Virtual Network Computing (VNC) is a remote desktop protocol that allows users to control another computer over a network connection using a graphical interface. It operates on a client-server model where the VNC server shares the desktop, and a VNC client (viewer) connects to and controls it. VNC transmits keyboard and mouse inputs from the client to the server and sends screen updates back in return, enabling remote operation of systems as if the user were physically present.
VNC is widely used across IT and OT environments to remotely manage devices, particularly legacy systems, embedded devices, and industrial HMIs (Human-Machine Interfaces) that don’t support more modern protocols like RDP or SSH. It enables remote support, diagnostics, and maintenance in environments where local access may be impractical or unsafe.
However, VNC by itself lacks strong native security. Traditional VNC implementations often transmit data unencrypted and rely on simple password authentication, making them vulnerable to interception, brute-force attacks, and unauthorized access. In critical infrastructure environments, where remote access must be auditable, secure, and compliant, VNC must be wrapped in additional controls to ensure safety.
Regulatory frameworks such as IEC 62443, NERC CIP, TSA SD02E, and NIS2 require encryption, access governance, and monitoring, none of which VNC provides natively. Therefore, secure VNC usage demands a platform that can broker, isolate, and monitor these sessions appropriately.
Xona enables secure use of VNC by isolating VNC sessions through its hardened access gateway, providing users with seamless, browser-based access to legacy OT systems, without exposing the underlying network or requiring VNC clients on the endpoint.
Xona proxies all VNC traffic through its disconnected access model, preventing direct connections between user devices and operational assets. It enhances VNC with protocol-level isolation, multi-factor authentication, session recording, and real-time supervision, turning a historically vulnerable protocol into a secure, compliant access path.
This is especially valuable for OT environments where VNC may be the only available option for interacting with legacy HMIs or proprietary control systems. With Xona, organizations can continue leveraging VNC without compromising security or regulatory posture, transforming a risk-prone protocol into a secure and governed session.