For those who haven't seen it or tried it yet...

[ https://guacamole.apache.org/ ]

Guacamole is an access server that requires nothing but a web browser to connect to the RDP, VNC, SSH, Telnet sessions of your choice. One might expect this to be slow and clunky, but it's actually *really* good. It's more responsive than even some non-browser-based clients.

I'm using it now, in fact :)

That's intriguing.

I wonder how well that works within a virtualized environment. Hmm...

That's how I'm running it. The underlying Linux machine is even joined to an Active Directory domain. If that doesn't make your head explode...

Well, that's the kind of blinkered, Philistine pig-ignorance I've come to expect from you non-creative garbage...

All we wanted was a simple Linux server, not an abbatoir.

I've gotta say though, nslcd (aka nss-pam-ldapd) is freaking awesome. Joining a Linux machine to an Active Directory domain used to be a gigantic pain in the ass. Winbind was a piece of garbage, had too many dependencies, and had a habit of just not staying working. nslcd ties the name service switch directly to LDAP, no shims, no gimmicks. It also works with *any* LDAP server, not just AD.

When you have hundreds of servers it's nice to be able to log in with your LDAP credentials instead of having to go into the password vault to fetch the root password.

How badly does it consume bandwidth, doyouknow?

I'd expect if it's using those underlying protocols, it's probably fairly trim.

Oh.... and I wonder if you can record it to an mp4 or something. That'd be super-useful.

I haven't looked at bandwidth consumption because the server I'm running it on has plenty of it. It is going to use its own protocol to the client browser plus whatever bandwidth is consumed from the Guac server to the server you're logging into.

I haven't tried using it from anywhere other than my own well-endowed home network yet. I'll report back next week when I'm sitting in an airport using a tethered phone and we'll see. I think it's still going to be pretty good.

And yes, there is a screen recording module available. :)

For my needs, that screen recording thing, if I can route the recording to a server elsewhere, would be amazingly useful.

Read through [ http://guacamole.incubator.apache.org/doc/gug/configuring-guacamole.html ] and check out the section on "Session Recording."

I've set up a guacamole server/client that shows a proof of concept. It works very, very smoothly... far more smoothly than what we're doing at the moment through our vendor.

That, alone, makes me want to use this. Add to it recording features, and it's all the better... I may play with that tomorrow.

It's a tad frustrating, though, that I couldn't get the same familiar desktop in linux as the console's desktop (meaning, as if a CRT were connected to the VM, if that were possible). That's a bit of a shame, and might be a problem for certain distributions (Security Onion, Kali, etc). I dunno... maybe I can work around that somehow.

I got Linux graphical desktop via Guacamole working by using VNC. It takes a lot of manipulation, but you can combine VNC server with xinetd in a way that makes it fire up a new session and present a login prompt whenever someone connects to port 5900.

It would be easier if Guacamole could natively speak X11 and XDMCP. Although Guacamole has been designed to be extended in this way, no one has written this protocol yet.

I used xrdp, and managed to get the gnome desktop working with it.

I did get it working with Unity on Ubuntu, amusingly, but not without consequences.... couldn't log out of the session in any way, short of killing the right process.

Not that I like Unity. I mention this as yet another reason for anyone to dislike Unity.

I found xrdp worked really, really well, for keeping a uniform experience across the different machines that I had set up (Windows & Linux).

I want to try out some of the other features... ssh sessions, and desktop recording in particular.

My guess is that someone would have to figure out how to translate all the HTML5 graphics commands to the X11 protocol.

I figure if people did this for vnc & xrdp, it probably isn't too much of a stretch to do this for x11.

(By 'HTML5 graphics commands', I refer to the JavaScript commands that drive HTML5 graphics on a browser... they are remarkably robust).

The guacamole front end speaks to "guacd" using the same screen protocol regardless of what back end guacd is using. I'm guessing the guacd protocol probably tracks the HTML5 graphics commands pretty closely. But it is designed to be extensible, as in, a new back end doesn't have to learn how to speak to the browser; it only needs to plug in to guacd.

Or if they ever get around to replacing X11 with "Wayland" they can just write a Wayland compositor that speaks guacd protocol.

Then it's more X11-to-guacd than anything else.

Gotta tellya though, I tried out Xrdp and it's REALLY good. It's way better than Xvnc, and works really nicely with Guacamole. The screen always sizes properly to the viewer's screen (or in this case browser) dimensions, and it's a lot easier to set up session persistence in a multiuser environment.

Oh, yeah, all of that is absolutely true.

Although, the sizing isn't exactly dynamic-dynamic. The initial settings are dynamic, then you have to relog to get new settings.

But, tap F11 before going into the desktop, and it'll be full-screen.

There are two kinds of dynamic resizing with RDP, even on a Windoze server.
The conventional behavior was for RDP clients to respond to a window resize by seamlessly disconnecting from the server and then reconnecting with the new screen dimensions. The newest version of RDP (the protocol, not a particular implementation) contains a channel command that can handle an explicit resize of the viewport.

Guacamole can handle both modes, but it needs to be told which one you want to use. Obviously on a Windoze server the resize command is only available on the latest versions. I don't know whether Xrdp supports it.

I don't think so, as I didn't see it handle that properly.