Fewer and fewer DBAs are working in front of the console of the servers hosting their Oracle databases. It is common now to see database servers or data centers located in separate geographical areas from DBAs. For example, a database server might be hosted somewhere in New York City while the DBA is in Orlando enjoying the sunny weather.

DBAs can now easily access database servers remotely by using their preferred protocols, such as telnet, rsh, rlogin, and ssh; and by using the various tools on the market today. Some of those tools are freely available for download, particularly PuTTY and Virtual Network Computing (VNC).

Software such as PuTTY, described in Chapter 1, allows you to remotely access a server via telnet or ssh from a Windows client. PuTTY allows you to configure proxy settings and ssh port tunneling, as well as to save configurations so that you don’t have to type everything each time you have to connect to the same database server.

In most cases, accessing a database server in a command-line mode via PuTTY is all you need. However, you may sometimes need to access a database server in a way that lets you run GUI-based software. For example, you may need to run Oracle’s Database Configuration Assistant (DBCA) to create an Oracle database or run some other X Window System–based software. In this situation, VNC comes in handy.

VNC is a thin-client product of RealVNC, which is based in Cambridge, United Kingdom. VNC allows you to access the database server in a graphical way. This feature is useful for DBAs because Oracle requires an X server to display its Java-based screens for Oracle database installation, creation, and configuration; and also for Oracle listener setup. In other words, you can run the same GUI-based applications on your local VNC-client computer that you can actually run on the console of the database server.

To run VNC, you need two components: the server and viewer, as shown in Figure 16-1. The VNC Server component runs on the computer you want to monitor, and the VNC Viewer component runs on the computer from which you want to monitor the remote server. Both components have to be installed before you can initiate a VNC session. VNC runs on most OSs, including UNIX (such as Solaris), Linux, Windows, and Mac OS.

Aside from routing the output to the VNC Server, you can also route the display to other X servers that are available on the market today, such as Cygwin/X, Reflections X, and Hummingbird. However, we recommend VNC because it is freely available and is usually included by default in most Linux distributions, such as Red Hat Enterprise Linux, Novell SUSE Linux Enterprise, Oracle Enterprise Linux (OEL), and Oracle Solaris. VNC also has rich features, such as 2048-bit RSA server authentication, 128-bit or 256-bit AES session encryption, HTTP proxy, file transfer, desktop scaling, and screen sharing.

In this chapter, you will learn where to download the VNC software, how to install and configure the VNC Server on your remote Linux/Solaris database server and the VNC Viewer on your client computer, how to share and secure your VNC connection, how to configure proxy server, and how to troubleshoot VNC issues.

As you put into practice what you have read in this chapter, such as using the VNC software to access and manage your remote Linux/Solaris database server from anywhere and at any time, you will learn to appreciate the benefits provided to you as the DBA: flexibility, convenience, better collaboration with your team members, data security, and potential cost savings to your company.

16-1. Downloading the VNC Software

Problem

You want to download the VNC software to allow you to manage and display the console of your remote Linux/Solaris database server from your client computer. You want to work in an X Window System environment instead of a command-line prompt.

Solution

You need two components to run VNC: the VNC Server running on your remote Linux/Solaris database server and the VNC Viewer on your client computer. Perform the following steps to download the VNC software for the two computers:

1. Go to https://www.realvnc.com/download/vnc/ and click the Download button that corresponds to the OS and processor type of your system, as well as the type of compressed file you want to download.

    Note  To determine the processor type of your Linux system to see whether you have x86, x64, or ia64, issue the Linux command uname -p or uname -a. For a Solaris system, run the OS command isainfo -vk.

2. On the next screen, check the box that says “I have read and accept these terms and conditions” after you review the VNC end user license agreement.
3. Click the Download button and save the file to a specific directory.

How It Works

For VNC to work, you have to download and install the VNC Server on your remote Linux/Solaris database server and the VNC Viewer on your client computer. You have three different VNC editions to choose from: the Free Edition, Personal Edition, or Enterprise Edition. The Free Edition is best for individual private use, the Personal Edition is ideally suited for small-scale commercial use, and the Enterprise Edition is recommended for medium or large-scale commercial use.

By default, the Free Edition is included in most Linux distributions, such as Red Hat, SUSE, Oracle Enterprise Linux and Oracle Solaris. However, the Personal Edition and Enterprise Edition have some advantages over the Free Edition, such as encryption, authentication, and proxy server features. If you want to take advantage of these features, download the Enterprise Edition and replace the Free Edition, which is usually included as a package on your Linux distribution. Note that the Enterprise Edition and Personal Edition require a license key before you can start the VNC Server.

16-2. Installing the VNC Software

Problem

You want to install the VNC Server on your remote Linux/Solaris database server and the VNC Viewer on your Windows client computer, on which you want to manage and access your remote Linux/Solaris database server.

Solution

For VNC to work, you have to install the VNC Server on your remote Linux/Solaris database server and the VNC Viewer on your client computer. You can choose to install the VNC Server Enterprise Edition or Free Edition on your server.

First, extract the packages. Here the VNC-Server-5.2.3-Solaris-x64.pkg and VNC-Viewer-5.2.3-Solaris-x64.pkg are being extracted.

root@BLSOL1:~/Downloads# tar -xzvf VNC-5.2.3-Solaris-x64-PKG.tar.gz
x VNC-Server-5.2.3-Solaris-x64.pkg, 39088640 bytes, 76345 tape blocks
x VNC-Viewer-5.2.3-Solaris-x64.pkg, 8895488 bytes, 17374 tape blocks

To install, you must log on as root and then run the pkgadd command:

root@BLSOL1:~/Downloads# /usr/sbin/pkgadd -d VNC-Server-5.2.3-Solaris-x64.pkg

The following packages are available:
  1  RVNCsrv     VNC Server for Solaris
                 (i386) 5.2.3.8648

Select package(s) you wish to process (or ’all’ to process
all packages). (default: all) [?,??,q]: all

Processing package instance <RVNCsrv> from </root/Downloads/VNC-Server-5.2.3-Solaris-x64.pkg>

VNC Server for Solaris(i386) 5.2.3.8648
Copyright (C) 2002-2015 RealVNC Ltd.  All rights reserved.
Using </> as the package base directory.
## Processing package information.
## Processing system information.
   14 package pathnames are already properly installed.
## Verifying disk space requirements.
## Checking for conflicts with packages already installed.
## Checking for setuid/setgid programs.

The following files are being installed with setuid and/or setgid
permissions:
  /usr/local/bin/Xvnc <setuid root>
  /usr/local/bin/vncserver-x11 <setuid root>

Do you want to install these as setuid/setgid files [y,n,?,q] y

This package contains scripts which will be executed with super-user
permission during the process of installing this package.

Do you want to continue with the installation of <RVNCsrv> [y,n,?] y

Installing VNC Server for Solaris as <RVNCsrv>

## Installing part 1 of 1.
/usr/lib/cups/backend/vnc
/usr/local/bin/Xvnc
/usr/local/bin/Xvnc-core
/usr/local/bin/vncinitconfig
/usr/local/bin/vnclicense
/usr/local/bin/vnclicensehelper
/usr/local/bin/vnclicensewiz
/usr/local/bin/vncpasswd
/usr/local/bin/vncpipehelper
/usr/local/bin/vncserver-virtual
/usr/local/bin/vncserver-virtuald
/usr/local/bin/vncserver-x11
/usr/local/bin/vncserver-x11-core
/usr/local/bin/vncserver-x11-serviced
/usr/local/bin/vncserverui
/usr/local/lib/vnc/get_primary_ip4
/usr/local/lib/vnc/vncelevate
/usr/local/man/man1/Xvnc.1
/usr/local/man/man1/vncinitconfig.1
/usr/local/man/man1/vnclicense.1
/usr/local/man/man1/vncpasswd.1
/usr/local/man/man1/vncserver-virtual.1
/usr/local/man/man1/vncserver-virtuald.1
/usr/local/man/man1/vncserver-x11-serviced.1
/usr/local/man/man1/vncserver-x11.1
/usr/share/vnc/fonts/6x13-ISO8859-1.pcf.gz
/usr/share/vnc/fonts/cursor.pcf.gz
/usr/share/vnc/fonts/fonts.alias
/usr/share/vnc/fonts/fonts.dir
/usr/share/vnc/rgb.txt
[ verifying class <server> ]
/etc/gconf/schemas/realvnc.schemas
/usr/share/applications/realvnc-vnclicensehelper.desktop
/usr/share/applications/realvnc-vnclicensewiz.desktop
/usr/share/applications/realvnc-vncserver-x11.desktop
/usr/share/icons/hicolor/48x48/apps/vnclicensewiz48x48.png
/usr/share/icons/hicolor/48x48/apps/vncserver48x48.png
/usr/share/icons/hicolor/48x48/mimetypes/application-vnclicense-key.png <symbolic link>
/usr/share/mime/packages/realvnc-vnclicensehelper.xml
[ verifying class <desktop> ]
/usr/local/doc/RVNCsvr/LICENSE_en.txt
/usr/local/doc/RVNCsvr/README
[ verifying class <doc> ]
## Executing postinstall script.
Checking for xauth... /usr/openwin/bin
WARNING: /usr/openwin/bin/xauth is not on your path.
CUPS installation not found at /opt/sfw/cups/lib/cups.
Please install CUPS from the Solaris Companion CD, then run
  vncinitconfig -enable-print
Updating /etc/pam.d/vncserver
Updating /etc/pam.conf... done
Looking for font path... /usr/X11/lib/X11/fonts/misc/:unscaled,/usr/X11/lib/X11/fonts/100dpi/:unscaled,/usr/X11/lib/X11/fonts/75dpi/:unscaled,/usr/X11/lib/X11/fonts/misc/,/usr/X11/lib/X11/fonts/Type1/,/usr/X11/lib/X11/fonts/100dpi/,/usr/X11/lib/X11/fonts/75dpi/,/usr/X11/lib/X11/fonts/TrueType/,/usr/X11/lib/X11/fonts/Type1/sun/,/usr/X11/lib/X11/fonts/F3bitmaps/ (from /etc/X11/xorg.conf).
Generating private key...done
Installed SMF manifest for VNC X11 Service-mode daemon
Start or stop the service with:
  svcadm (enable|disable) application/vncserver-x11-serviced

Installed SMF manifest for VNC Virtual-mode daemon
Start or stop the service with:
  svcadm (enable|disable) application/vncserver-virtuald

Installation of <RVNCsrv> was successful.

To install the VNC Viewer on your Windows client computer, you must log on as the administrator and double-click the file VNC-5.2.3-Windows.exe. Just accept the default installation directory, C:Program FilesRealVNCVNC Viewer, and ensure that you select at least the VNC Viewer as one of the components to install.

How It Works

To manage and access your remote Linux/Solaris database server from your Windows client computer using the VNC software, you must install the VNC Server on your remote Linux/Solaris database server and the VNC Viewer on your Windows client computer. However, you can install the VNC Server and VNC Viewer on both computers, so you can also manage and access other servers from your Linux/Solaris database server.

16-3. Manually Starting and Stopping the VNC Server

Problem

You want to manually start and stop the VNC Server on your remote Linux/Solaris database server.

Solution

To manually start the VNC Server on your Linux/Solaris database server, type vncserver and a port number where you want the VNC Server to be listening. The port number is optional, and the default value is 1. The following example shows the VNC Server being started in its default configuration:

# vncserver

This next example shows how to specify a port number. It starts the VNC Server to listen at port number 7:

# vncserver :7

To manually stop the VNC Server on your Linux/Solaris database server, run the Linux command vncserver -kill and provide the same port number you used when starting the VNC Server. Here’s an example:

# vncserver -kill :7

How It Works

You start the VNC Server on your remote Linux/Solaris database server by running vncserver and a port number. Like the other Linux/Solaris daemons—such as httpd, which usually listens on port number 80, and sshd, which usually listens on 22—the VNC Server listens on port number 5901 by default. If you include a port number when running vncserver, the actual port number is plus 5900. For example, if you run vncserver :7, the VNC Server listens on port number 5907.

The first time you run VNC server Enterprise Edition on your Linux server, you must issue the command vnclicense -add <license key> to install the license key. However, the license key is not required if you are using the VNC Free Edition. For example, to add the license key, use this:

# /usr/bin/vnclicense -add FR464-RHDJ6-6WNF4-A4NB2-HR2YA

For security reasons, you shouldn’t run the VNC Server under a privileged user, such as root or oracle (in other words, the Oracle RDBMS software owner). If you run the VNC Server as root, any remote VNC user will have root privileges after they are connected to your Linux/Solaris server, and that is a security risk. Instead, you should create a new Linux/Solaris user and launch the VNC Server from that account. After remote users are connected to the server, they can su to root or oracle to perform any necessary administrative tasks.

In the following example, the groupadd command creates a new group called vncuser; the useradd command creates a new user called vncuser, and the -g option associates this user to the group vncuser. The passwd command prompts you to assign a new password for OS user vncuser:

# groupadd vncuser
# useradd vncuser -g vncuser
# passwd vncuser

The first time you launch vncserver for a particular OS user, you will be prompted for a password; and the relevant VNC files, such as the security key or the private.key file, will be created in the .vnc directory under the home directory of that OS user. In the example shown here, the su command makes vncuser the current OS user, and the ls -al $HOME/.vnc command displays the files in the .vnc directory under the home directory of OS username vncuser:

# su - vncuser

$ ls -al $HOME/.vnc
total 28
drwxrwxr-x  2 vncuser vncuser 4096 Apr 27 01:58 .
drwx------ 29 vncuser vncuser 4096 Apr 27 02:00 ..
-rw-rw-r--  1 vncuser vncuser 5258 Apr 27 01:59 ol6-121-rac1.localdomain:9.log
-rw-rw-r--  1 vncuser vncuser    6 Apr 27 01:58 ol6-121-rac1.localdomain:9.pid
-rw-------  1 vncuser vncuser    8 Apr 27 01:56 passwd
-rwxr-xr-x  1 vncuser vncuser  654 Apr 27 01:58 xstartup

Subsequent restarts of the VNC Server won’t ask you to set the password and won’t regenerate the secure key. However, you can run the Linux/Solaris command vncpasswd to change the VNC Server password for an OS user, as shown here:

$ /usr/bin/vncpasswd
Password:
Verify:

In case you forget the port number on which the VNC Server is listening, you can run the Linux command ps -ef. The following example illustrates this. In the results, Xvnc :9 indicates that the VNC Server is listening on port number 5909:

$ ps -ef | grep Xvnc
vncuser  10065     1  0 01:58 ?        00:00:01 /usr/bin/Xvnc :9 -desktop ol6-121-rac1.localdomain:9 (vncuser) -auth /home/vncuser/.Xauthority -geometry 1024x768 -rfbwait 30000 -rfbauth /home/vncuser/.vnc/passwd -rfbport 5909 -fp catalogue:/etc/X11/fontpath.d -pn
vncuser  11062 10784  0 02:02 pts/0    00:00:00 grep Xvnc

16-4. Automatically Starting the VNC Server on Linux

Problem

You want the VNC Server to automatically start when your Linux database server is rebooted.

Solution

Perform the following steps to ensure that the VNC Server will automatically start when your Linux database server is rebooted:

1. Modify the /etc/sysconfig/vncservers file and insert the line VNCSERVERS="<port#>:<OS_user>". In the example, the VNC Server is owned by vncuser to listen on port number 5909:

   # cat /etc/sysconfig/vncservers
   VNCSERVERS="9:vncuser"

2. Check the existence of the file /etc/init.d/vncserver. If it is not available, create the file and insert the following lines:

   #!/bin/bash
   #
   # chkconfig: - 91 35
   # description: Starts and stops vncserver. 
   #              used to provide remote X administration services.
   
   # Source function library.
   . /etc/init.d/functions
   
   # Source networking configuration.
   . /etc/sysconfig/network
   
   # Check that networking is up.
   [ ${NETWORKING} = "no" ] && exit 0
   unset VNCSERVERARGS
   VNCSERVERS=“”
   [ -f /etc/sysconfig/vncservers ] && . /etc/sysconfig/vncservers
   
   prog=$"VNC server"
   
   start() {
       echo -n $"Starting $prog: "
       ulimit -S -c 0 >/dev/null 2>&1
       RETVAL=0
       if [ ! -d /tmp/.X11-unix ]
       then
           mkdir -m 1777 /tmp/.X11-unix || :
           restorecon /tmp/.X11-unix 2>/dev/null || :
       fi
       NOSERV=1
       for display in ${VNCSERVERS}
       do
           NOSERV=
           echo -n "${display} "
           unset BASH_ENV ENV
           DISP="${display%%:*}"
           export USER="${display##*:}"
           export VNCUSERARGS="${VNCSERVERARGS[${DISP}]}"
           runuser -l ${USER} -c "cd ~${USER} && [ -f .vnc/passwd ] && " || 
                                       "vncserver :${DISP} ${VNCUSERARGS}"
           RETVAL=$?
           [ "$RETVAL" -ne 0 ] && break
       done
       if test -n "$NOSERV"; then echo -n "no displays configured "; fi
       [ "$RETVAL" -eq 0 ] && success $"vncserver startup" || 
           failure $"vncserver start"
       echo
       [ "$RETVAL" -eq 0 ] && touch /var/lock/subsys/vncserver
   }
   
   stop() {
       echo -n $"Shutting down $prog: "
       for display in ${VNCSERVERS}
       do
           echo -n "${display} "
           unset BASH_ENV ENV
           export USER="${display##*:}"
           runuser ${USER} -c "vncserver -kill :${display%%:*}" >/dev/null 2>&1
       done
       RETVAL=$?
       [ "$RETVAL" -eq 0 ] && success $"vncserver shutdown" || 
           failure $"vncserver shutdown"
       echo
       [ "$RETVAL" -eq 0 ] && rm -f /var/lock/subsys/vncserver
   }
   
   # See how we were called.
   case "$1" in
     start)
           start
           ;;
     stop)
           stop
           ;;
     restart|reload)
           stop
           sleep 3
           start
           ;;
     condrestart)
           if [ -f /var/lock/subsys/vncserver ]; then
               stop
               sleep 3
               start
           fi
           ;;
     status)
           status Xvnc
           ;;
     *)
           echo $"Usage: $0 {start|stop|restart|condrestart|status}"
           exit 1
   esac

3. Ensure that /etc/init.d/vncserver has an execute permission:

   # ls -l /etc/init.d/vncserver
   -rw-r--r--. 1 root root 3236 Apr 29  2013 /etc/init.d/vncserver
   # chmod a+x /etc/init.d/vncserver
   # ls -l /etc/init.d/vncserver
   -rwxr-xr-x. 1 root root 3236 Apr 29  2013 /etc/init.d/vncserver

4. Create a softlink in /etc/rc.d/rc3.d and /etc/rc.d/rc5.d:

   # ln -s /etc/init.d/vncserver /etc/rc.d/rc5.d/S91vncserver
   # ls -l /etc/rc.d/rc5.d/S91vncserver
   lrwxrwxrwx 1 root root 21 Apr 27 01:46 /etc/rc.d/rc5.d/S91vncserver -> /etc/init.d/vncserver
   # ln -s /etc/init.d/vncserver /etc/rc.d/rc3.d/S91vncserver
   # ls -l /etc/rc.d/rc3.d/S91vncserver
   lrwxrwxrwx 1 root root 21 Apr 27 01:49 /etc/rc.d/rc3.d/S91vncserver -> /etc/init.d/vncserver

5. Enable the VNC service using the chkconfig command:

   # chkconfig --level 35 vncserver on
   # chkconfig --list | grep vnc
   vncserver       0:off   1:off   2:off   3:on   4:off   5:on    6:off

6. If possible, log on as root and issue the Linux command reboot to manually restart your Linux database server. Otherwise, you can manually restart the VNC service by executing the Linux command /sbin/service vncserver restart.
7. Issue the Linux command ps -ef | grep Xvnc to verify whether the VNC Server started automatically after the reboot. The following is an example. In the results, the VNC Server is listening on port number 9 running under Linux user vncuser:

   $ ps -ef | grep Xvnc
   vncuser  10065     1  0 01:58 ?        00:00:01 /usr/bin/Xvnc :9 -desktop ol6-121-rac1.localdomain:9 (vncuser) -auth /home/vncuser/.Xauthority -geometry 1024x768 -rfbwait 30000 -rfbauth /home/vncuser/.vnc/passwd -rfbport 5909 -fp catalogue:/etc/X11/fontpath.d -pn
   vncuser  11752 10784  0 02:10 pts/0    00:00:00 grep Xvnc

How It Works

In some environments in which VNC is heavily used, you may want to automate the restart of the VNC Server. If the VNC service is enabled at the OS level, one of the files that will be executed during the system startup is /etc/init.d/vncserver. That script in turn reads the file /etc/ sysconfig/vncservers, which contains the OS user under which the VNC Server will run and the port number on which the VNC Server will listen.

16-5. Automatically Starting the VNC Server on Solaris

Problem

You want the VNC Server to automatically start when the Solaris database server is rebooted.

Solution

Perform the following steps to ensure that the VNC Server will automatically start when your Solaris database server is rebooted:

1. Log on as root user to the Solaris server on which you want the VNC Server to run.
2. Make sure to enable the Xvnc inetd services.

   # svcadm enable xvnc-inetd

3. Modify the /etc/services and add the following line if it is not existing yet, as shown here. In this example, the VNC Server will listen on port 5901:

   vnc-server   5901/tcp

4. Run the inetadm command, as shown here:

   inetadm -m svc:/application/x11/xvnc-inetd:default exec="/usr/bin/Xvnc \
        -geometry 1024x768 -inetd -query localhost -once securitytypes=none" user="vncuser"

5. Finally, restart the xvnc-inetd:

   svcadm restart xvnc-inetd

How It Works

When a user connects to the Solaris server via the VNC client, the inetadm command allows the inetd to spawn a new VNC instance as the OS user vncuser. The VNC client session should connect to the port defined in the /etc/services as vnc-server. In the previous example, the VNC Server is listening on port 5901.

16-6. Starting the VNC Viewer

Problem

You want to start the VNC Viewer on your client machine, which is either your Windows computer or another Linux server. From that client, you want to manage and access your remote Linux/Solaris database server.

Solution

To start the VNC Viewer on a Windows computer, run the program C:Program FilesRealVNCVNC Viewervncviewer.exe or navigate to that program by selecting Start All Programs RealVNC VNC Viewer Run VNC Viewer. A connection details dialog box will display, as shown in Figure 16-2.

In the connection details dialog box, provide the hostname or IP address of your remote Linux/Solaris database server, as well as the port number on which the VNC Server is listening. Click the OK button to confirm.

To start the VNC Viewer on your Linux/Solaris server, run the OS command /usr/bin/vncviewer as follows (assuming port number 1):

$ /usr/bin/vncviewer BLSOL:1

You will be prompted for a username and password, as shown in Figure 16-3. Depending on the security settings in the VNC Server, you may be prompted only for a password.

After your username and password are successfully verified, the screen of your remote Linux/Solaris database server is displayed, as shown in Figure 16-4. You can now start to access and manage your remote Linux/Solaris database server as if you were in front of the console.

If you don’t have the VNC Viewer installed on your client computer and you have a Java-enabled web browser, you can open the URL http://<host>:<port>, where <host> is the hostname or IP address of the VNC Server, and <port> is the port number on which the VNC Server is listening minus 100. For instance, if the IP address of the VNC Server is 192.168.2.41, and the Server is listening on port number 5901, the URL will be http://192.168.2.41:5801.

How It Works

Before you can run the VNC Viewer on your client computer, you have to ensure that the VNC Server is running on your remote Linux/Solaris database server and listening on a specific port number. For details on how to install and start the VNC Server, review the first five recipes in this chapter.

However, if the VNC Viewer is not installed on your client computer, such as a computer in an Internet café or in an airport, you can use the VNC Viewer for Java using a Java–enabled web browser. It provides great flexibility because you are no longer confined to working in your office to perform DBA tasks. (Work from your local café instead!) But ensure that your VNC connection is secured, which you will learn more about in recipe 16-7.

If you have the VNC Server Enterprise Edition running on your remote Linux/Solaris database server, you can’t use the VNC Viewer Free Edition because of its security limitations. Instead, you must use the VNC Viewer Personal Edition or Enterprise Edition.

16-7. Securing a VNC Connection

Problem

You want to secure your VNC connection and you want to have a good authentication method when users access the remote Linux/Solaris database server from your client computer using the VNC Viewer.

Solution

To enhance a user’s authentication and the security of your VNC connection, set the following parameters when launching the VNC Server:

• SecurityTypes: Sets the security method to employ. Valid values are None, VncAuth, RA2, and RA2ne.
• UserPasswdVerifier: Sets the method to authenticate the users. Valid values are None, VncAuth, and UnixAuth.

You can pass these parameters when manually starting your VNC Server. Here’s an example:

$ /usr/local/bin/vncserver :9 -SecurityTypes=RA2 -UserPasswdVerifier=UnixAuth

You can also configure the parameters to take effect when the VNC Server is automatically started during the reboot of your remote Linux database server, as discussed in recipe 16-4. To that end, add the following lines to your /etc/sysconfig/vncservers file:

VNCSERVERS="9:vncuser"
VNCSERVERARGS[9]="-SecurityTypes=RA2 -UserPasswdVerifier=UnixAuth"

The first argument you are passing in VNCSERVERARGS corresponds to the port number on which the VNC Server is listening. In this example, the port number is 9.

How It Works

We recommend that you use the latest version of the VNC Server Enterprise Edition because it employs 2048–bit RSA server authentication and 128–bit AES session encryption. If you use the VNC Server Free Edition, be aware that no security feature is available. However, you have to purchase a license key for the VNC Server Enterprise Edition.

As a security measure, don’t run the VNC Server as root because you don’t want to allow users to have root access privilege after they connect to the server. Create another OS user with minimal privileges and run the VNC Server under that new Linux user (see recipe 16-3 for details). After remote users are connected to the server, they can su to oracle to perform any needed DBA tasks.

To encrypt a VNC connection in the VNC Server Enterprise Edition, set the SecurityTypes parameter to RA2 or RA2ne. RA2ne means that the authentication credentials will be encrypted, but subsequent connections are not. For the VNC Server Free Edition, set the SecurityTypes parameter to VncAuth.

For VNC Server Enterprise Edition, set the UserPasswdVerifier to UnixAuth instead of VncAuth. That way, the OS user’s password is managed at the OS level, which requires less maintenance because you don’t have to maintain two passwords: one in the VNC and the other at the OS level.

Don’t set SecurityTypes or UserPasswdVerifier to None because you are then allowing any users to access the VNC Server without providing a password. It is like having no locks on your front door at home.

16-8. Accessing VNC via a Proxy Server

Problem

You want to use VNC to access a remote Linux/Solaris database server that is outside your company’s network, and all your Internet connections pass through a proxy server.

Solution

Perform the following steps to configure the proxy settings in your VNC Viewer:

1. Start the VNC Viewer (for details on starting the VNC Viewer, see recipe 16-6).
2. Provide the appropriate hostname or IP address of the remote Linux/Solaris database server, as well as the corresponding port number where the VNC Server is listening, as shown in Figure 16-5.

   

   Figure 16-5. VNC Viewer connection details

3. Click the Options button and then the Connection tab. The VNC Viewer properties dialog box will appear, as shown in Figure 16-6.

   

   Figure 16-6. VNC proxy server configuration

4. In the Proxies section, select the Use These Proxy Settings radio button, and provide the appropriate hostname or IP address of the corresponding proxy server, the port number where the proxy server is listening, and the proxy type. If you have already configured a proxy setting in Microsoft Internet Explorer, select Use Microsoft Internet Explorer Proxy Settings instead.
5. Click the OK button.
6. Click the Connect button.

How It Works

For security and performance reasons, the Internet connections of most companies that go outside their network pass through a proxy server. These servers are common for IT shops in which the DBAs access the servers of their clients or at their home while working from their office. For details about the hostname or IP address of your proxy server, its port number, and the proxy type, contact your company’s system or network administrators.

To configure the proxy server setting using the VNC Viewer, you must download and use the Personal Edition or Enterprise Edition because the proxy server feature is not available in the Free Edition. The proxy server is a new feature included in VNC Viewer version 4.4, which was released in May 2008. Prior to version 4.4, you could configure SSH tunneling and the proxy server using PuTTY, as explained in recipe 1-1.

16-9. Running X Applications with VNC

Problem

You want to run an X application at your remote Linux/Solaris database server, such as the Oracle DBCA, to create the Oracle database from your client computer.

Solution

First, you have to run the VNC Viewer at your client computer. (For details on how to run the VNC Viewer, review recipe 16-6.) In the VNC Viewer, open a terminal window and log on to the OS user who will be the owner of the Oracle database:

$ xhost localhost
localhost being added to access control list
$ su - oracle
Password:
$ dbca

You will see a screen similar to Figure 16-7.

How It Works

Once the VNC Viewer display is available on your client machine, and you have access to the mouse and keyboard, you can then run any X application, such as Oracle’s DBCA. Any X application that you run will look and feel just as if you were running it on the console of your remote Linux/Solaris database server.

16-10. Troubleshooting VNC

Problem

You can’t access the remote Linux/Solaris database server. You are having problems running the VNC Server or the VNC Viewer.

Solution

When troubleshooting VNC, you may have to check the areas described in the following sections to narrow down the cause of the problem.

VNC Server

Check that the VNC Server is running on your remote Linux/Solaris database server and is listening at the port number on which you are trying to connect. If the VNC Server does not run at all, check the parameters you are passing to the server. Check for errors such as spelling mistakes or invalid parameter values. If possible, try running the VNC Server without any parameters except for the port number and then add your parameters one at a time until you determine the culprit parameter.

You can check the log file at $HOME/.vnc/<hostname>:<port#>.log, where $HOME is the home directory of the Linux user under which the VNC Server is running, <hostname> corresponds to the hostname of the VNC Server, and <port#> represents the port on which the VNC Server is listening.

By default, the log parameter of the VNC Server is set to *:stderr:30. To configure the VNC Server log file, specify the VNC parameter -log <logname>:<dest>:<level>, where <logname> is the name of the log writer, <dest> is either stderr or stdout, and <level> ranges from 0 to 100. To gather extra details in the VNC Server log file, set <level> to 100. For example, the following command starts the VNC Server to listen on port 9 and logs extra details in the standard error file:

vncserver :9 -log *:stderr:100

You should display the VNC Server log file while you monitor incoming VNC connections. Use the tail command with the -f option for that purpose, as shown in this example:

bslopuz@BLSOL1:~$ tail -f /export/home/bslopuz/.vnc/BLSOL1:9.log
<14> 2015-04-27T12:18:44.206Z BLSOL1 Xvnc[22368]: SModulePrint: set printer DELL2155-BAA060-IPv4_via_VNC_from_BLOPUZ-CA as default 1
<15> 2015-04-27T12:18:44.206Z BLSOL1 Xvnc[22368]: SystemPrinterMgr: created socket:/tmp/.vnc-bslopuz/print.0x5760_0x2dcc53fe
<15> 2015-04-27T12:18:44.206Z BLSOL1 Xvnc[22368]: PrintDownloader: removeFinishedPrintShare() - removing share 768365566
<15> 2015-04-27T12:18:44.206Z BLSOL1 Xvnc[22368]: FTMsgWriter: Local releasing 768365566
<15> 2015-04-27T12:18:44.207Z BLSOL1 Xvnc[22368]: PrintDownloader: startDownloading()
<15> 2015-04-27T12:18:44.207Z BLSOL1 Xvnc[22368]: PrintDownloader: startDownloading() - nothing to download
<15> 2015-04-27T12:18:44.207Z BLSOL1 Xvnc[22368]: PrintStream: destroy (1561cd0)
<15> 2015-04-27T12:18:44.207Z BLSOL1 Xvnc[22368]: PrintDownloader: Deleted stream 1561cd0
<14> 2015-04-27T12:18:44.207Z BLSOL1 Xvnc[22368]: SConnectionST: Encodings TRLE(15) CopyRect(1) Hextile(5) JRLE(22) JPEG(21) ZRLE(16) Zlib(6) RRE(2) Raw(0) CursorWithAlpha(-311) Cursor(-239) DesktopSize(-223)
<14> 2015-04-27T12:18:44.207Z BLSOL1 Xvnc[22368]: SConnectionST: Current encoding TRLE

VNC Viewer

To avoid any compatibility issues, ensure that the version of the VNC Viewer you use on the client computer matches the version of the VNC Server on the remote Linux/Solaris database server. For example, if the VNC Server is Enterprise Edition version 5, use VNC Viewer Enterprise Edition version 5 on the client computer.

If you still have issues with the VNC Viewer on the client computer, connect to the VNC Server using your Internet browser. Most of today’s Internet browsers support Java applets, enabling you to connect. For additional information on how to start the VNC Viewer, review recipe 16-5.

Connectivity

Verify that you can connect from your client computer to your remote Linux/Solaris database server, and vice versa. Run the ping command from the OS command prompt of your client computer. In the following example, the IP address of the remote Linux/Solaris database server is 192.168.2.41, and the client computer’s IP address is 192.168.2.181:

C:>ipconfig

Windows IP Configuration

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . : home
   IPv4 Address. . . . . . . . . . . : 192.168.2.181
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.2.1

Ethernet adapter VirtualBox Host-Only Network:

   Connection-specific DNS Suffix  . :
   IPv4 Address. . . . . . . . . . . : 192.168.56.1
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . :

C:>ping BLSOL1

Pinging BLSOL1 [192.168.2.41] with 32 bytes of data:
Reply from 192.168.2.41: bytes=32 time<1ms TTL=255
Reply from 192.168.2.41: bytes=32 time<1ms TTL=255
Reply from 192.168.2.41: bytes=32 time<1ms TTL=255
Reply from 192.168.2.41: bytes=32 time<1ms TTL=255

Ping statistics for 192.168.2.41:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms

Also, perform your tests the other way around. Try to ping the client computer from the remote Linux/Solaris database server. Here’s an example:

root@BLSOL1:~# uname -a
SunOS BLSOL1 5.11 11.2 i86pc i386 i86pc
root@BLSOL1:~# traceroute 192.168.2.181
traceroute: Warning: Multiple interfaces found; using 192.168.2.41 @ net1
traceroute to 192.168.2.181 (192.168.2.181), 30 hops max, 40 byte packets
 1  192.168.2.181 (192.168.2.181)  0.196 ms *  0.224 ms
root@BLSOL1:~# ping 192.168.2.181
192.168.2.181 is alive

If you fail to make a connection using the ping command, verify that you are using the correct hostname or IP address for the VNC Server and also verify the correct port number on which the VNC Server is supposed to listen. Check for a firewall that may be blocking your connections to the remote Linux/Solaris database server from the client computer, and vice versa. If you have to connect to the remote Linux/Solaris database server through a proxy server, you have to set up your proxy server configuration. (Configuring for a proxy server is discussed in recipe 16-8.)

How It Works

For the VNC software to work, you need the three components to function properly: the VNC Server listening at the remote Linux/Solaris database server, the VNC Viewer running at the client computer, and connectivity between the two computers. First, you have to identify the problematic area and start troubleshooting from there.

For the VNC Server, review the first five recipes in this chapter to ensure that it is installed correctly and is listening on the designated port number on your remote Linux/Solaris database server. You can also monitor the messages generated in the VNC Server log file while connections are coming to the VNC Server.

On the client computer, you have to check that the VNC Viewer is running. If the VNC Viewer is not available or not running correctly, you should connect using your Java–capable Internet browser to ensure that you are using the same versions between the VNC Server and the VNC Viewer.

Last but not least, you can use the ping command to verify connectivity between the remote Linux/Solaris database server and the client computer. If you still can’t connect, contact your system or network administrators to help you troubleshoot the connectivity issue between the remote Linux/Solaris database server and your client computer.