NX technology


NX technology, commonly known as NX, is a proprietary suite of products for desktop virtualization and application delivery for servers and client software, developed by the Luxemburg-based company NoMachine.

Features

NX can be installed on Windows, Mac, Linux and Linux ARM servers. The client software is available for Windows, Mac OS X, iOS, Android, Linux, Linux ARM and HTML/JavaScript. Its features include sharing network devices, session recording, file transfer, multimedia capability and browser-based access.
The enterprise-oriented server products also offer multi compute-node clustering and fail-over functionality, and the ability to run multiple virtual Linux instances on the same machine.
NX utilizes VirtualGL to run high-end OpenGL-based X applications and 3-D CAD programs smoothly at high resolutions.
NX—or NoMachine, as it is often referred to since the release of version 4—is platform-agnostic. It can be installed on Linux, Windows and Mac instances virtualised within popular hypervisors like Xen, KVM or VMware, and integrated with any virtual desktop infrastructure running in private or public clouds, such as Amazon EC2 or Rackspace.

History

In 2001, the compression and transport protocol NX was created to improve the performance of the native X display protocol so it could be used over slow connections such as dial-up modems. It wrapped remote connections in SSH sessions for encryption.
NX's design was derived from the Differential X Protocol Compressor project. NX version 1 was released on February 14, 2003. The last update, version 3.5, was released in 2012.
From v.3.5, NX's core compression technology was made available to the community under the GNU GPL2 license, whilst other components such as the NX Server and NX Client programs remained proprietary.
In 2009, Google made a freely available open-source GPL2 version of the server called Neatx. Other open-source variants of NoMachine's NX are also available.
Starting in 2013, with the release of version 4.0, NX became closed-source.

NX 4 and later versions

NX 4 introduced optimal image compression and caching with the latest video-encoding techniques.
Client applications can connect using the SSH protocol, with the same authentication mechanisms as version 3, by a new SSH system login, or by the new SSL-enabled NX daemon. Once a secure connection is established, clients negotiate a desktop session using a text protocol compatible with that used in version 3. Clients can also use one of the various NoMachine subsystems, such as the file synchronization service, software updates, directory services, voice/video messaging and server clustering.
When connecting hosts across the network, the NX protocol works as a generic tunnel, with additional framing and flow control information, and dynamically adapts compression and bandwidth according to network speed and capacity. For compatibility, multiplexing is based on version 3.
NX 4 added new channel types to handle services such as the new file-system redirection, new printing system, virtual network interfaces, smart cards and USB devices. Most NoMachine components, including the agent program that impersonates the desktop session on the server, embed so-called "slave servers"—lightweight servers that provide inter-process communication and automation that can be used to create additional channels, under the control of the client and server.
Applications can still request that channels carry data using the NX X Window System protocol compression. Version 4 added new channel types for video and audio, allowing multiple codecs in the same stream. Currently, the display channels can handle data in H.264, VP8, MJPEG and other formats, with additional primitives used to implement special encoding operations concurrent with standard audio and video streams.
Once the session is established between client and server, NX data can travel on TCP and UDP streams. The client and server dynamically select which transport to use, based on the type of data and network conditions. If communication over UDP is enabled, client and server can automatically instruct the router to open the necessary ports. UDP uses symmetric Blowfish encryption. The host interface and port, and Blowfish encryption key, are negotiated via a secure TCP link. UDP communication is disabled when using SSH tunneling, so that all data uses the same SSH link.
The display protocol uses a combination of video and image encoding, based on standard codecs and a number of techniques developed by NoMachine. NX monitors display and user activity to adapt quality and buffering to the displayed application.

Authentication

From version 4.0 on, when the default NX protocol is used, the login can be via password-based authentication, private key or Kerberos ticket authentication.
When NX is configured to send its data by SSH, the following authentication methods are available:
Client to Server
Server to Node
NX compresses the X11 data to minimize the amount of data transmitted, and caches data to keep the session as responsive as possible. For example, the first time a menu is opened, it may take a few seconds, but is subsequently almost instant.
NX is faster than its predecessors, as it eliminates most of the X round trips, while dxpc and MLView only compress data.
The two principal components of NX are nxproxy and nxagent. nxproxy is derived from dxpc and is started on both the remote and local machines, simulating an X server on the client and forwarding remote X protocol requests to the local X server.
Simplest setup:
remote clients

nxproxy client

Network

nxproxy server

local X server
nxproxy alone achieves 1:10 to 1:1000 compression ratios, reducing bandwidth, but does not eliminate most of X's synchronous round trips, responsible for most of X's perceived latency.
nxagent, derived from Xnest, is typically started on the remote machine, thus avoiding most X11 protocol round trips. Together with nxproxy, this setup performs well over low-bandwidth and high-latency links.
Typical setup:
remote clients

nxagent server side \
nxagent client side nxagent executable
nxproxy client /

Network

nxproxy server

local X server
On systems with a functional X11 implementation, nxproxy and nxagent are all that is needed to establish a connection with low-bandwidth requirements between a set of remote X clients and the local X server. SSH can be used to establish a secure tunnel between the hosts. NX 3 relies on SSH functionalities and existing open-source SSH software, making it possible to run contemporary Unix and Windows desktops and arbitrary network applications over the Internet in a secured and controlled way.
FreeNX and the various NX Clients are used for setup, handling suspend and resume, secure tunnelling over SSH, and printing and sound.

Other display protocols

All Enterprise versions of NoMachine's NX protocol allow client connections to hosts via Remote Desktop Protocol and remote Virtual Network Computing sessions, as well as XDM.

License

Prior to version 4.0, NoMachine released core NX technology under the GNU General Public License, and offered non-free commercial NX solutions, free client and server products for Linux and Solaris, and free client software for Microsoft Windows, Mac OS X and embedded systems.
On December 21, 2010, NoMachine announced that NX 4.0 would be closed-source.
Due to the free-software nature of older NX releases, the FreeNX project was started to provide wrapper scripts for the GPL NX libraries. FreeNX was developed and maintained by Fabian Franz, but has not announced a release since 2008.
2X Software has developed another commercial terminal server for Linux using the NX protocol.
On July 7, 2009, Google announced their open-source NX server, Neatx, as an internal project. The project had no releases and is not actively developed. Its source code is available under the GNU GPL v2 license.
X2Go is based on the 3.x NX libraries, but is not compatible with other implementations. The client and server are released under a combination of GNU GPLv2 or later, and GNU AGPLv3 or later.

Clients

The primary NX clients are the official freeware, NoMachine, and NoMachine Enterprise Client. Several open-source projects can also use the NX protocol.
An OS mature project was Lawrence Roufail's nxc client library, a full library which can be used for other clients to build upon. The nxrun application utilizes this library., the library does not allow suspending or resuming sessions, and uses only JPEG graphics compression.
The kNX project was a proof-of-concept application written by Joseph Wenninger, with plans for it to eventually become a complete NX client to show that an open-source client could be written. Its development was halted before it was completed. In late 2005, Fabian Franz and George Wright began modifying kNX to use the nxc library, but abandoned the project.
More recent open-source efforts include QtNX, which offers full suspend and resume. However, it has been reported as incompatible with the most recent NX libraries.
Nxcl, an update to nxclientlib, the core of QtNX, was completed by Seb James in September 2007, and works with version 3 of the NX core libraries. It also drops dependency on Qt, which prevented nxclientlib from becoming widely used as a cross-platform basis for NX client programs. nxcl provides a library that can be linked to a client program, and a self-contained NX client with a D-Bus API. It is available from the FreeNX Subversion server.
Other recent and actively maintained OSS NX clients include OpenNX, described as a "drop-in replacement for NoMachine's nxclient" with full suspend and resume.
Various open-source terminal server projects, such as X2Go, also use the NX protocol. However, X2Go is not compatible with other NX servers or clients.
Remmina, another recent GTK+ remote desktop client project, announced the ability to use the NX protocol in its release 0.8.

Previous X11 compression schemes