Re: Dockerized Guacamole and upload/download capability from a Remote Desktop Server

[brian mullan]

Great
Thanks Nick !

On Fri, Nov 5, 2021, 1:40 PM Nick Couchman  wrote:

> On Fri, Nov 5, 2021 at 1:34 PM brian mullan 
> wrote:
>
>> Thanks Nick
>>
>> Then why would this be considered an xRDP big.   Does the RDP Protocol
>> Spec indicate "0" should be valid ?
>>
>>
> Yep - if you read
> https://github.com/neutrinolabs/xrdp/issues/1505#issuecomment-593500038
> you'll see that Matt indicates that the specs don't say anything about zero
> being an invalid value. Add to this the fact that xrdp (prior to 0.9.12)
> appears to be the only server that actually has this problem, and this
> makes it a bug with xrdp. And it's been fixed.
>
> -Nick
>
>>

Re: Dockerized Guacamole and upload/download capability from a Remote Desktop Server

[Nick Couchman]

On Fri, Nov 5, 2021 at 1:34 PM brian mullan  wrote:

> Thanks Nick
>
> Then why would this be considered an xRDP big.   Does the RDP Protocol
> Spec indicate "0" should be valid ?
>
>
Yep - if you read
https://github.com/neutrinolabs/xrdp/issues/1505#issuecomment-593500038
you'll see that Matt indicates that the specs don't say anything about zero
being an invalid value. Add to this the fact that xrdp (prior to 0.9.12)
appears to be the only server that actually has this problem, and this
makes it a bug with xrdp. And it's been fixed.

-Nick

>

Re: Dockerized Guacamole and upload/download capability from a Remote Desktop Server

[brian mullan]

Thanks Nick

Then why would this be considered an xRDP big.   Does the RDP Protocol Spec
indicate "0" should be valid ?

On Fri, Nov 5, 2021, 1:18 PM Nick Couchman  wrote:

> On Fri, Nov 5, 2021 at 9:53 AM brian mullan 
> wrote:
>
>> Mike/Adrian
>>
>> In a separate Thread Subject: *Difference between normal RDP and
>> Guacamole’s RDP*
>> 
>>
>> Adrian said::
>>
>> *When you run Guacamole RDP.Traffic is:*
>>>
>>> *A)  (RDP) Between Guacamole (freeRDP) and remote computer.*
>>>
>>
>> I've used FreeRDP for quite a while and it's worked well for me in many
>> ways.
>>
>> I recently had an issue where my newest Guacamole install was having
>> problems.
>>
>> Two VMs lets call X and Y.
>>
>>- X is an Ubuntu 20.04 where  Guacamole was installed.
>>- Y is also Ubuntu 20.04 with xRDP installed and several options for
>>Desktop Environment (MATE, Gnome, etc).
>>
>> So Guacamole was configured for a Connection to Y.
>>
>> Everything worked except "Drive Redirection".
>>
>> I would get a Folder on Y's Desktop and in that folder I'd see a GUACFS
>> folder but there was never a "Download" folder
>> no matter how many changes I tried.
>>
>> Note:  In the past this always worked for me.
>>
>> Then I tried just using FreeRDP from a Terminal on X and everything
>> worked OK including Drive Redirection!
>>
>> In a *separate email to the Guacamole User alias
>>  *about
>> my problem Mike responded that there was an xRDP bug
>>
>> *Yes - this is a bug in XRDP related to RDPDR device IDs. Newer versions
>>> of XRDP should work correctly. See:*
>>>
>>> *- Mike*
>>
>>
>> In Case
>>
>>
>> *If Both approaches are using FreeRDP *
>>
>> *and *
>> *In Both approaches  the connection is via the same xRDP on Y *
>>
>> I guess I don't understand Mike's statement above...
>>
>> *Does Guacamole send a different "RDPDR device ID" than the command line
>> FreeRDP Sends?*
>>
>
> Yes, that's my understanding based on the various posts - that Guacamole
> sends ID 0, whereas other clients (FreeRDP, Microsoft, etc.) send something
> other than 0 - maybe they start at 1?
>
> -Nick
>

Re: Dockerized Guacamole and upload/download capability from a Remote Desktop Server

[Nick Couchman]

On Fri, Nov 5, 2021 at 9:53 AM brian mullan  wrote:

> Mike/Adrian
>
> In a separate Thread Subject: *Difference between normal RDP and
> Guacamole’s RDP*
> 
>
> Adrian said::
>
> *When you run Guacamole RDP.Traffic is:*
>>
>> *A)  (RDP) Between Guacamole (freeRDP) and remote computer.*
>>
>
> I've used FreeRDP for quite a while and it's worked well for me in many
> ways.
>
> I recently had an issue where my newest Guacamole install was having
> problems.
>
> Two VMs lets call X and Y.
>
>- X is an Ubuntu 20.04 where  Guacamole was installed.
>- Y is also Ubuntu 20.04 with xRDP installed and several options for
>Desktop Environment (MATE, Gnome, etc).
>
> So Guacamole was configured for a Connection to Y.
>
> Everything worked except "Drive Redirection".
>
> I would get a Folder on Y's Desktop and in that folder I'd see a GUACFS
> folder but there was never a "Download" folder
> no matter how many changes I tried.
>
> Note:  In the past this always worked for me.
>
> Then I tried just using FreeRDP from a Terminal on X and everything worked
> OK including Drive Redirection!
>
> In a *separate email to the Guacamole User alias
>  *about
> my problem Mike responded that there was an xRDP bug
>
> *Yes - this is a bug in XRDP related to RDPDR device IDs. Newer versions
>> of XRDP should work correctly. See:*
>>
>> *- Mike*
>
>
> In Case
>
>
> *If Both approaches are using FreeRDP *
>
> *and *
> *In Both approaches  the connection is via the same xRDP on Y *
>
> I guess I don't understand Mike's statement above...
>
> *Does Guacamole send a different "RDPDR device ID" than the command line
> FreeRDP Sends?*
>

Yes, that's my understanding based on the various posts - that Guacamole
sends ID 0, whereas other clients (FreeRDP, Microsoft, etc.) send something
other than 0 - maybe they start at 1?

-Nick

Problem with virtual drive in Connectiongroups

[Szilvasi, Janos]

Hi,

we have a problem with the virtual drive over RDP when more than one host is in 
a balancing connection group.

After connecting, the virtual drive is mounted and can be used on the remote 
host. If I want to upload or download files from the sidebar, it does not work.

- Uploaded documents are created but have no content.
- Download does not work.
- The clipboard works.


Nginx logs:

[05/Nov/2021:16:26:33 +] "POST /api/tokens HTTP/2.0" 200 179 
"https://guacamole_host/„

[05/Nov/2021:16:26:33 +] "GET /app/element/templates/blank.html HTTP/2.0" 
200 173 "https://guacamole_host/„

[05/Nov/2021:16:26:33 +] "GET 
/api/session/data/mysql/connectionGroups/16?token=356BC420D8C89741E80C3A430629FD123FB1E7A29D7F74174909E2DB3CB846E1
 HTTP/2.0" 200 214 "https://guacamole_host/„

[05/Nov/2021:16:26:36 +] "GET 
/api/session/tunnels/ef2f3aaf-d34e-4095-91dc-e1d3d1275ab1/protocol?token=356BC420D8C89741E80C3A430629FD123FB1E7A29D7F74174909E2DB3CB846E1
 HTTP/2.0" 200 5013 "https://guacamole_host/„

[05/Nov/2021:16:27:07 +] "GET 
/api/session/data/mysql-shared/activeConnections?token=356BC420D8C89741E80C3A430629FD123FB1E7A29D7F74174909E2DB3CB846E1
 HTTP/2.0" 200 2 "https://guacamole_host“

[05/Nov/2021:16:27:07 +] "GET 
/api/session/data/ldap/activeConnections?token=356BC420D8C89741E80C3A430629FD123FB1E7A29D7F74174909E2DB3CB846E1
 HTTP/2.0" 200 2 "https://guacamole_host/„

[05/Nov/2021:16:27:07 +] "GET 
/api/session/data/mysql/activeConnections?token=356BC420D8C89741E80C3A430629FD123FB1E7A29D7F74174909E2DB3CB846E1
 HTTP/2.0" 200 2 "https://guacamole_host/„

[05/Nov/2021:16:27:10 +] "GET 
/api/session/tunnels/null/streams/0/test.txt?token=356BC420D8C89741E80C3A430629FD123FB1E7A29D7F74174909E2DB3CB846E1
 HTTP/2.0" 404 178 "https://guacamole_host/;


After a page reload, it works.


Nginx log:

[05/Nov/2021:15:53:54 +] "GET 
/api/session/tunnels/65af3217-a43b-4ea6-8e25-707d3f0c143b/streams/0/Test.txt?token=C4856B0DBEE8E0C2C04D95D32DADFD9996C6AAA23FDF6A6506A5AB4FCF49D45F
 HTTP/2.0" 200 4


It seems like it doesn't get the tunnel ID on first connection after login.

If a host is selected directly the problem does not occur


Environment:

Prod:

Frontend Server: Nginx + mysql + guacamole_client (all Docker)
Backend Server: guacd (docker)

Test:
All-in-on Setup: Nginx + mysql + guacamole_client + guacd (Docker)


Does anyone have the same problem or an idea ?


Thanks!

Best regards
Janos






Forschungszentrum Juelich GmbH
52425 Juelich
Sitz der Gesellschaft: Juelich
Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498
Vorsitzender des Aufsichtsrats: MinDir Volker Rieke
Geschaeftsfuehrung: Prof. Dr.-Ing. Wolfgang Marquardt (Vorsitzender),
Karsten Beneke (stellv. Vorsitzender), Prof. Dr. Astrid Lambrecht,
Prof. Dr. Frauke Melchior

Re: Guacamole dynamically create connections

[Tim Worcester]

Some additional context on this:

The problem I have is that the Postgresql extension has a call structure
like this:

connect() -> tunnelService.getGuacamoleTunnel() ->
tunnelService.getBalancedConnections()

Inside of getBalancedConnections() I get halted on these lines here:
```
// If group has no children, there are no balanced connections
Collection identifiers =
connectionMapper.selectIdentifiersWithin(connectionGroup.getIdentifier());
if (identifiers.isEmpty())
return Collections.emptyList();
```

The only way I could think to get around this was to add a new
ModeledConnection but that required creating an admin user to be able to
add connection rows dynamically.  Is that the right approach?

On Wed, Nov 3, 2021 at 2:35 PM Tim Worcester 
wrote:

> I am not, I couldn't get the new connection to be inserted without hacking
> up an admin user to be able to have the RBAC to add a connection to the
> underlying Connection Directory.
>
>
>
> On Wed, Nov 3, 2021 at 2:30 PM Mike Jumper 
> wrote:
>
>> On Wed, Nov 3, 2021, 08:58 Tim Worcester 
>> wrote:
>>
>>> Mike,
>>>
>>> I have gotten this working with dynamically spinning up desktops when
>>> the user clicks the connectionGroup.  Unfortunately when I decorate the
>>> ConnectionGroup and override connect() I lose all of the active session and
>>> connection history tracking that the postgresql extension gives me.
>>>
>>
>> Are you not invoking the connect() function of the decorated object when
>> your decorator's implementation of connect() is invoked?
>>
>> - Mike
>>
>>

Re: [Feature Request] Network "Hog" Identification for Connections

[Nick Couchman]

On Fri, Nov 5, 2021 at 9:57 AM Jürgen Kuri  wrote:

> El 05.11.21 a las 13:28, Nick Couchman escribió:
> >> On Fri, Nov 5, 2021 at 7:50 AM Jürgen Kuri  > wrote:
> >>
> >> Hello,
> >>
> >> it would be nice for admin users to have a possibility in the web
> frontend to quickly identify current connections which consume a lot of
> network bandwidth (kind of ranking of network packet count or so). This is
> useful and more convenient if you have several simultaneous connections and
> several Guacamole instances balanced and concentrated with a BGP network
> router setup. For admins which are not so familiar with tools like netstat,
> iptraf and friends it is extremely helpful.
> >
> >
> > If you'd like to request a feature, Jira is the place to do it:
> > https://issues.apache.org/jira/browse/GUACAMOLE <
> https://issues.apache.org/jira/browse/GUACAMOLE>
> >
> >
> >> Because of several Guacamole instances concentrated via BGP network
> routers (from outside there is only visible one Guacamole access URL), the
> network bandwidth utilisation values must be somewhere CENTRALLY stored and
> updated in the Guacamole SQL database. These single and concentrated
> Guacamole instances (frontend and backend) share all the same database here
> in our setup. So, "logically" or from application "high level" view it is
> just one instance with one access URL from the internet. This is for
> example, why we see in the web frontend below "Active Sessions" not all
> active sessions, just the ones to that internet frontend where the admin's
> web session is routed to but not the ones from the neighbor internet
> frontends.
> >
> >
> > This would likely need to be thought out a little bit more thoroughly. I
> see a couple of issues with this:
> > * Depending on what type of information and how much you plan to store
> in the database, this could cause a rapid growth in the size of the
> database. It might be possible to add a couple of fields - total packet
> count, and total byte count, or total in packets, total out packets, total
> in bytes, and total out bytes - that could be tracked and updated
> periodically for active and historical connection information.
> Yes, if we want to historicize network metrics from past session, the
> database will grow. Of course, I had that in my mind when I wrote this
> feature request, this what admins want to have and let beat their hearts
> higher. But for the first step, covering the need, the indentification of
> the "hogs", additional database fields with the network metrics which are
> updated, let's say every 30 seconds (configurable update interval?) would
> be sufficient enough for the need here. And, of course, when the session
> for a specific connection ends or latest when a new future session is
> initiated for the same connection, the metrics in the database are reset!
> So, this single metric fields just reflects a momentary situation but this
> is enough to make a ranking for a quick identification of the hogs. And, in
> order to reduce database and network strain , especially if we have
> multiple simultaneous proxy sessions, guacd and the Java application should
> send the network metrics in transaction aggregates for all current
> connections. This is good for the network (less round trips) and the
> database which performs the updates of the aggregated metrics with a view
> I/O accesses. For that purpose it is sufficient not to have very up-to-date
> network metric information.
>
> A leight weight approach for a kind of historiography of network
> consumption could be an extra database table with one row per connection
> and the network metrics. This table acts like a scoreboard. At the end of a
> specific connection session the values are updated in that scoreboard
> table. The web frontend presents that session scoreboard in descending
> order with the network utilisation hogs at the top.
>
>
> > But, if you're wanting to store a bunch of historic information about
> when connections hogged the bandwidth, you're talking about a lot of
> additional data (RRD-style).
> Sorry, not agree fully, at least not from the storage space footprint
> perspective if you allude to this. You don't want to keep this data years.
> I think for trouble shooting two to four weeks is probably more than
> enough. That might be different if you want to use this data e.g. for
> accounting or so.
>
>
Maybe I wasn't clear, here, but 2-4 weeks of connections, if you're keeping
more than just total byte count - if you're keeping traffic information on
a 60 second or 5 minute basis for all connections over that span of time,
it will add up. I'm not saying it's not doable, just that, depending on
what you mean by historical data, this could be a lot of data.


>
> > * Depending on how often you'd want it updated, this could result in
> quite a heavy load just tracking this information. If you had 100 active
> connections, and you wanted the data updated 

Re: [Feature Request] Network "Hog" Identification for Connections

[Jürgen Kuri]

El 05.11.21 a las 13:28, Nick Couchman escribió:
>> On Fri, Nov 5, 2021 at 7:50 AM Jürgen Kuri > > wrote:
>> 
>> Hello,
>> 
>> it would be nice for admin users to have a possibility in the web 
>> frontend to quickly identify current connections which consume a lot of 
>> network bandwidth (kind of ranking of network packet count or so). This is 
>> useful and more convenient if you have several simultaneous connections and 
>> several Guacamole instances balanced and concentrated with a BGP network 
>> router setup. For admins which are not so familiar with tools like netstat, 
>> iptraf and friends it is extremely helpful.
> 
> 
> If you'd like to request a feature, Jira is the place to do it:
> https://issues.apache.org/jira/browse/GUACAMOLE 
> 
>  
> 
>> Because of several Guacamole instances concentrated via BGP network 
>> routers (from outside there is only visible one Guacamole access URL), the 
>> network bandwidth utilisation values must be somewhere CENTRALLY stored and 
>> updated in the Guacamole SQL database. These single and concentrated 
>> Guacamole instances (frontend and backend) share all the same database here 
>> in our setup. So, "logically" or from application "high level" view it is 
>> just one instance with one access URL from the internet. This is for 
>> example, why we see in the web frontend below "Active Sessions" not all 
>> active sessions, just the ones to that internet frontend where the admin's 
>> web session is routed to but not the ones from the neighbor internet 
>> frontends.
> 
> 
> This would likely need to be thought out a little bit more thoroughly. I see 
> a couple of issues with this:
> * Depending on what type of information and how much you plan to store in the 
> database, this could cause a rapid growth in the size of the database. It 
> might be possible to add a couple of fields - total packet count, and total 
> byte count, or total in packets, total out packets, total in bytes, and total 
> out bytes - that could be tracked and updated periodically for active and 
> historical connection information.
Yes, if we want to historicize network metrics from past session, the database 
will grow. Of course, I had that in my mind when I wrote this feature request, 
this what admins want to have and let beat their hearts higher. But for the 
first step, covering the need, the indentification of the "hogs", additional 
database fields with the network metrics which are updated, let's say every 30 
seconds (configurable update interval?) would be sufficient enough for the need 
here. And, of course, when the session for a specific connection ends or latest 
when a new future session is initiated for the same connection, the metrics in 
the database are reset! So, this single metric fields just reflects a momentary 
situation but this is enough to make a ranking for a quick identification of 
the hogs. And, in order to reduce database and network strain , especially if 
we have multiple simultaneous proxy sessions, guacd and the Java application 
should send the network metrics in transaction aggregates for all current 
connections. This is good for the network (less round trips) and the database 
which performs the updates of the aggregated metrics with a view I/O accesses. 
For that purpose it is sufficient not to have very up-to-date network metric 
information.

A leight weight approach for a kind of historiography of network consumption 
could be an extra database table with one row per connection and the network 
metrics. This table acts like a scoreboard. At the end of a specific connection 
session the values are updated in that scoreboard table. The web frontend 
presents that session scoreboard in descending order with the network 
utilisation hogs at the top.


> But, if you're wanting to store a bunch of historic information about when 
> connections hogged the bandwidth, you're talking about a lot of additional 
> data (RRD-style).
Sorry, not agree fully, at least not from the storage space footprint 
perspective if you allude to this. You don't want to keep this data years. I 
think for trouble shooting two to four weeks is probably more than enough. That 
might be different if you want to use this data e.g. for accounting or so.


> * Depending on how often you'd want it updated, this could result in quite a 
> heavy load just tracking this information. If you had 100 active connections, 
> and you wanted the data updated every second, or even every 10 seconds, this 
> would add quite a bit of load to what is otherwise a relatively light-weight 
> and low-utilization database.
See my comment above.


> * As you mentioned, there is currently no synchronization of active 
> connections between multiple web front-ends (Tomcat instances), so tracking 
> this information in a central place would likely require some far-reaching 
> changes to that, as well, so 

RE: Difference between normal RDP and Guacamole’s RDP.

[Tweed, Peter]

My experience is that Browser <=> Guacamole uses significantly more data than 
direct RDP when audio is involved.
https://issues.apache.org/jira/browse/GUACAMOLE-1442
that would match your comment on video ( as I suspect the video included audio 
).

From: Adrian Owen 
Sent: 05 November 2021 10:43
To: user@guacamole.apache.org
Subject: RE: Difference between normal RDP and Guacamole’s RDP.

Don’t know.   Question for the team.

From: takuya morita [mailto:mrttky521...@gmail.com]
Sent: 05 November 2021 02:33
To: user@guacamole.apache.org
Subject: Re: Difference between normal RDP and Guacamole’s RDP.

Thanks for the detailed explanation.
Is it possible that the data traffic between the browser and Tomcat is smaller 
than that of normal RDP when bandwidth is tight?

2021年11月4日(木) 21:33 Adrian Owen 
mailto:adrian.o...@eesm.com>>:
Hi,

When you run normal RDP.RDP traffic is direct between your computer and 
remote computer.
Your RDP client displays session.

When you run Guacamole RDP.Traffic is:

A)  (RDP) Between Guacamole (freeRDP) and remote computer.

B)   (Web) Your Web Browser and Guacamole

As Nick says, you should also measure Guacamole (freeRDP) to Remote computer 
bandwidth, to get complete picture,

Adrian

From: Nick Couchman [mailto:vn...@apache.org]
Sent: 04 November 2021 12:01
To: user@guacamole.apache.org
Subject: Re: Difference between normal RDP and Guacamole’s RDP.

On Wed, Nov 3, 2021 at 10:33 PM takuya morita 
mailto:mrttky521...@gmail.com>> wrote:
Hi, support.
I’m Takuya.

I found out that the data traffic is different between using normal RDP and 
Guacamole RDP.
What is the structural difference between Guacamole RDP and normal RDP?

We also found that normal RDP uses less traffic when watching videos, and 
Guacamole RDP uses less traffic when watching non-video clips.
Do you think the results of this survey are correct?

First, I believe what you're asking is what the difference is between RDP and 
the Guacamole Protocol. Guacamole is not an extension or implementation of RDP, 
it is a completely different protocol. The job of guacd (Guacamole Server) is 
to translate connections between the Guacamole protocol and one of several 
supported remote access protocols, of which RDP is one. Guacamole supports 
connecting to RDP servers, but the RDP connection is only between guacd and the 
RDP server - the connection between the user's browser (tunneled through the 
Java components, usually running on Tomcat) and guacd is not RDP, it is 
Guacamole.

So, when you're comparing the traffic/bandwidth utilization of Guacamole to 
RDP, it's important to distinguish where you're measuring that - is it between 
the user's browser and Tomcat, between Tomcat and guacd, or between guacd and 
RDP?

Others (Mike?) can probably provide more detailed analysis of why video would 
produce more bandwidth via Guacamole than RDP, but keep in mind the answer to 
the last question you asked - that Guacamole dynamically measures performance 
of the link between the client (web browser) and guacd and adjusts the frame 
rates, and even image processing algorithms, based on the available resources. 
So, it is possible that Guacamole is using more bandwidth simply because it has 
detected that more bandwidth is available, and it is attempting to give the 
best possible experience - highest frame rate, lowest loss to compression.

-Nick


This electronic message may contain proprietary and confidential information of 
Verint Systems Inc., its affiliates and/or subsidiaries. The information is 
intended to be for the use of the individual(s) or entity(ies) named above. If 
you are not the intended recipient (or authorized to receive this e-mail for 
the intended recipient), you may not use, copy, disclose or distribute to 
anyone this message or any information contained in this message. If you have 
received this electronic message in error, please notify us by replying to this 
e-mail.

Re: [Feature Request] Network "Hog" Identification for Connections

[Nick Couchman]

On Fri, Nov 5, 2021 at 7:50 AM Jürgen Kuri  wrote:

> Hello,
>
> it would be nice for admin users to have a possibility in the web frontend
> to quickly identify current connections which consume a lot of network
> bandwidth (kind of ranking of network packet count or so). This is useful
> and more convenient if you have several simultaneous connections and
> several Guacamole instances balanced and concentrated with a BGP network
> router setup. For admins which are not so familiar with tools like netstat,
> iptraf and friends it is extremely helpful.
>
>
If you'd like to request a feature, Jira is the place to do it:
https://issues.apache.org/jira/browse/GUACAMOLE


> Because of several Guacamole instances concentrated via BGP network
> routers (from outside there is only visible one Guacamole access URL), the
> network bandwidth utilisation values must be somewhere CENTRALLY stored and
> updated in the Guacamole SQL database. These single and concentrated
> Guacamole instances (frontend and backend) share all the same database here
> in our setup. So, "logically" or from application "high level" view it is
> just one instance with one access URL from the internet. This is for
> example, why we see in the web frontend below "Active Sessions" not all
> active sessions, just the ones to that internet frontend where the admin's
> web session is routed to but not the ones from the neighbor internet
> frontends.
>

This would likely need to be thought out a little bit more thoroughly. I
see a couple of issues with this:
* Depending on what type of information and how much you plan to store in
the database, this could cause a rapid growth in the size of the database.
It might be possible to add a couple of fields - total packet count, and
total byte count, or total in packets, total out packets, total in bytes,
and total out bytes - that could be tracked and updated periodically for
active and historical connection information. But, if you're wanting to
store a bunch of historic information about when connections hogged the
bandwidth, you're talking about a lot of additional data (RRD-style).
* Depending on how often you'd want it updated, this could result in quite
a heavy load just tracking this information. If you had 100 active
connections, and you wanted the data updated every second, or even every 10
seconds, this would add quite a bit of load to what is otherwise a
relatively light-weight and low-utilization database.
* As you mentioned, there is currently no synchronization of active
connections between multiple web front-ends (Tomcat instances), so tracking
this information in a central place would likely require some far-reaching
changes to that, as well, so that active connections are synchronized
across those front-ends. I'm not saying this shouldn't be done - I actually
think it should be done, eventually, just saying that this makes what
you're requesting, for your environment, quite a bit more complex.
* What you're requesting would likely only take care of one of the two
possible legs of bandwidth utilization - you'd be able to see traffic
between the clients (web browsers) and Tomcat (and ultimately guacd), but
there's also traffic between guacd and the remote servers that is worth
consideration, and which this would not be able to capture.

-Nick

[Feature Request] Network "Hog" Identification for Connections

[Jürgen Kuri]

Hello,

it would be nice for admin users to have a possibility in the web frontend to 
quickly identify current connections which consume a lot of network bandwidth 
(kind of ranking of network packet count or so). This is useful and more 
convenient if you have several simultaneous connections and several Guacamole 
instances balanced and concentrated with a BGP network router setup. For admins 
which are not so familiar with tools like netstat, iptraf and friends it is 
extremely helpful. 

Because of several Guacamole instances concentrated via BGP network routers 
(from outside there is only visible one Guacamole access URL), the network 
bandwidth utilisation values must be somewhere CENTRALLY stored and updated in 
the Guacamole SQL database. These single and concentrated Guacamole instances 
(frontend and backend) share all the same database here in our setup. So, 
"logically" or from application "high level" view it is just one instance with 
one access URL from the internet. This is for example, why we see in the web 
frontend below "Active Sessions" not all active sessions, just the ones to that 
internet frontend where the admin's web session is routed to but not the ones 
from the neighbor internet frontends.
--

Thanks
Jürgen

-
To unsubscribe, e-mail: user-unsubscr...@guacamole.apache.org
For additional commands, e-mail: user-h...@guacamole.apache.org

RE: Difference between normal RDP and Guacamole’s RDP.

[Adrian Owen]

Don’t know.   Question for the team.

From: takuya morita [mailto:mrttky521...@gmail.com]
Sent: 05 November 2021 02:33
To: user@guacamole.apache.org
Subject: Re: Difference between normal RDP and Guacamole’s RDP.

Thanks for the detailed explanation.
Is it possible that the data traffic between the browser and Tomcat is smaller 
than that of normal RDP when bandwidth is tight?

2021年11月4日(木) 21:33 Adrian Owen 
mailto:adrian.o...@eesm.com>>:
Hi,

When you run normal RDP.RDP traffic is direct between your computer and 
remote computer.
Your RDP client displays session.

When you run Guacamole RDP.Traffic is:

A)  (RDP) Between Guacamole (freeRDP) and remote computer.

B)   (Web) Your Web Browser and Guacamole

As Nick says, you should also measure Guacamole (freeRDP) to Remote computer 
bandwidth, to get complete picture,

Adrian

From: Nick Couchman [mailto:vn...@apache.org]
Sent: 04 November 2021 12:01
To: user@guacamole.apache.org
Subject: Re: Difference between normal RDP and Guacamole’s RDP.

On Wed, Nov 3, 2021 at 10:33 PM takuya morita 
mailto:mrttky521...@gmail.com>> wrote:
Hi, support.
I’m Takuya.

I found out that the data traffic is different between using normal RDP and 
Guacamole RDP.
What is the structural difference between Guacamole RDP and normal RDP?

We also found that normal RDP uses less traffic when watching videos, and 
Guacamole RDP uses less traffic when watching non-video clips.
Do you think the results of this survey are correct?

First, I believe what you're asking is what the difference is between RDP and 
the Guacamole Protocol. Guacamole is not an extension or implementation of RDP, 
it is a completely different protocol. The job of guacd (Guacamole Server) is 
to translate connections between the Guacamole protocol and one of several 
supported remote access protocols, of which RDP is one. Guacamole supports 
connecting to RDP servers, but the RDP connection is only between guacd and the 
RDP server - the connection between the user's browser (tunneled through the 
Java components, usually running on Tomcat) and guacd is not RDP, it is 
Guacamole.

So, when you're comparing the traffic/bandwidth utilization of Guacamole to 
RDP, it's important to distinguish where you're measuring that - is it between 
the user's browser and Tomcat, between Tomcat and guacd, or between guacd and 
RDP?

Others (Mike?) can probably provide more detailed analysis of why video would 
produce more bandwidth via Guacamole than RDP, but keep in mind the answer to 
the last question you asked - that Guacamole dynamically measures performance 
of the link between the client (web browser) and guacd and adjusts the frame 
rates, and even image processing algorithms, based on the available resources. 
So, it is possible that Guacamole is using more bandwidth simply because it has 
detected that more bandwidth is available, and it is attempting to give the 
best possible experience - highest frame rate, lowest loss to compression.

-Nick

Re: Does Guacamole support PKI/Smartcard authentication for RDP (instead of username/password)?

[Mike Jumper]

On Fri, Nov 5, 2021, 00:10 Maram, Saber  wrote:

>
> Hello,
>
> it is definetly possible, you need 2-3 full time devs to write ~3k lines
> of C then a extension with native host communication for client side and
> some frontend coding and ~2 months time.
>
> i know that so well since we did it already, the next we are working on is
> usb device redirection as soon the test's for smartcard implementation are
> done.
>

If you have such support implemented and working, I really think the path
forward should be contributing those changes for the benefit of all.

- Mike

Re: Does Guacamole support PKI/Smartcard authentication for RDP (instead of username/password)?

[Maram, Saber]