Accessing your remote desktop on Amazon's Elastic Compute Cloud via NoMachine

By combining NoMachine software with the Amazon EC2 infrastructure, you can jumpstart your own remote access and desktop delivery solution for employees, partners and customers alike. Or if it's just for your own use, by installing NoMachine you can get remote access to your own personal desktop hosted in Amazon's cloud and get the same benefits as you would as if the physical hardware was really yours.

Amazon Web Services (AWS) is Amazon.com's cloud-computing platform of which its Elastic Compute Cloud (EC2) forms a central part. EC2 provides resizable compute capacity in the cloud, suitable for any organization or individual which needs flexible cloud hosting services. Virtual hosts can be fired up on literally any OS, either as free "Instances" or as pay-for options depending on the HW capacity and what you consume. This particular tutorial will concentrate on the Linux desktop.

Setting up a Linux desktop hosted on Amazon EC2

Amazon EC2 Linux instances do not come with a GUI, so by default, you need terminal access for all application configuration to get started. Most of the developers/sysadmins working with Linux prefer the command line over Graphical User Interface. But users who are new to Linux will feel more comfortable with a GUI for installing and managing their applications. We will show you how to configure a graphical user interface (GUI) for an Amazon EC2 Linux instance and then access that GUI using NoMachine.

We're going to install NoMachine (free version) on a virtual Linux host, and then access the desktop of this virtualized Linux OS. You can of course install any of the enterprise-oriented products as well. For this tutorial, we'll install Red Hat. NoMachine can be installed on literally any of the Linux flavors, though some of the steps might change depending on what you choose to use. To get started you're going to need SSH to let you remotely log in and administer the Linux VM. Once NoMachine is installed, you'll be able to access the remote desktop securely via NX.

Log in to Amazon AWS

Go to the www.aws.amazon.com website and from the menu 'My Account' choose AWS Management Console (Fig. 1). Log in or create an account.

Create a free account on www.aws.amazon.com

Fig. 1 - Go to www.aws.amazon.com

Choosing an Amazon machine image

The first step to creating an Amazon virtual machine (VM) or virtual server on EC2 (an 'instance') is to select the Amazon Machine Image (AMI) that you want to use. See the following guide for more about Amazon instances: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EC2_GetStarted.html.

This AMI can be a Windows, Linux or other OS image, and depending on the AMI you select will mean whether it's free or not. In the AWS Marketplace you can find VMs which were prepared by trusted OS vendors. Some of these are free, others charge a fee. By selecting a Community Amazon Machine Image, you can choose to create a free VM.

Once logged in, you'll see the EC2 Dashboard. Any virtual machines that you create will be visible in this 'Instances' pane. Let's get started with our first instance!

Click Launch Instance (Fig. 2).

Click Launch instance to start the VM creation procedure

Fig. 2 - Launch instance to start the VM creation procedure

Choose an AMI. For this tutorial we'll search for RHEL 6 (Fig. 3) in the Community AMI group.
Choose the appropriate OS image by clicking 'Select'.

Fig. 3 - Search for the desired OS and select from the AMI list

Choosing an instance type

In Step 2 of the Amazon Wizard you will be asked to 'Choose any Instance Type'. This basically lets you change the hardware for your VM. Free tier options will be highlighted for you if they are available.

Make your selection.
Click the 'Review and Launch' button.

Fig. 4 - Select the hardware, and click 'Review and Launch'

Follow steps 3-5 in Amazon's Launch Instance Wizard. Remember you can also refer to their Getting Started Guide: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EC2_GetStarted.html.

Skipping any necessary configuration steps will prompt Amazon's wizard to warn you. For example, in final Step 7, clicking 'Launch', a message appears informing us that we should go back to 'Security Groups' and update our security group rules to allow access from known IP addresses only. From this panel we will also be able to open additional ports in our security group to facilitate access (Fig. 5). Go back and set them.

Skipping Step 6 in Amazon's set up procedure will prompt a warning in Step 7 to update security group rules

Fig. 5 - Skipping Step 6 will prompt a warning in Step 7 to update security group rules

Configuring the security group

As mentioned, a good precautionary measure is to limit access to a specific group of IPs: Step 6 of the VM creation. Note that the AWS Dashboard will have 'Type' SSH set by default for Linux. This is to allow you to get secure access to the VM so that you can start to install and set up your VM. Once you've installed NoMachine, you'll be accessing the VM using NX. Let's add a new rule.

Click 'Add Rule'.
In 'Type', set Custom TCP Rule.
Protocol should be set to TCP.
Set Port Range to 4000 (the default port used by NoMachine).
In 'Source' select Anywhere or Custom IP.

Configure access rules for your Red Hat VM ready NoMachine to be installed

Fig. 6 - Configuring access rules ready for NoMachine

Leaving 0.0.0.0/0 means that any computer can connect to your VM over the Internet. If you want to allow a specific set of IP addresses (for users who will be accessing from a fixed IP for example), insert them here.

Click the 'Review and Launch' button.
If you're happy with the settings, click 'Launch'.

Creating a key pair

In Step 7 of the AWS procedure, a new window will appear where you must create or choose an existing key pair (Fig. 7). This is a necessary step in the set-up of your VM. Connecting to your VM via SSH will only be possible with this key pair in place.

Select 'Create a new key pair'.
Enter a name in the 'Key pair name' field, for example "MyKey".
Click 'Download Key Pair' to save the private key to your computer.

TIP: Remember where you saved this key. You will need it later.

Click 'Launch Instances'.

Download the key pair. You'll need this to authenticate later

Fig. 7 - Download the key pair

Checking the 'Instances' pane

Your VM is almost ready. If you go to Dashboard and select 'Instances', you'll see that your VM is initializing (Fig. 8). Now you can give a name to your VM.

Add a name for your VM by clicking 'Name'.
Your VM is ready when you see a green dot in the Instance State column.

Amazon's dashboard tells you the status of your VM. You can also edit the VM name. A green dot indicates it's running

Fig. 8 - VM is initializing. Edit the VM name

Preparing the virtual machine

A Virtual Instance on AWS is created without a GUI, so you will need to install a desktop environment such as GNOME or KDE, making sure that all fonts and libraries are installed as well. Then you can install NoMachine.

To be able to do that we need to first access it using a SSH client. First, let's connect.

Click 'Launch Instance' (the blue button in Fig. 8 above).
Click the Connect button.
A window will appear with the details of your VM. Make a note of this information. You will need it to connect to your VM via SSH.
Select the 'A standalone SSH client' radio button.

TIP: This information is also required for the NoMachine User Interface. You can see in Fig. 10 how to connect via SSH to the VM by using username 'ec2-user' and the VM hostname ec2-54.194.185.70.eu-west-1.compute.amazonaws.com'. Alternatively you can use the VM's public IP, 54.194.185.70.

Fig. 9 - Details of the VM in order to 'Connect To Your Instance'

Now open a terminal on your local computer.
Move to the folder where the key you downloaded earlier is saved.
Change your private key permissions (Fig. 10).

  chmod 400 MyKey.pem

In the terminal, enter the information you noted earlier e.g.,

  ssh -i "MyKey.pem" ec2-user@ec2-54.194.185.70.eu-west-1.compute.amazonaws.com

Press Enter. Accept the RSA key fingerprint when prompted. You'll now be securely connected via SSH to the remote VM.

Fig. 10 - From a terminal on your local desktop, set the key permissions and then connect by SSH to your VM

Getting the VM desktop environment ready

Now it's time to set it up with a graphical desktop environment, pre-requisite for NoMachine sessions. As mentioned earlier, we've selected Red Hat 6, so we need to make sure the latest Red Hat packages are installed with a full desktop environment.

In a terminal on your local PC from where you are connected by SSH to your VM, do the following:

```
sudo yum update -y
```
```
sudo yum groupinstall -y "Desktop" 
```

TIP: The 'Desktop' command is specific to RH6 and changes according to the OS and version you are installing. For a list of what you can install run

'yum grouplist'

Close the SSH connection to your VM:
```
exit 
```

Installing NoMachine on VM running RHEL 6.0

Now that the Red Hat desktop is prepared, it's ready for NoMachine to be installed.

Download the NoMachine package suitable for your VM from our website https://www.nomachine.com/download and save it on your computer. Then transfer the NoMachine installation package to the VM by using scp. In our example, we executed in a terminal on the local computer:

scp -i "MyKey.pem" /home/nomachine/Pkg/nomachine_5.1.9_6_x86_64.rpm  ec2-username@machineIP:~

Once the upload is complete, from the same terminal connect again by SSH to your VM:

ssh -i "MyKey.pem" ec2-user@ec2-54.194.185.70.eu-west-1.compute.amazonaws.com

install the package:

sudo yum install  nomachine_5.1.9_6_x86_64.rpm

Install the NoMachine package once you have transferred it to the remote VM

Fig. 11 - Install the NoMachine package once transferred to the remote VM

Remember the SSH key you downloaded earlier? When Amazon created this private key, it also generated a public key on the server-side. This public key must be added to the NoMachine user's home to grant access via key-based authentication. For complete details check out the article about key-based authentication.

In the same terminal from before, browse to the user's home directory.
Check that ~/.nx/config directory exists. If it doesn't exist, create it.
Copy the SSH key to the config directory and rename it to authorized.crt

    cp -p  .ssh/authorized_keys  ~/.nx/config/authorized.crt

Connecting to your desktop via NoMachine

You're almost done! If you haven't done so already, you need to install NoMachine on the computer or device you would like to connect from. Setting up your first connection is easy since NoMachine takes you through the steps. You will need to the key which Amazon generated for your VM earlier on. You will import this in to the session configuration.

Go to the device you want to connect from.
Install NoMachine for the OS running on it.
Open the NoMachine User Interface and click 'Add'.
Enter the name of the host or its public IP that Amazon allocated for you when you created your VM in ‘Machine address’(See Fig. 12).
Select 'Use key-based authentication with a key you provide' (Fig. 13).
Click 'Modify'.

Open the NoMachine Player GUI to start a connection

Fig. 12 - Enter the name of the host or its public IP that Amazon allocated for you

Fig. 13 - Select key-based authentication in 'Configuration' and click 'Modify'

Fig. 14 - Browse to the folder where you saved the key

Browse to the folder where you downloaded Amazon's key and select it (Fig. 14).
Click the arrow button to save your session and go back to the 'Add connection' panel.
Click 'Connect'.

Alternatively, you can connect from the 'Machines' panel. Your configured connection will be stored there as you can see below.

Connections will appear in the 'Recent connections' list

Fig. 15 - Connections will appear in the 'Machines' list

Click on the 'Connect' icon.

Fig. 16 - Accept the host fingerprint

Accept when prompted with 'Verify host authenticity'.
Enter the Username which Amazon allocated you (Fig. 17).
Click 'Login'.

Fig. 17 - Enter your username

That's it. You're in!

Fig. 18 - Enjoy your remote desktop session

NoMachine Support

Your questions answered