We use Guacamole in a cloud environment where we have strict GDPR and other legal requirements we must follow, especially regarding data at rest and in transition. We’ve developed a custom portal ontop of Guacamole for user login (Azure AD), with MFA and consents.
One other thing we had to take care of was storage of user data in the mapped drive, also used for transferring in/out of the target VM. For that we divided our guacamole farm into regions that have same restrictions, and we used cloud storage (Azure storage accounts) mapped to guacamole servers. Connection profiles will create user directories within these mapped storage accounts, thus we can guarantee data is stored in the expected region/ country. An example: we have guacamole servers in Norway, with storage accounts in Norway, that accepts users login from Norway only (in the custom portal). In order to not be able to overcome this setup, we simply added firewall rules so that hosts with these types of restrictions can only be accessed through their designated guacamole servers. Definitely not OOTB behavior, but you can get compliant. Bogdan From: Joachim Lindenberg <[email protected]> <[email protected]> Reply: [email protected] <[email protected]> <[email protected]> Date: 2 May 2020 at 18:57:22 To: [email protected] <[email protected]> <[email protected]> Subject: Re: How can Guacamole be customized? In my opinion (and I can be wrong), the use of Guacamole today puts > European companies out of law. > > I disagree. I am based in Germany, I do consulting w.r.t. security and > data > protection, and I also offer Guacamole as part of my backup service > contracts. It really depends on your use case, and where there is a > contract > (service, employee, whatever), then any additional consent is imho > worsening > your legal situation as a provider. If you really need something like > this, > then you can integrate Guacamole into you own portal (you name it) and use > single sign on mechanisms from there (I do from my backup software). > Nevertheless I´d also like to see a full blown customization example, as > of > course I´d also like to brand it more easily. > Joachim > > -----Ursprüngliche Nachricht----- > Von: WhiteTiger <[email protected]> > Gesendet: Samstag, 2. Mai 2020 17:18 > An: [email protected] > Betreff: Re: How can Guacamole be customized? > > Now I read the framework documentation, but at least all the suggestions > related to Disclaimers and Policy management should be included in a > > future > > release. > Especially in Europe, the GDPR requires companies to take a particular > approach to managing access to IT systems. > I don't understand how those things were not already included a year ago, > when the GDPR became law. > In my opinion (and I can be wrong), the use of Guacamole today puts > European > companies out of law. > > In my opinion, the best solution is that the administrator has options > > with > > the possibility of inserting images or an HTML text in which he himself > > will > > insert the links to images or other pages. > > > > -- > Sent from: http://apache-guacamole-general-user-mailing- > list.2363388.n4.nabble.com/ > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > >
