Connecting to remote desktops and servers is extremely common in business environments, and the technologies to do so have expanded across multiple OSes to deliver remote services to Windows, Linux and macOS computers.
One technology that fits this mold is Virtual Network Computing (VNC), which provides users with graphical desktop access by transmitting keyboard and mouse input across the network to a remote device. VNC relies on a client-server model, where the local system provides the client-side keyboard and mouse input and the server is the remote device receiving the input via the network. VNC uses the Remote Frame Buffer network protocol.
Enterprise environments use VNC in various use cases, including the following:
Technical support and troubleshooting.
Collaborative work.
Application training.
Server management and configuration.
Remote access from outside the network perimeter.
Apple integrates a built-in VNC application with macOS -- it's enabled out of the box and requires little to no additional effort.
While SSH is a common remote access method, especially for administrators who are comfortable working at the command line, VNC is more user-friendly, enabling desktop, application, and settings access for collaboration and troubleshooting.
2 VNC client options
Enterprise organizations supporting macOS systems have two viable options for VNC connectivity. The first is the built-in macOS VNC client-server software. This ready-to-use option offers quick connectivity with minimal configuration. The second choice is third-party VNC software, which requires additional administrative effort to deploy and configure but may come with more extensive features. Both are viable choices.
IT should keep in mind that VNC is a different remote access technology from Secure Shell (SSH). MacOS also supports SSH and offers different configuration options. While SSH is a common remote access method, especially for administrators who are comfortable working at the command line, VNC is more user-friendly, enabling desktop, application, and settings access for collaboration and troubleshooting.
Built-in macOS VNC
The VNC software baked into macOS provides basic remote connectivity with little configuration, making it an excellent choice for general use. Setup options are straightforward, enabling organizations of any size to quickly implement it for remote support of macOS systems.
The benefits of the built-in macOS VNC software include the following:
No additional software is needed; it works out of the box.
There are options for Mac-to-Mac or Mac-to-other connectivity -- Linux, Windows, etc.
Connection menus are integrated with Finder, enabling simple menu options and the Command+K keyboard shortcut (Figure 1).
Figure 1. The Connect to Server dialog box enables admins to input an exact server address.
However, Apple is not in the business of developing VNC software, so some third-party vendors offer stronger and more flexible features. These may be particularly useful in enterprise environments.
Third-party VNC for Macs
Various third-party providers offer VNC software with additional features, including security and performance enhancements.
Potential third-party VNC software benefits include the following:
File sharing.
Session recording.
Multimonitor support.
SSH tunneling.
Increased performance based on additional configuration options.
Enhanced encryption and other security settings.
While the exact feature list varies by product, it's clear that third-party offerings have the potential to provide more comprehensive connections. However, your organization may need to pay for that software, manage its configuration and deploy it to remote systems, all of which can be costly and time-consuming.
Configuring macOS VNC clients
The macOS VNC software provides numerous configuration options, enabling users to control remote access to their systems. Whether Remote Management is enabled depends on which macOS version is in use and any custom security settings that are already in place. It's safest to assume the service is disabled.
Begin by opening Settings, browsing to General and then selecting the Remote Management node. The toggle switch indicates whether VNC connectivity is enabled.
Select the Information icon -- represented by a lowercase "i" character with a circle around it. It provides access to the various settings. The first available selection toggles Remote Management on or off.
The second pane toggles a menu bar status icon, whether anyone may request screen control and whether screen control is password-protected. It also offers a place to set the password (Figure 2).
Figure 2. The VNC password within macOS Remote Management restricts access.
The next pane defines who is allowed access. The default is All users, but admins can select specific local users for more granular control (Figure 3).
Figure 3. The approved users list can use VNC to access the specific desktop.
Select the Options button to gain specific control over exactly what remote users can do on the system. This pane is where most of the security settings and user access control resides. Options include the following:
Observe.
Control.
Generate reports.
Open and quit applications.
Change settings.
Delete and replace items.
Start text chat or send messages.
Restart and shutdown.
Copy items.
These settings are critical to security, so consider them carefully. Remember that remote technical support personnel are able to access macOS systems that host confidential resources, such as accounting, personal or proprietary data.
Consider the following two use case examples for combining these settings:
Basic technical support. Grant Observe and Start text chat or send messages privileges. This configuration allows the support team to connect to the system and walk the user through troubleshooting and remediation steps. The local user retains complete control.
Advanced trusted technical support. Grant Observe, Control, Open and quit applications, Change settings, and Restart and shutdown, enabling the support team to manage system settings. Do not grant Delete and replace items or Copy items, which affect data.
Set these options on a per-user basis. The Remote Management window also contains a help link, which provides additional details on the configuration settings.
Establishing a remote connection with VNC
To establish a remote connection, select the Go menu from the taskbar, and choose Connect to Server. Admins can also use the Command+K keyboard shortcut to open the selection window.
Manually enter an IP address or remote system name in the connection window, and then click Connect. The system prompts you if the remote computer requires a password to establish a connection. Admins can also add or remove servers that you connect to regularly.
Finally, the Browse button enables admins to search the network for available systems if the target computer's network identity is unknown. You can also define the sharing type and virtual display information (Figure 4).
Figure 4. Use Connect to Server to browse for available systems and then define connection attributes.
This provides remote access to the server within its defined security restrictions.
Many third-party VNC offerings provide similar levels of control. They may be more comprehensive, with connection encryption options, group delegations and automation capabilities. Still, the basic Apple settings easily manage remote support teams.
Troubleshooting issues with macOS VNC
Troubleshooting connections using the default macOS VNC application consists mostly of verifying basic settings and options. There could also be confusion over account settings, such as which accounts are allowed to connect and with what passwords or if the Remote Management service is disabled.
Check the following items in the order shown to troubleshoot VNC issues:
Confirm Remote Management is enabled.
Confirm the user account has been granted access.
Confirm the user is entering the correct password.
Check basic network connection information, including IP addresses and name resolution.
Confirm firewall configurations -- VNC uses TCP port 5900 by default.
Be sure to keep in mind the specific roles of VNC devices while troubleshooting:
Client. Device where user input occurs. often referred to as viewer in VNC terminology.
Server. Device receiving user input from across the network.
Being conscious of these two roles helps admins visualize the connection, aiding in troubleshooting.
Use a port scanner, such as Nmap or Angry IP Scanner, to check for remote systems that allow VNC connections.
Damon Garn owns Cogspinner Coaction and provides freelance IT writing and editing services. He has written multiple CompTIA study guides, including the Linux+, Cloud Essentials+ and Server+ guides, and contributes extensively to Informa TechTarget, The New Stack and CompTIA Blogs.
Dig Deeper on Virtual and remote desktop strategies
