NoMachine and Alternatives

Chapter 7 — NoMachine and the Alternatives

RDP and VNC are the two foundational remote desktop protocols — open standards supported by every operating system. But they were both designed in an era of fast local networks, and VNC in particular can feel sluggish over a broadband connection. A tier of modern tools has emerged that either builds on these protocols or replaces them entirely, trading openness for speed, simplicity, or both.

This chapter covers the four tools you're most likely to encounter: NoMachine (the performance king on a LAN), AnyDesk (fast and firewall-friendly), TeamViewer (the enterprise staple), and Guacamole (browser-based remote desktop — no client software required).

At a Glance — Which Tool Does What

Tool Protocol Needs relay server? Encryption Free tier Best for
NoMachine NX (proprietary) No — direct P2P TLS Free for personal use Fast LAN/WAN access, Linux desktops
AnyDesk DeskRT (proprietary) Optional (relay for NAT) TLS 1.2 + AES-256 Free personal (non-commercial) Remote support, firewall traversal
TeamViewer Proprietary Yes (by default) TLS + AES-256 Free personal only Enterprise support, unattended access
Guacamole HTML5 (wraps RDP/VNC/SSH) Self-hosted gateway HTTPS Fully open-source (Apache) Browser access, zero client install
RDP + xRDP RDP (open standard) No TLS / NLA Free Windows hosts, structured access
VNC + SSH RFB (open standard) No SSH tunnel required Free Physical screen sharing, cross-platform

NoMachine

🖥
NoMachine
NX protocol · direct connection · free for personal use · Windows / macOS / Linux / Raspberry Pi
NoMachine uses the NX protocol — originally developed by NoMachine (formerly based on X11 compression research) and now proprietary. It compresses X11 traffic far more aggressively than VNC and transmits rendering data rather than raw pixels, giving it RDP-like efficiency with VNC-like cross-platform reach. On a good LAN connection, it is often the fastest and smoothest remote desktop experience available for Linux hosts.
Strengths
  • Noticeably faster than VNC, comparable to RDP
  • Direct peer-to-peer — no relay server, no third-party cloud
  • Can share the physical desktop (like VNC) or create a virtual session
  • Audio, file transfer, USB sharing all built in
  • Works on ARM — great for Raspberry Pi
  • Free for personal use with no time limit
Limitations
  • Proprietary — both ends must run NoMachine software
  • No built-in NAT traversal — harder to reach from outside your LAN without port forwarding or VPN
  • Commercial use requires a paid licence
  • Less widely known than TeamViewer or AnyDesk in support scenarios

Installing NoMachine on Debian / Ubuntu

debian — install NoMachine server
# download the .deb from nomachine.com/download — check for the latest version philip@debian:~$ wget https://download.nomachine.com/download/8.x/Linux/nomachine_8.x.x_x86_64.deb philip@debian:~$ sudo dpkg -i nomachine_8.x.x_x86_64.deb Selecting previously unselected package nomachine. ... NoMachine was successfully installed. # service starts automatically — check status philip@debian:~$ sudo /usr/NX/bin/nxserver --status NX> 111 New connections to NoMachine server are enabled. # default port is 4000 (NX) — open in UFW if needed philip@debian:~$ sudo ufw allow from 192.168.0.0/24 to any port 4000

On the client side (Windows, macOS, another Linux machine), install the NoMachine player from the same download page. Enter the server's IP address and port 4000, log in with your Linux credentials, and choose whether to connect to the physical desktop or create a new virtual session.

NoMachine on Raspberry Pi: Download the ARM build (nomachine_x.x.x_armhf.deb for Pi 3/4, arm64.deb for Pi 5). This turns any Pi with a desktop environment into a fully functional remote desktop server — great for accessing a headless Pi without setting up xRDP.

AnyDesk

📡
AnyDesk
DeskRT codec · relay-assisted NAT traversal · free for personal non-commercial use
AnyDesk uses its own DeskRT video codec, optimised for desktop content (sharp edges, text, UI elements) rather than smooth video. The main selling point is its relay infrastructure: AnyDesk assigns each installation a unique 9-digit ID, and connections can be brokered through AnyDesk's relay servers when both sides are behind NAT — no port forwarding required. When a direct path exists, it prefers that instead.
Strengths
  • Works through NAT and most firewalls without port forwarding
  • Very low latency on good connections
  • Tiny binary — no installation required (portable .exe on Windows)
  • Unattended access mode for servers and headless machines
  • Free for personal non-commercial use
Limitations
  • Relay connections route through AnyDesk's infrastructure
  • Commercial use requires a paid subscription
  • AnyDesk has suffered phishing/social engineering attacks — employees granting access to "support" callers
  • Closed source — you must trust AnyDesk's security claims
AnyDesk and remote scams: AnyDesk is the tool of choice for "tech support" scammers — the caller asks the victim to install AnyDesk and read out their ID, then takes control of the machine. If you enable unattended access, use a strong password and be extremely careful who you give your AnyDesk ID to.

Installing AnyDesk on Linux

debian — install AnyDesk
# add AnyDesk repository philip@debian:~$ curl -fsSL https://keys.anydesk.com/repos/DEB-GPG-KEY | \ sudo gpg --dearmor -o /usr/share/keyrings/anydesk.gpg philip@debian:~$ echo "deb [signed-by=/usr/share/keyrings/anydesk.gpg] \ http://deb.anydesk.com/ all main" | \ sudo tee /etc/apt/sources.list.d/anydesk.list philip@debian:~$ sudo apt update && sudo apt install -y anydesk # set an unattended-access password (allows connections without user at the machine) philip@debian:~$ echo "your_password" | sudo anydesk --set-password # get this machine's AnyDesk ID philip@debian:~$ anydesk --get-id 123 456 789

TeamViewer

🤝
TeamViewer
Enterprise remote support · relay-based · free for personal use · all platforms including mobile
TeamViewer is the most widely deployed remote support tool in enterprise environments, which means it's almost never blocked by corporate firewalls — IT departments recognise the traffic and whitelist it. Like AnyDesk it routes connections through its own relay infrastructure by default, assigning each installation a unique ID. It's the tool a non-technical user is most likely to have already heard of.
Strengths
  • Works through almost any corporate firewall or NAT
  • Mobile apps — support someone on Android/iOS from a desktop
  • Well-known — easy to ask a non-technical user to install it
  • Unattended access, file transfer, remote printing, meeting mode
  • Extensive audit logging in commercial tiers
Limitations
  • All traffic routes through TeamViewer's servers by default
  • Aggressively detects "commercial use" and blocks free accounts
  • Commercial pricing is expensive
  • Heavier client than AnyDesk or NoMachine
  • TeamViewer itself has suffered credential-stuffing breaches in the past

Apache Guacamole — Remote Desktop in a Browser

🌐
Apache Guacamole
HTML5 clientless gateway · wraps RDP / VNC / SSH · fully open-source · self-hosted
Guacamole is a clientless remote desktop gateway. You install it on a server; it proxies RDP, VNC, and SSH connections and serves the result as a web application. Users connect with any modern browser — no software to install on the client machine. This makes it ideal for jump hosts, lab access, and any scenario where you can't control what software is on the client device.
Strengths
  • Zero client installation — any browser works
  • Centralised access control — one place to manage who can reach which machine
  • Supports RDP, VNC, and SSH from the same interface
  • Fully open-source (Apache 2.0) and self-hosted
  • Works well behind a reverse proxy (Nginx, Caddy, Cloudflare Tunnel)
Limitations
  • Requires a dedicated server to run the Guacamole daemon
  • Setup is more involved than single-machine tools
  • Performance is limited by the server running guacd — not ideal for high-resolution video work
  • Docker makes it easier but adds another layer to maintain

Guacamole with Docker — the quickest path

# docker-compose.yml — minimal Guacamole stack services: guacd: image: guacamole/guacd restart: unless-stopped guacamole: image: guacamole/guacamole restart: unless-stopped ports: - "8080:8080" environment: GUACD_HOSTNAME: guacd GUACD_PORT: 4822 # simplest auth — use a database in production GUACAMOLE_HOME: /etc/guacamole volumes: - ./guacamole-config:/etc/guacamole depends_on: - guacd
Guacamole behind Cloudflare Tunnel is a powerful combo: Cloudflare handles the HTTPS and firewall traversal, Guacamole handles the protocol translation. You get browser-based access to any machine on your LAN, from anywhere, with no open ports. A natural extension of the Cloudflare Tunnel chapter from the Web Hosting course.

Choosing the Right Tool — Decision Guide

Fast LAN access to a Linux desktop
→ NoMachine
Best performance, direct connection, no relay, free. Install on both ends and connect by IP.
Connecting through NAT without port forwarding
→ AnyDesk or TeamViewer
Both use relay infrastructure to punch through NAT. AnyDesk is lighter; TeamViewer penetrates more corporate firewalls.
Supporting a non-technical user remotely
→ TeamViewer or AnyDesk
Both are easy for the other person to install. TeamViewer is more widely recognised. Ask them to read out the ID and password.
Accessing machines where you can't install client software
→ Apache Guacamole
Browser-based — any device with Chrome/Firefox works. Self-host for full control.
Accessing your own Linux server, privacy matters
→ xRDP or VNC over SSH
No third-party relay, no cloud dependency, no commercial licence concerns. Traffic stays between you and your server.
Windows-to-Windows on the same network
→ mstsc (built-in RDP)
Already installed, fast, encrypted, clipboard and drive sharing built in. No extra software needed.
Centralised access control for multiple machines
→ Apache Guacamole
Single web interface, user accounts, audit logs, supports RDP + VNC + SSH from one place.
Raspberry Pi remote desktop
→ NoMachine or xRDP
NoMachine has an ARM build and performs well. xRDP is lighter on CPU and works with any RDP client.
Next — Chapter 8: RDP and VNC Through Firewalls. The final chapter brings it all together: how to reach a remote desktop when you're outside your LAN and can't simply connect by IP. We'll cover SSH tunnelling (the safest method), Cloudflare Tunnel (zero open ports), performance tuning for slow or high-latency connections, and a checklist for building a reliable remote access setup.