Guacamole is an HTML5 web application that provides access to desktop environments using remote desktop protocols (such as VNC or RDP). Guacamole is also the project that produces this web application, and provides an API that drives it. This API can be used to power other similar applications or services.
I really like the idea implemented by Apache Guacamole, but when I tried to install it on my home server get remote desktops to my other machines when abroad, it was a huge letdown.
First of all the installation process is terrible, you need to install and configure a whole working tomcat8 server first and manually deploy the application WAR, configuration is non-obvious and obtuse, and the first ~10 tries after deploying Guacamole failed to establish VNC connections without a clear indication what went wrong. Over the years I've installed loads of services, not just trivial ones (e.g. nginx with SSL and multiple vhosts on different domains, reverse proxies, SSH tunnels, VPN servers, etc) and while I wouldn't say installing Guacamole was hard, the process just felt unnecessarily complicated. Not a nice experience.
Second, when I finally managed to get Guacamole to establish a VNC connection to an OS X client, the performance was straight up horrible. That's over a Gbit ethernet LAN, which I also use to stream games to a steam link at 60fps. Granted, this was connecting to desktop with 5K resolution and 32-bit color, but connecting to it directly using a VNC client works just fine. Through Guacamole it was literally unusable.
Also agree, this isn't intended to be a replacement for direct access, nor for streaming purposes.
This gives you and RDP session with no software install needed. The use case of guacamole is accessing a system from anywhere without needing your ssh keys, RDP, or VNC software. If you're happy doing any of those directly, adding a middle man doesn't add any value.
That said, if you're managing others accessing the system, you can bastion of the target machines and only expose this access. This lets you put the target machines behind NAT, and only manage one entry point.
>> You can’t compare it to Steam Link either, because that’s using H264 video compression. Guacamole does not use video compression.
This part I don't really understand. Why does a client <-> guacamole <-> VNC connection be less inefficient in terms of bandwidth compared to a direct client <-> VNC connection?
And if the general idea of sending screen data to a client be much more efficient if you use something like H264, why doesn't Guacamole implement some kind of similar compression technique?
I used NX for a while, and that does something very similar. On a slow connection you can actually see the compression artefacts when scrolling. It's not pretty, but at least it makes the machine accessible.
Anyway, when I tried guacamole, it was over Gbit LAN, if that's not even enough expose a VNC client using Guacamole, what's the point?
Agreed, the configuration is not pleasant. I also tried many alternatives this while abroad recently and actually found plain VNC the most performant and pleasant to use, and it's trivial to set up.
Guacamole is not intended to replace normal remote connections... It provides additional features that target people whom can't reasonably use RDP or VNC themselves ...
it provides access management so you don't need to expose the server, or the user/passwords, to gain access... You can also record the sessions ... And some other neat features... None of which really soon to replace a direct connection made by a technically savy individual between to machines on a network he controls.
But imagine the benefit for schools -- high schoolers can be given access to a virtual machine, without installing RDP or similar protocols on the students machine, and without giving them virtualization tools that might allow when to bypass student safety protections
I hope this project has matured since I last tried it (18 months ago).
As wOutert mentioned, the installation process is difficult and not for the faint of heart. Sure, most folks reading this here could manage it, but we're not normal!
I really wanted this to work since I'm teaching at a school where all the Windows machines are locked down. I teach a Linux class. I teach a bunch of cyber-security classes and often need to install tools for this. Our IT administrators either refuse to let me install the software I need to teach or put up a huge stink.
I stood up a few VMs in my homelab for teaching and was hopeful that I could remote in painlessly. After much weeping and gnashing of teeth I finally got it working. And it worked well. About once a month I do a "yum update" on my CentOS machines and when it ran on this particular machine, it broke something in the Guac stack. I refused to spend the time to fix it!
Simultaneously, I'd been having trouble with TeamViewer. The unfortunate reality of any IT professional's life is that you end up doing IT support for the family. TeamViewer was fine for years, but they started flagging my use as commercial. After looking and testing I found AnyDesk; it works every bit as well as TeamViewer and it has a Windows portable client; you don't need to install anything on the client machine (no admin rights needed).
So now I either boot my machines from a USB stick with Linux or AnyDesk to where I need to go and my life is much better.
When Guacamole is mature and painless like AnyDesk, I'd give it another look.
Using it in production here since a few versions. It works perfectly for RDP (VMs that several non computer saavy people have to use including when abroad) and LDAP (slapd) for auth. Performance is really good even for tens of connections at the same time and the users are using old apps that tend to refresh half the screen each time a single pixel changes
. Works on Linux, Mac and windows for the clients without having to give specific instructions for each. I used the docker containers for deployment to reduce the hassle
As it is running on a VM anyway, I will switch that to ansible playbooks at some point, but the docker install was really smooth, I'm almost wondering if it is worth it.
It would be great if these sorts of posts would include a description of what's big about these releases. If you were already excited about this Guacamole release, then you probably didn't need the reminder.
Looking through the notes, this looks interesting...
> Similar to Guacamole’s support for SSH and telnet, Guacamole can now provide terminal access to Kubernetes pods using the same mechanism as kubectl attach. This allows Guacamole to be used to interact with Kubernetes pods without requiring that those pods host an SSH or telnet service.
I have never used Guacamole or K8s (still stuck on Docker) but I assume this makes connecting to a containerized desktop much easier.
> It would be great if these sorts of posts would include a description of what's big about these releases. If you were already excited about this Guacamole release, then you probably didn't need the reminder.
I agree but unfortunately HN only allows you to submit a URL or test, not both. Also you're not technically supposed to editorialise the page title either. Thankfully the release notes on this particular site are well written.
I'd never heard of it before. What does Apache Guacamole actually do? Is it of interest to me? I click...
Nothing on the home page immediately tells me. I note HTML5 and there is something going on with a client and I guess a server? I scroll down the page. Literally, nothing telling me how Guacamole might be of interest to me, but I notice a mention to RDP - hmmm, that might be a clue, but it might not be.
I go up to docs. FAQ? OK, that might help. I click. Nope. Nothing. I scroll through the first five or six questions and I'm none the wiser.
I go back to the docs and notice the user manual. Surely that must tell me? I click.
Right, which section might tell me? Introduction? I click.
Several paragraphs in:
> Guacamole is an HTML5 web application that provides access to desktop environments using remote desktop protocols (such as VNC or RDP). Guacamole is also the project that produces this web application, and provides an API that drives it. This API can be used to power other similar applications or services.
I realise F/LOSS might not feel the need to "market" itself like it were a business, but is it too much to ask that the first thing we see on the home page is a brief description of what the project is, and some of the benefits so a curious chap can decide if it's of interest?
IMHO this is not an intended landing page for the project. I touched the title and got to the home page which explains pretty well what the project is about
> is it too much to ask that the first thing we see on the home page is a brief description of what the project is, and some of the benefits so a curious chap can decide if it's of interest?
It's not too much to ask, especially if you actually look at the home page and not the release notes that's clearly linked here.
The home page itself also doesn't really explain what it is... unless you already know.
All I got is that it's some remote desktop client that runs in the browser. Then I had to assume that the server probably needs to be in the same network as your target computer... And theres some extra login to the client itself?
And then I noticed that that image is actually a video. ._.
Do you have an example of what they could have written? I agree with you that lots (mostly the corporate and startup) of homepages aren't good in describing the product but this seems like a relatively okay summary to me:
"Apache Guacamole is a clientless remote desktop gateway. It supports standard protocols like VNC, RDP, and SSH.[...]
Thanks to HTML5, once Guacamole is installed on a server, all you need to access your desktops is a web browser."
It's a tool you install on your machine and then you can access said machine via a web browser, no?
I had the same thoughts when clicking this document. It seems more like a release page than a landing page. But I think the lesson is that documentation is tricky to write because there are many ways to use it, for both novice and advanced users. I've checked Django, Drupal and Python release notes and they're aren't any more specific, although the website navigation makes it clear how to reach the home page.
Readit News
Via https://guacamole.apache.org/doc/1.1.0/gug/preface.html
What is Guacamole?
Guacamole is an HTML5 web application that provides access to desktop environments using remote desktop protocols (such as VNC or RDP). Guacamole is also the project that produces this web application, and provides an API that drives it. This API can be used to power other similar applications or services.
First of all the installation process is terrible, you need to install and configure a whole working tomcat8 server first and manually deploy the application WAR, configuration is non-obvious and obtuse, and the first ~10 tries after deploying Guacamole failed to establish VNC connections without a clear indication what went wrong. Over the years I've installed loads of services, not just trivial ones (e.g. nginx with SSL and multiple vhosts on different domains, reverse proxies, SSH tunnels, VPN servers, etc) and while I wouldn't say installing Guacamole was hard, the process just felt unnecessarily complicated. Not a nice experience.
Second, when I finally managed to get Guacamole to establish a VNC connection to an OS X client, the performance was straight up horrible. That's over a Gbit ethernet LAN, which I also use to stream games to a steam link at 60fps. Granted, this was connecting to desktop with 5K resolution and 32-bit color, but connecting to it directly using a VNC client works just fine. Through Guacamole it was literally unusable.
Is this to be expected?
Guacamole is (in my experience) unfortunately rather inefficient concerning bandwidth.
You can’t compare it to Steam Link either, because that’s using H264 video compression. Guacamole does not use video compression.
A single 5K 24 bit bitmap is ~42 MiB. That’s a lot, even compressed and especially at reasonable frame rates.
Also agree, this isn't intended to be a replacement for direct access, nor for streaming purposes.
This gives you and RDP session with no software install needed. The use case of guacamole is accessing a system from anywhere without needing your ssh keys, RDP, or VNC software. If you're happy doing any of those directly, adding a middle man doesn't add any value.
That said, if you're managing others accessing the system, you can bastion of the target machines and only expose this access. This lets you put the target machines behind NAT, and only manage one entry point.
This part I don't really understand. Why does a client <-> guacamole <-> VNC connection be less inefficient in terms of bandwidth compared to a direct client <-> VNC connection?
And if the general idea of sending screen data to a client be much more efficient if you use something like H264, why doesn't Guacamole implement some kind of similar compression technique?
I used NX for a while, and that does something very similar. On a slow connection you can actually see the compression artefacts when scrolling. It's not pretty, but at least it makes the machine accessible.
Anyway, when I tried guacamole, it was over Gbit LAN, if that's not even enough expose a VNC client using Guacamole, what's the point?
it provides access management so you don't need to expose the server, or the user/passwords, to gain access... You can also record the sessions ... And some other neat features... None of which really soon to replace a direct connection made by a technically savy individual between to machines on a network he controls.
But imagine the benefit for schools -- high schoolers can be given access to a virtual machine, without installing RDP or similar protocols on the students machine, and without giving them virtualization tools that might allow when to bypass student safety protections
Well, there’s your problem: Mac VNC. In order to get “OK” VNC performance on a Mac you have to:
* Make sure a display is connected to it (either real or a display emulator dongle)
* Use the built in Mac VNC server
* Use a VNC client like Remotix that has support for the VNC extensions that Apple uses to boost performance
In other words, use something else, like NoMachine (or similar) which does h264 compression.
As wOutert mentioned, the installation process is difficult and not for the faint of heart. Sure, most folks reading this here could manage it, but we're not normal!
I really wanted this to work since I'm teaching at a school where all the Windows machines are locked down. I teach a Linux class. I teach a bunch of cyber-security classes and often need to install tools for this. Our IT administrators either refuse to let me install the software I need to teach or put up a huge stink.
I stood up a few VMs in my homelab for teaching and was hopeful that I could remote in painlessly. After much weeping and gnashing of teeth I finally got it working. And it worked well. About once a month I do a "yum update" on my CentOS machines and when it ran on this particular machine, it broke something in the Guac stack. I refused to spend the time to fix it!
Simultaneously, I'd been having trouble with TeamViewer. The unfortunate reality of any IT professional's life is that you end up doing IT support for the family. TeamViewer was fine for years, but they started flagging my use as commercial. After looking and testing I found AnyDesk; it works every bit as well as TeamViewer and it has a Windows portable client; you don't need to install anything on the client machine (no admin rights needed).
So now I either boot my machines from a USB stick with Linux or AnyDesk to where I need to go and my life is much better.
When Guacamole is mature and painless like AnyDesk, I'd give it another look.
Looking through the notes, this looks interesting...
> Similar to Guacamole’s support for SSH and telnet, Guacamole can now provide terminal access to Kubernetes pods using the same mechanism as kubectl attach. This allows Guacamole to be used to interact with Kubernetes pods without requiring that those pods host an SSH or telnet service.
I have never used Guacamole or K8s (still stuck on Docker) but I assume this makes connecting to a containerized desktop much easier.
Great work to everyone involved.
I agree but unfortunately HN only allows you to submit a URL or test, not both. Also you're not technically supposed to editorialise the page title either. Thankfully the release notes on this particular site are well written.
I'd never heard of it before. What does Apache Guacamole actually do? Is it of interest to me? I click...
Nothing on the home page immediately tells me. I note HTML5 and there is something going on with a client and I guess a server? I scroll down the page. Literally, nothing telling me how Guacamole might be of interest to me, but I notice a mention to RDP - hmmm, that might be a clue, but it might not be.
I go up to docs. FAQ? OK, that might help. I click. Nope. Nothing. I scroll through the first five or six questions and I'm none the wiser.
I go back to the docs and notice the user manual. Surely that must tell me? I click.
Right, which section might tell me? Introduction? I click.
Several paragraphs in:
> Guacamole is an HTML5 web application that provides access to desktop environments using remote desktop protocols (such as VNC or RDP). Guacamole is also the project that produces this web application, and provides an API that drives it. This API can be used to power other similar applications or services.
I realise F/LOSS might not feel the need to "market" itself like it were a business, but is it too much to ask that the first thing we see on the home page is a brief description of what the project is, and some of the benefits so a curious chap can decide if it's of interest?
IMHO this is not an intended landing page for the project. I touched the title and got to the home page which explains pretty well what the project is about
http://guacamole.apache.org/
Maybe they should add an explicit Home link.
> "Apache Guacamole is a clientless remote desktop gateway [RDP]. It supports standard protocols like VNC, RDP, and SSH."
> "We call it clientless because no plugins or client software are required."
> "Thanks to HTML5, once Guacamole is installed on a server, all you need to access your desktops is a web browser."
The link you have clicked on is the release page, you could just gone to the home page ("click the title") to see what this was all about.
Bonus: There's even a video on the home page, I played the video and I instantly know what the software is.
Most open source software homepages don't provide that level of context, just walls of text.
It's not too much to ask, especially if you actually look at the home page and not the release notes that's clearly linked here.
All I got is that it's some remote desktop client that runs in the browser. Then I had to assume that the server probably needs to be in the same network as your target computer... And theres some extra login to the client itself?
And then I noticed that that image is actually a video. ._.
https://guacamole.apache.org/ - this is and it is very self explanatory to me.
`Apache Guacamole is a clientless remote desktop gateway. It supports standard protocols like VNC, RDP, and SSH.`
"Apache Guacamole is a clientless remote desktop gateway. It supports standard protocols like VNC, RDP, and SSH.[...]
Thanks to HTML5, once Guacamole is installed on a server, all you need to access your desktops is a web browser."
It's a tool you install on your machine and then you can access said machine via a web browser, no?
Deleted Comment
Guacamole is quite well known in the Linux world.
Release page being linked is appropriate given the title.
Deleted Comment
Deleted Comment
that said a tiny [remove desktop] tag in the title would have eased the process
From the front page
https://i.imgur.com/ZOyoNQ6.png
https://glyptodon.com/https://demo.glyptodon.com/
Led by the founders/maintainers of Guacamole.