Apache Guacamole! RDP + SSH + VNC over HTML5


Userlevel 7
Badge +7

Hi there!

 

I would like to share with all of you this awesome tool called Apache Guacamole

Apache Guacamole is a clientless remote desktop gateway. It supports standard protocols like VNC, RDP, and SSH.

I use it a lot to connect to my HomeLab, instead of enabling a VPN and open few RDP and SSH, I use my Navigator to connect to my Servers, no matter where Im connecting from (Ipad, Macbook, Raspberry Pi, Windows, etc.)

For me is very useful, you can add MFA, SSL Cert, etc. very flexible and friendly.

Here you will find the Installation files, instructions and useful information.

Just a few screenshots!

These are from my home lab.

 

In another post, I will share with you a basic deploy and configuration, over vsphere.

 

Home access

 

Connections list

 

Windows Server 2016 RDP over HTML5!
SSH over HTML5!
Windows Server + other tabs on top

enjoy!.


10 comments

Userlevel 7
Badge +20

Very cool tool.  I will check this out too as you can never have too many in your arsenal. 😂

Userlevel 7
Badge +9

I will test and also blog on this. Looks interesting. Thank you very much for sharing.

Userlevel 7
Badge +7

@HunterLAFR thanks for the sharing, reading the security report has several bugs 😋

 

Userlevel 7
Badge +7

I will test and also blog on this. Looks interesting. Thank you very much for sharing.

Awesome!!

Userlevel 7
Badge +7

@HunterLAFR thanks for the sharing, reading the security report has several bugs 😋

 

I know I know,

But this is for test and lab environment, not for production, (or you can take the risk if you want)

Even dough, also I've seen a lot of Citrix environments with more bugs and/or no patches published on the internet!! 😂😂😂
(Also vcenters and Hyper-V hosts with direct open ports to a public IP, 😱)

cheers,

 

Glad to see someone else using this!


I’ve had a static Guacamole VM set up for all of our Veeam Labs for several years, with internal/external IPs, URLs, and domain pass-through integration for all IT staff.

It gets round the issue of having to expose multiple IP addresses to the Live network - with only port 443 to the Guacamole VM required.

It also provides safety over our IT staff tripping up over Live and Lab Console sessions, since the Lab ones have to be accessed through the browser.  There’s a real danger of accidentally changing live systems accidentally when both consoles have the same look and feel, from the same console type.

I’ve also setup a shared folder on the VM, to swap files between the Lab and Live environments.

 

It’s a great tool, and perfect for Labs.  I think I raised it as a feature suggestion some years ago, to be integrated with the Veeam Proxy Applicance, but SureBackups/Labs haven’t seen many enhancements in recent releases. 

Userlevel 7
Badge +11

Did you find a way to let one non-admin user “shadow” the connection of another non-admin user? It could be limited to specific connections.

I can see the functionality as an admin user but haven’t been able to figure out how to get it to work for non-admin users.

Userlevel 7
Badge +7

Did you find a way to let one non-admin user “shadow” the connection of another non-admin user? It could be limited to specific connections.

I can see the functionality as an admin user but haven’t been able to figure out how to get it to work for non-admin users.

Hi

I don't really get your point with the “shadow” question, sorry! but I’m very curious.

 

If you mean creating a user into the wasabi platform, it can be limited what he see from groups, and machines itself.

And also you can handle different ways to show to the users the possible connections and so on.

cheers.

Luis.

Userlevel 7
Badge +11

Hi Luis,

You were writing about Guacamole, so I wasn’t really asking about Wasabi 😀

Let me make an example:

I create user named “user1” and add an RDP connection to “SERVER”.

“user1” starts a connection to “SERVER” via Guacamole and keeps the session open.

“user2”, who is not a Guacamole admin, wants to see what “user1” is doing in the Guacamole session to “SERVER”.

 

If a Guacamole admin logs in, this can be done by clicking on the username in the top right corner → Settings → Active Sessions  and then click on the connection name.

Userlevel 7
Badge +7

Sorry about the wasabi, I was reading another thing. XD
 

Now I understood, Yes, Only admin users can see active sessions, not “normal” users.

It would be a good improvement to have like “group admins” to see active sessions only for your groups, not the hole system.

But I still liking the way it looks, and how it works for me and my lab!

cheers.

Comment