On Thu, Nov 6, 2025 at 11:18 AM openbidaaz <[email protected]> wrote:
> Hello, > > If we want to setup multiple Guacamole containers for resilience pointing > to the the same database cluster, is this acceptable? > > It is, but there are a couple of caveats that you need to be aware of in how Guacamole handles connections: * If you run multiple instances of the Guacamole Client container, there is currently no data-sharing mechanism between those instances, so one instance will not be "aware" of the connections active in other instances. This means that connection sharing will likely not work, or will only work randomly, as a user connected to one instance who tries to share a connection cannot guarantee that the person who accesses that shared link would be placed on the exact same instance of the Client container, and thus the sharing may fail. It also means that, if you're using any of the connection concurrency limits or load balancing built in to Guacamole, you may not get the results you expect - for example, if you set up a connection and limit it to 10 concurrent users, and you have 3 x Guacamole Client containers running and accessing the same database, you could potentially have 30 concurrent connections. * The same limitation applies to guacd instances - there is no synchronization mechanism or awareness between the guacd instances. While this has less of an effect on concurrency, it can still impact connection sharing, as sharing a connection relies on attaching to a connection running on a specific guacd instance. * Also, for both Guacamole Client and guacd, the fact that there is no mechanism to synchronize active connections between those multiple instances means that you need to make sure that, once a user is "assigned" to a specific Guacamole Client container, that assignment is "sticky" - that is, the user is consistently directed to the same Guacamole Client instance, otherwise, if they are going between Guacamole Client instances they will get very strange results - they will be prompted for authentication at random times, have connections dropped, receive error messages, etc. There needs to be some level of session persistence configured. > How can the connection to the Guacamole container be load balanced? > > * For the Guacamole Client containers, make sure to configure session persistence such that, once users are assigned a Guacamole Client instance, they are directed to that same instance for the life of their session, and that only changes after a significant length of idle time. * For the guacd containers, I'd highly recommend a 1-to-1 relationship between Guacamole Client container and guacd container, and that those are persistent, as well - that each Guacamole Client is always assigned to the same guacd instance. -Nick >
