"Remote Desktops"
Having to conduct remote training, I had used a combination of ssh local/remote forwarding to tunnel vnc access from a student's system to a computer in my training room.
A server in the cloud is used in the middle for the ssh tunneling. A ssh local forwarding from the student's PC connects to the server. A ssh remote forwarding is made from the class system to the server. The vnc server port on the class system will be tunneled to a port on the student's windows PC. The student uses a vnc client to connect to the localhost port and will then be connected to the classroom vnc server.
It works however there was a certain amount of latency.
I have evaluated several other solutions and arrived at 2 alternatives which are free to implement and have very good performance.
DWSERVICE
DWSERVICE is an open source project which offers a service to allow access to remote systems (Windows, Mac, Linux, Raspberry...) using a standard web browser - no client-side download required!
DWSERVICE provides its own agent that runs on the target system ( to be controlled ). You will need to registered a account on their website to use the service. You can control multiple configured desktops. The agent setup requires a generated code by the agent to be entered on the desktop service configuration in your account page.
The documentation provided is very comprehensive. The remote desktop performance was very good for the free option. Free account provides 6 Mbps maximum bandwidth. Paid subscriptions gives higher bandwidth options for scenarios where many desktops are concurrently being used.
Additional features include a terminal access to the target system on the website and performance monitoring. One of the most unique feature is a sharing option, It will generate a password protected link which will allow any recipient of the link to get the remote desktop of the target system.
While DWSERVICE looks like a very good option, one caveat is that it is third party service so you never have full control of the entire process.
noVNC
noVNC is a open source browser based VNC client implemented using HTML5 technologies (Web Sockets, Canvas) with encryption (wss://) support. It was created in 2010 and used in many projects like openstack. List of companies and projects using noVNC.
noVNC supports all modern browsers including mobile (iOS, Android). noVNC follows the standard VNC protocol, but unlike other VNC clients it does require WebSockets support. Many servers include support (e.g. x11vnc/libvncserver, QEMU, and MobileVNC), but for the others you need to use a WebSockets to TCP socket proxy. noVNC has a sister project websockify that provides a simple such proxy.
The implement approach is to run the noVNC software on the webserver, It will be configured to access a vnc server by default. noVNC listens on a port, using a browser, navigate to this website at this port will serve up the noVNC page with a button to connect. Click on it to bring up the remote desktop.
Implementation example:
You can install noVNC as a snap app on the webserver.
novnc --listen 8086 --vnc 127.0.0.1:5901
noVNC listens on 8086 and connects to vncserver on 127.0.0.1, port 5901.
However if you want the browser to have a SSL connection to noVNC then the noVNC options will be like this.
novnc --cert /etc/letsencrypt/live/www.example.org/cert.pem --key /etc/letsencrypt/live/www.example.org/privkey.pem --listen 8086 --vnc 127.0.0.1:5901 --ssl-only
www.example.org is the website and the letsencrypt certs are used in this example.
on the target vnc server system
ssh -R 5901:localhost:5901 novnc@www.example.org
This create the ssh tunnel that links port 5901 on the target system to port 5901 on the webserver.
on another terminal
x11vnc -usepw -forever -ncache_cr -bg
This launches a vnc server listening on 5901. X11vnc is used as it support websockets which noVNC connects directly with no need for a websocket proxy. Remember to set a password on the vnc server.
Performance is very good, Using a browser as a client makes access convenient.