What I did was use AWS autoscaling with a load balancer. Each instance was connected to a postgres AWS RDS. Doesn't solved your HA problem though. However, the all the user needs to do is re-login to the guac server. No connection data is lost. Logging, etc data is collected in S3. Can send you my slides on the implementation I did if you want. Request to my email direct.
Sent from my T-Mobile 5G Device Get Outlook for Android<https://aka.ms/AAb9ysg> ________________________________ From: Lee Doughty <[email protected]> Sent: Sunday, October 8, 2023 8:36:39 AM To: [email protected] <[email protected]> Subject: Re: Guacamole HA Whenever I've seen the topic of HA come up, it's always been similar to what Nick just said. There really doesn't seem to be a good way to get true high availability. It seems the best you can do is "shard" your guacamole+guacd stacks so that a failure in one of them only takes out a small portion of your end users. Since the loss of a tomcat server means all guacd sessions passing through it are toast.. to get the best "sharding", the logic to me seems to encourage lots of small guacamole+guacd paired servers... If you scale horizontally like this (which obviously allows for weaker/cheaper individual servers).. then losing 1 of 10 servers impacts only 10% of users. On Sat, Oct 7, 2023, 7:18 PM Nick Couchman <[email protected]<mailto:[email protected]>> wrote: On Sat, Oct 7, 2023 at 4:23 PM Maciej Konigsman <[email protected]> wrote: Hi, I would like to run Guacamole in HA. I identified four services to achieve HA: 1. Load balancer 2. Web UI (Tomcat) 3. Guacd 4. DB (MySQL) I know how to configure HA for 1, 2 and 4 I'm having an issue with understanding/finding documentation or examples for guacd. My main concern is how to keep a session (including recording) if a container with guacd fails or gets restarted. The first thing to note would be that there's no way to synchronize session information between instances of guacd. So, if a system running guacd crashes, or guacd itself crashes completely, you won't be able to maintain those sessions - the users will get disconnected and will have to re-establish connections with working guacd instances. This is also true of the Web UI (Tomcat) portion of Guacamole - users logged in and sessions established on one of the Web front-ends will not be visible to or synchronized with sessions and users on the other web front-end. This will also impact your ability use connection sharing effectively, as users on one web front-end and/or guacd instance will not be able to share their connections with users who happen to log in to a different web front end, or who connect through a different guacd. As far as how to load-balance guacd, you can use a network load balancer (like HAProxy) and then use session "stickiness" to make sure that your web front-end systems get consistently connected to the same guacd instance. -Nick
