[
https://issues.apache.org/jira/browse/GUACAMOLE-283?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18061374#comment-18061374
]
Nick Couchman commented on GUACAMOLE-283:
-----------------------------------------
[~prakash006] I think that there are many folks who would be very interested in
your solution for the client-side HA, and we would welcome your participating
in and contribution to the community. You can find the overall guidelines for
contributing to the project [here|[https://guacamole.apache.org/open-source/].]
Overall you need the Jira account (which you have), and then you need to fork
the Guacamole repositories on Github, create a branch for your changes, make
the changes, and then submit a pull request.
As far as making guacd more resilient - at least aware of other guacd instances
and the session on those - this will probably be a bit more challenging because
it lacks an existing mechanism for tracking any information outside of just
keeping it in memory. I can think of a couple of possible approaches at a very
high level to this:
* Instead of trying to modify guacd to be aware of other guacd instance and
track this information, keep that information in Guacamole Client. Extend the
client in a way that creates another database table, memory location, shared
memory, etc., that has awareness of which client sessions are active on which
guacd instances, and is able to check the availability of guacd instances,
direct clients to join sessions on a specific instance, etc.
* Implement a more proper tracking of connections and users in guacd
in-memory, and provide some sort of socket that other guacd instances can
connect to in order to query that information.
* Implement a connection and user tracking mechanism that makes use of
existing software/frameworks for tracking and synchronizing data. Something
like redis, etcd, or even a relational database (though I suspect those may be
too slow to be terribly effective) that would track this information and
provide the ability to send a client to a particular server.
In the cases where guacd itself is being modified to be aware of other guac
instances, it may also be necessary to implement a "redirect" instruction in
the Guacamole protocol that allows a guacd instance to tell a client that it
should go to another guacd server for the connection, and then implement the
client-side functionality that can understand the redirect and try the guacd
instance that is specified. This would likely need some robust security around
it to avoid situations where someone could unwittingly be redirected to a
different guacd server operated by an unknown attacker trying to gain access,
gather credentials, etc.
That said, to your question, "how can we do this so that our users do no lose
their connection if one guacd server is lost," that's a bit of a different
animal. In that case you're talking about needing to do one of two things:
* Keep near-real-time copies of connections and connection states synchronized
between guacd instances so that connections can seamlessly switch over to
another guacd instance without interruption. This is the kind of thing that, in
my experience, anyway, requires RDMA and Infiniband, or some other very
high-speed, low-latency link between systems.
* Make the Guacamole protocol itself better able to handle statelessness or,
at the very least, able to transparently recover from path failures. This has
some challenges of its own because guacd is establishing a connection with a
remote server via another protocol (SSH, VNC, RDP), and so it's going to be
stateful at some point, and it would really just have to retry the connection
on a new guacd system, but that involves setting back up the remote connection.
Maybe I'm overthinking it and there's a simpler solution to this...
> HA in Guacamole
> ---------------
>
> Key: GUACAMOLE-283
> URL: https://issues.apache.org/jira/browse/GUACAMOLE-283
> Project: Guacamole
> Issue Type: New Feature
> Components: guacamole-client, guacamole-server
> Reporter: Thiago dos Santos Nunes
> Priority: Minor
>
> A great feature for guacamole would be high availability both on the client
> (mainly) and on the server.
> In the client the ideal would be to be able to at least be able to block by
> the number of simultaneous connections even having an environment with
> several vms or containers.
> I currently have an environment with 3 guacamole servers with Tomcat 8
> running behind a HAPROXY. But I lose the block by simultaneous connection (I
> charge my clients for simultaneous connection) and I can not give up having
> more than one vm, because if one falls I lose all. It would also be great if
> the user does not need to log in again if they go to another server (session
> permanence). Today I work with hundreds of simultaneous users from different
> places.
> It would also be very good to be able to separate the client from the server
> and be able to work on HA on the server as well.
> My Environment:
> 3x Guacamole server and client: 0.9.12
> Database and Authentication: MySQL (another vm)
> File Server: SFTP (another vm)
> I alread commented this on:
> https://issues.apache.org/jira/browse/GUACAMOLE-189
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
