NX technology

NX technology, commonly known as NX or NoMachine, is a proprietary software application for remote access, desktop sharing, virtual desktop (on Linux only) and file transfer between computers. It is developed by the Luxembourg-based company NoMachine.[1]

NX's design was derived from the Differential X Protocol Compressor project (DXPC). In 2003, the compression and transport protocol NX was created to improve the performance of the native X display protocol so it could be used over slow connections such as dial-up modems. It wrapped remote connections in SSH sessions for encryption. The core compression technology was released under the GNU GPL2 license (NX 1) for Linux servers, whilst other components such as the NX Server and NX Client programs remained proprietary, on February 14, 2003. The last update to this open-source version was released in 2012.

In 2010, the company decided to close the source and a proprietary license was adopted.[2]

In 2013, the release of version 4.0 was released to the public under a closed-source license and for the first time provided a native version for Windows and Mac servers.[3] It was in 2013 that NX software became NoMachine software.

NoMachine NX can be installed on Windows, Mac, Linux and Linux ARM servers to access the physical display. Client software is available for Windows, Mac OS X, iOS, Android, Linux, Linux ARM and HTML/JavaScript. Its Linux products also offer the ability to run multiple virtual Linux instances on the same machine (Linux Terminal Server functionality). Other features include USB redirection, session recording, file transfer, multimedia capability and browser-based access. Higher-end products include multi compute-node clustering and fail-over capabilities.

NX utilizes VirtualGL to run high-end OpenGL-based X applications and 3-D CAD programs.

NX 4 introduced optimal image compression and caching with the latest video-encoding techniques.

Client applications can connect using the SSH protocol, with the same authentication mechanisms as version 3, by a new SSH system login, or by the new SSL-enabled NX daemon. Once a secure connection is established, clients negotiate a desktop session using a text protocol compatible with that used in version 3. Clients can also use one of the various NoMachine subsystems, such as the file synchronization service, software updates, directory services, voice/video messaging and server clustering.

When connecting hosts across the network, the NX protocol works as a generic tunnel, with additional framing and flow control information, and dynamically adapts compression and bandwidth according to network speed and capacity. For compatibility, multiplexing is based on version 3.

NX 4 added new channel types to handle services such as the new file-system redirection, new printing system, virtual network interfaces, smart cards and USB devices. Most NoMachine components, including the agent program that impersonates the desktop session on the server, embed so-called "slave servers"—lightweight servers that provide inter-process communication and automation that can be used to create additional channels, under the control of the client and server.

Applications can still request that channels carry data using the NX X Window System protocol compression. Version 4 added new channel types for video and audio, allowing multiple codecs in the same stream. Currently, the display (video) channels can handle data in H.264, VP8, MJPEG and other formats, with additional primitives used to implement special encoding operations concurrent with standard audio and video streams.

Once the session is established between client and server, NX data can travel on TCP and UDP streams. The client and server dynamically select which transport to use, based on the type of data and network conditions. If communication over UDP is enabled, client and server can automatically instruct the router to open the necessary ports. UDP uses symmetric Blowfish encryption. The host interface and port, and Blowfish encryption key, are negotiated via a secure TCP link. UDP communication is disabled when using SSH tunneling, so that all data uses the same SSH link.

The display protocol uses a combination of video and image encoding, based on standard codecs and a number of techniques developed by NoMachine. NX monitors display and user activity to adapt quality and buffering to the displayed application.

From version 4.0 on, when the default NX protocol is used, the login can be via password-based authentication, private key or Kerberos ticket authentication.

When NX is configured to send its data by SSH (available only on enterprise-version servers), the following authentication methods are available:

Client to Server

• NX login as NX user using the NX SSH key and user password-based authentication
• System login with password-based authentication
• System login with SSH key-based authentication
• System login with SSH key-based authentication and SSH key stored on a smart card
• System login with Kerberos ticket existing on client side

Server to Node

• Login with password
• Login with SSH key forwarded from client (e.g. NoMachine Player) via server to node
• Login with Kerberos ticket forwarded from client via server to node
• Login with Kerberos ticket requested by Kinit on server host
• Login with Kerberos ticket requested by PAM module on server host.
• Login with password to Kerberos ticket requested by PAM module on node host

NX compresses the X11 data to minimize the amount of data transmitted, and caches data to keep the session as responsive as possible. For example, the first time a menu is opened, it may take a few seconds, but is subsequently almost instant.

NX is faster than its predecessors, as it eliminates most of the X round trips, while dxpc and MLView only compress data.

The two principal components of NX are nxproxy and nxagent. nxproxy is derived from dxpc and is started on both the remote (client in X terminology) and local (server in X terminology) machines, simulating an X server on the client and forwarding remote X protocol requests to the local X server.

Simplest setup:[4]

remote clients (xterm, etc.)
            ↕
      nxproxy client
            ↕
         Network
            ↕
      nxproxy server
            ↕
local X server (monitor/keyboard)

nxproxy alone achieves 1:10 to 1:1000 compression ratios,[5] reducing bandwidth, but does not eliminate most of X's synchronous round trips, responsible for most of X's perceived latency.

nxagent, derived from Xnest (similar to Xephyr), is typically started on the remote (client) machine, thus avoiding most X11 protocol round trips. Together with nxproxy (built into nxagent), this setup performs well over low-bandwidth and high-latency links.

Typical setup:[4]

 remote clients (xterm, etc.)
            ↕
  nxagent server side \
  nxagent client side   nxagent executable
     nxproxy client   /
            ↕
         Network
            ↕
      nxproxy server
            ↕
local X server (monitor/keyboard)

On systems with a functional X11 implementation, nxproxy and nxagent are all that is needed to establish a connection with low-bandwidth requirements between a set of remote X clients and the local X server. SSH can be used to establish a secure tunnel between the hosts. NX 3 relies on SSH functionalities and existing open-source SSH software, making it possible to run contemporary Unix and Windows desktops and arbitrary network applications over the Internet in a secured and controlled way.

FreeNX and the various NX Clients are used for setup, handling suspend and resume, secure tunnelling over SSH, and printing and sound.

NoMachine's NX protocol allow client connections to hosts via Remote Desktop Protocol (for Windows Remote Desktop Services sessions) and remote Virtual Network Computing sessions (most modern general-purpose operating system platforms), as well as XDM.

Prior to version 4.0, NoMachine released core NX technology under the GNU General Public License, and offered non-free commercial NX solutions,[6] free client and server products for Linux and Solaris, and free client software for Microsoft Windows, Mac OS X and embedded systems.

Due to the free-software nature of older NX releases, the FreeNX project was started to provide wrapper scripts for the GPL NX libraries.[7] FreeNX was developed and maintained by Fabian Franz, but has not announced a release since 2008.[8]

2X Software has developed another commercial terminal server for Linux using the NX protocol.[9]

On July 7, 2009, Google announced their open-source NX server, Neatx, as an internal project.[10] The project had no releases and is not actively developed. Its source code is available under the GNU GPL v2 license.[11]

X2Go is based on the 3.x NX libraries, but is not compatible with other implementations.[12][13] The client and server are released under a combination of GNU GPLv2 or later, and GNU AGPLv3 or later.[14]

The primary NX clients are the official freeware, NoMachine, and NoMachine Enterprise Client. Several open-source projects can also use the NX protocol but many of these OSS projects do not work with more recent versions of the official NX software.

An OS mature project was Lawrence Roufail's nxc client library, a full library which can be used for other clients to build upon. The nxrun application utilizes this library. As of 2006, the library does not allow suspending or resuming sessions, and uses only JPEG graphics compression.

The kNX project was a proof-of-concept application written by Joseph Wenninger, with plans for it to eventually become a complete NX client to show that an open-source client could be written. Its development was halted before it was completed. In late 2005, Fabian Franz and George Wright began modifying kNX to use the nxc library, but abandoned the project.

More recent open-source efforts include QtNX, which offers full suspend and resume. However, it has been reported as incompatible with the most recent NX libraries.

Nxcl, an update to nxclientlib, the core of QtNX, was completed by Seb James in September 2007, and works with version 3 of the NX core libraries. It also drops dependency on Qt, which prevented nxclientlib from becoming widely used as a cross-platform basis for NX client programs. nxcl provides a library that can be linked to a client program (libnxcl), and a self-contained NX client with a D-Bus API (the nxcl binary). It is available from the FreeNX Subversion server.

Other recent and actively maintained OSS NX clients include OpenNX, described as a "drop-in replacement for NoMachine's [proprietary] nxclient" with full suspend and resume.

Various open-source terminal server projects, such as X2Go, also use the NX protocol. However, X2Go is not compatible with other NX servers or clients.

Remmina, another recent GTK+ remote desktop client project, announced the ability to use the NX protocol in its release 0.8.

• Low Bandwidth X (lbxproxy; obsolete and of historical interest only)

• Comparison of remote desktop software
• Thinstation – a thin client Linux implementation with optional built-in NX client
• GNU Screen – a terminal multiplexer for console-mode (text-mode) applications
• Xpra – a system for attaching and detaching remote X programs
• xmove – a tool allows you to move programs between X Window System displays (outdated)

• Official website
• X2Go X2Go Introduction Page
• FreeNX project page on BerliOS.
• FreeNX project page at Arch Linux.
• OpenNX project page, SourceForge.