Intern
Intern Hi We tried loadbalancing using guacamole balancing function (with and without session affinity). It did not work satisfactorily. We also tried guacamole (without balancing) and haproxy behind for loadbalancing. This works better but still has issues. For guacamole loadbalancing problems occurs especially when * client rdp session is interrupted and another user connects to the same rdp-machine in the meantime * rdp-machine reboots or is offline Further considerations include the rdp-machine itself and the timing, e.g. * regular reboots for rdp-machine / profile cleanup * logoff idle users from rdp-machine after some time, when the user did not logoff properly (this must be aligned with guacamole/haproxy timeouts) Finally we use guacamole with the "Load balance info/cookie" and connect to HyperV VDI. HyperV handles loadbalancing and all the other stuff. Guacamole first connects to the HyperV-Broker and then seamless switches the rdp session to rdp-machine. Regards Daniel Von: N2Z2 NZ2Z <[email protected]> Gesendet: Montag, 17. Februar 2025 17:53 An: [email protected] Betreff: Re: Dynamic allocation of RDP sessions Thank you, I'll try it and let you know! Best regards. Il giorno gio 13 feb 2025 alle ore 15:32 Nick Couchman <[email protected]<mailto:[email protected]>> ha scritto: On Wed, Feb 12, 2025 at 12:35 PM N2Z2 NZ2Z <[email protected]<mailto:[email protected]>> wrote: Hello, I'm trying to set up a test environment with N Windows machines that can be connected to via RDP. The idea is to have users connect to Guacamole with a generic user account, and then ask for the individual user's authentication during the RDP connection phase. The problem arises during configuration. Suppose I have a generic user who logs into Guacamole, and then uses his user xxx to connect to the RDP session of machine #1. I would like that session to be associated with that user until logout, so that the second user yyy can connect with the generic "user" to Guacamole and then connect with his user to the first free machine, i.e. #2. Instead, as expected, user yyy tries to connect to the first machine to which they are authorized and not to the first machine that has free RDP. All this stems from the need to dynamically assign machines; in production, potentially, I have no idea what users are working at a specific time so I cannot assign machines in 1:1 mode (I would not have enough to assign them 1:1). Moreover, there is often staff turnover, so I would have to take into account all the new hires/resignations to change the assignment. Obviously, nothing changes if I integrate authentication as xxx or yyy in the first step in Guacamole, it was only to make the first step easier for users. Is there a way to manage this?" The first thing that comes to mind is that you might be looking for the "Balancing" connection group functionality: https://guacamole.apache.org/doc/gug/administration.html#connection-organization-and-balancing Basically, you can put individual connections under a "Balancing" group and then give users access to that balancing group, and Guacamole will try to balance the users across the connections in that group. You can set the limits of each connection in the group in terms of how many concurrent users can be connected to it. So, if each of your machines supports a single RDP connection, you set those limits on each connection, and Guacamole will only assign a single user to each connection. You can also set the "Session Affinity" option, where Guacamole will attempt to remember which connection a user was using and reconnect them to that specific connection, falling back to the next available one if that one is not available. -Nick
