Remote Access Apple-Style

After quite a few @replies on Twitter this weekend, I figured I should write up a quick post on how we're doing remote access at Coast Hills. But first, a quick rundown on what we access remotely. We have five computers at FOH all but one of which is a Mac Mini. Two of them are BootCamped to Windows 7, the other two run 10.6. Here's what we've got; the SD8 remote (Win7), the Roland remote (Win7), iTunes playback and LAMA. We also have a 17" MacBook Pro running Reaper for virtual soundcheck. We routinely access the SD8 and Roland remotes from down on the floor (FOH is in the balcony) to adjust the mix or the M-48s for the band. It's also nice to have a look at LAMA once in a while from down there.

Network Diagram Here's a simplified view of our Sound network.Now, for remotely accessing one Mac from another, it's super-easy; just use the Mac's built-in Screen Sharing. The Screen Sharing app is really just a VNC app, that accesses the VNC server that is configured in the Sharing preferences panel. Open a new finder window, select the Mac you want to screen share (assuming you have File Sharing turned 0n), and click on "Share Screen..."

Mac Screen Sharing This is how easy it is to take over the family computer...The Screen Sharing app will launch, ask for login credentials and you're good to go. You can now completely control the other Mac as if you were sitting right there. What a lot of people don't know (in fact, I didn't know it until recently) is that you can use the Mac's built-in Screen Sharing app to access Windows computers. Now, it's important to note that you'll need to install and run a VNC server on the Windows box. Unlike Macs, Windows doesn't have a built-in VNC server (I know, lame...). We use RealVNC, which is a decent and free server. My ATD Isaiah set it up so it launches automatically at launch.

Now to get to the Windows box, go to Finder, select "Connect to Server..." (Cmd-K) and enter the IP address of the computer you wish to access preceded by vnc://.

Connect to Server Using the IP address to get from Mac to WindowsScreen Sharing will launch, you'll be asked for the password and in just a second you're controlling the Windows machine. Personally, I much prefer Screen Sharing to other VNC apps like Chicken of the VNC (even though that is perhaps the most cleverly named app ever...Chicken of the vnC, Chicken of the Sea...get it?), mainly because Screen Sharing just seems to be a smoother, more seamless experience.

Now all that's cool, but we decided to kick it up a notch last week. See, we have all of those aforementioned computers connected to a dedicated sub-network called "Sound." It has it's own IP range (a 10.0.xxx.xxx vs. our regular church's 192.168.xxx.xxx), and is only connected to the regular church network through the Airport Extreme. So what we normally do is connect to the Sound Airport, then remote in to the computers. That works OK, except our laptops and iPad normally default to connecting to the regular wi-fi network, and we have to keep changing it. So last week, Isaiah decided to configure Port Forwarding.

We have the Airport connected to the church network through the WAN port, so it's easy to get from the Sound network to Internet. But getting in doesn't work as well. At least it didn't. To make it work, we launch the Airport Utility and configure a few settings on the Airport.

AirPort Extreme Advanced Tab Step one in configuring port forwardingSelect "Advanced," then the "Port Mapping" tab. Click the little "+" at the bottom of the list to add a new rule. That opens this dialog.


Port Forwarding VNC protocol uses Port 5900 by default.What we're doing here is telling the Airport, "If anyone out there (192.168.xxx.xxx comes knocking on door 5900, send them here (10.xxx.xxx.52)." In our case, "this address" is the IP of our SD8 remote computer. You'll notice in the "Connect to Server" dialog above, the address is a 192.168.xxx.xxx address. That's the address of the AirPort Extreme on the regular church network. If we were connected to the church network and tried to put in the SD8 remote address directly, it wouldn't work (two different IP ranges). So instead, we hit the Airport and the Airport forwards that traffic on to the appropriate address on that network. Here's the result:


iPad Remote Access The iPad is connected to the regular church network, but controlling the SD8 remote on the Sound network.Our iPad, on the church network, is controlling the SD8 remote on the Sound net. Cool, huh? We suspected there might be some slowdown, but in using it all weekend, it's no slower than connecting directly.

So that's good, except we have two Windows boxes up there that we need to access. But since we already forwarded VNC traffic to the SD8 computer, how to we get to Roland? Simple: Configure another port.


Port forward configuration Instead of 5900, we'll use 5901Compare the Private IP Addresses: the SD8 remote is 52, the Roland remote is 55. So what we've done is tell the Airport, "If anyone comes knocking on this other door (5901) send them here (10.xxx.xxx.55). If we want to connect to Roland from the church network, we specify the port after the IP address (remember, by default the VNC protocol uses 5900).


Connect to Server Note the :5901 after the IP address; that specifies the port.The base address is the same, our AirPort Extreme; only this time we specify port 5901. Here we go.


Roland Screen Sharing And now we're connected to the Roland remote.On the iPad, we use an app called Desktop Connect, and it's easy to specify a VNC port to direct the traffic like this. So now we can either switch networks and connect directly, or stay on the regular church network and control whatever we need to. And it's easy to save both configurations of those machines so once we set it up, we select the appropriate configuration depending on which network we're connected to.

I should point out that we don't need to configure port forwarding for our Macs, because we have them dual-homed. The Ethernet connection goes to the Sound network, while the Airport connects to the church network. One more reason to run Mac whenever you can...

Other important safety tip: I'm not an IT expert, so if you start asking me questions, I may not be able to answer them. Just trying to manage expectations. Now that I've told you how we access the computers remotely, I'll start working on another post that will give you the practical implications of doing so.