On Fri, Jul 19, 2019 at 11:03 AM Lukáš Raška wrote:
> Hi,
>
> Dne pá 19. čvc 2019 17:37 uživatel Nick Couchman
> napsal:
>
>> On Thu, Jul 18, 2019 at 2:57 PM Lukáš Raška wrote:
>>
>>> Hi,
>>> I guess the easiest solution would be to use two different guacd
>>> instances. Guacamole backend can use multiple guacd, but the frontend can
>>> only use single Guacamole server, afaik.
>>>
>>
>> No, this is not true - you can configure multiple guacd instances and
>> point the same Guacamole Client instance at multiple ones. Basically
>> you'll end up with a default guacd instance that will be used when no other
>> instance is present in the configuration for a connection. This will
>> either be localhost (if nothing is configured) or whatever you've
>> configured in guacamole.properties.
>>
>> On a per-connection basis, you can configure each connection to point to
>> a specific guacd hostname and port. This is done in the Guacamole Proxy
>> section of the connection configuration, where you can specify the
>> hostname, port, and encryption method for guacd for that particular
>> connection.
>>
>
> Yes, that is exactly what I meant. Multiple guacd instances, but single
> (even if clustered) java webapp, because the Angular frontend application
> cannot speak to different API instances (which is what I understood was the
> primary question).
>
>
>
Ah, I missed that part - the statement was "2 guacamole-server on 2
different VM and a single guacamole-client". guacamole-server is guacd,
not the Java (API & Tunnel) component of guacamole-client.
guacamole-client refers to the entire package of the client-side
interfaces, which includes the API and tunnel components (run in Tomcat)
and the AngularJS components (run in the browser).
So, if the question is, can you run a single instance of the AngularJS
components against a load-balanced set of servers running the API/Tunnel
components, then, yes, this can be problematic, as today there is nothing
to synchronize information between multiple instances of the Tomcat
components.
If the question is, can a single instance of the entire guacamole-client
stack be run against multiple instances of the guacamole-server component
(guacd), then, yes, it can be done, particularly to deal with location and
network-specific differences.
>
>>
>>>
>>>
>>> In case you can create persistent VPN tunnels to different sites, for us
>>> the easiest solution was to use Linux kernel network namespaces to separate
>>> those (basically what LXC / Docker does) and either run guacd locally or
>>> remotely.
>>>
>>>
>> There are definitely some creative things you could do with networking to
>> automatically route those guacd connections to the correct place without
>> having to specify parameters on a per-connection basis. Using kernel
>> network namespaces or some iptables rules would do the trick. You could
>> also using something like HAProxy and do the load balancing based on
>> destination address, I think. Several good options for automating this.
>>
>
> The problem here could be overlapping networks in different VPNs, so
> routing table separation will probably be necessary (depends where guacd
> will run and what is the exact usecase).
>
Yes. Again, you would have to get creative :-).
-Nick
>
