Shadowing in our terminology means that you see the screen of one machine on another machine. Other terms to describe this would be screen-sharing, mirroring, remote assistance. It means that basically two people on two different workplaces will get to see the same contents (although there doesn't need a second person to be present) and be able to work with keyboard and mouse.

Getting an endpoint screen from NoTouch Center

The way we use "shadowing" means that you get a screen-sharing connection to a specific endpoint PC.

This uses the VNC protocol, which might not be the best protocol around, but it is free, that means you don't need to pay a third party. In NoTouch Center, select the PC you want to be shadowed, and click on the Shadowing icon on the top-right corner. The user will have to accept the incoming connection by pressing "Yes" on the dialog box that appears.

For this shadowing to work, you must have a Java plug-in installed and enabled in your browser, as it uses a Java applet. (Google Chrome does not work - it does not support Java at all).

Technically speaking, NoTouch Center will send a command to the client to start the VNC server that usually doesn't run and then launch the Java applet pointed to this endpoint machine. After closing the connection, the VNC server on the client will terminate again.

How to find the client to shadow

Most likely the Identify feature will help you in shadowing situation, especially when it is a user that is asking for help.

Allow unattended shadowing

By default, the user on the endpoint machine is asked if the incoming screen-sharing is allowed or not. Normally the user will click "Yes" to approve the request.

There are some cases when a machine needs to be shadowed, but no user is working on this machine or no keyboard/mouse attached. Examples are display terminals in bus or train stations or airports, or displays in industry halls or construction machines behind glass walls. To enable shadowing on these machines, set the parameter "Ask user at new connection" to "off". You will find this parameter in the "Screen shadowing" section of the "Services" parameters.

Please not that shadowing users without their consent is illegal in most legislation in the world.

Shadow endpoints from a standalone VNC client

Most people find the methods above (from NoTouch Center) and below (user-initiated) very comfortable. In some situations you may want to use a standalone VNC client to connect to the endpoint systems. The clients can actually launch a VNC server, not just on request by NoTouch Center, but as a background service. In that situation you must also set a shadowing password.

The following modes are available:

  • off. The VNC server is not started by default (only when NoTouch Center issues a shadowing request).
  • on/once. The VNC server will start at boot time, allow exactly one connection, and then terminate.
  • on/only one. The VNC server will start at boot time, allow exactly one simultaneous connection.
  • on/replace. The VNC server will start at boot time, and any subsequent new connection from a VNC connection will terminate the existing connection.
  • on/shared. The VNC server will start at boot time, and multiple VNC client can connection and all see and work on the same screen.

The parameters offering these modes are:

  • In NoTouch Center, parameter "Session shadowing" among the Desktop Settings' Connection parameters
  • On the endpoint, "Services" -> "Screen shadowing", the parameter is called "Mode".

The parameter "Shadowing password" allows to set the passwort that will be specifically used for standalone VNC. It must be set, otherwise the standalone VNC server will not start. Older NoTouch versions that do not have this parameter use the normal admin password instead.

Windows users may find a freeware VNC viewer here: TightVNC download page

Security considerations

NoTouch uses an X11-based VNC server without encryption (x11vnc). It use a scrambling technique to protect the passwords sent over the wire, but the actual VNC connection is unencrypted. 

Running a standalone VNC server opens a TCP port and requires you to rely on x11vnc's security. We advise people to NOT keep the standalone VNC server running all the time as this would require you to trust both the password and the actual x11vnc version. It could have bugs that could be exploited from remote.

NoTouch Center starts up the VNC server on demand and uses an autogenerated random password. Earlier versions used the client administrator password.