JPJ8;D@E X2Go

J\im\i$YXj\[Zfdglk`e^n`k_k_\]i\\O)>fk\id`eXcj\im\i JK8P@E>K?@E

The open source X2Go project is rapidly approaching version 3, which adds features such as new clients and seamless windows.

BY HEINZ-M. GRAESING, MARKUS FEILNER JXe[iX:lee`e^_XdX#=fkfc`X

2Go [1] is a free, fast, and flexi- next user. If A then inserts his smartcard ble terminal server for any client into the reader on any other machine, leisure time developing a free terminal Othat supports modern authenti- the server immediately offers him the server that supported laptops and arbi- cation technologies, such as card read- interrupted session. trary clients, in contrast to Sun’s model. ers, USB tokens, centralized user man- Of course, Linux users were very Thanks to an intelligent combination of agement via LDAP, and authentication much interested in tools integrated in the KDE system man- a similar all-round agement system. system that, in The X2Go project was inspired by the contrast to Sun Sun Ray product line [2], which has im- Ray, did not rely pressed thin client fans since 2006. The on special hard- second Sun Ray release included lean ware, and it was devices that lets users log on using a just a question of smartcard to work on a centralized ter- time until the minal server [3] [4]. open source com- In addition to the multimedia extras munity delivered and security features integrated into the the goods. Sun Ray products, a session manage- Oleksandr Sh- ment system, dubbed “Hot Desktop neyder and Heinz Mobility” or “Hot Desking” by Sun, was Gräsing, system probably the sexiest feature. administrators When user A removes his chip card with the City of from the internal card reader, the soft- Treuchtlingen, =`^li\(1O)>flj\ijZXecf^fen`k_XjdXikZXi[#LJ9jk`Zb#fi ware automatically interrupts the ses- Germany, spent gXjjnfi[%K_\[\m\cfg\ijZi\Xk\[ZXi[jn`k_dXkZ_`e^`dX^\j]ifd sion, freeing up the thin client for the much of their k_\B;<lj\idXeX^\i]fik_\[\dfm\ij`fe%

66 ISSUE 98 JANUARY 2009

066-069_x2go.indd 66 13.11.2008 15:46:02 Uhr X2Go JPJ8;D@E

=`^li\)1N_\ecf^^`e^fen`k_k_\O)>fZc`\ek#k_\lj\iZXe j\c\Zkn_\k_\ikfcXleZ_XC`elo[\jbkfg#jlZ_XjB;<fi>efd\# =`^li\+1K_\i\Z\ekcpi\c\Xj\[>kbZc`\ekcffbjm\ipj`d`cXikfk_\Hk fialjkcXleZ_Xggc`ZXk`fej\dY\[[\[`ek_\cfZXc\em`ifed\ek% m\ij`feYlkn`ccilefe>efd\%

GPL’d software and their own develop- nux4Paraguay in Paraguay, as well as in vice for individual X2Go modules that ments, the team came up with a con- many German schools (see the “Linux4- will allow users to access files, sound, vincing answer: X2Go. Afrika and X2Go” box). applications, or the complete desktop of a Linux machine over the Internet. @ek\^iXk\[Kffcj 9iXe[E\n1M\ij`fe* As the X2Go developers revealed at The developers integrated tools such as Version 3 will probably be available for Ubuconf, they envisage a kind of private PXE boot and Debootstrap [5], NoMa- production use by the time this issue hits cloud computing dubbed Pccloud some chine’s free NX libraries [6][7], and tools the newsstands. The project is Debian time in the future; the cloud would use like FUSE [8] and SSHFS [9] with desk- oriented, so the X2Go developers are profile data to synchronize the session top utilities and extensions for Gnome waiting for the stable version of Lenny with the individual environment, includ- and KDE. PAM libraries add smartcard before they go stable. ing applications and data from online support and USB stick-based authentica- Four new features on the list outshine storage. tion to X2Go (Figure 1). the numerous bug fixes and detail im- An X2Go USB stick is also planned as Thanks to the NX server’s ability to provements: Besides Windows, Mac OS a portable Windows application. suspend and resume sessions, version 2 X, and Linux, they now have a mobile X2Go seeks to create an open – but was the first to support Sun Ray-style client for the open source Maemo [11] complete – terminal server environment, sign-on. platform for Nokia phones and the long- which explains the many software addi- anticipated Gtk client, including Gnome tions to the distribution. Additions in- Nfic[KiXm\c\i integration. The fourth addition is the clude mechanisms for distributing the X2Go is now deployed on the clients and ability for users to run individual appli- client filesystem via PXE boot, a login servers developed for Linux4Afrika [10] cations without a desktop (Figure 2), manager, administrative plugins for the in Tanzania and Mozambique and Li- just as on Citrix. KDE control center, and tools. NX com- Although the Qt client pression methods allow for sessions over supports all the new low-bandwidth links. functions, the develop- ers are still smoothing :fdgc\k\cpFg\eJfliZ\ off some rough edges. X2Go is not compatible with LTSP or For example, the newly NX, but goes its own way. The project implemented USB au- wants to avoid the need to integrate ap- thentication is not quite plications for file or media shares in the finished. If you need server and client; thus, it relies on solu- this, you might want to tions such as FUSE and SSHFS, which wait until the developers are both maintained by other parties. All have completed security the components are open source, and features like time- the full source code is available for stamps, client IDs, and download from the project’s homepage. changing tokens before The three X2Go clients differ only =`^li\*1O)>fi\Z\ekcpi\c\Xj\[Xk\id`eXcZc`\ek]fik_\ you update. slightly with respect to functionality, al- DX\dfgcXk]fidlj\[Ypk_\Efb`XE..'&/''Xe[E/(' The next item on the though they rely on different libraries. jdXikg_fe\j% to-do list is a web ser- The Qt 4 client in Figure 3 runs on

JANUARY 2009 ISSUE 98 67

066-069_x2go.indd 67 13.11.2008 15:46:04 Uhr JPJ8;D@E X2Go

Linux, Windows, Mac OS SSHFS for file trans- (or better) that supports OpenPGP card X, and Maemo, and – just fers, relying on the [12]. like its new Gtk counterpart packages maintained (Figure 4) – either as a full- by the distribution O)>fJ\im\i screen display manager in for this. A range of variants of the X2Go server the style of XDM or as a =`^li\,1@]k_\lj\i`jefkX X2Go uses Udev to component are available; the basic ver- standalone application. In d\dY\if]k_\O)>f^iflg# support local mass sion takes less than 10 minutes to install both cases, administrators k_\Zc`\ekn`cc`jjl\Xd\jjX^\ storage devices, such and is perfectly okay for test purposes either can allow individual ZfeZ\ie`e^k_\ `eZfii\Zk Zfe$ as CD-ROMs, and au- and for most private desktops. It in- configurations or tell X2Go ]`^liXk`fef]k_\jl[fjpjk\d% tomatically connects cludes secure remote access, shares, and to use a central LDAP them to the server. sound output and does not rely on an server. For computers that do not have a hard- LDAP installation [13][14]. All graphical clients follow the same ware key to eject media, the desktop Admins prepared to invest more time usability concept (see Figures 2--4). The displays an icon that forwards the com- in installing X2Go will be rewarded with widget set used here was dubbed Card- mands to the client; this feature is im- multiserver capabilities and central man- view and uses a business card-style ap- portant for Mac clients. agement for settings, users, and groups proach. While a session is running, users can via LDAP using Luma [15], for example. Sessions, users, and configurations are share additional directories (Figure 5). If you need to support thin clients that configurable via drop-down lists and X2Go automatically adds them to the use PXE to boot individual images, there pop-ups in this view, without the need desktop like statically configured filesys- is no alternative to setting up a directory to switch to an admin tool. However, if tem shares and adds entries for un- service. X2Go does not require individ- an LDAP server is used to manage user mounting to the drop-down menu. ual schemas but will integrate with exist- and configuration data, a client-side con- Besides simple username and pass- ing configurations. Centralized manage- figuration is not needed; the tool simply word-based logins, X2Go also supports ment of active sessions is supported by a shows a list of users allowed to log on Sun-style flexible sessions to go, includ- PostgreSQL database; a central instance from the current system. ing smartcard or USB stick-based au- is sufficient for multiple X2Go servers on thentication. However, there is no alter- a network. N`e[fnjXe[:C@ native to a crypto filesystem on the USB Sudo helps admins specify which user The X2Go client can be configured via a stick; otherwise, users that gain access groups are permitted to log on to the simple desktop program that is reminis- to a lost stick could simply read the ID X2Go service. Because during the instal- cent of a physical terminal server client. number. lation phase the visudo-based configura- Again access to a central LDAP directory Admins in professional environments tion is difficult for newcomers, the new is possible, and on top of this, users can will probably want to opt for the security client version now checks to see whether access other servers and resize and hide of a smartcard instead, the advantage the user is a member of the required the window during use. The third option being that the smartcard calculates the group and, if not, displays matching is a flexible command-line client, x2go- ID rather than storing it. error messages (Figure 5). client-cli, which is best suited for launch- Cherry keyboards with integrated card ing from other programs. readers are a good choice of hardware, 8[d`eKffcj In contrast, the new Gtk client is de- as are attractively priced devices by Tow- Besides the server and client, X2Go signed for Gnome and Linux users who itoko, or any other Class 1 card reader offers graphical administrative tools, want to avoid Qt-based programs and KDE. It was implemented natively and Linux4Afrika and X2Go does completely without Qt dependen- In Spring 2008, the Linux4Afrika [10] proj- course, deployment in this kind of envi- cies. Officially, this client was still under ect, by the Freiburg, Germany-based NGO ronment necessitates operations in a het- development when this issue went to FreiOSS.net, moved from Edubuntu to erogeneous operating system landscape. press, although no bugs are currently X2Go. Hans-Peter Merkel, one of the proj- For this reason, the developers are cur- known. ect’s leaders explains the move: rently working hard on integrating Win- “The new X2Go version of the Linux4- dows clients. JJ?=J#EO#Xe[CfZXc Afrika sample server has put the associa- “With most of our users preferring the D\[`X tion in a position to support networks Gnome desktop, Heinz Gräsing’s team Client programs are not restricted to con- larger than the typical classroom solution. responded quickly to requests and imple- necting to the graphical display on the LDAP integration is a very good solution mented modifications for local device for extending our project from schools to support in Gnome. X2Go server but can also connect the universities. Additional authentication local filesystem with the server and redi- “The latest offshoot of the Linux4Afrika tasks occur here in daily operations. Physi- rect the server’s sound output to the cli- project in South America, Linux4Para- cal Linux clients can now log on to the guay, will be the first to benefit from X2Go ent machine. Linux4Afrika LDAP server; packages from technology. At the end of 2008, Mozam- The SSH port 22 and the X2Go tunnel the standard repository allow for this with bique and Ethiopia will be the first to re- are all it takes to access the server. But in just a few configuration changes. Of ceive the new sample solution.” contrast to NoMachine, the project uses

68 ISSUE 98 JANUARY 2009

066-069_x2go.indd 68 13.11.2008 15:46:04 Uhr X2Go JPJ8;D@E

which integrate with the KDE control The developers still refer to X2Go as a switched from Edubuntu to X2Go. Also, center. Modules for daily use are avail- leisure-time project, even though it has X2Go is interesting for anyone wanting able for user, group, and device manage- an impressive feature scope and refer- to give multiple users access to a single ment, along with session control and ences. Resources are limited; the team system, if bandwidth is insufficient for configuration modules for X2Go itself. focuses on programming, which explains VNC, or if you need file shares and Directly linked to this is a separate, the fairly sparse information on the web- audio forwarding on top. rich text-capable pushmail system (x2go- site. Fortunately, members of the Linux4- R-zwo-R in Rohrdorf, Germany [16], mail), a front end for Samba administra- Afrika project have started publishing in- offers service-level agreements for any- tion, and a front end to manage desktop stallation HOWTOs and problem-solving one interested in running X2Go in an en- sharing. Simultaneous use of a single guides online. terprise environment: A major part of session allows multiple users to work Currently, the Windows client installa- the revenue generated from support goes collaboratively with a single application. tion routine in X2Go version 3 will not directly to X2Go. The developers deliber- Administrators will also appreciate the run on Vista; some manual file copying ately avoided a dual license. ability to monitor user activities in sup- is required. The Mac variant has a prob- For comparison’s sake, Sun charges port cases (Figure 6). lem with the version of X11 included EUR$ 90 per user and more than EUR$ As an added goody, the KDE control with OS X, and USB authentication is 200 for each hardware-based Sun Ray center modules also can be used to man- not finished. Add to this the known is- client. age an LDAP server. Because the user sues with the NX libraries on FreeNX An ISO image of the Live CD is now and group management features support and OpenNX and their X.org code com- available [17]. p convenient live searches and have auto- ponents, which prevent integration with complete functionality, the tools are use- the Debian repositories. INFO ful for larger numbers of users. Adminis- [1] X2Go: trators can search for sessions on all C`^_kXkk_\fkffcj[fZbfekfk_\ZfekifcZ\ek\i%8[d`e`jkiXkfijZXelj\k_\ id=8454 Jpjk\d8[d`e`jkiXk`fesO)>fJ\jj`feDXeX^\d\ekkffckfdXeX^\XZk`m\j\jj`fej%

JANUARY 2009 ISSUE 98 69

066-069_x2go.indd 69 13.11.2008 15:46:05 Uhr