NoMachine Support

Your questions answered

Knowledge Base

Searching in: Articles & FAQs
Filter the search results
Applies to:
Last update:
Searching in: Articles & FAQs
ID: AR11K00745
Applies to: NoMachine Software
Added on: 2013-11-14
Last update: 2016-11-07
A brief description of the NX protocol in version 4 or later

NoMachine (from version 4 and later) redesigns and extends the NX protocol used in version 3 to work as a generic transport layer for the suite of protocols used by various components. The redesign was carried out with the important constraint of being compatible with version 3 servers and clients, to facilitate the transition from the old version to the new. In version 4 client applications can connect using the SSH protocol, with the same authentication mechanisms of the version 3, or by using the new SSL-enabled nxd daemon. Once the secure connection is established, clients can negotiate a desktop session, by means of a text protocol compatible with the one used in version 3, or request one of the various NoMachine sub-systems, such as the file synchronization service, software updates, directory services, voice and video messaging and clustering. Each sub-system protocol is also text based, with commands constituted by comma separated tuples. NoMachine plans to document the sub-system protocols as they mature, so that developers and integrators can extend the functionality of the system by creating scripts or writing their own plugins.

When connecting different hosts across the network, the NX protocol works as a generic tunnel, with additional framing and flow control information used to dynamically adapt compression and bandwidth in real-time, according to the network conditions. To preserve compatibility, multiplexing is based on the same version 3 schema. NX 4 adds new channel types to handle additional services such as the new file-system redirection, new printing system, virtual network interfaces, smart-cards and USB devices. Most NoMachine components, including the agent program impersonating the desktop session on the server, embed so called "slave servers". These are light-weight servers providing IPC and automation services which can be used to create additional channels, under the control of the client and the server.

Applications can still request channels to carry data using the NX X Window protocol compression (including the multi-codec functionality offered by the packed image format as in version 3), but version 4 nodes and clients add new channel types for display and audio and only use the old X11 channels as place-holders for the remote display session. The new display and audio channels use a binary protocol for efficiency. The protocol allows for multiple codecs in the same stream. The NX protocol is not dependent on the codec used. Currently, the display channels support data in H.264, VP8 and JPEG format with additional primitives used to implement special encoding operations besides the standard image and video streams. Due to the licensing restrictions affecting H.264, NoMachine can't ship a H.264 codec in the free versions. Nonetheless, NoMachine tries to find if a H.264 encoder or decoder is installed as part of the operating system and if available, uses it as an alternative. Enterprise versions include a H.264 software encoder modified to provide the best results in the remote desktop use case. This software encoder is based on the popular open-source x264 encoder. Users can download the software and compile it themselves by following the instruction provided in the package, or they can purchase a binary package from NoMachine at a nominal cost just covering the MPEG license and the cost of distribution. Audio is currently encoded using the Opus format. The Vorbis format is used as a fallback in case any of the audio peers doesn't support Opus. Voice (microphone input) is encoded using the Speex codec.

Once the user session has been negotiated between the client and the server, NX data can travel on TCP and UDP streams, even at the same time. The client and server select dynamically what transport to use, based on the type of data and the network conditions. If communication over UDP is enabled, client and server can automatically instruct the router to open the necessary ports. UDP uses symmetric Blowfish encryption. Host interface and port, as well as the Blowfish encryption key, are negotiated using the secure TCP link. UDP communication is disabled when using SSH tunneling, so that all data goes through the same SSH link. This is to better adapt to locked down network environments and to offer a fully compatible behavior with the NX protocol in version 3.

The display protocol uses a combination of video and image encoding, based on standard codecs and a number of techniques developed by NoMachine. The user selects the target image quality, then NoMachine, based on a number of parameters like the encoding and decoding time, current frame-rate, network latency and available bandwidth, adapts the frame-rate and quality in real-time  to match the target quality requested by the user. Compression can be lossless or lossy, with progressive refinement handled automatically, based on the activity detected on screen. Besides the obvious techniques used to reduce the delay and improve the encoding speed, NoMachine monitors the content of the display and the user activity to adapt quality and buffering to the displayed application. In this way NoMachine can automatically adapt to widely different use-cases and scenarios, like browsing the Internet, playing a game or watching a movie, during the same user session, by always offering the best experience given the hardware and network environment. A variation of the same protocol is used to display sessions over HTTPS in a standard Web browser. Supported browsers span from IE6 to the latest HTML5-enabled versions,  with automatic fallbacks, in the case some features are not supported, and basically no requirement on the client side.

In the last 10 years all desktop environments have advanced to become more multimedia enabled and more graphically compelling. These advances have come together with a progressive increase of the hardware requirements, so much that none of the today's desktop environments in any of the mainstream operating systems can run without the assistance of a good graphic card and hardware accelerated graphics. NX version 4 is designed to offer the best performance in these contemporary environments, but as these desktop environments do, it generally requires more bandwidth and computing resources compared to the old version 3. While this is not a major concern in a Windows and Mac virtual desktop infrastructure, where there is normally only a single user session running on each physical or virtual workstation, this can become a real problem on a Linux terminal server, where tens or hundreds of user sessions are intended to run at any given time. To help the NX 3 users to migrate to the new version by at the same time preserving their software and hardware investment, NoMachine Workstation and all Terminal Server products are configured by default to run Linux sessions in X11 vector graphics mode (previously known as “lightweight” mode). In X11 vector graphics mode, the expensive video encoding operations are disabled and the display output is encoded in a similar way as in version 3, by only compressing the X-Window protocol. X11 vector graphics mode can greatly reduce the bandwidth usage and the hardware requirements on both the client and the server, anyway X11 vector graphics is not really effective with desktops using direct rendering and HW accelerated graphics.