Hey, I just wanted to describe how we're using Guacamole, and thank everyone for making a potentially complex project easy to implement.
I work *for* Red Hat, but I work *with* the Mass Open Cloud project. Some folks from another university contacted wondering if they could make use of one of our cloud environments to provide a group of students with access to a Linux development environment. An additional complication was that their students don't necessarily have a lot of prior technical experience, and in many situations they might not be able to install any software on their local systems (they may be working from a library, or on a chromebook, etc). So... - No local virtualization - No PuTTY - Etc. I hadn't previously heard of Guacamole, but it really seemed like the perfect match for our requirements. With just a little work, I was able to glue together Keycloak, Guacamole, and our OpenShift environment to create a functional solution that met all our requirements: - Students authenticate using their existing Google credentials. Guacamole's support for OpenID connect was really helpful here (we could have solved this using oauth2-proxy as well, but having the native support removes one level of complexity). We're able to manage group membership in Keycloak such that the instructor(s) can see all the connections for their students. - The REST API made it very simple to hack together some scripts to automate the process of creating Guacamole connections, complete with cached credentials. - We're using OpenShift virtualization, so it's also very easy to deploy a new virtual machine for each student. All together, it takes just about 2 minutes from "May I have a virtual machine?" to being able to log in and use it, and because we're using ephemeral passwords and private keys stored with the Guacamole connections we don't need to deal with credential distribution (or with walking novice users through the process of generating an ssh keypair). This is one of those situations in which all the pieces really came together in a way that was easier than I would have expected. Guacamole is a really neat project and I wanted to thank everyone who has worked on it; I've found it both well documented and easy to use. Cheers, -- Lars Kellogg-Stedman <[email protected]> | larsks @ {irc,twitter,github} http://blog.oddbit.com/ | N1LKS --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
