Via https://guacamole.apache.org/doc/1.1.0/gug/preface.html
What is Guacamole?
Guacamole is an HTML5 web application that provides access to desktop environments using remote desktop protocols (such as VNC or RDP). Guacamole is also the project that produces this web application, and provides an API that drives it. This API can be used to power other similar applications or services.
First of all the installation process is terrible, you need to install and configure a whole working tomcat8 server first and manually deploy the application WAR, configuration is non-obvious and obtuse, and the first ~10 tries after deploying Guacamole failed to establish VNC connections without a clear indication what went wrong. Over the years I've installed loads of services, not just trivial ones (e.g. nginx with SSL and multiple vhosts on different domains, reverse proxies, SSH tunnels, VPN servers, etc) and while I wouldn't say installing Guacamole was hard, the process just felt unnecessarily complicated. Not a nice experience.
Second, when I finally managed to get Guacamole to establish a VNC connection to an OS X client, the performance was straight up horrible. That's over a Gbit ethernet LAN, which I also use to stream games to a steam link at 60fps. Granted, this was connecting to desktop with 5K resolution and 32-bit color, but connecting to it directly using a VNC client works just fine. Through Guacamole it was literally unusable.
Is this to be expected?
Guacamole is (in my experience) unfortunately rather inefficient concerning bandwidth.
You can’t compare it to Steam Link either, because that’s using H264 video compression. Guacamole does not use video compression.
A single 5K 24 bit bitmap is ~42 MiB. That’s a lot, even compressed and especially at reasonable frame rates.
Also agree, this isn't intended to be a replacement for direct access, nor for streaming purposes.
This gives you and RDP session with no software install needed. The use case of guacamole is accessing a system from anywhere without needing your ssh keys, RDP, or VNC software. If you're happy doing any of those directly, adding a middle man doesn't add any value.
That said, if you're managing others accessing the system, you can bastion of the target machines and only expose this access. This lets you put the target machines behind NAT, and only manage one entry point.
This part I don't really understand. Why does a client <-> guacamole <-> VNC connection be less inefficient in terms of bandwidth compared to a direct client <-> VNC connection?
And if the general idea of sending screen data to a client be much more efficient if you use something like H264, why doesn't Guacamole implement some kind of similar compression technique?
I used NX for a while, and that does something very similar. On a slow connection you can actually see the compression artefacts when scrolling. It's not pretty, but at least it makes the machine accessible.
Anyway, when I tried guacamole, it was over Gbit LAN, if that's not even enough expose a VNC client using Guacamole, what's the point?
it provides access management so you don't need to expose the server, or the user/passwords, to gain access... You can also record the sessions ... And some other neat features... None of which really soon to replace a direct connection made by a technically savy individual between to machines on a network he controls.
But imagine the benefit for schools -- high schoolers can be given access to a virtual machine, without installing RDP or similar protocols on the students machine, and without giving them virtualization tools that might allow when to bypass student safety protections
Well, there’s your problem: Mac VNC. In order to get “OK” VNC performance on a Mac you have to:
* Make sure a display is connected to it (either real or a display emulator dongle)
* Use the built in Mac VNC server
* Use a VNC client like Remotix that has support for the VNC extensions that Apple uses to boost performance
In other words, use something else, like NoMachine (or similar) which does h264 compression.
As wOutert mentioned, the installation process is difficult and not for the faint of heart. Sure, most folks reading this here could manage it, but we're not normal!
I really wanted this to work since I'm teaching at a school where all the Windows machines are locked down. I teach a Linux class. I teach a bunch of cyber-security classes and often need to install tools for this. Our IT administrators either refuse to let me install the software I need to teach or put up a huge stink.
I stood up a few VMs in my homelab for teaching and was hopeful that I could remote in painlessly. After much weeping and gnashing of teeth I finally got it working. And it worked well. About once a month I do a "yum update" on my CentOS machines and when it ran on this particular machine, it broke something in the Guac stack. I refused to spend the time to fix it!
Simultaneously, I'd been having trouble with TeamViewer. The unfortunate reality of any IT professional's life is that you end up doing IT support for the family. TeamViewer was fine for years, but they started flagging my use as commercial. After looking and testing I found AnyDesk; it works every bit as well as TeamViewer and it has a Windows portable client; you don't need to install anything on the client machine (no admin rights needed).
So now I either boot my machines from a USB stick with Linux or AnyDesk to where I need to go and my life is much better.
When Guacamole is mature and painless like AnyDesk, I'd give it another look.
Looking through the notes, this looks interesting...
> Similar to Guacamole’s support for SSH and telnet, Guacamole can now provide terminal access to Kubernetes pods using the same mechanism as kubectl attach. This allows Guacamole to be used to interact with Kubernetes pods without requiring that those pods host an SSH or telnet service.
I have never used Guacamole or K8s (still stuck on Docker) but I assume this makes connecting to a containerized desktop much easier.
Great work to everyone involved.
I agree but unfortunately HN only allows you to submit a URL or test, not both. Also you're not technically supposed to editorialise the page title either. Thankfully the release notes on this particular site are well written.
I'd never heard of it before. What does Apache Guacamole actually do? Is it of interest to me? I click...
Nothing on the home page immediately tells me. I note HTML5 and there is something going on with a client and I guess a server? I scroll down the page. Literally, nothing telling me how Guacamole might be of interest to me, but I notice a mention to RDP - hmmm, that might be a clue, but it might not be.
I go up to docs. FAQ? OK, that might help. I click. Nope. Nothing. I scroll through the first five or six questions and I'm none the wiser.
I go back to the docs and notice the user manual. Surely that must tell me? I click.
Right, which section might tell me? Introduction? I click.
Several paragraphs in:
> Guacamole is an HTML5 web application that provides access to desktop environments using remote desktop protocols (such as VNC or RDP). Guacamole is also the project that produces this web application, and provides an API that drives it. This API can be used to power other similar applications or services.
I realise F/LOSS might not feel the need to "market" itself like it were a business, but is it too much to ask that the first thing we see on the home page is a brief description of what the project is, and some of the benefits so a curious chap can decide if it's of interest?
IMHO this is not an intended landing page for the project. I touched the title and got to the home page which explains pretty well what the project is about
Maybe they should add an explicit Home link.
> "Apache Guacamole is a clientless remote desktop gateway [RDP]. It supports standard protocols like VNC, RDP, and SSH."
> "We call it clientless because no plugins or client software are required."
> "Thanks to HTML5, once Guacamole is installed on a server, all you need to access your desktops is a web browser."
The link you have clicked on is the release page, you could just gone to the home page ("click the title") to see what this was all about.
Bonus: There's even a video on the home page, I played the video and I instantly know what the software is.
Most open source software homepages don't provide that level of context, just walls of text.
It's not too much to ask, especially if you actually look at the home page and not the release notes that's clearly linked here.
All I got is that it's some remote desktop client that runs in the browser. Then I had to assume that the server probably needs to be in the same network as your target computer... And theres some extra login to the client itself?
And then I noticed that that image is actually a video. ._.
https://guacamole.apache.org/ - this is and it is very self explanatory to me.
`Apache Guacamole is a clientless remote desktop gateway. It supports standard protocols like VNC, RDP, and SSH.`
"Apache Guacamole is a clientless remote desktop gateway. It supports standard protocols like VNC, RDP, and SSH.[...]
Thanks to HTML5, once Guacamole is installed on a server, all you need to access your desktops is a web browser."
It's a tool you install on your machine and then you can access said machine via a web browser, no?
Guacamole is quite well known in the Linux world.
Release page being linked is appropriate given the title.
that said a tiny [remove desktop] tag in the title would have eased the process
From the front page
https://glyptodon.com/ https://demo.glyptodon.com/
Led by the founders/maintainers of Guacamole.
Apache Guacamole 1.1.0 has not yet been released! The artifacts and release notes below are drafts for a proposed release of Apache Guacamole which has not yet occurred.
So it would seem it has not been released yet.
And actually.. it is released, they updated their docker instead making 1.1.0 their latest tag while dropping RC designation
I really hope free RDP 2.0 brings some general improvements, the existing implementation on 1.0.0 had terrible thread handling that causes infinite loops in certain situations.
Shouldn't this be front and center on the home page instead of having to find the manual and navigate to the second paragraph of the introduction?
That said, it looks like a cool idea and I wonder if it's within the scope of a project like this to implement an abstraction on the keyboard such that using common macOS keyboard shortcuts are translated to their Linux or Windows equivalents (or vice versa). It's a small peeve but I hate accidentally locking Windows when I meant to put focus on the address bar and start typing a URL...
UPDATE: I stand corrected: I missed that this wasn't the home page... that's what I get for commenting on a new story before I have my morning coffee.
The link provided is for their release page, which discusses this particular release.
This comment: https://news.ycombinator.com/item?id=22190442 on this thread has further discussion.
Instance functionality for that quick requirement at a modest fee.
Great product.
