Accessing your remote desktop on Amazon's Elastic Compute Cloud via NoMachine

Start your journey to the next level of remote computing

By combining NoMachine software with the Amazon EC2 infrastructure, you can jumpstart your own remote access and desktop delivery solution for employees, partners and customers alike. Or if it's just for your own use, by installing NoMachine you can get remote access to your own personal desktop hosted in Amazon's cloud and get the same benefits as you would as if the physical hardware was really yours. Amazon Web Services (AWS) is Amazon.com's cloud-computing platform of which its Elastic Compute Cloud (EC2) forms a central part. EC2 provides resizable compute capacity in the cloud, suitable for any organization or individual which needs flexible cloud hosting services. Virtual hosts can be fired up on literally any OS, either as free "Instances" or as pay-for options depending on the HW capacity and what you consume. This particular tutorial will concentrate on the Linux desktop.

Logging in to Amazon AWS

• Go to the www.aws.amazon.com website and from the menu 'My Account' choose AWS Management Console (Fig. 1). Log in or create an account.

Fig. 1 - Go to www.aws.amazon.com

Choosing an Amazon machine image

• The first step to creating an Amazon virtual machine (VM) or virtual server on EC2 (an 'instance') is to select the Amazon Machine Image (AMI) that you want to use. See the following guide for more about Amazon instances: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EC2_GetStarted.html. This AMI can be a Windows, Linux or other OS image, and depending on the AMI you select will mean whether it's free or not. In the AWS Marketplace you can find VMs which were prepared by trusted OS vendors. Some of these are free, others charge a fee. By selecting a Community Amazon Machine Image, you can choose to create a free VM.
• Once logged in, you'll see the EC2 Dashboard. Any virtual machines that you create will be visible in this 'Instances' pane. Let's get started with our first instance!
• Click Launch Instance (Fig. 2).

Fig. 2 - Launch instance to start the VM creation procedure

• Choose an AMI. For this tutorial we'll search for RHEL 6 (Fig. 3) in the Community AMI group.
• Choose the appropriate OS image by clicking 'Select'.

Fig. 3 - Search for the desired OS and select from the AMI list

Choosing an instance type

• In Step 2 of the Amazon Wizard you will be asked to 'Choose any Instance Type'. This basically lets you change the hardware for your VM. Free tier options will be highlighted for you if they are available.
• Make your selection.
• Click the 'Review and Launch' button.

Fig. 4 - Select the hardware, and click 'Review and Launch'

• Follow steps 3-5 in Amazon's Launch Instance Wizard. Remember you can also refer to their Getting Started Guide: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EC2_GetStarted.html.
• Skipping any necessary configuration steps will prompt Amazon's wizard to warn you. For example, in final Step 7, clicking 'Launch', a message appears informing us that we should go back to 'Security Groups' and update our security group rules to allow access from known IP addresses only. From this panel we will also be able to open additional ports in our security group to facilitate access (Fig. 5). Go back and set them.

Fig. 5 - Skipping Step 6 will prompt a warning in Step 7 to update security group rules

Configuring the security group

• As mentioned, a good precautionary measure is to limit access to a specific group of IPs: Step 6 of the VM creation. Note that the AWS Dashboard will have 'Type' SSH set by default for Linux. This is to allow you to get secure access to the VM so that you can start to install and set up your VM. Once you've installed NoMachine, you'll be accessing the VM using NX. Let's add a new rule.
• Click 'Add Rule'.
• In 'Type', set Custom TCP Rule.
• Protocol should be set to TCP.
• Set Port Range to 4000 (the default port used by NoMachine).
• In 'Source' select Anywhere or Custom IP.

Fig. 6 - Configuring access rules ready for NoMachine

• Leaving 0.0.0.0/0 means that any computer can connect to your VM over the Internet. If you want to allow a specific set of IP addresses (for users who will be accessing from a fixed IP for example), insert them here.
• Click the 'Review and Launch' button.
• If you're happy with the settings, click 'Launch'.

Creating a key pair

• In Step 7 of the AWS procedure, a new window will appear where you must create or choose an existing key pair (Fig. 7). This is a necessary step in the set-up of your VM. Connecting to your VM via SSH will only be possible with this key pair in place.
• Select 'Create a new key pair'.
• Enter a name in the 'Key pair name' field, for example "MyKey".
• Click 'Download Key Pair' to save the private key to your computer. Remember where you saved this key. You will need it later.
• Click 'Launch Instances'.

Fig. 7 - Download the key pair

Checking the 'Instances' pane

• Your VM is almost ready. If you go to Dashboard and select 'Instances', you'll see that your VM is initializing (Fig. 8). Now you can give a name to your VM.
• Add a name for your VM by clicking 'Name'.
• Your VM is ready when you see a green dot in the Instance State column.

Fig. 8 - VM is initializing. Edit the VM name

Preparing the virtual machine

• A Virtual Instance on AWS is created without a GUI, so you will need to install a desktop environment such as GNOME or KDE, making sure that all fonts and libraries are installed as well. Then you can install NoMachine.
• To be able to do that we need to first access it using a SSH client. First, let's connect.
• Click 'Launch Instance' (the blue button in Fig. 8 above).
• Click the Connect button.
• A window will appear with the details of your VM. Make a note of this information. You will need it to connect to your VM via SSH.
• Select the 'A standalone SSH client' radio button.

TIP: This information is also required for the NoMachine User Interface. You can see in Fig. 10 how to connect via SSH to the VM by using username 'ec2-user' and the VM hostname ec2-54.194.185.70.eu-west-1.compute.amazonaws.com'. Alternatively you can use the VM's public IP, 54.194.185.70.

Fig. 9 - Details of the VM in order to 'Connect To Your Instance'

• Now open a terminal on your local computer.
• Move to the folder where the key you downloaded earlier is saved.
• Change your private key permissions (Fig. 10).

  chmod 400 MyKey.pem

• In the terminal, enter the information you noted earlier e.g.,

  ssh -i "MyKey.pem" ec2-user@ec2-54.194.185.70.eu-west-1.compute.amazonaws.com 

• Press Enter. Accept the RSA key fingerprint when prompted. You'll now be securely connected via SSH to the remote VM.

Fig. 10 - From a terminal on your local desktop, set the key permissions and then connect by SSH to your VM

Getting the VM desktop environment ready

• Now it's time to set it up with a graphical desktop environment, pre-requisite for NoMachine sessions. As mentioned earlier, we've selected Red Hat 6, so we need to make sure the latest Red Hat packages are installed with a full desktop environment.
• In a terminal on your local PC from where you are connected by SSH to your VM, do the following:

sudo yum update -y

sudo yum groupinstall -y "Desktop" 

TIP: The 'Desktop' command is specific to RH6 and changes according to the OS and version you are installing. For a list of what you can install run:

'yum grouplist'

• Close the SSH connection to your VM:

exit 

Installing NoMachine on VM running RHEL 6.0

• Now that the Red Hat desktop is prepared, it's ready for NoMachine to be installed.
• Download the NoMachine package suitable for your VM from our website https://www.nomachine.com/download and save it on your computer. Then transfer the NoMachine installation package to the VM by using scp. In our example, we executed in a terminal on the local computer:

scp -i "MyKey.pem" /home/nomachine/Pkg/nomachine_5.1.9_6_x86_64.rpm  ec2-username@machineIP:~

• Once the upload is complete, from the same terminal connect again by SSH to your VM:

ssh -i "MyKey.pem" ec2-user@ec2-54.194.185.70.eu-west-1.compute.amazonaws.com

• Install the package:

sudo yum install  nomachine_5.1.9_6_x86_64.rpm 

Fig. 11 - Install the NoMachine package once transferred to the remote VM

• Remember the SSH key you downloaded earlier? When Amazon created this private key, it also generated a public key on the server-side. This public key must be added to the NoMachine user's home to grant access via key-based authentication. For complete details check out the article about key-based authentication.
• In the same terminal from before, browse to the user's home directory.
• Check that ~/.nx/config directory exists. If it doesn't exist, create it.
• Copy the SSH key to the config directory and rename it to authorized.crt

    cp -p  .ssh/authorized_keys  ~/.nx/config/authorized.crt