FMRIB Remote Desktops
A guide to graphical remote desktops at FMRIB.
Open On Demand is expected to be available in the second half of 2023 after the jalapeno server refresh. It offers a much better user experience that vnc. It is currently available on the BMRC cluster.
These instructions are for running and connecting to a graphical display on Linux workstations, jalapeno and jalapeno00/18 (XX) nodes.
Whilst it is possible to run graphical programs on Linux desktops, jalapeno and jalapenoXX nodes via remote-X11 connections, we recommend that you use Virtual Network Computing (VNC) sessions. These are persistent (please shut these down when you aren't actively running anything) so your running programs will survive a loss of WiFi connection or you moving from one physical location to another (e.g. going home to continue your work). The system also works well on low-bandwidth connections, unlike remote-X11, and typically behaves better with modern visualisation software.
To use VNC you first need to start a VNC server on the computer you will be using - if you don't have a dedicated Linux desktop computer then this will normally be jalapeno.fmrib.ox.ac.uk.
For FMRIB hosted services, you can run VNC on jalapeno.fmrib.ox.ac.uk (jalapeno.cluster.fmrib.ox.ac.uk internally), jalapeno00.cluster.fmrib.ox.ac.uk or jalapeno18.cluster.fmrib.ox.ac.uk (the latter only available directly with a VPN connection).
Starting A server
Use a SSH client (either 'ssh' or puTTY) into your chosen jalapeno server and enter the command vncserver. This will either start a VNC server and report back the display number for that server, or advise you of the number of an existing server - you need this number to connect to the server so make a note of it. This number will be yours for the lifetime of your VNC server, i.e. until you shutdown the VNC server or the computer is rebooted.
New 'jalapeno.cluster.fmrib.ox.ac.uk:1 (auser)' desktop is jalapeno.cluster.fmrib.ox.ac.uk:1 Starting applications specified in /homes/auser/.vnc/xstartup Log file is /homes/auser/.vnc/jalapeno.fmrib.ox.ac.uk:1.log
In this example the display number is 1.
There are two options for VNC on Linux desktops, a standalone, multi-user VNC desktop as per jalapeno.fmrib.ox.ac.uk or a mirror of the local display. The later is appropriate if the machine is dedicated to your use, but be aware that people in the building will be able to see what you are doing, if your display is switched on, and interact using the local keyboard an mouse. ALWAYS lock your remote screen if you are going to leave it unattended for more than a few seconds, and do not view sensitive information.
The multi-user VNC server will not be able to utilise any GPU resources for improved graphics performance but content will not be shown on the local display so this mode is suitable for sensitive information and there is no need to lock the remote screen when leaving unattended.
To start a local display mirror use the command:
The display to connect to in this instance is :0, e.g. port 5900.
To start a separate, multi-user VNC session use:
New 'mydesktop.fmrib.ox.ac.uk:1 (auser)' desktop is mydesktop.fmrib.ox.ac.uk:1 Starting applications specified in /homes/auser/.vnc/xstartup Log file is /homes/auser/.vnc/mydesktop.fmrib.ox.ac.uk:1.log
In this example the display number is 1.
Connecting to a VNC Server
To connect to your VNC server session you need a VNC viewer application of which we support TigerVNC Viewer. Windows, macOS clients are available from the link on https://tigervnc.org/ and Linux clients should be available via your distributions software store. We recommend version 1.13.0+, especially on macOS where 1.12.0 is known to have issues with it's settings control panel.
Connections to jalapeno.fmrib.ox.ac.uk/jalapeno.cluster.fmrib.ox.ac.uk are only possible from a University of Oxford network so when connection from home/another institution, you will need to connect to the FMRIB, Oxford University or MSD-IT VPN services first. To access devices on the FMRIB network other than jalapeno, you should either use the FMRIB VPN or use jalapeno.fmrib.ox.ac.uk as a jump server (see below). Oxford University and MSD-IT VPN services only allow a direction connection to jalapeno server; you will need to hop using ssh to access other servers so, where possible, FMRIB's VPN is recommended.
In all cases, VNC connections are only supported over an encrypted SSH tunnel (direct VNC connections are unencrypted).
The SSH service can protect arbitrary network traffic using a tunnel, this can be used to secure an otherwise insecure connection.
Mac, Linux and the latest builds of Windows 10 and Windows 11 include a built-in ssh client. Alternatively the graphical Putty application can be obtained from https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html
puTTY has a section under Connection > SSH > Tunnels which allows you to configure these SSH port forwards.
When connecting to an unencrypted VNC server you need to setup a tunnel that will carry the VNC communications; this is achieved as follows:
Use the SSH command line to build the tunnel
ssh -J SSHSERVER -C -L 59XX:localhost:59XX username@REMOTESERVER
XX should be the zero-padded, two digit display number of your VNC desktop, e.g. 01 or 10. If the VNC desktop is running on a different server that isn't visible on your network then REMOTESERVER should be the DNS name of the server as it is known to SSHSERVER.
Example 1, VNC is running on jalapeno.fmrib.ox.ac.uk - no need to jump via another host
ssh -C -L 5910:localhost:5910 email@example.com
Example 2, VNC is running on the server hiddenhost.cluster.fmrib.ox.ac.uk which cannot be contacted outside of the FMRIB network (or is an external resource that requires you to connect from jalapeno.fmrib.ox.ac.uk), the command:
ssh -J firstname.lastname@example.org -C -L 5910:localhost:5910 hiddenhost.cluster.fmrib.ox.ac.uk
would allow you to connect to the VNC server using jalapeno as a proxy.
Now you can use the Tiger VNC client to open the display.
Connecting to a tunnelled VNC display
With the software installed/downloaded run the viewer application (double click the application on macOS and Windows or run the vncviewer program from a terminal or Linux desktop panel menu.
When the viewer starts you are presented with the connection details window, enter localhost:<displaynumber>, e.g. localhost:1 if you have display number 1.
You will then be presented with a login dialogue box:
Note the red-banner, the connection has been secured by your SSH tunnel, but the VNC viewer doesn't know this and so presents this warning message - you can ignore this.
Log in with your WIN computer account name and password. You will now be presented with a view of your desktop, the LXQT environment.
If your connection fails with an error message saying "No valid vencrypt" or "No valid security types", please restart TigerVNC, click on the Options button, then select the Security Tab. At this point, you should untick the Authentication Types None and Standard VNC. Your settings should now be as shown at the bottom of the image below:
Then continue connecting as per the above instructions.
Stopping a server
When you have finished your work please remember to shut down your server as there are a limited number of slots available for these sessions. To shutdown your server, either use the Leave > Logout panel menu option or in a terminal issue the command
vncserver -kill :<display number>
e.g. if you have display number 1
vncserver -kill :1