Using ISA server to publish VNC for remote control from the Internet

There are many remote administration tools. I have listed some of the most common ones below.



  • VNC
  • PC anywhere
  • Terminal server
  • telnet
  • Net meeting

I prefer to use VNC because of its ease of use and licensing strategy. VNC is free and is very easy to setup. The advantages are many but it does have its down falls as well.


VNC works in two ways.



  1. You can use a viewer to connect to the machine that you wish to administer
  2. Or you can use a web browser to connect to the machine that you wish to administer.

Both ways work well but you have more control over the connection if you are using the viewer. The web browser works well if you are at a web café or if you are just dialed-up to the web without a viewer at hand. I will be showing you how to publish both as I think it is quite relevant to have both modes enabled to administer you network.


Just bear in mind that for every VNC server you publish there has to be an IP address available and registered with a DNS entry on the public domain in order for the VNC to work. This is true for any service that you publish. With VNC it works more on the instance that each published server has its own external IP address.


VNC Ports



  • VNC uses Port 5900 if you are using the VNC viewer.
  • Port numbers can be changed if need be by clicking on options within the viewer and adjusting the display number.
  • VNC through a HTML page uses port 5800 to download the JAVA application and there after uses port 5900 for the VNC session through the web browser.
     

Sever Publishing


1. A custom inbound protocol definition needs to be created if you are going to publish a service for a specific protocol.




Fig 1: The properties of this Protocol definition are specified above


2. Now we need to create a server publishing rule




Fig 2: Go to server publishing click new and name the rule VNC then click next
 


  
Fig 3: The page above will be presented, now you need to type the IP address of the internal server where the VNC server agent has been setup in the top field. In the bottom field type the IP address of a DNS registered IP address that is bound to the external interface card of your ISA server. Then click next. (This will be the IP address that you will be VNCing to in the future.)



Fig 4: You will then be presented with the screen above. Select the protocol definition that you created earlier depicting VNC and then click next.



Fig 5: In this window you can specify to apply this rule to any request or to a specific Client address set. Select any request. Click next.


3. Now click finish 


Web publishing Rule


A web publishing rule is also necessary to get the Internet browser part of VNC working.



  • Create a web publishing rule with the following attributes.



Fig 6: Note the HTTP port is 5800



Fig 7



  • On the properties of your ISA server you must also change the TCP port to 5800 for incoming requests. I am looking into other options to make this setting less restrictive. 

Security


To secure your VNC connection you can use various methods.




Fig 8


1. By selecting Basic authentication for Windows NT or digest with this domain for a windows 2000 tree or forest. Any incoming connections will have to authenticate with valid credentials.
 


2. You can also specify a VNC password with in the VNC server agent that runs on the remote machine.




Fig 9: Click on start, then click on programs, then click on VNC, now find the green VNC icon that is labeled show user settings and click it. The window above is presented. Fill in the password in the password field and then click ok.


3. Remember to set your screen saver on the remote machines that you will be remotely VNCing into so that the machine locks after three minutes of inactivity. This will ensure that if you forget to lock the machine that you have VNCed into, it will lock itself after Three minutes.




Fig 10: The diagram above is an example of where you can set a time delay password in windows.
 


Determining what VNC method to use when connecting to the VNC server agent


If you at a remote site and have not got you laptop with you, or if you are traveling and the closest computer to you is a computer at an Internet Café then you should use a web browser.
Otherwise use the viewer.


Connecting to a VNC agent through a web browser



  • Open a web browser




Fig 11


The above picture displays the URL and how it should be structured. First type in Http:// then type in the IP address then : then the port number 5800. VNC uses port to download the java applet that enables you to view the VNC session but uses port 5900 once it has authenticated with the VNC server agent.




Fig 12



The diagram above displays what you will see when clicking on the options button on the page. These options let you stream line VNC and if you would like a shared VNC connection because someone else is already on the server you can select share desktop and then click yes.


Connecting to a VNC agent through a VNC viewer


Open the VNC viewer by clicking on Start, programs, VNC and then click on the red VNC icon that is labeled VNC viewer.




Fig 13



You will be presented with the screen above. Type the IP address in the text box that is labeled VNC server: Typically this would be the IP address of the external interface of the ISA server that you published using ISA server publishing rules. If you click option you will be presented with the connection options screen. Within this screen you


Summary


Publishing VNC has proved to be highly beneficial to many organization I hope that you also benefit from this technology, as it will help you administer your network and ISA server remotely ass long as you have access to any machine with internet access.

Leave a Comment

Your email address will not be published.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top