of any “ALR-eligible” screen regions that have been affected by lossy compression. You can also pass arguments of -alrqual and -alrsamp to vncserver to specify that automatic lossless refreshes should be sent using JPEG instead (see the Xvnc man page for details.)

The ALR feature is designed mainly for use with interactive visualization applications. The idea is that, on a low-bandwidth connection, low-quality JPEG can be used while the 3D scene is rotated/panned/zoomed, but when the motion stops, a fully lossless copy of the 3D image is sent and can be studied in detail.

The default is for any regions drawn with X[Shm]PutImage() to be ALR-eligible, as well as any regions drawn with CopyRect, if the source of the CopyRect operation was affected by lossy compression (CopyRect is an RFB encoding that allows the server to request that the viewer move a rectangle of pixels from one location to another.) When used with VirtualGL, this means that ALRs will mainly be sent for just the 3D screen regions. This should be fine for most 3D applications, since the 3D regions are the ones that are quality-critical. The default ALR behavior also prevents what might best be called the “blinking cursor dilemma.” Certain programs have a blinking cursor that may update more frequently than the ALR timeout. Since an ALR is triggered based on a period of inactivity relative to the last framebuffer update, these continuous updates prevent an ALR from ever being sent. Fortunately, blinking cursors are not typically drawn using X[Shm]PutImage(), so the problem is effectively worked around by limiting the ALR-eligible regions to just the subset of regions that were drawn with X[Shm]PutImage() and CopyRect.

NOTE: Ill-behaved applications that continuously render the same image will cause a variation of the “blinking cursor dilemma” and thus defeat ALR unless interframe comparison is enabled.

You can override the default ALR behavior, thus making all screen regions eligible for ALR, by setting the TVNC_ALRALL environment variable to 1 on the TurboVNC host prior to starting a TurboVNC session. You can also set TVNC_ALRCOPYRECT to 0 to make CopyRect regions ALR-ineligible, which approximates the behavior of TurboVNC 1.2.1 and prior.

7.5 Multithreading

By default, the TurboVNC Server uses multiple threads to perform image encoding and compression, thus allowing it to take advantage of multi-core or multi-processor systems. The server splits the screen vertically into N tiles, where N is the number of threads, and assigns each tile to a separate thread. The scalability of this algorithm is nearly linear when used with demanding 3D or video applications that fill most of the screen. However, whether or not multithreading improves the overall performance of TurboVNC depends largely on the performance of the viewer and the network. If either the viewer or the network is the primary performance bottleneck, then enabling multithreading in the server will not help. Multithreading is also not currently implemented with non-Tight encoding types.

To disable server-side multithreading, set the TVNC_MT environment variable to 0 on the host prior to starting vncserver, or pass an argument of -nomt to vncserver. The default behavior is to use as many threads as there are cores on the TurboVNC host (up to a maximum of 4), but you can set the TVNC_NTHREADS environment variable or pass an argument of -nthreads to vncserver to override this.



8 TurboVNC Security Extensions

8.1 Terminology

In an attempt to maintain consistency with other VNC implementations, TurboVNC uses the following terminology when referring to its security extensions:

Authentication Method
A technique that the VNC server uses to validate authentication credentials sent from a VNC viewer. If the credentials sent from a particular VNC viewer are not valid, then that viewer is not allowed to connect.
Authentication Scheme
A protocol used to send authentication credentials from a VNC viewer to a VNC server for validation. Some authentication schemes are required by the RFB protocol specification, and others are implemented as extensions to that specification.
Encryption Method
A technique used to encrypt the data sent between the VNC server and the VNC viewer
Security Type
A specific combination of an authentication method, an authentication scheme, and an encryption method

8.2 TurboVNC Server Authentication Methods

No Authentication
The VNC server does not authenticate the VNC viewer at all.
VNC Password Authentication
A session password sent from the VNC viewer is validated against a password file, which is typically located under the user’s home directory on the VNC host. The VNC password is separate from any other login credentials and thus represents less of a security threat if compromised (that is, assuming the VNC password and the user’s account password are not the same.)
One-Time Password (OTP) Authentication
Using the vncpasswd program, a unique password is generated “on the fly” for the TurboVNC session, and the password is printed on the command line (see the man page for vncpasswd for more details.) The user enters this password in the VNC viewer, and the VNC viewer sends the password to the server as if it were a VNC password. However, once the OTP has been used to authenticate a viewer, the OTP is forgotten and cannot be reused. OTP authentication can be used, for instance, to launch or connect to TurboVNC sessions from an automated web portal or from a job scheduler. OTP authentication is also useful for allowing temporary access to a TurboVNC session for collaboration purposes.
PAM User/Password Authentication
The VNC server uses Pluggable Authentication Modules (PAM) to validate a username and password received from a VNC viewer. The password received from the VNC viewer need not necessarily be validated against the user’s account password. Generally, the TurboVNC Server can validate the username and password using any authentication credentials that can be accessed through PAM. Since the user/password authentication schemes supported by TurboVNC (see below) transmit the password from the VNC viewer to the VNC server as plain text, it is strongly recommended that the PAM User/Password authentication method be used only with session encryption or if the session is restricted to allow only loopback (SSH) connections and to disallow reverse connections (see Section 6.5.)

8.3 TurboVNC Viewer Authentication Schemes

None
No authentication credentials are sent to the server.
Standard VNC Authentication
A password is sent to the server using a DES-encrypted challenge/response scheme. The password can be up to 8 characters long, so the DES key length is 56 bits. This is not a particularly strong form of encryption by today’s standards (56-bit DES was broken by brute force attack in the late 90’s.)
Unix Login/Plain Authentication
Both the username and password are sent to the VNC server as plain text. Thus, it is strongly recommended that this authentication scheme be used only with VNC connections that are encrypted using TLS (see below) or SSH (see Section 6.5.) Per the RFB spec, this authentication scheme is referred to as “Unix Login” when used with a TightVNC-compatible server and “Plain” when used with a VeNCrypt-compatible server.

8.4 Supported Encryption Methods

The Linux/Un*x/Mac/Java TurboVNC Viewer and the TurboVNC Server support three encryption methods:

None
No encryption
Anonymous TLS Encryption
The connection is encrypted using TLS (Transport Layer Security) without authentication (i.e. without a certificate.)
TLS/X.509 Encryption
The connection is encrypted using TLS with a specified X.509 certificate.

8.5 Supported Security Types

The TurboVNC Server and Linux/Un*x/Mac/Java TurboVNC Viewer support the following security types:

Server Security Type Authentication Method Encryption Method Viewer Security Type Authentication Scheme Compatibility
None None None None None RFB 3.3+
VNC VNC Password None VNC Standard VNC RFB 3.3+
OTP One-Time Password None VNC Standard VNC RFB 3.3+
Plain PAM User/Password None Plain Plain RFB 3.7+ with VeNCrypt extensions
TLSNone None Anonymous TLS TLSNone None RFB 3.7+ with VeNCrypt extensions
TLSVnc VNC Password Anonymous TLS TLSVnc Standard VNC RFB 3.7+ with VeNCrypt extensions
TLSOtp One-Time Password Anonymous TLS TLSVnc Standard VNC RFB 3.7+ with VeNCrypt extensions
TLSPlain PAM User/Password Anonymous TLS TLSPlain Plain RFB 3.7+ with VeNCrypt extensions
X509None None TLS/X.509 X509None None RFB 3.7+ with VeNCrypt extensions
X509Vnc VNC Password TLS/X.509 X509Vnc Standard VNC RFB 3.7+ with VeNCrypt extensions
X509Otp One-Time Password TLS/X.509 X509Vnc Standard VNC RFB 3.7+ with VeNCrypt extensions
X509Plain PAM User/Password TLS/X.509 X509Plain Plain RFB 3.7+ with VeNCrypt extensions
UnixLogin PAM User/Password None UnixLogin Unix Login RFB 3.7+ with TightVNC extensions

NOTE: The security type names are case-insensitive. The capitalization conventions above are used in order to maintain consistency with the RFB protocol specification.

8.6 Enabling Security Types

The default behavior of the TurboVNC Server is for all security types except “TLSNone”, “X509None”, and “None” to be enabled and for VNC Password and OTP authentication to be preferred over PAM User/Password authentication. However, the system administrator can disable one or more of the security types or set the preferred order of the security types by editing the TurboVNC security configuration file. See the Xvnc man page for more details.

If the VNC server allows multiple security types, then the VNC viewer’s default security type will be determined by the server’s preferred security type. In this case, the user can override the default by passing command-line arguments to vncviewer. If the VNC server prefers a security type that supports Standard VNC authentication, then the user can force the use of Unix Login/Plain authentication by passing an argument of -user user-name to vncviewer when connecting to the TurboVNC session. Similarly, if the VNC server prefers a security type that supports Unix Login/Plain authentication, then the user can force the use of Standard VNC authentication by passing an argument of -nounixlogin to vncviewer. Both of these command-line options work with all versions of the TurboVNC Viewer. When using the Java TurboVNC Viewer, you can also accomplish the same thing by unchecking “Unix Login” or “Plain” or “Standard VNC” in the “Security” tab of the Options dialog or by limiting the available security types using the SecurityTypes, User, or NoUnixLogin arguments/parameters.

If the system administrator has not restricted any of the server security types on a system-wide basis, then the user can choose to disable some or all of them for a particular TurboVNC session by using the -SecurityTypes command-line argument when starting the session. See the Xvnc man page for more details.

8.7 Further Reading

For more detailed information about the TurboVNC security extensions, refer to the TurboVNC man pages:

man -M /opt/TurboVNC/man vncserver
man -M /opt/TurboVNC/man Xvnc
man -M /opt/TurboVNC/man vncpasswd



9 Hardware 3D Acceleration (Using VirtualGL with TurboVNC)

Referring to the VirtualGL User’s Guide, VirtualGL’s X11 Transport draws OpenGL-rendered frames onto an X display using standard X11 drawing commands. Since this results in the frames being sent uncompressed to the X server, the X11 Transport is designed to be used with an “X proxy.” An X proxy acts as a virtual X server, receiving X11 commands from applications (and from VirtualGL), rendering the X11 commands into images, compressing the resulting images, and sending the compressed images over the network to a client or clients.

Since VirtualGL is sending rendered frames to the X proxy at a very fast rate, the proxy must be able to compress the frames very quickly in order to keep up. Unfortunately, however, most X proxies can’t. They simply aren’t designed to compress, with any degree of performance, the large and complex images generated by 3D applications.

Enter TurboVNC. Although TurboVNC can be used with all types of applications, it was initially designed as a fast X proxy for VirtualGL. TurboVNC provides an alternate means of delivering rendered frames from VirtualGL to a client machine without using VirtualGL’s built-in VGL Transport.

Advantages of TurboVNC (when compared to the VGL Transport)

Disadvantages of TurboVNC (when compared to the VGL transport)

9.1 Using VirtualGL on a TurboVNC Host

The most common (and optimal) way to use VirtualGL with TurboVNC is to configure the same machine as a TurboVNC host and a VirtualGL server. This allows VirtualGL to send rendered frames to TurboVNC through shared memory rather than over a network.

x11transport

The following procedure describes how to launch a 3D application using this configuration.

Procedure

  1. Follow the procedure described in Chapter 6 for starting a TurboVNC session and connecting to it.
  2. Open a new terminal inside the TurboVNC desktop.
  3. In the terminal, start a 3D application using VirtualGL:
    /opt/VirtualGL/bin/vglrun [vglrun options] 3D-application-executable-or-script [arguments]

9.2 Using VirtualGL on a Machine Other Than a TurboVNC Host

vgltransportservernetwork

If the TurboVNC host and VirtualGL server are different machines, then it is desirable to use the VGL Transport to send rendered frames from the VirtualGL server to the TurboVNC session. It is also desirable to disable image compression in the VGL Transport. Otherwise, the images would have to be compressed by the VirtualGL server, decompressed by the VirtualGL Client, then recompressed by the TurboVNC Server, which is a waste of CPU resources. However, sending images uncompressed over a network requires a fast network (generally, Gigabit Ethernet or faster), so there needs to be a fast link between the VirtualGL server and the TurboVNC host for this procedure to perform well.

Procedure

  1. Follow the procedure described in Chapter 6 for starting a TurboVNC session and connecting to it.
  2. Open a new terminal inside the TurboVNC desktop.
  3. In the same terminal window, open a Secure Shell (SSH) session into the VirtualGL server:
    /opt/VirtualGL/bin/vglconnect user@server
    Replace user with your username on the VirtualGL server and server with the hostname or IP address of that server. Refer to the VirtualGL User’s Guide for additional vglconnect options.
  4. In the SSH session, set the VGL_COMPRESS environment variable to rgb

    Passing an argument of -c rgb to vglrun achieves the same result.

  5. In the SSH session, start a 3D application using VirtualGL:
    /opt/VirtualGL/bin/vglrun [vglrun options] 3D-application-executable-or-script [arguments]

9.3 NV-CONTROL Emulation

This version of TurboVNC includes partial emulation of the NV-CONTROL X11 extension provided by nVidia’s proprietary Un*x drivers. Certain 3D applications rely on this extension to query and set low-level GPU properties, and unfortunately the library (libXNVCtrl) used by applications to interact with the extension is static, making it impossible to interpose using VirtualGL.

Passing an argument of -nvcontrol display to vncserver will set up a fake NV-CONTROL extension in the TurboVNC session and will redirect all NV-CONTROL requests to display. display should generally be the name of the 3D X server you plan to use with VirtualGL (:0, for instance.) The TurboVNC Server does not attempt to open a connection to this display until an application uses the NV-CONTROL extension. If a connection to the 3D X server cannot be opened, if the 3D X server does not have the NV-CONTROL extension, or if other issues are encountered when attempting to redirect NV-CONTROL requests, then a BadRequest X11 error will be returned to the application, and the TurboVNC session log will display an error message explaining why the request failed. It is assumed that you have already followed the procedure in the VirtualGL User’s Guide to allow access to the 3D X server. If access to the 3D X server is restricted to members of the vglusers group, then you may need to execute

xauth merge /etc/opt/VirtualGL/vgl_xauth_key

if you need to use the NV-CONTROL extension prior to invoking vglrun for the first time.

You can change the 3D X server for a particular TurboVNC session after the session has been started. For instance, if you want to redirect both NV-CONTROL requests and OpenGL to a GPU attached to Screen 1 of Display :0, you would execute

xprop -root -f VNC_NVCDISPLAY 8s -set VNC_NVCDISPLAY :0.1
vglrun -d :0.1 3D-application-executable-or-script



10 Compatibility Guide

In order to realize the full performance benefits of TurboVNC, it is necessary to use the TurboVNC Server and the TurboVNC Viewer in concert. However, TurboVNC is fully compatible with TigerVNC, TightVNC, RealVNC, and other VNC flavors. You can use the TurboVNC Viewer to connect to a non-TurboVNC server (or vice versa), although this will generally result in some decrease in performance.

The following sections list additional things to bear in mind when mixing TurboVNC with other VNC flavors.

10.1 TightVNC or TigerVNC Servers

10.2 TightVNC or TigerVNC Viewers

10.3 RealVNC

The TurboVNC Viewer supports the Hextile and Raw encoding types, which are compatible with RealVNC. The Java TurboVNC Viewer additionally supports ZRLE. None of these encoding types can be selected from the TurboVNC Viewer GUI, but Hextile or ZRLE will be selected automatically when connecting to a RealVNC server. Non-Tight encoding types, such as Hextile and Raw, can also be manually selected from the TurboVNC Viewer command line. In addition to Hextile, Raw, and ZRLE, the TurboVNC Server also supports the RRE, CoRRE, and Zlib legacy encoding types, for compatibility with older VNC viewers.

All of the non-Tight encoding types have performance drawbacks. Raw encoding requires gigabit in order to achieve decent performance, and it can easily take up an entire gigabit connection’s worth of bandwidth (it also doesn’t perform particularly well with the Java TurboVNC Viewer, because of the need to convert the pixels from bytes to ints in Java.) Hextile uses very small tiles, which causes it to incur a large amount of computational overhead. It compresses too poorly to perform well on slow links but uses too much CPU time to perform well on fast links. ZRLE improves upon this, but it is still too computationally intense for fast networks. The vncviewer man page in the TurboVNC Linux packages has some additional information about how Hextile and ZRLE work.



11 Advanced Configuration

11.1 Server Settings

Environment Variable TVNC_ALRALL = 0 | 1
Summary Disable/Enable automatic lossless refresh for regions that were drawn using X11 functions other than X[Shm]PutImage()
Default Value Disabled
Description
See Section 7.4
Environment Variable TVNC_ALRCOPYRECT = 0 | 1
Summary Disable/Enable automatic lossless refresh for regions that were drawn using CopyRect
Default Value Enabled
Description
See Section 7.4
Environment Variable TVNC_COMBINERECT = {c}
Summary Combine framebuffer updates with more than {c} rectangles into a single rectangle spanning the bounding box of all of the constituent rectangles
Default Value 100
Description
Applications can sometimes draw many thousands of points or tiny lines using individual X11 calls, and this can cause the VNC server to send many thousands of tiny rectangles to the VNC viewer. The overhead associated with this can bog down the viewer, and in extreme cases, the number of rectangles may even exceed the maximum number that is allowed in a single framebuffer update (65534.) Thus, if a framebuffer update contains more than {c} rectangles, TurboVNC will coalesce it into a single rectangle that covers all of the rectangles in the update. For applications that generate many tiny rectangles, increasing TVNC_COMBINERECT may significantly increase the number of pixels sent to the viewer, which will increase network usage. However, for those same applications, lowering TVNC_COMBINERECT will increase the number of rectangles sent to the viewer, which will increase the CPU usage of both the server and the viewer.
Environment Variable TVNC_ICEBLOCKSIZE = {s}
Summary Set the block size for the interframe comparison engine (ICE) to {s} x {s} pixels. Setting {s} to 0 causes the ICE to compare full rectangles, as TurboVNC 1.2.x did.
Default Value 256
Description
If interframe comparison is enabled (see Section 7.1), then TurboVNC will compare each rectangle of each framebuffer update on a block-by-block basis and send only the blocks that have changed. This prevents large rectangles from being re-transmitted if only a few pixels in the rectangle have changed. Using smaller block sizes can decrease network usage if only a few pixels are changing between updates, but using smaller block sizes can also interfere with the Tight encoder’s ability to efficiently split rectangles into subrectangles, thus increasing host CPU usage (and sometimes increasing network usage as well, which runs counter to the purpose of interframe comparison.) Setting the block size to 0 causes the ICE to compare full framebuffer update rectangles, as TurboVNC 1.2.x did.

The default block size of 256x256 was chosen based on extensive low-level experiments using the same set of RFB session captures that were used when designing the TurboVNC encoder. For most of those datasets, 256x256 blocks produced the lowest network and CPU usage, but actual mileage may vary. There were rare cases in which using 64x64 blocks or full-rectangle comparison produced better network and CPU usage.
Environment Variable TVNC_ICEDEBUG = 0 | 1
Summary Disable/Enable the ICE debugger
Default Value Disabled
Description
If interframe comparison is enabled (see Section 7.1), then setting this environment variable to 1 will cause the interframe comparison engine (ICE) to change the color of duplicate screen regions without culling them from the update stream. This allows you to easily see which applications are generating duplicate updates.
Environment Variable TVNC_MT = 0 | 1
Summary Disable/Enable multithreaded image encoding
Default Value Enabled
Description
See Section 7.5
Environment Variable TVNC_NTHREADS = {n}
Summary Use {n} threads (1 <= {n} <= 8) to perform image encoding
Default Value {n} = the number of CPU cores in the system, up to a maximum of 4
Description
See Section 7.5
Environment Variable TVNC_PROFILE = 0 | 1
Summary Disable/enable profiling output
Default Value Disabled
Description
If profiling output is enabled, then the TurboVNC Server will continuously benchmark itself and periodically print the throughput of various stages in its image pipeline to the Xvnc log file.

11.2 Viewer Settings

Environment Variable TVNC_PROFILE = 0 | 1
Summary Disable/enable profiling output
Platforms Un*x, Mac (Java)
Default Value Disabled
Description
If profiling output is enabled, then the TurboVNC Viewer will continuously benchmark itself and periodically print the throughput of various stages in its image pipeline to the console.

Environment Variable TVNC_SINGLESCREEN = 0 | 1
Summary Disable/enable forcing a single-screen layout when using automatic desktop resizing
Platforms All
Default Value Disabled
Description
The default behavior of the TurboVNC Viewer, when automatic desktop resizing is enabled, is to request a desktop size from the server that will fit within the viewer window without using scrollbars, and (if multi-screen spanning is enabled) to request a screen layout from the server that will align the server’s screen boundaries with the client’s when the viewer window is in its default position. Setting this environment variable to 1 will restore the automatic desktop resizing behavior of previous versions of the TurboVNC Viewer, thus forcing the server to use a single-screen layout even if it supports multi-screen layouts.

Environment Variable VNC_VIA_CMD, VNC_TUNNEL_CMD
Summary SSH command-line templates for use with the via and tunnel options (respectively)
Platforms All
Default Value See below
Description
When the -via option (or the via parameter in the Java viewer, along with the extssh parameter) is used, the TurboVNC Viewer reads the VNC_VIA_CMD environment variable (the Java viewer can also read this information from the turbovnc.via system property), expands patterns beginning with the “%” character, and uses the resulting command line to establish the secure tunnel to the VNC gateway. If VNC_VIA_CMD is not set, then this command line defaults to /usr/bin/ssh -f -L %L:%H:%R %G sleep 20 on Linux/Un*x and Mac systems and ssh.exe -f -L %L:%H:%R %G sleep 20 on Windows systems.

When the -tunnel option (or the tunnel parameter in the Java viewer, along with the extssh parameter) is used, the TurboVNC Viewer reads the VNC_TUNNEL_CMD environment variable (the Java viewer can also read this information from the turbovnc.tunnel system property), expands patterns beginning with the “%” character, and uses the resulting command line to establish the secure tunnel to the VNC host. If VNC_TUNNEL_CMD is not set, then this command line defaults to /usr/bin/ssh -f -L %L:localhost:%R %H sleep 20 on Linux/Un*x and Mac systems and ssh.exe -f -L %L:localhost:%R %H sleep 20 on Windows systems.

The following patterns are recognized in the VNC_VIA_CMD and VNC_TUNNEL_CMD environment variables (note that %H, %L and %R must be present in the command template, and %G must also be present if using the -via option):

%% A literal “%”
%G gateway host name or IP address
%H remote VNC host name or IP address (if using the -via option, then this is specified from the point of view of the gateway)
%L local TCP port number
%R remote TCP port number

11.3 Java Viewer Settings

Java system properties are normally specified as command-line arguments to the Java executable. For example:

java -Dmy.system.property=value -jar MyClass.jar

However, since TurboVNC hides the Java command line inside of its startup scripts (or inside of an application bundle on macOS), the easiest way to set these properties is by using the JAVA_TOOL_OPTIONS environment variable, which allows you to specify Java command-line arguments even if you don’t have access to the command line. For instance, on Linux you could execute:

JAVA_TOOL_OPTIONS=-Dturbovnc.turbojpeg=0 /opt/TurboVNC/bin/vncviewer

to start the TurboVNC Viewer without JPEG acceleration.

Refer to the default VncViewer.jnlp file installed with the TurboVNC Server for an example of how to specify Java command-line arguments in a Java Web Start environment.

Java System Property turbovnc.forcealpha = 0 | 1
Summary Disable/enable back buffer alpha channel
Default Value Enabled if using OpenGL Java 2D blitting, disabled otherwise
Description
If this property is enabled, then the Java TurboVNC Viewer will use a TYPE_INT_ARGB_PRE (BGRA with pre-computed alpha channel) BufferedImage as its back buffer instead of a TYPE_INT_RGB (BGRX) BufferedImage. When using OpenGL blitting in Java 2D (normally accomplished by passing an argument of -Dsun.java2d.opengl=true to java), it is generally faster to draw an alpha-enabled BufferedImage to the screen, because otherwise glDrawPixels() has to set all of the alpha values itself (which can cause it to revert to an unaccelerated code path in some cases.)

NOTE: this property is enabled by default when using Java 7 or later on Mac platforms, because OpenGL Java 2D blitting is the only option available.

Java System Property turbovnc.lionfs = 0 | 1
Summary Disable/enable the use of the macOS full-screen application feature
Default Value Enabled
Description
When running in full-screen mode, the Java TurboVNC Viewer will normally try to take advantage of the full-screen application feature provided by OS X/macOS 10.7 and later, if available. Disabling this property will force the viewer to use its own built-in cross-platform “pseudo-full-screen” feature instead. This is useful mainly for testing.
Java System Property turbovnc.primary = 0 | 1
Summary Disable/enable the use of the X11 PRIMARY clipboard selection
Default Value Enabled
Description
X11 has two ways of copying/pasting text. When text is selected in most X11 applications, it is copied to the PRIMARY selection, and it can be pasted by pressing the middle mouse button. When text is explicitly copied using a “Copy” menu option or a hotkey (such as CTRL-C), it is copied to the CLIPBOARD selection, and it can only be pasted by explicitly selecting a “Paste” menu option or pressing a hotkey (such as CTRL-V.) Normally, on X11 platforms, the TurboVNC Viewer transfers the PRIMARY selection from client to server and, when receiving a clipboard update from the server, it sets both the PRIMARY and CLIPBOARD selections with the server’s clipboard contents. Disabling this property will cause only the the CLIPBOARD selection to be transferred from client to server (in other words, the clipboard will not be transferred unless you explicitly copy something by using a menu option or hotkey), and clipboard changes from the server will only affect the client’s CLIPBOARD selection (in other words, you will have to explicitly paste the server’s clipboard contents by using a menu option or hotkey on the client.)
Java System Property turbovnc.singlescreen = 0 | 1
Summary Disable/enable forcing a single-screen layout when using automatic desktop resizing
Default Value Disabled
Description
A more Java-friendly way of disabling the multi-screen-aware automatic desktop resize feature. See the TVNC_SINGLESCREEN environment variable above for more details.
Java System Property turbovnc.sshauth
Summary Preferred authentication methods for the built-in SSH client
Default Value publickey,keyboard-interactive,password
Description
This system property can be used to enable or disable particular SSH authentication methods, as well as to specify their preferred order. The same thing can be accomplished by using the PreferredAuthentications directive in the OpenSSH config file.
Java System Property turbovnc.sshbannerdlg = 0 | 1
Summary Display the banner message from the SSH server in a dialog box
Default Value Enabled
Description
The default behavior of the Java TurboVNC Viewer is to display the banner message from the SSH server in a dialog box. Disabling this system property causes the viewer to display the banner message on the command line instead.
Java System Property turbovnc.swingdb = 0 | 1
Summary Disable/enable Swing double buffering
Default Value Disabled
Description
The Java TurboVNC Viewer has its own double buffering mechanism, so it normally disables the double buffering mechanism in Swing and Java 2D in order to increase performance. This also allows the viewer to achieve optimal performance under X11 without requiring MIT-SHM pixmap support. Although the viewer has been thoroughly tested, the turbovnc.swingdb system property is provided as a fallback in case issues are discovered when running it under a specific version of Java.
Java System Property turbovnc.tunnel
Summary SSH command-line template for use with the Tunnel and ExtSSH parameters
Description
A more Java-friendly way of specifying the command line to use when establishing a secure tunnel with the Tunnel and ExtSSH parameters. See the VNC_TUNNEL_CMD environment variable above for more details.
Java System Property turbovnc.turbojpeg = 0 | 1
Summary Disable/enable JPEG acceleration
Default Value Enabled if the libjpeg-turbo JNI library is available
Description
Normally, the Java TurboVNC Viewer will try to load the libjpeg-turbo JNI library and use it to accelerate the decompression of JPEG subrectangles. If this property is disabled, then the viewer will revert to using unaccelerated JPEG decompression. This is useful mainly for testing and benchmarking purposes.
Java System Property turbovnc.via
Summary SSH command-line template for use with the Via and ExtSSH parameters
Description
A more Java-friendly way of specifying the command line to use when establishing a secure tunnel with the Via and ExtSSH parameters. See the VNC_VIA_CMD environment variable above for more details.