On Mon, Apr 8, 2024 at 3:38 AM Molina de la Iglesia, Manuel <[email protected]> wrote:
> Hello, > > During the last months I was using Apache Guacamole on some environments > without any problem, then now I would like to deploy the solution on > another environment where we have a high number of users. > > In this new environment, I would like to deploy a couple of servers behind > a load balancer but I cannot find a lot of information about how to > configure these servers. > > My plan is to deploy two apache guacamole servers and configure mysql > servers like master-master. Does it make sense? Should I consider any other > changes? > > The configuration you mentioned should work reasonably well overall - it will allow multiple servers to provide a single configuration and users to be spread across those servers. That said, there are some limitations to it that you should be aware of: * Session information - both logins and connections - is only stored in-memory, and cannot currently be shared across Guacamole instances. This means that you'll want to make sure to enable some sort of session tracking or "stickiness" on your load balancer so that clients are directed to the same back-end server consistently. If you don't do this, then you'll get unexpected behavior from the clients - they'll be redirected to the login screen or get errors from Guacamole. * The lack of shared information about active connections also means that limitations on the number of concurrent sessions for a given connection will be largely meaningless - if you set the limit of concurrent sessions on a connection to 10, and you have 3 x Guacamole Client servers, then you actually could have up to 30 connections (10 per server x 3 servers). There's not really any way around this at the moment - until we implement some sort of mechanism for sharing connection information between instances, this won't be fixed. * Also related, connection sharing will be spotty, if it works at all. Again, because active connection information is only stored in-memory, and not shared across servers, if you try to share a connection, there's a reasonably high chance that the user who tries to access the link for the connection will be redirected to a different back-end server, and the sharing link will be invalid. There isn't much that can be done about this until we do some cross-node connection sharing. Finally, it's important to keep in mind that there are two components to Guacamole - the client (Tomcat + WAR), and guacd. Most of what I've mentioned has to do with the client/Tomcat side; however, it's also important to consider if and how you'll load-balance the guacd side of things: * You could run a guacd instance locally on each of your client servers, in which case you shouldn't have to do anything special. * You could also separate out the guacd instances and run them on their own servers, and point each of the front-end/client servers to its own back-end server. * Or, you could run guacd behind a load balancer, and point all of the client/front-end servers to a single hostname/IP, and then have a load-balancer take care of assigning the client -> guacd connections. If you go this route, you'll need to make sure the guacd load-balancer also has some session tracking/stickiness on it so that connections don't get unexpectedly redirected away from the guacd instance they've been assigned to initially. And, doing this will not help at all with any of the client-side issues mentioned above in terms of lack of connection tracking, etc. There's a Jira issue related to this, as well: https://issues.apache.org/jira/browse/GUACAMOLE-283 -Nick >
