On Wed, Jun 8, 2022 at 11:16 AM Lee Doughty <l...@virginiacyberrange.org> wrote:
> Lots of activity on the mailing list the last 2-3 weeks. Recent > discussions got me thinking (again) about a more specific/pointed feature > request that helps alleviate some issues that I think many of us Guacamole > administrators would like: > > I think it would be a nice feature to: > 1) Monitor for some kind of real-user-to-vm activity, and having the > connection disconnect if it sits idle for a configured period of time > 2) and/or: a feature to require the user to take an action to extend their > session after a configured amount of time > > This seems to also address some of the pushback and use cases mentioned on > https://issues.apache.org/jira/browse/GUACAMOLE-1126 -- where many of us > are trying to balance resources & costs, and user activity / action is what > determines if we have a user's VM loaded/online/existing. > > * Mark Nolan noted he spins up VMs on connection, and presumably then, > turns them off after some period when the user is not connected. This is > very similar to my use case. > > * Alexander Fischer noted that inactive users trigger reconnection, which > might be a cause of an issue for him... but would also likely be mitigated > if reconnection factored in the last time the user seems to have used > guacamole when deciding to try and reconnect. > > * Edgardo Rodriguez noted in his initial description of G-1126 that users > walk/tab away from Guacamole (also a pain point I feel regularly)... This > kind of feature would likely reduce the need for limiting retry attempts > (though I think _a_ limit on retry attempts is a nice feature on its own) > > Basically, identify when a user is not actually using the machine anymore, > and allow the guacamole server to go through the connection close-out > process. This saves on guacamole server resources, and can allow those of > us with hooks on connection states to perform our desired actions (like > freeing the target for a new user, shutting down the VM, etc.). > > This is obviously also a help for budgeting & resource management -- do I > really have 500 active guacamole sessions, or 300 active guacamole sessions > and 200 connections that are idle for 6+ hours, or days? Without snooping > on the sessions, or the target VMs, I'm not aware of an ability to extract > this information right now. If I could say I want sessions that are idle > for 3 hours to be closed out, I can at least be sure the connections have > seen activity in that time window. > > This doesn't exactly address what "activity" is, but I think it would be > safe to assume that automated re-connection is not user activity... we'd > probably want to see the mouse move in the guacamole tab, or a keypress. > > Would love to hear others thoughts on this kind of feature > > My biggest question, here, is why we would re-invent this wheel? For RDP, at least, and possibly for other protocols, the destination/remote system itself is able to detect when a user is active, and set either session or idle limits (or both) based on that user activity, and then take some sort of action (usually logging the user off) when the user is idle or their session limit has expired. And, while this is generally only logging the user off, and doesn't involve shutting the remote system down, I would think that the shut down of the remote system could be either triggered by lack of user login on the system (I suspect there are utilities already out there to do this), or by Guacamole (once the session actually ends, you could have an extension go power off the remote system). This avoids having to try to detect user activity within Guacamole itself, but gives you what I think you're looking for? Glad to see the discussion - just my initial thoughts, so let me know if that does not, for some reason, meet the need. -Nick
