I would like to share my case study and experience in deploying Guacamole inside a small business.

What is Guacamole

Apache Guacamole is a clientless remote desktop gateway.

It allows to expose:

  • RDP connections (Windows desktops)
  • VNC connections (Linux / Windows / ...)
  • SSH shells
  • Kubernetes pod shells

Using a simple web client with no requirements and allowing to leverage powerful SSO mechanisms and even LDAP.

My usecase

Due to the current crisis my client needed a simple way to allow employees to access their desktops remotely.

The office initially started from the usual suspects: centralized remote access services.

These services do generally work well but in this moment, the networks' cross-country links are overloaded, leading to high latencies and in general bad experiences for these realtime tasks.

The new system had to be:

  • Self Hosted centralized services are overloaded
  • Open Source because I want the business to understand that at no cost equals to with no value is a false dichotomy.
  • Easy to use for employees
  • Easy to operate

And Apache Guacamole ended up being a clear winner.

Deployment

After setting up a double NAT puching setup (absolutely horrifying experience), all that was needed to setup Guacamole was:

  1. Installing Fedora 32 Server on a Dell Vostro 200 that was lying around unused.
  2. Installing podman
  3. Starting three containers
    1. guacd: The Guacamole daemon (handling connections)
    2. guacamole: The Guacamole frontend (handling the user interface)
    3. postgres: The accounts database
  4. Inserting connections and users from the GUI

User feedback

According to my data, in these first weeks of operation the application was used for at least 4 hours a day from each employee, with a 70%-30% split between RDP and VNC connections.

Simple HTTP GET probes certified the service uptime as 100% during work hours.

In order to validate the system effectiveness I organized chat interviews with each employee (~10) after one week of utilization.

I expected to show percentages here, but every single employee replied Yes to each and every question.

If this makes you uneasy, put an imaginary 100% alongside the Yes reponse and an imaginary 0% for No.

Questions asked

Comparisons with other solutions

  • Would you say that the new application is more responsive than the previous one?
  • Would you say that the new application is easier to use compared to the previous one?

Service itself

  • Was the service available every time you tried to access it?

Conclusions

The outstanding results of the survey can led to some conclusions:

  • Apache Guacamole is a great piece of software
  • Open Source software can provide value to business when depoyment is a conscious decision (taking into account the operational challenges and the need to provide support for feature requests and so on)
  • Self Hosting is a viable solution for many situations (Here the application was even deployed on a soon to-be recycled machine!)
  • There's value into decentralizing services