
Guacamole – HTML5 Clientless Remote Desktop - tux1968
http://guac-dev.org/
======
jitl
I run Guacamole on my home network as an RDP client to my Windows and Linux
boxes. It's a fantastic piece of software. It beats VMC widely in terms of
speed, and RDP narrowly when used across the internet. I run guacd on my home
server and use that to access my interior network from any computer. It's
stable, consumes low memory, and works nicely over HTTPS with apache reverse-
proxying the Java webapp. A+ amaze your friends type of software. I am a huge
guacamole fanboy.

Edit: I used a Linux VM on my home windows box over guacamole from a
Chromebook as my primary mobile computer for 6 months. Browsing in Firefox on
my remote VM was always faster than browsing the web locally on the
Chromebook. If only it worked well on tablets...

~~~
tekacs
> and RDP narrowly

I don't suppose[1] it supports RDP 8's new ability to play video on a remote
desktop by streaming the media across and decoding it locally (works in the
Win/Mac official clients).

I was amazed and dumbfounded the first time a YouTube video played in a remote
session with perfectly in-sync audio and video and instant response to mouse
clicks and now find it hard to go back...

[1]: Can't test this myself until I get back to a desktop computer (this is
from a phone).

~~~
mdmarra
RDP8 also supports RDP over UDP which further enhances performance in high-
latency scenarios. I'm assuming that is also not factored into that claim
either

~~~
luma
I kept waiting for the demo video to show any streaming video which they kept
avoiding. VNC is ancient by industry standards. While this is convenient and
the open license is helpful, there are far more mature remote desktop protocol
stacks available commercially. PCoIP, RDP8, ICA/HDX, heck even HP's RGS cam
handle streaming video and USB remoting.

~~~
krakensden
In early 2013, guacamole would do video for a little bit, and then get
desynchronized from the server. It would be pretty great while it lasted
though...

------
desaintmartin
There already have been a few nice VNC web clients around for a few years,
like NoVNC ([http://kanaka.github.io/noVNC/](http://kanaka.github.io/noVNC/),
python server-side, used in Openstack and others). Unfortunately, there's no
magic: you need your VNC/RDP server, then your "clientless server" (proxy
socket<->websocket or alike), then your web server to host the "clientless"
client.

It's becoming to be interesting when your VNC/RDP client directly supports
websocket, eliminating the need of a proxy and only use a STATIC web server to
host client. Wait, it's built-in for qemu since 1.4!
[http://git.qemu.org/?p=qemu.git;a=commit;h=0057a0d59006d00c2...](http://git.qemu.org/?p=qemu.git;a=commit;h=0057a0d59006d00c294de0b012d9a290eb1a5c80)

~~~
jitl
Guacamole and NoVNC are very different conceptually. NoVNC is a client for the
VNC protocol that runs in your browser, and a dumb TCP-to-Websockets proxy
script that you run on your server if your VNC software doesn't already
support Websockets in addition to TCP. Your browser and the server still
communicate using the VNC protocol, and you'll get performance no better than
TCP VNC (bad performance over the internet, in my opinion).

Guacamole has much better performance. Your browser and the guacamole server
communicate using a custom, better-performing protocol ([http://guac-
dev.org/doc/gug/protocol-reference.html](http://guac-dev.org/doc/gug/protocol-
reference.html)). While guacamole can still connect to your server with VNC,
it also supports RDP, which is also faster. Even when using Guacamole as a
proxy for VNC if your guacd and VNC servers are on LAN together, because the
guacamole protocol works much better over high latency connections than VNC
does.

Edit: also, Guacamole doesn't use Websockets, which makes it much easier to
proxy with your standard HTTP proxy software like apache, which didn't get a
Websockets proxy module until 2.4 (Ubuntu 12.04 is 2.2).

~~~
kanaka
"Guacamole has much better performance ... custom, better-performing protocol"
-> What aspect of performance? Latency? Bandwidth? Server CPU and memory
usage? Scaling? Do you have some actual performance benchmarks comparing the
two? And does guacamole perform better when connecting to the same VNC server
or is that comparing VNC server with an RDP server. RDP itself is a newer,
more complex and more efficient protocol than VNC but VNC is supported pretty
much everywhere. RDP could pretty easily be implemented in noVNC by somebody
with the time (in fact it's been on the aspirational feature list for years).

With noVNC the protocol decode/encode is done in the browser (modern browsers
are plenty fast enough to do this easily), whereas with Guacamole the burden
of decode/encode for every client happens on the server where the proxy/client
part is running. Even if you need to run websockify to proxy/bridge noVNC, the
only thing it is doing is shuttling network traffic and the python
implementation of websockify can easily handle lots of simultaneous clients
without breaking a sweat.

noVNC was designed with Infrastructure as a Server (IaaS) providers in mind so
minimizing server CPU, memory and bandwidth was a goal in the design.

Also, guacamole does use websockets when it is available.

~~~
bmullan
I agree lets be careful about stating better performance unless you can post
some stats. It may be true but I'm an engineer and like to see why 1 vs the
other. Guacamole is either going to use VNC or RDP protocols. Both are
relatively known quantities. I have used Guacamole on Ubuntu 14.04 desktop
servers to provide HTML5 access to LXC (linux container based) Ubuntu remote
desktops. That requires some configuration w/x11rdp and xfreerdp etc but there
is a freakin great toolset with the odd name of "ScaryGliders"
[http://scarygliders.net/2012/05/23/the-
scarygliders-x11rdp-o...](http://scarygliders.net/2012/05/23/the-
scarygliders-x11rdp-o-matic-and-rdpsesconfig-hotness-upon-hotness/)

that hss the build down to an art. They GIT the latest code, do the required
build and then install for you on your system. After that you just install
Guacamole server side and you are done.

------
makmanalp
Nomachine also has been doing this for a while, and NX is really darn smooth
on spotty connections:
[https://www.nomachine.com/node/2473](https://www.nomachine.com/node/2473)

I do love that this is open source though. Someone will probably add NX
support soon. Sound support also looks pretty impressive.

------
iandanforth
I've found remote desktop setup immensely frustrating in the past. Every six
months or so I'll think "Wouldn't it be cool if it I could have an Ubuntu AMI
on EC2 I could boot and remote desktop into?" Then it's hours of googling and
config settings editing. Hopefully someone will point me to the easy way I've
been missing?

~~~
jitl
Unfortunately RDP server on Linux is a bit tricky to set up, and involved some
amount of compiling for me. On the other hand, I think `x11vnc` is pretty easy
to get started with. I followed this guide, and it worked for me no problem:
[http://askubuntu.com/questions/229989/how-to-setup-x11vnc-
to...](http://askubuntu.com/questions/229989/how-to-setup-x11vnc-to-access-
with-graphical-login-screen)

My guacamole server then connects to x11vnc so I still get RDP-like
performance across the internet.

Edit: you'll also want to make an Upstart job for x11vnc so that it starts on
boot, and restarts if (when) it dies. You can just copy any of the basic
upstart jobs in /etc/init.d/*.conf and investigate. You also may want to make
x11vnc start after your X server: [http://upstart.ubuntu.com/cookbook/#run-a-
job-before-another...](http://upstart.ubuntu.com/cookbook/#run-a-job-before-
another-job)

There is a lot of fiddly business :/

~~~
drunkcatsdgaf
Did you check out freerdp? I believe its in most package managers.

~~~
jitl
Freerdp's server component is pretty experimental and mostly undocumented. The
freerdp package you're referring to is a RDP client, not a server. This was
the best result I got for googling "freerdp server":
[http://askubuntu.com/questions/475776/can-freerdp-be-used-
as...](http://askubuntu.com/questions/475776/can-freerdp-be-used-as-server)

Very much still a compile-it-yourself experience. When I was setting up my RDP
server on my Mint media center, I went with xrdp + x11rdp setup detailed in
some guides at ScaryGliders.net, although the same guy as released a bunch of
scripts to do it for you, see [https://github.com/scarygliders/X11RDP-o-
Matic](https://github.com/scarygliders/X11RDP-o-Matic)

I don't really want to deal with recompiling stuff and manual updates though,
and expect others to feel the same, which is why I advocated x11vnc to the GP.

------
egeozcan
Having an HTML5 client built-in doesn't mean that it's "clientless" but it's
still impressive. MIT license doesn't hurt, too.

~~~
jitl
It's "clientless" as in you don't have to install any software on the machine
you want to connect from. No need to fiddle with RDP software on your parent's
computers, or worry about access control restrictions from a locked-down
corporate network. As far as permissions go, if you can browse the internet on
a computer, you can remote control your servers with Guacamole.

~~~
gioele
> It's "clientless" as in you don't have to install any software on the
> machine you want to connect from.

Except a browser compatible with HTML5-august-2014-revision. Believe it or
not, there are many places stuck in pre-HTML5 times (hotel computers, for
example).

If it could stream GIFs and accept clicks with server-side image maps, then it
would be compatible with every desktop graphical browser in existence (Opera
Mini and text browser would still be not enough).

~~~
Eiriksmal
> If it could stream GIFs and accept clicks with server-side image maps, then
> it would be compatible with every desktop graphical browser in existence

I can't decide if that's the most brilliant idea I've ever heard or the most
terrifying. Probably both.

~~~
tekacs
LogMeIn did this (albeit with refreshing static images for control, IIRC) as a
supported in-browser fallback client for almost a decade. It was horrifically
painful, but usable in a pinch.

------
fulafel
I see a lot of these front pages with "major bummer, this video can't be
played with your setup". Feels like the era of Flash all over again.

~~~
Fastidious
I don't understand, It seems HTML5 video to me. What kind of setup do you
have?

~~~
fulafel
Firefox on Ubuntu. It's probably <video> using a non-free codec (H.264).

~~~
wjoe
It is, but I'm using Firefox on Arch Linux and it works fine for me. H.264 has
been supported in Firefox on Linux for a few versions now, although you need
gstreamer installed with the relevant plugins.

~~~
jumpwah
Hey I'm on firefox (latest -31) on arch as well. Thing is vimeo doesn't load
for me either. I do have the packages `gstreamer0.10` and `gstreamer0.10-base`
installed, however in `about:plugins` in firefox, there are no plugins
installed. So does this mean I have to have some such 'plugin' here for h264
to work?

~~~
jitl
Kinda. You need H.264 codec support in Gstreamer. Try installing the Gstreamer
libav (an FFMPEG fork) plugin: [https://www.archlinux.org/packages/?name=gst-
libav](https://www.archlinux.org/packages/?name=gst-libav)

That should give your Gstreamer support for all formats libav supports.

~~~
jumpwah
Oh my I feel silly now, the package you linked is listed right in the optional
deps for firefox! (Along with `gst-plugins-good` for h264 video too).

I remember being surprised that sites like dailymotion and vimeo still
wouldn't work since I expected firefox to come with h264 support a while back
(the whole cisco thing if I remember correctly). Always just attributed it to
not having flash installed or whatever and shrugged my shoulders.

Anyways they work now, and at
[http://www.youtube.com/html5](http://www.youtube.com/html5) it showed no h264
support before, but now it does. So thanks for the comment, without which I
would have still been living in the dark. :)

------
joeperks
I have used Guacamole as a solution to supporting remote desktop when the
client location's firewall(s) allow nothing except port 80 and 443. Worked
perfectly allowing users to connect to multiple desktops with no installation
what so ever. Simply the perfect tool for what we needed and setup is a breeze
once you familiarize yourself with the documentation.

Definitely keeping this in my mental toolbox!

------
leishulang
Looks promising! Could be use to control bittorrent server from work. Maybe
call it pluginless instead? Clientless kinda makes me imagine it's pure
js/html5 app but actually it uses a server as client.

~~~
nemo1618
you can already control rtorrent via ssh, though admittedly it has a steeper
learning curve.

~~~
icebraining
Or setup a web interface for rtorrent:
[http://wiki.rtorrent.org/RtorrentProjects#Web_Frontends](http://wiki.rtorrent.org/RtorrentProjects#Web_Frontends)

And on Android, there's Transdroid:
[http://www.transdroid.org/](http://www.transdroid.org/)

------
maho
Can I use this for a setup where multiple users look at the same "screen"? I
combed through the documentation and am attempted to say no...

~~~
jitl
That sort of setup need to be handled by your VNC or RDP server itself.
Guacamole will play nice with whatever your target server is doing in that
regard.

------
ibisum
I wonder if this can be used to set up a multi-headed workstation environment,
where each user has their own desktop (Linux) on the same large, megalithic
server? I have a machine with 128gigs of RAM and 1TB of SSD .. this seems like
the perfect situation where I can give a desktop to 3 or 4 users on the same
machine. Anyone know how well that works with Guacamole yet?

~~~
rev_bird
It doesn't seem like a particularly elegant solution, but with that much
memory, you could almost certainly carve out 4 VMs, each running a separate
guac instance, right? Getting to them might be trickier, though...

~~~
jitl
You don't need a separate Guacamole application instance for each user or even
each VNC/RDP host -- each user in your Guacamole config has its own connection
settings and operates independently of other sessions.

~~~
ibisum
I've since gone through the setup of Guacamole and tried things out - indeed,
its as you state, you can isolate users pretty well. I was able to set up 3
test users, each with their own WM, and independent logins on the machine ..
and it works pretty well. I can see this as being a great facility for a
small-office environment that just wants to run a single machine that services
multiple users, each logging in with Android tablets or whatever other cheap
browser-supporting devices they may have .. pretty neat, and you can't beat
the ease of deployment: just point your users at their web URL, and there's
their Linux desktop.

(I was even able to run Inkscape and Ardour on different logins, without too
much fuss .. worked quite well!)

~~~
jitl
I had struggles when using my iPad with Guacamole, but it works great with
Chromebooks/Chromeboxes!

------
codezero
The Github repo for the client says it's 50% Java, can someone clarify, is
this an HTML5 client, or are there other things happening?

~~~
jitl
Guacamole is a Java program. It's basically a proxy between RDP/VLC and HTML5.
Guacd (the java bits) connect to an RDP or VNC server on your behalf, and then
you interact with the remote machine through guacd. Here's a simple text
diagram

    
    
      [Windows RDP server] <--RDP protocol--> [linux Guacamole server] <--HTTP or Websockets--> [HTML5 client in your browser]

~~~
Nilzor
Wait.. so you're saying you need a linux server to access your windows server?

~~~
jitl
That's the configuration I use. You can run guacamole directly on the target
server if you want. I'm reluctant to expose my Windows machines directly to
the wild internet, and I don't want to learn how to configure an HTTPS
reverse-proxy in Microsoft's ecosystem. Having a dedicated guacamole box is
nice because I expose port 80/443 on my Linux Guacamole machine, and then use
it to connect to any number of Windows and Linux computers behind my
firewall/NAT.

~~~
Nilzor
Ok I see, thanks for the explanation.

------
ivan_ah
Could this be used on a Mac?

I would like to have remote/shared access to Xcode + iOS dev stack... Or is
there some other way to get that?

~~~
philbarr
I use TeamViewer for that, AND Chrome Remote Desktop. I've found that I need
both so that if TeamViewer doesn't work for some reason I've still got Chrome
available to go in and fix it...

Hardly the best setup but at least it's free. Will be checking this out to see
if it fits my reqs.

------
annnnd
Just wondering: what features of HTML does Guacamole use to make this
HTML5-only? Is it video tag? Canvas?

~~~
bwblabs
[https://github.com/glyptodon/guacamole-
client/search?q=video...](https://github.com/glyptodon/guacamole-
client/search?q=video+OR+canvas) By looking in the code I think they use
Canvas, streaming video would be interesting. Looking at guacamole-common-
js/src/main/webapp/modules/Tunnel.js I think they use WebSockets with a
XMLHttpRequest fallback?

~~~
warfangle
Looks like it also uses audio - [https://github.com/glyptodon/guacamole-
client/blob/5ae22ce20...](https://github.com/glyptodon/guacamole-
client/blob/5ae22ce206582fb2eebdacf826697e8e1a20611d/guacamole-common-
js/src/main/webapp/modules/AudioChannel.js)

------
blutoot
I'm thinking of the implication of something awesome like this. Hopefully in
the long-run it will boost the likes of light LTE-enabled Chromebooks, at
least for tech professionals. That of course requires high-speed LTE
infrastructure and ISP backbones.

~~~
cbhl
Eh, Chrome Remote Desktop and Fusionlabs' Chrome RDP both already allow
Chromebooks to be used for remote desktops (the latter speaking actual RDP),
although both are closed-source.

~~~
heywire
I do something similar using Ericom AccessToGo (FREE) to RDP from my Samsung
Chromebook (ARM) to various Windows boxes.

------
jimmcslim
I see that there are a number of folks around with Docker containers for
Guacamole, but it seems there might be nice for there to be an 'official'
container for this project.

------
Yardlink
This could enable some very low development cost cloudwashing of legacy
desktop software!

~~~
chromaton
This was my thinking as well. Or to allow formerly plugin-requiring apps to
run on the server. Any ideas for how to lock this down on the server side so
that it can only run ONE application?

~~~
jitl
Guacamole is just a go-between. For that sort of OS-integrated lockdown you
will need to configure your target server (the box actually running VNC or
RDP). No special support on the Guacamole end required.

------
xorcist
I use something called Spark View for this. How does Guacamole compare?

------
vnz
Can this be used with custom credential providers through RDP?

------
unicornporn
I'd like to see some OS X binaries or a homebrew keg!

