[fuzzy2]

My recommendation: Use Docker. No need to deal with all the gritty details. If needed, reverse-proxy it.

Guacamole is (in my experience) unfortunately rather inefficient concerning bandwidth.

You can’t compare it to Steam Link either, because that’s using H264 video compression. Guacamole does not use video compression.

A single 5K 24 bit bitmap is ~42 MiB. That’s a lot, even compressed and especially at reasonable frame rates.

[ldoughty]

I second using containers for guacamole.

Also agree, this isn't intended to be a replacement for direct access, nor for streaming purposes.

This gives you and RDP session with no software install needed. The use case of guacamole is accessing a system from anywhere without needing your ssh keys, RDP, or VNC software. If you're happy doing any of those directly, adding a middle man doesn't add any value.

That said, if you're managing others accessing the system, you can bastion of the target machines and only expose this access. This lets you put the target machines behind NAT, and only manage one entry point.

[tootie]

Yeah, this is a neat tool, but I'm wondering what actual use case this is fulfilling. Installing an RDP or VNC client isn't a huge effort. If you're enterprise, you're probably already paying for TeamViewer or something similar. The biggest issue is usually the handshake between a client and machine on a private LAN.

[ldoughty]

The Virginia Cyber Range (www.virginiacyberrange.org) is a taxpayer funded organization that leverages this project heavily to give K-12+ students access to virtual machines for cybersecurity education.

Some of our customers are on Chromebooks, but with this they can access machines without installing software.

For students at home, it's the same experience, no need to provide at-home setup instructions for all the common operating systems.

In schools using computer labs, no need to install software at all.. IT admins see Guacamole's requirements for service and it requires them to do no work, and opens no threats to their network.

This allows us to replicate the capabilities of virtual box or similar software without teachers needing to know anything about virtualization, or dealing with the first session/week being the struggle to find BIOS flags to turn on, and getting the virtualization software working.

We currently see about 500-800 unique guacamole connections per day, it's fairly reliable.

[ghthor]

Awesome project! Glad you were able to leverage an OSS project to make your UX streamlined and approachable.

[wayoutthere]

Most ASF projects are not what I would call end-user tools; they're a collection of enabling technologies under an open source license so that they can be integrated in a modular way into a wide range of other products that an end-user would interact with. For better or worse, this seems to be the way that open source is being funded and used by the industry these days.

[millzlane]

We use it in conjunction with Pulse secure. Users are able to remote into their windows desktops via rdp after creating the connection from a web portal.

[w0utert]

>> This gives you and RDP session with no software install needed. The use case of guacamole is accessing a system from anywhere without needing your ssh keys, RDP, or VNC software. If you're happy doing any of those directly, adding a middle man doesn't add any value.

The point is that I'm not happy to do this directly, for various reasons. I don't want to open up any ports that get forwarded to my LAN for remote desktop, and I want to be able to access LAN clients from machines behind a proxy that just blocks anything but http/https traffic. That's why I looked into Guacamole.

Maybe RDP connections work better with guacamole, compared to VNC, but I don't have any windows machines I want to remote into, so that's of no value to me.

[v4n4d1s]

Try Xrdp https://en.wikipedia.org/wiki/Xrdp

I use it on a bunch of Ubuntu 18.04 systems, works out of the box with apache guacamole.

[w0utert]

>> You can’t compare it to Steam Link either, because that’s using H264 video compression. Guacamole does not use video compression.

This part I don't really understand. Why does a client <-> guacamole <-> VNC connection be less inefficient in terms of bandwidth compared to a direct client <-> VNC connection?

And if the general idea of sending screen data to a client be much more efficient if you use something like H264, why doesn't Guacamole implement some kind of similar compression technique?

I used NX for a while, and that does something very similar. On a slow connection you can actually see the compression artefacts when scrolling. It's not pretty, but at least it makes the machine accessible.

Anyway, when I tried guacamole, it was over Gbit LAN, if that's not even enough expose a VNC client using Guacamole, what's the point?

[fuzzy2]

> Why does a client <-> guacamole <-> VNC connection be less inefficient in terms of bandwidth compared to a direct client <-> VNC connection?

Because it’s not using the VNC protocol. It’s the Guacamole protocol. It is more restricted compared to modern VNC compression variants.

> I used NX for a while, and that does something very similar. On a slow connection you can actually see the compression artefacts when scrolling. It's not pretty, but at least it makes the machine accessible.

NoMachine NX is a different beast altogether. It’s comparable to RDP in that it deals directly with the actual (X11) objects instead of (just) their on-screen rendering. It’s basically advanced compression over X11 forwarding over SSH.

---

The point is HTML5. It works everywhere you have a somewhat reasonable browser.

[ubercow13]

Compressing the H264 requires quite a bit more processor power on the server. It's fine for steam link because the use case usually involves a powerful gaming PC on the server end, often with a dedicated GPU video encoder.

[jsgo]

Is there a similar system to Guacamole that does involve encoding?

I was actually looking at this a few days ago because I've been very interested in implementing something like Google's Project Stream locally where I can render things in the browser, but frame rate is important for me.

[wbl]

If only there was a way to intercept the screen drawing commands and send those over the network instead.