
Apache Guacamole 1.1.0 - v4n4d1s
https://guacamole.apache.org/releases/1.1.0/
======
mwexler
For everyone wondering what this is:

Via
[https://guacamole.apache.org/doc/1.1.0/gug/preface.html](https://guacamole.apache.org/doc/1.1.0/gug/preface.html)

What is Guacamole?

Guacamole is an HTML5 web application that provides access to desktop
environments using remote desktop protocols (such as VNC or RDP). Guacamole is
also the project that produces this web application, and provides an API that
drives it. This API can be used to power other similar applications or
services.

------
w0utert
I really like the idea implemented by Apache Guacamole, but when I tried to
install it on my home server get remote desktops to my other machines when
abroad, it was a huge letdown.

First of all the installation process is terrible, you need to install and
configure a whole working tomcat8 server first and manually deploy the
application WAR, configuration is non-obvious and obtuse, and the first ~10
tries after deploying Guacamole failed to establish VNC connections without a
clear indication what went wrong. Over the years I've installed loads of
services, not just trivial ones (e.g. nginx with SSL and multiple vhosts on
different domains, reverse proxies, SSH tunnels, VPN servers, etc) and while I
wouldn't say installing Guacamole was _hard_ , the process just felt
unnecessarily complicated. Not a nice experience.

Second, when I finally managed to get Guacamole to establish a VNC connection
to an OS X client, the performance was straight up horrible. That's over a
Gbit ethernet LAN, which I also use to stream games to a steam link at 60fps.
Granted, this was connecting to desktop with 5K resolution and 32-bit color,
but connecting to it directly using a VNC client works just fine. Through
Guacamole it was literally unusable.

Is this to be expected?

~~~
fuzzy2
My recommendation: Use Docker. No need to deal with all the gritty details. If
needed, reverse-proxy it.

Guacamole is (in my experience) unfortunately rather inefficient concerning
bandwidth.

You can’t compare it to Steam Link either, because that’s using H264 video
compression. Guacamole does not use video compression.

A single 5K 24 bit bitmap is ~42 MiB. That’s a lot, even compressed and
especially at reasonable frame rates.

~~~
ldoughty
I second using containers for guacamole.

Also agree, this isn't intended to be a replacement for direct access, nor for
streaming purposes.

This gives you and RDP session with no software install needed. The use case
of guacamole is accessing a system from anywhere without needing your ssh
keys, RDP, or VNC software. If you're happy doing any of those directly,
adding a middle man doesn't add any value.

That said, if you're managing others accessing the system, you can bastion of
the target machines and only expose this access. This lets you put the target
machines behind NAT, and only manage one entry point.

~~~
tootie
Yeah, this is a neat tool, but I'm wondering what actual use case this is
fulfilling. Installing an RDP or VNC client isn't a huge effort. If you're
enterprise, you're probably already paying for TeamViewer or something
similar. The biggest issue is usually the handshake between a client and
machine on a private LAN.

~~~
ldoughty
The Virginia Cyber Range (www.virginiacyberrange.org) is a taxpayer funded
organization that leverages this project heavily to give K-12+ students access
to virtual machines for cybersecurity education.

Some of our customers are on Chromebooks, but with this they can access
machines without installing software.

For students at home, it's the same experience, no need to provide at-home
setup instructions for all the common operating systems.

In schools using computer labs, no need to install software at all.. IT admins
see Guacamole's requirements for service and it requires them to do no work,
and opens no threats to their network.

This allows us to replicate the capabilities of virtual box or similar
software without teachers needing to know anything about virtualization, or
dealing with the first session/week being the struggle to find BIOS flags to
turn on, and getting the virtualization software working.

We currently see about 500-800 unique guacamole connections per day, it's
fairly reliable.

~~~
ghthor
Awesome project! Glad you were able to leverage an OSS project to make your UX
streamlined and approachable.

------
F00Fbug
I hope this project has matured since I last tried it (18 months ago).

As wOutert mentioned, the installation process is difficult and not for the
faint of heart. Sure, most folks reading this here could manage it, but we're
not _normal_!

I really wanted this to work since I'm teaching at a school where all the
Windows machines are locked down. I teach a Linux class. I teach a bunch of
cyber-security classes and often need to install tools for this. Our IT
administrators either refuse to let me install the software I need to teach or
put up a huge stink.

I stood up a few VMs in my homelab for teaching and was hopeful that I could
remote in painlessly. After much weeping and gnashing of teeth I finally got
it working. And it worked well. About once a month I do a "yum update" on my
CentOS machines and when it ran on this particular machine, it broke something
in the Guac stack. I refused to spend the time to fix it!

Simultaneously, I'd been having trouble with TeamViewer. The unfortunate
reality of any IT professional's life is that you end up doing IT support for
the family. TeamViewer was fine for years, but they started flagging my use as
commercial. After looking and testing I found AnyDesk; it works every bit as
well as TeamViewer and it has a Windows portable client; you don't need to
install anything on the client machine (no admin rights needed).

So now I either boot my machines from a USB stick with Linux or AnyDesk to
where I need to go and my life is much better.

When Guacamole is mature and painless like AnyDesk, I'd give it another look.

------
bjonnh
Using it in production here since a few versions. It works perfectly for RDP
(VMs that several non computer saavy people have to use including when abroad)
and LDAP (slapd) for auth. Performance is really good even for tens of
connections at the same time and the users are using old apps that tend to
refresh half the screen each time a single pixel changes . Works on Linux, Mac
and windows for the clients without having to give specific instructions for
each. I used the docker containers for deployment to reduce the hassle As it
is running on a VM anyway, I will switch that to ansible playbooks at some
point, but the docker install was really smooth, I'm almost wondering if it is
worth it.

------
gexla
It would be great if these sorts of posts would include a description of
what's big about these releases. If you were already excited about this
Guacamole release, then you probably didn't need the reminder.

Looking through the notes, this looks interesting...

> Similar to Guacamole’s support for SSH and telnet, Guacamole can now provide
> terminal access to Kubernetes pods using the same mechanism as kubectl
> attach. This allows Guacamole to be used to interact with Kubernetes pods
> without requiring that those pods host an SSH or telnet service.

I have never used Guacamole or K8s (still stuck on Docker) but I assume this
makes connecting to a containerized desktop much easier.

Great work to everyone involved.

~~~
laumars
> _It would be great if these sorts of posts would include a description of
> what 's big about these releases. If you were already excited about this
> Guacamole release, then you probably didn't need the reminder._

I agree but unfortunately HN only allows you to submit a URL _or_ test, not
both. Also you're not technically supposed to editorialise the page title
either. Thankfully the release notes on this particular site are well written.

------
fulafel
Maybe the submitter could highlight they view as noteworthy in this release?

~~~
v4n4d1s
Switch to freerdp 2.0 and swiss german keyboard layout are my highlights.

------
PaulRobinson
The antithesis of a good landing page.

I'd never heard of it before. What does Apache Guacamole actually do? Is it of
interest to me? I click...

Nothing on the home page immediately tells me. I note HTML5 and there is
something going on with a client and I guess a server? I scroll down the page.
Literally, nothing telling me how Guacamole might be of interest to me, but I
notice a mention to RDP - hmmm, that might be a clue, but it might not be.

I go up to docs. FAQ? OK, that might help. I click. Nope. Nothing. I scroll
through the first five or six questions and I'm none the wiser.

I go back to the docs and notice the user manual. Surely that must tell me? I
click.

Right, which section might tell me? Introduction? I click.

Several paragraphs in:

> Guacamole is an HTML5 web application that provides access to desktop
> environments using remote desktop protocols (such as VNC or RDP). Guacamole
> is also the project that produces this web application, and provides an API
> that drives it. This API can be used to power other similar applications or
> services.

I realise F/LOSS might not feel the need to "market" itself like it were a
business, but is it too much to ask that the first thing we see on the home
page is a brief description of what the project is, and some of the benefits
so a curious chap can decide if it's of interest?

~~~
calcifer
> is it too much to ask that the first thing we see on the home page is a
> brief description of what the project is, and some of the benefits so a
> curious chap can decide if it's of interest?

It's not too much to ask, especially if you actually look at the _home page_
and not the release notes that's clearly linked here.

~~~
Double_a_92
The home page itself also doesn't really explain what it is... unless you
already know.

All I got is that it's some remote desktop client that runs in the browser.
Then I had to assume that the server probably needs to be in the same network
as your target computer... And theres some extra login to the client itself?

And then I noticed that that image is actually a video. ._.

~~~
laumars
What browser are you using?

The video has a standard play button on desktop Firefox. In fact it is very
clearly an embedded Vimeo video (branded and all).

Also your server assumption is very clearly stated right next to the video:

> _Thanks to HTML5, once Guacamole is installed on a server, all you need to
> access your desktops is a web browser._

This is all in the top half of the landing page and even highlighted in green
to stand out from the rest of the page.

I agree many FOSS projects have lousy landing pages but I've always though
this one to be one of the better ones. In fact it is better than many
commercial landing pages I've had the misfortune to, _ahem_ , land on.

------
johnmark
If you like Apache Guacamole, you'll love Glyptodon Enterprise.

[https://glyptodon.com/](https://glyptodon.com/)
[https://demo.glyptodon.com/](https://demo.glyptodon.com/)

Led by the founders/maintainers of Guacamole.

------
unwind
Nobody has mentioned it but the header says:

 _Apache Guacamole 1.1.0 has not yet been released! The artifacts and release
notes below are drafts for a proposed release of Apache Guacamole which has
not yet occurred._

So it would seem it has not been released yet.

~~~
ldoughty
Me heart nearly jumped out of my chest when I saw this link here....

And actually.. __it is released __, they updated their docker instead making
1.1.0 their latest tag while dropping RC designation

I really hope free RDP 2.0 brings some general improvements, the existing
implementation on 1.0.0 had terrible thread handling that causes infinite
loops in certain situations.

------
mikece
"Guacamole is an HTML5 web application that provides access to desktop
environments using remote desktop protocols (such as VNC or RDP)."

Shouldn't this be front and center on the home page instead of having to find
the manual and navigate to the second paragraph of the introduction?

That said, it looks like a cool idea and I wonder if it's within the scope of
a project like this to implement an abstraction on the keyboard such that
using common macOS keyboard shortcuts are translated to their Linux or Windows
equivalents (or vice versa). It's a small peeve but I hate accidentally
locking Windows when I meant to put focus on the address bar and start typing
a URL...

UPDATE: I stand corrected: I missed that this wasn't the home page... that's
what I get for commenting on a new story _before_ I have my morning coffee.

~~~
omegabravo
The home page
([https://guacamole.apache.org/](https://guacamole.apache.org/)), has the
description front and centre.

The link provided is for their release page, which discusses this particular
release.

This comment:
[https://news.ycombinator.com/item?id=22190442](https://news.ycombinator.com/item?id=22190442)
on this thread has further discussion.

------
catmanjan
I've looked at using this before to provide a "thin client" legacy desktop app
- is anyone doing the same with Guacamole? Care to share your experience?

~~~
patentatt
If I’m understanding you correctly, I used guacamole for just this purpose
once. Terrible legacy desktop app needed to be ‘ported’ to ‘the cloud’ ASAP
because reasons. While we were working on a proper rewrite, I stood up a VM
running the old desktop software and a web page that used guacamole to VNC to
the app. Worked fabtabulously, and with a little printer redirection and UI
tweaks, wound up being preferred by the users over the rewritten proper web
app. In all honesty, not a terrible solution. Users who had been using the app
for a decade didn’t have to learn anything new. I did have to learn something
new, though, as then we had to port our new features from the real web app
back to the VB6 legacy ‘desktop’ app, lol.

------
smitty1e
There is an AWS marketplace instance available if you search for "guacamole".
You log in at a public DNS as ubuntu with the instance-id for the password.

Instance functionality for that quick requirement at a modest fee.

Great product.

------
sdan
Interestingly this seems like what mighty
app([https://mightyapp.com](https://mightyapp.com)) is doing

