Guacamole is an HTML5 web application that provides access to desktop environments using remote desktop protocols (such as VNC or RDP). Guacamole is also the project that produces this web application, and provides an API that drives it. This API can be used to power other similar applications or services.
I really like the idea implemented by Apache Guacamole, but when I tried to install it on my home server get remote desktops to my other machines when abroad, it was a huge letdown.
First of all the installation process is terrible, you need to install and configure a whole working tomcat8 server first and manually deploy the application WAR, configuration is non-obvious and obtuse, and the first ~10 tries after deploying Guacamole failed to establish VNC connections without a clear indication what went wrong. Over the years I've installed loads of services, not just trivial ones (e.g. nginx with SSL and multiple vhosts on different domains, reverse proxies, SSH tunnels, VPN servers, etc) and while I wouldn't say installing Guacamole was hard, the process just felt unnecessarily complicated. Not a nice experience.
Second, when I finally managed to get Guacamole to establish a VNC connection to an OS X client, the performance was straight up horrible. That's over a Gbit ethernet LAN, which I also use to stream games to a steam link at 60fps. Granted, this was connecting to desktop with 5K resolution and 32-bit color, but connecting to it directly using a VNC client works just fine. Through Guacamole it was literally unusable.
Agreed, the configuration is not pleasant. I also tried many alternatives this while abroad recently and actually found plain VNC the most performant and pleasant to use, and it's trivial to set up.
I hope this project has matured since I last tried it (18 months ago).
As wOutert mentioned, the installation process is difficult and not for the faint of heart. Sure, most folks reading this here could manage it, but we're not normal!
I really wanted this to work since I'm teaching at a school where all the Windows machines are locked down. I teach a Linux class. I teach a bunch of cyber-security classes and often need to install tools for this. Our IT administrators either refuse to let me install the software I need to teach or put up a huge stink.
I stood up a few VMs in my homelab for teaching and was hopeful that I could remote in painlessly. After much weeping and gnashing of teeth I finally got it working. And it worked well. About once a month I do a "yum update" on my CentOS machines and when it ran on this particular machine, it broke something in the Guac stack. I refused to spend the time to fix it!
Simultaneously, I'd been having trouble with TeamViewer. The unfortunate reality of any IT professional's life is that you end up doing IT support for the family. TeamViewer was fine for years, but they started flagging my use as commercial. After looking and testing I found AnyDesk; it works every bit as well as TeamViewer and it has a Windows portable client; you don't need to install anything on the client machine (no admin rights needed).
So now I either boot my machines from a USB stick with Linux or AnyDesk to where I need to go and my life is much better.
When Guacamole is mature and painless like AnyDesk, I'd give it another look.
Using it in production here since a few versions. It works perfectly for RDP (VMs that several non computer saavy people have to use including when abroad) and LDAP (slapd) for auth. Performance is really good even for tens of connections at the same time and the users are using old apps that tend to refresh half the screen each time a single pixel changes
. Works on Linux, Mac and windows for the clients without having to give specific instructions for each. I used the docker containers for deployment to reduce the hassle
As it is running on a VM anyway, I will switch that to ansible playbooks at some point, but the docker install was really smooth, I'm almost wondering if it is worth it.
It would be great if these sorts of posts would include a description of what's big about these releases. If you were already excited about this Guacamole release, then you probably didn't need the reminder.
Looking through the notes, this looks interesting...
> Similar to Guacamole’s support for SSH and telnet, Guacamole can now provide terminal access to Kubernetes pods using the same mechanism as kubectl attach. This allows Guacamole to be used to interact with Kubernetes pods without requiring that those pods host an SSH or telnet service.
I have never used Guacamole or K8s (still stuck on Docker) but I assume this makes connecting to a containerized desktop much easier.
> It would be great if these sorts of posts would include a description of what's big about these releases. If you were already excited about this Guacamole release, then you probably didn't need the reminder.
I agree but unfortunately HN only allows you to submit a URL or test, not both. Also you're not technically supposed to editorialise the page title either. Thankfully the release notes on this particular site are well written.
I'd never heard of it before. What does Apache Guacamole actually do? Is it of interest to me? I click...
Nothing on the home page immediately tells me. I note HTML5 and there is something going on with a client and I guess a server? I scroll down the page. Literally, nothing telling me how Guacamole might be of interest to me, but I notice a mention to RDP - hmmm, that might be a clue, but it might not be.
I go up to docs. FAQ? OK, that might help. I click. Nope. Nothing. I scroll through the first five or six questions and I'm none the wiser.
I go back to the docs and notice the user manual. Surely that must tell me? I click.
Right, which section might tell me? Introduction? I click.
Several paragraphs in:
> Guacamole is an HTML5 web application that provides access to desktop environments using remote desktop protocols (such as VNC or RDP). Guacamole is also the project that produces this web application, and provides an API that drives it. This API can be used to power other similar applications or services.
I realise F/LOSS might not feel the need to "market" itself like it were a business, but is it too much to ask that the first thing we see on the home page is a brief description of what the project is, and some of the benefits so a curious chap can decide if it's of interest?
IMHO this is not an intended landing page for the project. I touched the title and got to the home page which explains pretty well what the project is about
> is it too much to ask that the first thing we see on the home page is a brief description of what the project is, and some of the benefits so a curious chap can decide if it's of interest?
It's not too much to ask, especially if you actually look at the home page and not the release notes that's clearly linked here.
Do you have an example of what they could have written? I agree with you that lots (mostly the corporate and startup) of homepages aren't good in describing the product but this seems like a relatively okay summary to me:
"Apache Guacamole is a clientless remote desktop gateway. It supports standard protocols like VNC, RDP, and SSH.[...]
Thanks to HTML5, once Guacamole is installed on a server, all you need to access your desktops is a web browser."
It's a tool you install on your machine and then you can access said machine via a web browser, no?
I had the same thoughts when clicking this document. It seems more like a release page than a landing page. But I think the lesson is that documentation is tricky to write because there are many ways to use it, for both novice and advanced users. I've checked Django, Drupal and Python release notes and they're aren't any more specific, although the website navigation makes it clear how to reach the home page.
Apache Guacamole 1.1.0 has not yet been released! The artifacts and release notes below are drafts for a proposed release of Apache Guacamole which has not yet occurred.
Me heart nearly jumped out of my chest when I saw this link here....
And actually.. it is released, they updated their docker instead making 1.1.0 their latest tag while dropping RC designation
I really hope free RDP 2.0 brings some general improvements, the existing implementation on 1.0.0 had terrible thread handling that causes infinite loops in certain situations.
"Guacamole is an HTML5 web application that provides access to desktop environments using remote desktop protocols (such as VNC or RDP)."
Shouldn't this be front and center on the home page instead of having to find the manual and navigate to the second paragraph of the introduction?
That said, it looks like a cool idea and I wonder if it's within the scope of a project like this to implement an abstraction on the keyboard such that using common macOS keyboard shortcuts are translated to their Linux or Windows equivalents (or vice versa). It's a small peeve but I hate accidentally locking Windows when I meant to put focus on the address bar and start typing a URL...
UPDATE: I stand corrected: I missed that this wasn't the home page... that's what I get for commenting on a new story before I have my morning coffee.
I've looked at using this before to provide a "thin client" legacy desktop app - is anyone doing the same with Guacamole? Care to share your experience?
If I’m understanding you correctly, I used guacamole for just this purpose once. Terrible legacy desktop app needed to be ‘ported’ to ‘the cloud’ ASAP because reasons. While we were working on a proper rewrite, I stood up a VM running the old desktop software and a web page that used guacamole to VNC to the app. Worked fabtabulously, and with a little printer redirection and UI tweaks, wound up being preferred by the users over the rewritten proper web app. In all honesty, not a terrible solution. Users who had been using the app for a decade didn’t have to learn anything new. I did have to learn something new, though, as then we had to port our new features from the real web app back to the VB6 legacy ‘desktop’ app, lol.
I use it to provide access to cloud systems as essentially a bastion. The target computers often have serious vulnerabilities exposed (like metasploitable windows targets, and machines with very easy passwords).. so supporting legacy OS & software is reasonably secure (at least if guacamole is the only access point)
There is an AWS marketplace instance available if you search for "guacamole". You log in at a public DNS as ubuntu with the instance-id for the password.
Instance functionality for that quick requirement at a modest fee.
mwexler|6 years ago
Via https://guacamole.apache.org/doc/1.1.0/gug/preface.html
What is Guacamole?
Guacamole is an HTML5 web application that provides access to desktop environments using remote desktop protocols (such as VNC or RDP). Guacamole is also the project that produces this web application, and provides an API that drives it. This API can be used to power other similar applications or services.
w0utert|6 years ago
First of all the installation process is terrible, you need to install and configure a whole working tomcat8 server first and manually deploy the application WAR, configuration is non-obvious and obtuse, and the first ~10 tries after deploying Guacamole failed to establish VNC connections without a clear indication what went wrong. Over the years I've installed loads of services, not just trivial ones (e.g. nginx with SSL and multiple vhosts on different domains, reverse proxies, SSH tunnels, VPN servers, etc) and while I wouldn't say installing Guacamole was hard, the process just felt unnecessarily complicated. Not a nice experience.
Second, when I finally managed to get Guacamole to establish a VNC connection to an OS X client, the performance was straight up horrible. That's over a Gbit ethernet LAN, which I also use to stream games to a steam link at 60fps. Granted, this was connecting to desktop with 5K resolution and 32-bit color, but connecting to it directly using a VNC client works just fine. Through Guacamole it was literally unusable.
Is this to be expected?
fuzzy2|6 years ago
Guacamole is (in my experience) unfortunately rather inefficient concerning bandwidth.
You can’t compare it to Steam Link either, because that’s using H264 video compression. Guacamole does not use video compression.
A single 5K 24 bit bitmap is ~42 MiB. That’s a lot, even compressed and especially at reasonable frame rates.
ubercow13|6 years ago
ridruejo|6 years ago
xienze|6 years ago
Well, there’s your problem: Mac VNC. In order to get “OK” VNC performance on a Mac you have to:
* Make sure a display is connected to it (either real or a display emulator dongle)
* Use the built in Mac VNC server
* Use a VNC client like Remotix that has support for the VNC extensions that Apple uses to boost performance
In other words, use something else, like NoMachine (or similar) which does h264 compression.
tasubotadas|6 years ago
F00Fbug|6 years ago
As wOutert mentioned, the installation process is difficult and not for the faint of heart. Sure, most folks reading this here could manage it, but we're not normal!
I really wanted this to work since I'm teaching at a school where all the Windows machines are locked down. I teach a Linux class. I teach a bunch of cyber-security classes and often need to install tools for this. Our IT administrators either refuse to let me install the software I need to teach or put up a huge stink.
I stood up a few VMs in my homelab for teaching and was hopeful that I could remote in painlessly. After much weeping and gnashing of teeth I finally got it working. And it worked well. About once a month I do a "yum update" on my CentOS machines and when it ran on this particular machine, it broke something in the Guac stack. I refused to spend the time to fix it!
Simultaneously, I'd been having trouble with TeamViewer. The unfortunate reality of any IT professional's life is that you end up doing IT support for the family. TeamViewer was fine for years, but they started flagging my use as commercial. After looking and testing I found AnyDesk; it works every bit as well as TeamViewer and it has a Windows portable client; you don't need to install anything on the client machine (no admin rights needed).
So now I either boot my machines from a USB stick with Linux or AnyDesk to where I need to go and my life is much better.
When Guacamole is mature and painless like AnyDesk, I'd give it another look.
bjonnh|6 years ago
gexla|6 years ago
Looking through the notes, this looks interesting...
> Similar to Guacamole’s support for SSH and telnet, Guacamole can now provide terminal access to Kubernetes pods using the same mechanism as kubectl attach. This allows Guacamole to be used to interact with Kubernetes pods without requiring that those pods host an SSH or telnet service.
I have never used Guacamole or K8s (still stuck on Docker) but I assume this makes connecting to a containerized desktop much easier.
Great work to everyone involved.
laumars|6 years ago
I agree but unfortunately HN only allows you to submit a URL or test, not both. Also you're not technically supposed to editorialise the page title either. Thankfully the release notes on this particular site are well written.
fulafel|6 years ago
v4n4d1s|6 years ago
PaulRobinson|6 years ago
I'd never heard of it before. What does Apache Guacamole actually do? Is it of interest to me? I click...
Nothing on the home page immediately tells me. I note HTML5 and there is something going on with a client and I guess a server? I scroll down the page. Literally, nothing telling me how Guacamole might be of interest to me, but I notice a mention to RDP - hmmm, that might be a clue, but it might not be.
I go up to docs. FAQ? OK, that might help. I click. Nope. Nothing. I scroll through the first five or six questions and I'm none the wiser.
I go back to the docs and notice the user manual. Surely that must tell me? I click.
Right, which section might tell me? Introduction? I click.
Several paragraphs in:
> Guacamole is an HTML5 web application that provides access to desktop environments using remote desktop protocols (such as VNC or RDP). Guacamole is also the project that produces this web application, and provides an API that drives it. This API can be used to power other similar applications or services.
I realise F/LOSS might not feel the need to "market" itself like it were a business, but is it too much to ask that the first thing we see on the home page is a brief description of what the project is, and some of the benefits so a curious chap can decide if it's of interest?
pmontra|6 years ago
IMHO this is not an intended landing page for the project. I touched the title and got to the home page which explains pretty well what the project is about
http://guacamole.apache.org/
Maybe they should add an explicit Home link.
kgraves|6 years ago
> "Apache Guacamole is a clientless remote desktop gateway [RDP]. It supports standard protocols like VNC, RDP, and SSH."
> "We call it clientless because no plugins or client software are required."
> "Thanks to HTML5, once Guacamole is installed on a server, all you need to access your desktops is a web browser."
The link you have clicked on is the release page, you could just gone to the home page ("click the title") to see what this was all about.
Bonus: There's even a video on the home page, I played the video and I instantly know what the software is.
Most open source software homepages don't provide that level of context, just walls of text.
calcifer|6 years ago
It's not too much to ask, especially if you actually look at the home page and not the release notes that's clearly linked here.
ergo14|6 years ago
https://guacamole.apache.org/ - this is and it is very self explanatory to me.
`Apache Guacamole is a clientless remote desktop gateway. It supports standard protocols like VNC, RDP, and SSH.`
lars_francke|6 years ago
"Apache Guacamole is a clientless remote desktop gateway. It supports standard protocols like VNC, RDP, and SSH.[...]
Thanks to HTML5, once Guacamole is installed on a server, all you need to access your desktops is a web browser."
It's a tool you install on your machine and then you can access said machine via a web browser, no?
unknown|6 years ago
[deleted]
ciroduran|6 years ago
gexla|6 years ago
Guacamole is quite well known in the Linux world.
Release page being linked is appropriate given the title.
unknown|6 years ago
[deleted]
unknown|6 years ago
[deleted]
agumonkey|6 years ago
that said a tiny [remove desktop] tag in the title would have eased the process
nannal|6 years ago
From the front page
https://i.imgur.com/ZOyoNQ6.png
johnmark|6 years ago
https://glyptodon.com/ https://demo.glyptodon.com/
Led by the founders/maintainers of Guacamole.
unwind|6 years ago
Apache Guacamole 1.1.0 has not yet been released! The artifacts and release notes below are drafts for a proposed release of Apache Guacamole which has not yet occurred.
So it would seem it has not been released yet.
ldoughty|6 years ago
And actually.. it is released, they updated their docker instead making 1.1.0 their latest tag while dropping RC designation
I really hope free RDP 2.0 brings some general improvements, the existing implementation on 1.0.0 had terrible thread handling that causes infinite loops in certain situations.
mikece|6 years ago
Shouldn't this be front and center on the home page instead of having to find the manual and navigate to the second paragraph of the introduction?
That said, it looks like a cool idea and I wonder if it's within the scope of a project like this to implement an abstraction on the keyboard such that using common macOS keyboard shortcuts are translated to their Linux or Windows equivalents (or vice versa). It's a small peeve but I hate accidentally locking Windows when I meant to put focus on the address bar and start typing a URL...
UPDATE: I stand corrected: I missed that this wasn't the home page... that's what I get for commenting on a new story before I have my morning coffee.
omegabravo|6 years ago
The link provided is for their release page, which discusses this particular release.
This comment: https://news.ycombinator.com/item?id=22190442 on this thread has further discussion.
catmanjan|6 years ago
patentatt|6 years ago
ldoughty|6 years ago
smitty1e|6 years ago
Instance functionality for that quick requirement at a modest fee.
Great product.
sdan|6 years ago