Thanks Nick, I'm giving it a try. Any tips you could share regarding: - Screen resize with browser. - Audio - Keyboard layout - Firewall rules (weirdly enough, I can't make it work enabling 3389/tcp, only completely disabling the firewall makes it work. Still investigating..)
Regards, CI.- El dom, 22 ago 2021 a las 15:08, Nick Couchman (<[email protected]>) escribió: > > On Sun, Aug 22, 2021 at 12:21 PM Ciro Iriarte <[email protected]> wrote: >> >> Hello!, >> >> I'm working on a lab environment for coworkers & given the requirements are >> GUI Jumphosts & no licenses for OS we settled on Linux+VNC & Loadbalancing >> pools with Guacamole. >> >> All the OS users will be named, authenticated to FreeIPA and potentially a >> NFS based $HOME. Guacamole also authenticating with LDAP+OTP and JDBC-stored >> connections. >> >> I've struggled setting up VNC with openSUSE 15.3 and their KDE desktop >> (SDDM). Have a slightly better outcome with XDM (uglier but works somehow). >> The desktops/jumphosts are running as PVE VMs, so also tested with KVM/QEMU >> VNC support. The experience with that case is way better, rock solid VNC >> session, even manual screen resize works, there's one annoying bit (keyboard >> mapping for es-latam) and a major roadblock: it's the VM console, user2 >> could land on the already logged in session for user1. >> > > Yes, here you have run up against one of the chief drawbacks of VNC - lack of > session management. > >> >> I imagine I could create the loadbalancing group with 1 connection per user >> with session "stickiness" & then setup OS level timeouts to lock the GUI >> session after no activity. That & fixing the keyboard mapping with >> guacamole-> QEMU VNC console would make it, but feels like having a lot of >> moving parts. >> > > Yeah, if you're going to go this route, you're essentially going to have to > rely upon Guacamole to manage the sessions, which means not load balancing > groups and session stickiness, but also logouts. I would say that you need to > log out as soon as Guacamole disconnects, not just lock, because you could > still run into the same scenario. > >> >> Any smarter approach to this?. Could anybody share their recipe for similar >> scenarios?. >> > > In personal experience, where I need access to Linux systems remotely, I tend > toward xrdp instead of VNC. While xrdp is certainly far from a perfect RDP > server implementation, it does feature TLS encryption, some basic session > management (disconnect/reconnect and multi-user access to a single system), > and there's even a native Xorg xrdp driver that I generally use that avoids > having to go through the pain of setting up VNC to back xrdp (which was the > way it was originally deployed). > > You'll still have to rely upon some of Guacamole's features to manage > sessions - particularly if you want to load balance and split to multiple > hosts, Guacamole's load balancing and session stickiness will still be > required to help handle those things. And, if you go that route, you'll still > have some challenges with users getting disconnected from one host and then > logged on to a different host, where their session will essentially be "lost" > (even if it's still running). xrdp does not have any inter-server > communications mechanisms (that I know of, anyway) that would help with this, > so it really would rely on Guacamole to handle that part of session > management. > > Hope this helps - I'm not saying this is the "right" way to do it, just how > I've settled on remote, graphical access to Linux systems over the past > couple of years, and it works well for me. > > -Nick -- Ciro Iriarte http://iriarte.it -- --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
