We have an Intel NUC in my university's language department that will soon host a web application used by faculty and students in the department. The NUC runs Ubuntu (14.10).
I'm comfortable with the terminal and SSH-ing into the server, however I find that a lot of tasks that I need to do are just so much easier through screen-sharing (VNC).
I suggested to our new technical director that we install VNC on this server to make my life a lot easier (in fact it had VNC installed before he was hired, and then he uninstalled it). However, he replied with the following comment:
I would much prefer not to run X or VNC on the server if we can get away with it. It is a server after all.
I really don't understand this logic. It isn't hooked up to a monitor; the only access into it through SSH. Is there some miraculous downside to having VNC access to a server that I am unaware of?
Obviously you're opening up another port for an attacker; rebuttal: we're behind two university firewalls (the main university network firewall as well as our subnet's own special firewall). VNC would only be able to be accomplished inside our subnet, so I'm at a loss as to why this would be an issue other than "it's another package to maintain", and with Ubuntu's apt package manager that becomes a non-issue.
What are the downsides of installing VNC on a server?
Edit: this isn't just a web server. It's hosting a number of other applications. Not sure if that makes a difference.
Best Answer
There are a great many reasons:
Attack surface: more programs, especially networked ones, means more opportunities for someone to find a bug and get in.
Defect surface: as above, but replace "someone" with "Murphy", and "get in" with "ruin your day". Actually, "ruin your day" probably applies to the previous point, too.
System efficiency: X11, and the GUI environments that people tend to run on them, consume a decent amount of RAM, especially on a limited resources system like a NUC. Not running them means more resources for doing useful work.
Operator efficiency: GUIs do not lend themselves to scripting and other forms of automation. Clicking on things feels productive, but it's actually about the worst way to do something deeply technical. You'll also find your future employment opportunities severely limited if you can't script and automate away your job -- the industry is going away from GUI admin tools. Heck, even Windows server can be installed GUI-free these days, and if that doesn't make you think about the relative merits of only knowing how to click on things, I really don't know what to say to you.