Your desktop on Google Cloud Platform

VNC on Google Compute Engine instances

Having servers on the cloud is great: you can access them from anywhere and at anytime! You can easily ssh into your server and do whatever you want, right?

Well, what if you want to browse the web? I want to use Chrome! Or you could use Lynx … but I’ve heard it’s not CSS3 compatible. This is a little tutorial that will take you through all the steps to have GUI access to a Google Compute Engine instance.

Important: if you start an instance you’ll be charged per minute. Go to the end of this post to see how to stop it and get $300 in credits!

Update: My next post will discuss how to make this connection secure by using VNC over VPN.

Creating a new project

Visit the developers console, log in, and create a project if needed clicking on the Create Project button. Navigate the left menu to list the VM instances running on your project: Compute > Compute Engine > VM instances. If it’s the first time you do this for this project it might take a bit longer, since it’s setting some stuff up, don’t worry this happens only once.

Creating a new instance

Click on the Create Instance button to access the instance creation form. Choose a name for your instance. Any instance type and linux distribution would work, but if you want to go with something safe choose n1-standard-1 with backports-debian-7-wheezy-v20150423.

Choose a zone close to you to have the best latency in your connection.

If you’d like to use Windows the instances already come with support for RDP (Remote Desktop Protocol) so you don’t need any extra steps.

Installing a VNC server

Once your instance is running you can SSH directly into it by simply clicking the SSH button. This also handles the authentication for you, really handy!

Once connected let’s update our sources list and install some extra packages:

$ sudo apt-get update
$ sudo apt-get install tightvncserver

Before we continue configuring the VNC server that will allow us to access our instance through a desktop environment we should install one. You can install your favorite one:

a) If you like Gnome and are not in a hurry:

$ sudo apt-get install aptitude tasksel
$ sudo tasksel install gnome-desktop --new-install

Gnome is beautiful … and heavy! So be patient while everything gets installed, two to five minutes is completely normal.

b) If you prefer something faster to install you might like Xfce:

$ sudo apt-get install xfce4 xfce4-goodies

Setting up the VNC server

Now that our instance has a desktop environment let’s make it accessible via VNC. Start the vncserver, and follow the directions to create a password

$ vncserver

Note: this password will grant access to your instance, so make it strong.

If everything went fine your VNC server is now running and listening on port 5901. You can verify this with netcat from the Google Compute Engine instance:

$ nc localhost 5901
RFB 003.008

Installing a VNC client

There’s many options available, my favorite one is RealVNC Viewer. Install one but don’t try to connect to your server just yet: it will fail as the firewall rules don’t allow it.

Opening the firewall

In order to communicate with our instance we need its external IP. You can find it on the Developers Console.

Find your external IP, it should look something like this.

Let’s try to connect to it using netcat again:

$ nc 104.197.91.140 5901
alternatively you can use telnet
$ telnet 104.197.91.140 5901

Regardless of the tool you use the connection will fail, this is expected as the firewall rules block all communications by default for security reasons.
Let’s fix that.

Navigate to the configuration for the default network “Compute > Compute Engine > Network” and then click on default. Or you could also click here and choose your project.

We’re going to add a new firewall rule, pressing the corresponding button.

Choose a descriptive name for the rule.

We will allow traffic coming from any source, which is why we use 0.0.0.0/0, the IP mask equivalent to a wildcard.

The traffic will be on the port 5901 for protocol TCP and going to instances tagged as vnc-server.

The last step is to tag our instance as a vnc-server, for that go back to the VM description page and click on “add tags”

Connecting to the VNC server

Let’s first of all make sure that the connection is now allowed by the firewall:

$ nc 104.197.91.140 5901
RFB 003.008

Great! Everything seems ready for our VNC client to connect. Open your VNC viewer and connect to the IP of your Compute Engine instance on port 5901.

Connect to your Compute Engine instance on port 5901.

To connect you’ll need to provide the password you gave at the beginning of this tutorial.

And voilà! You can now use your favorite Desktop environment on your Google Compute Engine instance.

Troubleshooting

If you still cannot connect to VNC after you have created a firewall rule you should make sure that your IP has not been banned by sshguard.

To see if this is the case you can run:

$ sudo iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         
Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

If your output differs from this one flush the table and retry:

$ sudo iptables -F

Cleaning up and costs

An instance running on the cloud has a cost but the good news is that you can simply stop it and restart whenever you need it again. Click on the Stop button and you’ll be charged only for the associated disk which at the moment of writing of this article is 40¢ per month. I dare you finding a cheaper cup of coffee in San Francisco!

Finally, if you’re new to the Google Cloud Platform make sure to get into the Free Trial to access $300 in credit so you can try it out and have some fun!

I hope this was useful. Feel free to add any comments for feedback or questions on twitter.