On Fri, Jul 19, 2019 at 11:03 AM Lukáš Raška <lukasra...@gmail.com> wrote:
> Hi, > > Dne pá 19. čvc 2019 17:37 uživatel Nick Couchman <vn...@apache.org> > napsal: > >> On Thu, Jul 18, 2019 at 2:57 PM Lukáš Raška <lukasra...@gmail.com> wrote: >> >>> Hi, >>> I guess the easiest solution would be to use two different guacd >>> instances. Guacamole backend can use multiple guacd, but the frontend can >>> only use single Guacamole server, afaik. >>> >> >> No, this is not true - you can configure multiple guacd instances and >> point the same Guacamole Client instance at multiple ones. Basically >> you'll end up with a default guacd instance that will be used when no other >> instance is present in the configuration for a connection. This will >> either be localhost (if nothing is configured) or whatever you've >> configured in guacamole.properties. >> >> On a per-connection basis, you can configure each connection to point to >> a specific guacd hostname and port. This is done in the Guacamole Proxy >> section of the connection configuration, where you can specify the >> hostname, port, and encryption method for guacd for that particular >> connection. >> > > Yes, that is exactly what I meant. Multiple guacd instances, but single > (even if clustered) java webapp, because the Angular frontend application > cannot speak to different API instances (which is what I understood was the > primary question). > > > Ah, I missed that part - the statement was "2 guacamole-server on 2 different VM and a single guacamole-client". guacamole-server is guacd, not the Java (API & Tunnel) component of guacamole-client. guacamole-client refers to the entire package of the client-side interfaces, which includes the API and tunnel components (run in Tomcat) and the AngularJS components (run in the browser). So, if the question is, can you run a single instance of the AngularJS components against a load-balanced set of servers running the API/Tunnel components, then, yes, this can be problematic, as today there is nothing to synchronize information between multiple instances of the Tomcat components. If the question is, can a single instance of the entire guacamole-client stack be run against multiple instances of the guacamole-server component (guacd), then, yes, it can be done, particularly to deal with location and network-specific differences. > >> >>> >>> >>> In case you can create persistent VPN tunnels to different sites, for us >>> the easiest solution was to use Linux kernel network namespaces to separate >>> those (basically what LXC / Docker does) and either run guacd locally or >>> remotely. >>> >>> >> There are definitely some creative things you could do with networking to >> automatically route those guacd connections to the correct place without >> having to specify parameters on a per-connection basis. Using kernel >> network namespaces or some iptables rules would do the trick. You could >> also using something like HAProxy and do the load balancing based on >> destination address, I think. Several good options for automating this. >> > > The problem here could be overlapping networks in different VPNs, so > routing table separation will probably be necessary (depends where guacd > will run and what is the exact usecase). > Yes. Again, you would have to get creative :-). -Nick >