Thanks for all the advice. What are the reasons behind the decision to use EC2 instead of ECS (containers)?
It looks like web ui has to be tightly coupled with guacd. Do you know if there are any plans to change it? Many thanks, Maciek On Sun, 8 Oct 2023 at 13:37, Lee Doughty <[email protected]> wrote: > Whenever I've seen the topic of HA come up, it's always been similar to > what Nick just said. There really doesn't seem to be a good way to get true > high availability. > > It seems the best you can do is "shard" your guacamole+guacd stacks so > that a failure in one of them only takes out a small portion of your end > users. > > Since the loss of a tomcat server means all guacd sessions passing through > it are toast.. to get the best "sharding", the logic to me seems to > encourage lots of small guacamole+guacd paired servers... If you scale > horizontally like this (which obviously allows for weaker/cheaper > individual servers).. then losing 1 of 10 servers impacts only 10% of users. > > On Sat, Oct 7, 2023, 7:18 PM Nick Couchman <[email protected]> wrote: > >> >> >> On Sat, Oct 7, 2023 at 4:23 PM Maciej Konigsman >> <[email protected]> wrote: >> >>> Hi, >>> >>> I would like to run Guacamole in HA. >>> I identified four services to achieve HA: >>> 1. Load balancer >>> 2. Web UI (Tomcat) >>> 3. Guacd >>> 4. DB (MySQL) >>> >>> I know how to configure HA for 1, 2 and 4 >>> I'm having an issue with understanding/finding documentation or examples >>> for guacd. My main concern is how to keep a session (including recording) >>> if a container with guacd fails or gets restarted. >>> >> >> The first thing to note would be that there's no way to >> synchronize session information between instances of guacd. So, if a system >> running guacd crashes, or guacd itself crashes completely, you won't be >> able to maintain those sessions - the users will get disconnected and will >> have to re-establish connections with working guacd instances. This is also >> true of the Web UI (Tomcat) portion of Guacamole - users logged in and >> sessions established on one of the Web front-ends will not be visible to or >> synchronized with sessions and users on the other web front-end. This will >> also impact your ability use connection sharing effectively, as users on >> one web front-end and/or guacd instance will not be able to share their >> connections with users who happen to log in to a different web front end, >> or who connect through a different guacd. >> >> As far as how to load-balance guacd, you can use a network load balancer >> (like HAProxy) and then use session "stickiness" to make sure that your web >> front-end systems get consistently connected to the same guacd instance. >> >> -Nick >> >>>
