X compression techniques (was Re: VNC server based on kdrive using damage extension?)

Kurt Pfeifle kpfeifle@danka.de
Fri, 20 Feb 2004 21:40:09 +0100 

Jim Gettys wrote:

> Yes, NX looks very interesting.
> 
> SSH by itself makes a big difference, and I understand that NX goes
> well beyond that. I'll try to somehow dig up the time somewhere.
> Our paper shows that there is a tremendous lot to be gained
> by various bandwidth and latency fixes.
> 
> The performance issue will primarily come to the fore in environments
> like LTSP, where scaling on servers is an issue (how many people
> you can support on a single box).

I've seen at one time 107 concurrent user sessions on one box (dual
2.6 GHz P1V CPU, 4 GByte of RAM), where each user ran a KDE desktop
with KMail, Konqueror and OpenOffice open, and yet they all had still
quite responsive systems. IIRC it was a 10 MBit wire (where only a
smaller part of the users were on switches, the rest on hubs) and the
most used segment of the net showed only about 40-50% saturation.

It looks like a bandwidth of 20 - 40 kBit/sec, RAM of ~40 MByte and
CPU of 50 MHz per user is enough to easily serve a 100-head group of
users.

> NX, or SSH, for an individual
> user talking to a single machine I'm sure presents little issue.

Oh, it is. At least for me. My company sends me sometimes to customers
around the country, to support them onsite. My evenings in the hotel
rooms have become much more pleasant since the time that I can simply
use an ISDN dial-in line to access my workstation in our main office.
At one time, I was even connecting through a 9600 Baud GSM modem link
and it still somehow worked (slightly better than VNC does inside our
LAN).

> But on a single box with 100 users, it is something to worry about,
> I would guess.
> 

With a 100 MBit, the wire's bandwidth definitely isn't the bottleneck
any more, if users are doing just office tasks. (I don't know what
happens if they all are starting to listen to their favourite MP3
pieces. Yes, NX is able to tunnel sound through its link  -- but I
am not particularly interested in that, so I haven't played with it.

> *The* big issue right now about X and network transparency over
> any network is the security and authentication piece; 

I feel it is handled well currently. I can run all traffic through
SSL encryption. There is no such thing as an additional "NX" daemon
running. All connections go to the server's (server is here in the
sense where the application runs) SSH daemon. Once connected there
the NX server process is started and the NX connection establishes
itself through the tunnel.

NX security regarding external blackhats is the same as SSH security
for that box.

> without
> handling that, we don't have a long term viable solution.
> 
>                                - Jim

Cheers,
Kurt