Ok Nick My feedback
1.- About concurrent sessions, I think this should not be shareable. Is it necessary to use non-shareable connections to be able to use the load balancer? How do I differentiate between them (shareable vs not shareable)? or how can I configure them? 2.- If I pretend implementing a solution, where it is the place to do them? I mean there are two places to do the changes. When user log in (to record log in access and ask the next time when same user access) and when user log out (delete record access to make it accesible). Is there a way to make it, using Open-Close principle (close to change, open to extension). Another question: 3.- There is a requirement to create a Guacamole option, where all users are shown, mainly whom are logged. And one option when I select one or various users, I can log out them from Guacamole web application. ¿Which is your recommendation?, ¿is this posible?, ¿could I add this functionality into Guacamole application? -Gabriel -----Mensaje original----- De: Nick Couchman <vn...@apache.org> Enviado el: viernes, 28 de abril de 2023 01:58 p. m. Para: user@guacamole.apache.org Asunto: Re: High availability and users can connect only once to Guacamole Client page. On Wed, Apr 26, 2023 at 9:52 PM Gabriel Huerta Araujo <huert...@globalhitss.com.invalid> wrote: > > Hi all > > I have 2 doubts: > > 1.- Guacamole is going to be installed on two servers, ¿is there a way to > manage a high availability scheme (if one is out, the backup server > automatically enters)? There is currently no way to synchronize active sessions or logins between two servers. You can certainly put the servers behind a load balancer, and send sessions to multiple servers, but there is currently no way for one server to know about sessions on the other server. There are two areas where this may impact things, depending on how you use Guacamole: 1. If you use Guacamole to limit the number of concurrent sessions for a connection, but you have multiple servers sharing those connections, the concurrency limits won't be accurate. So, for example if you have a connection that you limit to 10 concurrent connections, and you have 2 Guacamole Client servers, you could conceivably have up to 20 connections - 10 on each server. 2. If you use connection sharing, you'll likely have problems with the shared links being invalid. A user may start up a connection on Server1, share the connection, and then send out the link, and the person who is joining the shared connection may be directed by the load balancer to Server2, instead. If you don't care about connection concurrency limits and don't share connections, then it probably won't impact you and you'll be okay using load balancers. > 2.- if a user accessed the Guacamole page with an account, he can not access > the Guacamole page with the same account, via another computer? > There's not really any way to prevent a user from logging in from more than one computer - at least, not the way it is currently implemented. There are several default concurrency limits you can put in place, but nothing that says, "If a user logs in from the IP address, don't allow them to log in from anywhere else." https://guacamole.apache.org/doc/gug/jdbc-auth.html#concurrent-use-of-guacamole-connections -Nick --------------------------------------------------------------------- To unsubscribe, e-mail: user-unsubscr...@guacamole.apache.org For additional commands, e-mail: user-h...@guacamole.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: user-unsubscr...@guacamole.apache.org For additional commands, e-mail: user-h...@guacamole.apache.org
