Old Production Takes From an Old Guy

Remote Access Apple-Style

After quite a few @replies on Twitter this weekend, I figured I should write up a quick post on how we’re doing remote access at Coast Hills. But first, a quick rundown on what we access remotely. We have five computers at FOH all but one of which is a Mac Mini. Two of them are BootCamped to Windows 7, the other two run 10.6. Here’s what we’ve got; the SD8 remote (Win7), the Roland remote (Win7), iTunes playback and LAMA. We also have a 17″ MacBook Pro running Reaper for virtual soundcheck. We routinely access the SD8 and Roland remotes from down on the floor (FOH is in the balcony) to adjust the mix or the M-48s for the band. It’s also nice to have a look at LAMA once in a while from down there.

Network Diagram Here’s a simplified view of our Sound network.Now, for remotely accessing one Mac from another, it’s super-easy; just use the Mac’s built-in Screen Sharing. The Screen Sharing app is really just a VNC app, that accesses the VNC server that is configured in the Sharing preferences panel. Open a new finder window, select the Mac you want to screen share (assuming you have File Sharing turned 0n), and click on “Share Screen…”

Mac Screen Sharing This is how easy it is to take over the family computer…The Screen Sharing app will launch, ask for login credentials and you’re good to go. You can now completely control the other Mac as if you were sitting right there. What a lot of people don’t know (in fact, I didn’t know it until recently) is that you can use the Mac’s built-in Screen Sharing app to access Windows computers. Now, it’s important to note that you’ll need to install and run a VNC server on the Windows box. Unlike Macs, Windows doesn’t have a built-in VNC server (I know, lame…). We use RealVNC, which is a decent and free server. My ATD Isaiah set it up so it launches automatically at launch.

Now to get to the Windows box, go to Finder, select “Connect to Server…” (Cmd-K) and enter the IP address of the computer you wish to access preceded by vnc://.

Connect to Server Using the IP address to get from Mac to WindowsScreen Sharing will launch, you’ll be asked for the password and in just a second you’re controlling the Windows machine. Personally, I much prefer Screen Sharing to other VNC apps like Chicken of the VNC (even though that is perhaps the most cleverly named app ever…Chicken of the vnC, Chicken of the Sea…get it?), mainly because Screen Sharing just seems to be a smoother, more seamless experience.

Now all that’s cool, but we decided to kick it up a notch last week. See, we have all of those aforementioned computers connected to a dedicated sub-network called “Sound.” It has it’s own IP range (a 10.0.xxx.xxx vs. our regular church’s 192.168.xxx.xxx), and is only connected to the regular church network through the Airport Extreme. So what we normally do is connect to the Sound Airport, then remote in to the computers. That works OK, except our laptops and iPad normally default to connecting to the regular wi-fi network, and we have to keep changing it. So last week, Isaiah decided to configure Port Forwarding.

We have the Airport connected to the church network through the WAN port, so it’s easy to get from the Sound network to Internet. But getting in doesn’t work as well. At least it didn’t. To make it work, we launch the Airport Utility and configure a few settings on the Airport.

AirPort Extreme Advanced Tab Step one in configuring port forwardingSelect “Advanced,” then the “Port Mapping” tab. Click the little “+” at the bottom of the list to add a new rule. That opens this dialog.

Port Forwarding VNC protocol uses Port 5900 by default.What we’re doing here is telling the Airport, “If anyone out there (192.168.xxx.xxx comes knocking on door 5900, send them here (10.xxx.xxx.52).” In our case, “this address” is the IP of our SD8 remote computer. You’ll notice in the “Connect to Server” dialog above, the address is a 192.168.xxx.xxx address. That’s the address of the AirPort Extreme on the regular church network. If we were connected to the church network and tried to put in the SD8 remote address directly, it wouldn’t work (two different IP ranges). So instead, we hit the Airport and the Airport forwards that traffic on to the appropriate address on that network. Here’s the result:

iPad Remote Access The iPad is connected to the regular church network, but controlling the SD8 remote on the Sound network.Our iPad, on the church network, is controlling the SD8 remote on the Sound net. Cool, huh? We suspected there might be some slowdown, but in using it all weekend, it’s no slower than connecting directly.

So that’s good, except we have two Windows boxes up there that we need to access. But since we already forwarded VNC traffic to the SD8 computer, how to we get to Roland? Simple: Configure another port.

Port forward configuration Instead of 5900, we’ll use 5901Compare the Private IP Addresses: the SD8 remote is 52, the Roland remote is 55. So what we’ve done is tell the Airport, “If anyone comes knocking on this other door (5901) send them here (10.xxx.xxx.55). If we want to connect to Roland from the church network, we specify the port after the IP address (remember, by default the VNC protocol uses 5900).

Connect to Server Note the :5901 after the IP address; that specifies the port.The base address is the same, our AirPort Extreme; only this time we specify port 5901. Here we go.

Roland Screen Sharing And now we’re connected to the Roland remote.On the iPad, we use an app called Desktop Connect, and it’s easy to specify a VNC port to direct the traffic like this. So now we can either switch networks and connect directly, or stay on the regular church network and control whatever we need to. And it’s easy to save both configurations of those machines so once we set it up, we select the appropriate configuration depending on which network we’re connected to.

I should point out that we don’t need to configure port forwarding for our Macs, because we have them dual-homed. The Ethernet connection goes to the Sound network, while the Airport connects to the church network. One more reason to run Mac whenever you can…

Other important safety tip: I’m not an IT expert, so if you start asking me questions, I may not be able to answer them. Just trying to manage expectations. Now that I’ve told you how we access the computers remotely, I’ll start working on another post that will give you the practical implications of doing so.

25 Comments

  1. pblosser03@gmail.com

    Just FYI, not sure if you setup your vnc auto start like this, but you can run VNC in Windows as a service. That means that it runs no matter who is logged in and even if no-one is logged in.

    http://www.realvnc.com/products/free/4.1/winvnc.html#ServiceMode

    Also windows does have “Remote Desktop” (RDP) instead of VNC for built in remote access. It has it’s own advantages/disadvantages….

  2. pblosser03@gmail.com

    Just FYI, not sure if you setup your vnc auto start like this, but you can run VNC in Windows as a service. That means that it runs no matter who is logged in and even if no-one is logged in.

    http://www.realvnc.com/products/free/4.1/winvnc.html#ServiceMode

    Also windows does have “Remote Desktop” (RDP) instead of VNC for built in remote access. It has it’s own advantages/disadvantages….

  3. mike@churchtecharts.org

    Peter,
    That’s good to know about Real VNC, we’ll look into that (and when I say “we” I mean, Isaiah will…).

    Also you are correct that Windows does have RDP, but it’s significantly slower in the refresh rate and not nearly as useable as VNC, at least on our systems.
    mike

  4. mike@churchtecharts.org

    Peter,
    That’s good to know about Real VNC, we’ll look into that (and when I say “we” I mean, Isaiah will…).

    Also you are correct that Windows does have RDP, but it’s significantly slower in the refresh rate and not nearly as useable as VNC, at least on our systems.
    mike

  5. matthew@MeMediaWeb.com

    We use LogMeIn free version. It lacks some features (like audio) but it has been 100% reliable for us and is SUPER easy to install, no configuring/IP number/anything like that, just install and run!

    One hidden feature of LogMeIn: You can create desktop shortcuts! Makes it super quick to open another computer.

    Matthew

  6. matthew@MeMediaWeb.com

    We use LogMeIn free version. It lacks some features (like audio) but it has been 100% reliable for us and is SUPER easy to install, no configuring/IP number/anything like that, just install and run!

    One hidden feature of LogMeIn: You can create desktop shortcuts! Makes it super quick to open another computer.

    Matthew

  7. jonlillie@compasschurch.org

    Well written, will definitly be looking into this at my church.

    But a quick fix is in order. To get Screen Sharing available from the finder for the mac you must enable “Screen Sharing” under “Sharing” in System Preferences. If all you have enabled is “File Sharing” then you will only be able to remote access the file system, not the screen. IE mounting the remote mac as an external hard drive.

  8. jonlillie@compasschurch.org

    Well written, will definitly be looking into this at my church.

    But a quick fix is in order. To get Screen Sharing available from the finder for the mac you must enable “Screen Sharing” under “Sharing” in System Preferences. If all you have enabled is “File Sharing” then you will only be able to remote access the file system, not the screen. IE mounting the remote mac as an external hard drive.

  9. steveswanson@gmail.com

    Mike,

    Can any machine on the church’s 192.168.x.x network attempt to connect to the machines on your 10.x.x.x sound network? I’m guessing you don’t have any control over what devices and users can get onto the 192.168 network. I’m sure you thought about security and avoiding unauthorized access and attacks. What minimum level of security / countermeasures do you recommend?

  10. steveswanson@gmail.com

    Mike,

    Can any machine on the church’s 192.168.x.x network attempt to connect to the machines on your 10.x.x.x sound network? I’m guessing you don’t have any control over what devices and users can get onto the 192.168 network. I’m sure you thought about security and avoiding unauthorized access and attacks. What minimum level of security / countermeasures do you recommend?

  11. mike@churchtecharts.org

    Steve,
    Yes, any computer on the 192.168 network could attempt to access the sound network. However, that would assume that A) anyone else on staff even knows there is a “Sound” network, B) that they understand IP addressing schemes, C) they know how to screen share, D) they know the IP address of the Airport and E) they know the password to those machines.

    Granted, this is not air-tight security, but we’re not guarding state secrets here. I don’t suspect there are a whole lot of people who are interested in hacking into the Roland remote computer just for fun. We’re behind a firewall on our main church network, and the Airport acts as a second firewall into the Sound network. So I feel like we’re pretty safe.

    Jon,
    Good point. I assumed that was obvious, but it’s good to point it out.
    mike

  12. mike@churchtecharts.org

    Steve,
    Yes, any computer on the 192.168 network could attempt to access the sound network. However, that would assume that A) anyone else on staff even knows there is a “Sound” network, B) that they understand IP addressing schemes, C) they know how to screen share, D) they know the IP address of the Airport and E) they know the password to those machines.

    Granted, this is not air-tight security, but we’re not guarding state secrets here. I don’t suspect there are a whole lot of people who are interested in hacking into the Roland remote computer just for fun. We’re behind a firewall on our main church network, and the Airport acts as a second firewall into the Sound network. So I feel like we’re pretty safe.

    Jon,
    Good point. I assumed that was obvious, but it’s good to point it out.
    mike

  13. stephen@mudie.com.au

    Mike,

    Its funny that you have found VNC to be faster than RDP. In my experience I’ve found RDP to be much faster because of the lower network overhead. Of course the significant draw back of RDP, especially in this case, is it will log the local user out of the computer, so you can’t use it remotely and locally at the same time.

    Thanks for the blog – its fabulous.

    Stephen

  14. stephen@mudie.com.au

    Mike,

    Its funny that you have found VNC to be faster than RDP. In my experience I’ve found RDP to be much faster because of the lower network overhead. Of course the significant draw back of RDP, especially in this case, is it will log the local user out of the computer, so you can’t use it remotely and locally at the same time.

    Thanks for the blog – its fabulous.

    Stephen

  15. pblosser03@gmail.com

    Yeah, RDP wouldn’t be very good for what you are doing, it’s more session based so you don’t get direct screen control. Just had to represent for the Windows users, it does have some sort of remote access. πŸ˜‰

  16. pblosser03@gmail.com

    Yeah, RDP wouldn’t be very good for what you are doing, it’s more session based so you don’t get direct screen control. Just had to represent for the Windows users, it does have some sort of remote access. πŸ˜‰

  17. phil@philrowley.net

    Good stuff…it would be cool to get just one computer at FOH.

    I am chuckling because you greyed out the last octets of your IPs in the examples you gave. But — you never know who is reading the blog and would even try to attempt something.

  18. phil@philrowley.net

    Good stuff…it would be cool to get just one computer at FOH.

    I am chuckling because you greyed out the last octets of your IPs in the examples you gave. But — you never know who is reading the blog and would even try to attempt something.

  19. Tweets that mention ChurchTech

    […] This post was mentioned on Twitter by Mike Sessler, Bill Wilt. Bill Wilt said: Really good stuff From Church Tech Arts: Remote Access Apple-Style http://bit.ly/hVSXzy […]

  20. isaiah@isaiahfranco.com

    @Peter B

    I tried using RealVNC in service mode when I first installed it and I couldn’t get it to work correctly under Windows 7. It said that it was installed as a service and I made sure it was configured but nothing would connect to it.

    As we only have one user on the machine and use it locally and remotely (often at the same time) I figured it was just as easy to run it in User Mode with a shortcut in the startup menu.

    Thanks!

    Isaiah

  21. isaiah@isaiahfranco.com

    @Peter B

    I tried using RealVNC in service mode when I first installed it and I couldn’t get it to work correctly under Windows 7. It said that it was installed as a service and I made sure it was configured but nothing would connect to it.

    As we only have one user on the machine and use it locally and remotely (often at the same time) I figured it was just as easy to run it in User Mode with a shortcut in the startup menu.

    Thanks!

    Isaiah

  22. kellygubser@gmail.com

    So, you have gone away from using Virtual Machines and Boot Camped the minis to Windows 7?

    What are you doing for keyboards, mice, and screens at FoH for all of those machines?

  23. kellygubser@gmail.com

    So, you have gone away from using Virtual Machines and Boot Camped the minis to Windows 7?

    What are you doing for keyboards, mice, and screens at FoH for all of those machines?

  24. mike@churchtecharts.org

    Kelly,
    We never actually used Virtual Machines at FOH. We run them on our laptops, primarily for pre-building show files and experimenting, but FOH machines have always been BootCamped. We do this for two reasons, first, it makes networking easier. Second, speed. Running Windows inside the Mac slows down Windows. Running Windows in BootCamp makes the Minis as fast as a PC (and honestly, they run better than most PCs I’ve used…).

    For keyboard and mice, we do two things. The laptop has it’s own keyboard, as does the SD8 and LAMA machine. The iTunes and Roland machine share a keyboard, mouse and monitor through a KVM switch. We rarely need both visible at the same time (and when we do, I remote into one with the iPad and set it next to me on a stool). Finally, we run Synergy on all the machines at FOH. The keyboard on the LAMA machine is a wireless model, and we have a Magic Trackpad paired to it. The Trackpad sits on the SD8 so the engineer can operate every machine by moving the pointer from screen to screen. It’s pretty sweet.

    mike

  25. mike@churchtecharts.org

    Kelly,
    We never actually used Virtual Machines at FOH. We run them on our laptops, primarily for pre-building show files and experimenting, but FOH machines have always been BootCamped. We do this for two reasons, first, it makes networking easier. Second, speed. Running Windows inside the Mac slows down Windows. Running Windows in BootCamp makes the Minis as fast as a PC (and honestly, they run better than most PCs I’ve used…).

    For keyboard and mice, we do two things. The laptop has it’s own keyboard, as does the SD8 and LAMA machine. The iTunes and Roland machine share a keyboard, mouse and monitor through a KVM switch. We rarely need both visible at the same time (and when we do, I remote into one with the iPad and set it next to me on a stool). Finally, we run Synergy on all the machines at FOH. The keyboard on the LAMA machine is a wireless model, and we have a Magic Trackpad paired to it. The Trackpad sits on the SD8 so the engineer can operate every machine by moving the pointer from screen to screen. It’s pretty sweet.

    mike

© 2021 ChurchTechArts

Theme by Anders NorenUp ↑