On Sun, Oct 16, 2022 at 10:18 PM Grant Byers <[email protected]> wrote: > > Hi all, > > We've recently implemented Guacamole for a VDI proof of concept. This > went extremely well and we're now looking to scale out.
This sounds very cool - I've long wanted to build a VDI solution on top of Guacamole - I'd be very interested to see what you have done. > > We started with a guacd instance servicing RDP instances within a single > data centre. We have anycasted haproxy servers in front of guacd. We've > now built 2 other data centres and have deployed guacd instances within > each of those DCs. We'd like haproxy to be able to select a backend > guacd instance that's closest to the users RDP instance, but I'm yet to > find a nice way to do that. This would need to occur post login to > guacamole, but on selection of the connection. > > Any ideas? I'm no expert on HAProxy, but it seems like what you're asking for is HAProxy to be able to "examine" the Guacamole protocol connection - specifically, the "connect" instruction, figure out where that connection is going, and then make a routing decision to the back-end server based on some knowledge HAProxy also has of the network topology. The second part of this - decision tree based on network topology - is probably fairly routine and doable. The first part is going to be the challenge - figuring out how to configure HAProxy to inspect the Guacamole protocol packets and find the information it needs to make that decision. I found this page: https://discourse.haproxy.org/t/choosing-backend-based-on-tcp-payload/1600 It seems like HAProxy has the extensibility to be able to do some very customized packet inspection, which isn't terribly surprising, but I've no idea how much effort it would take to figure out what part of the Guacamole packet contains the information you need, and how much it may vary from connection-to-connection, and then extract that information and make the routing decision. You may also want to try posting to the HAProxy list and see if they can help out over there. The Guacamole protocol is fairly well-documented, so it should be pretty easy to examine the TCP packets at a network/proxy level, just a matter of nailing down all of the details within the HAProxy config. -Nick --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
