That said, this doesn't work as well as people here want it to. There is a significant cost to running in the browser (keyboard for instance, pressing CTRL-W will definitely generate a "wtf" moment a few times). But the speed and the fact that I couldn't do significant protocol development (VNC has something like 7 variations on protocol, integrating those into websocket is more than just encapsulating them if you want it to work well), means that I couldn't use the most efficient protocols. This meant that effectively there were resolution limits that weren't too high.
And full-screen games were doable because generally they would lower resolution and have other sources of lag. So they actually worked better than things like Eclipse and Visual Studio. Also they make you much less likely to hit browser keys. Especially old full screen games worked really well.
In my current active project we have real-time streaming (< 10ms) working just fine in Chrome and Firefox: https://www.youtube.com/watch?v=YYRBRzevRDw
<img class="emoji" title=":feelsgood:" alt=":feelsgood:" src="https://assets-cdn.github.com/images/icons/emoji/feelsgood.png" width="20" height="20" align="absmiddle">
FYI, a fix for that is coming soon: https://w3c.github.io/keyboard-lock/
Browsers already have an API for overriding built-in keyboard shortcuts: Event.preventDefault(). It's just that browser makers have chosen to ignore it for certain special keys like Ctrl-t and Ctrl-w.
The nice thing about a remote desktop, though, is that you won't actually lose changes.
It can even display images in your browser if you do something like, 'cat someimage.jpeg'
(I wrote it)
Teamviewer and Nomachine NX are two examples that I use a ton that seem to have most of this stuff figured out, whereas their competitors seems to work in theory, whereas in practice they are bloated, they lag, they make my computer fan go crazy, etc.
Another thing is ease of connection through NAT/firewalls, though for that this seems to shift the burden on the server setup.
About NAT/firewall zerotier solves most of my issues.
The other thing RDP is amazing at that I haven't seen Linux do well at all is resuming local sessions remotely and vice versa - with RDP it feels integrated, with x2go you're back to just transferring frames.
RDP does the same; the early revs were basically GDI over wire. Later versions would have extensions/hax to transport the DirectX stuff (did they just ship framebuffers? I dunno).
2) When times changed, RDP adapted, X did not. No one uses those old graphics primitives anymore, and X's network protocol failed to keep up with the new reality of client-side rendering. So now that protocol sucks for remoting GUIs.
I don't do support but I did use it in non-support roles, I just can't imagine the use case nowadays.
I think the attraction to NX for linux users is that it is still way better than VNC.. and both of which are pretty much the only consistently functioning / packaged server options for most distros without fiddling..
I use both, but Teradici is the one that made me abandon my local Windows VMs.
Here's a walk-through from a year ago: https://www.reddit.com/r/homelab/comments/4vdujw/guacamole_f...
I used Guacamole + a 1st gen Chromebook as my laptop for several years of college work in 2012-2014.
Tasks that worked well:
- writing code in IntelliJ
- editing in Adobe Illustrator
- working in the terminal
- basic CAD in Sketchup
Tasks that I’d wait to do at home on my desktop:
- drawing, especially in Photoshop
- 3D work in Maya
- sound-latency sensitive work like MAX
I use it to get around my firewall at work, which seem to block anything apart http/https. If anyone knows a better solution than guacamole, let me know :)
I used it for years with only a 1mb uplink, although I now have 10mb.
Quite interested to hear more about your use case. Does it simplify access control? Is it just for accessing over HTTP, or e.g. over SSH?
So I'd argue the GP's post is valid as it is.
Where I work, it's standard for developers to work using a "cloud desktop", i.e., a remote machine hosted in the cloud that's used for personal development with a very production-like environment . When accompanied by a powerful laptop it's all most engineers need. However, client and server software for various protocols like RDP and VNC on various platforms is still a pain. It'd be great to have a simple and easy way to provide viable remote access built directly into servers -- from any client device with no prior setup. I'm glad to have come across this.
I'm curious how Guacamole's HTML5 rendering compares to solutions like the Ace editor when used to render terminals and text areas. At a high level, it looks like Guacamole is based on RealMint which uses the HTML5 canvas tag, whereas Ace manipulates regular text elements to effect styling. I'll have to experiment with them.
 And for that reason I was amused to see the following on the Guacamole home page: "Keep your desktop in the cloud: Desktops accessed through Guacamole need not physically exist. With both Guacamole and a desktop operating system hosted in the cloud, you can combine the convenience of Guacamole with the resilience and flexibility of cloud computing."
Personally I prefer something like Apple's iCloud Drive; your files are downloaded locally and made available offline, letting you work on them with any device, even after it's disconnected from the Internet.
This lets my data stay mine, encrypted on my local storage, individually manageable and tag-able like all regular files, included in Time Machine etc. backups, and available even if iCloud Drive goes down.
For example, although you cannot compile full Xcode projects on iPads (yet), I can take code from them, edit it in Swift Playgrounds on my iPad, and copy it back into iCloud Drive for continuing on my iMac.
I know Ace-like editor works great but it's usually a minimal web editor compared to something like Sublime running on vnc/rdp.
As far as protocols like RDP and NX go, I don't know of a silver bullet. I use machines hosted in Portland from my location in Seattle and the latency is low enough that remote UIs feel close to native. Some protocols are better than others at handling high-latency connections or low-bandwidth connections. I'd recommend testing a few and see what works best for your environment. You might also measure the round trip time: for any protocol that needs a round-trip with the server to update the display, the RTT will fundamentally bound the UI's responsiveness - to do better you have to load some display logic onto the client. Scrolling and character echo are two examples of logic that's really valuable to have on the client. (Many SSH clients have local predictive echo for that reason; they echo by default except when they've detected a password prompt)
I should clarify though that a lot of development takes place on a person's local laptop, synchronizing between that and the cloud desktop (such as with Git and other tools). The former provides responsiveness and the user's preferred OS and tools, while the latter provides a production-like OS with high performance that is better able to handle complex software stacks like multi-microservice applications or sizable ecommerce websites. It's also convenient to have a relatively pristine environment that isn't frequently interrupted by e.g. laptop hibernation and network changes.
Another example is emacs in server mode: although normally folks use a Unix socket, it's possible to use a network socket instead. The remote emacs actually contains all the state, and the local emacsclient just connects to it.
Another approach is to run emacs locally, and access remote files & commands with TRAMP.
Enterprise clients can then login from anywhere and get a fast controlled demo of our software.
A few months ago I also threw out our crappy old Citrix deployment and replaced it with Guacamole. When hurricane Harvey hit we had 50+ engineers working remotely without a single hiccup. It was a lifesaver.
[The web application deployed to the Guacamole server reads the Guacamole protocol and forwards it to guacd, the native Guacamole proxy. This proxy actually interprets the contents of the Guacamole protocol, connecting to any number of remote desktop servers on behalf of the user.|https://guacamole.incubator.apache.org/doc/gug/guacamole-arc...]
On the one hand I immediately think of CAD, but that hates remote desktop solutions.
The only thing left is mass client simulation/networking simulation, but you just said virtualization won't work for your use case.
•Enabling Duo Dual / Multi-Factor Authentication (MFA) for Guacamole Docker
•Using Let’s Encrypt with an NGINX Docker Container (plus bye-bye StartSSL!)
Does it log in into its own session or takes control over an active session on the machine?
My use case is this - My parent is using Ubuntu and in case she reports a problem, I'd like to be able to log into her session, share control over the mouse pointer so that she can show me what she's doing and I can also navigate around to uncheck the checkbox or sth like that.
Is Guacamole the right solution? If not, anyone knows a good one?
For VNC, if your server is set up using X11VNC then you will be logging into the existing session, whereas if you set it up it TightVNC or Vnc4Server (can't remember what's in the Ubuntu repos) then it will be a separate session.
The target machine is Ubuntu 17.10 on Wayland. Not sure if X11VNC will work with that :(
I had a lot of trouble getting TeamViewer to install on my cloud VMs. It needs a physical desktop or something close to it. On DigitalOcean and Scaleway, this didn't work. On Vultr and Linode, it works fine.
Open-source solutions for things like this are generally developed as infrastructure, or a basis for future work. Proprietary solutions are built for people to actually use.
- Does not work on Ubuntu
- Would not solve this issue
- Needs a special licence to allow multiple users to connect simultaneously
Which utterly obvious piece of the equation thing am I missing?
I cannot remember drag & drop files off the top of my head, but I seem to think no.
Not sure about local printer.
File drag-and-drop can be set up via a couple of different mechanisms, and isn't easy to get going, but works fine once you have it going.
Though it does seem they started letting video game captures again, they still have the "creative expression" language.
Your remote <———> guacd (RDP)
guacd <———> the browser (custom protocol)
In my experience, Guacamole works very well with windows RDP servers, and feels very fast. Certainly faster than X11 or VNC remoting on the same hardware.
("SS": Session Server (where the session is running), "GS": Gateway Server (where the protocol translation is performed from RDP -or VNC- to custom HTML5), "WC": web client)
- At SS, compress images using the RDP -or VNC- protocol. Cost: CPU, RAM, and RAM bandwidth, because of desktop render, delta analyzer, image compression for the RDP -or VNC- protocol, image-specific compression (e.g. RLE in if a old protocol is negotiated), lossless compression ("bulk"), encapsulation, bandwidth/frame control, transfer.
- TCP transport between the SS and the GS. Cost: LAN traffic.
- At GS, decompress the RDP -or VNC- protocol in the "gateway" server (bulk lossless decompressor, and image decompressor -e.g. RLE for basic protocol negotiation-). Cost: mainly CPU.
- At GS, compress the the images in a format suitable for the web client. Cost: mainly CPU.
- Send the images via websocket from the GS to the WC. Cost: WAN traffic.
- Decompress and render the images in the web client. Cost: client CPU and RAM.
Then, you have to dimension how many GS you need per SS, routing between the WAN the GS, how do you balance both the SS and the GS, high availability setup, etc.
TL;DR: data is compressed and decompressed twice, because of the protocol conversion, involving extra latency because of more time for compression/decompression and more hops.
Alternatively, I'd take recommendations for an SSH client for the iPad that supports public/private key pairs and connecting through a bastion/jumpbox/etc. (a.k.a. the "ProxyCommand" SSH client directive).
I might try to make it work with Guacamole, web UI is definitely better than installing VNC client.
This is one of them.
I will give this a try. Hoping it is good.
And VNC on Mac has always had miserable usability for me - updates paint slowly from the top to the bottom of the screen, can't see my text in real time when I type.
I am using this for a side project. We have training classes where sometimes 10-20 students connect to Windows servers using RDP.
At times we get a weird key sticking/lagging bug. We haven't figured out how to fix it; we think it's a JVM memory issue but we're not sure.
"guacamole docker" returns a whole page of helpful resources (github, dockerhub etc)
Minor grammatical note: "e.g." means "for example", so the phrase "for e.g." does not make sense. I used to make the same mistake quite a bit!
e.g., with some additional punctuation:
I like to run for the bus.
I like to run for, for example, buses, cars and airplanes.
I like to run for e.g. buses, cars and airplanes.
A little tortured but possibly valid.
Just use nomachine, it's worth it. Clients for all os:es.
I'd very much prefer if the named Guacamole the "Apache clientless remote desktop gateway"
EDIT: My pet peeve, though, is names that mean something unrelated and much cooler. Like (my go-to example) Terraform - glorified configuration manager appropriating the name of something infinitely more interesting.
We had things like database servers named "db1" and "db2", load balancers were "haproxy1" and "haproxy2", web servers "web1" through "web8", that sort of thing.
The new IT director decided to name servers based on city names, where the country indicated the type (Sweden is database servers, Finland is load balancer, Japan is web servers). And these weren't obvious names, ISTR that one of the 20 names I had heard before.
So at 3am when an alert came in saying "Hagfors has high load", you had to know that was in Sweden to know it was one of the database servers. But was it the primary or the secondary?
It seemed a curious decision to make.
Like GP, the trend over the last decade or so to use meaningless names for tech products is one of my biggest annoyances. Occasionally something gains such enough popularity that it doesn't matter ("Google") but in most cases these names are only meaningful to the people who work with these products every day and for everone else it's alphabet soup.
That's easy to say and descriptive enough.
When I hear Apache Guacamole, I'm thinking of Native American / Mexican fusion food.
Plus, even in colloquial language, we don't ever call a database server an SQL server. They're referred to as databases, or by their names.
I prefer descriptive names too.
I don't like either one. "clientless remote desktop gateway" is way too long and cumbersome. But it seems like, recognizing that, the answer was $(shuf -n 1 /usr/share/dict/words), resulting in a generic commonplace word with no relationship to the project at all.
And all the printers have names of cartoon characters.
Thank goodness we have a searchable indoor map.
I hate marketing as much as anyone, but even I can understand that brands sometimes have value. Google would have done much worse as a company if they'd just named themselves "Search Box".
A device for serving content very fast.