Guacamole on Xubuntu

[WhiteTiger <wh...@yahoo.it.INVALID>]

In a small company I have to install a PC with Xubuntu 20.04 for when there
is need for maintenance on the network.
I would also like to install Guacamole on this PC so that users can take
remote control of their PC.
The idea is that users activate a VPN and then access the Guacamole server
where they will find their PC reported.
I, always in VPN, access the complete list of PCs.
To take remote control of the server PC I would like to understand if I can
still use Guacamole or if for this only PC I have to use some other remote
control software.

In the image there is the scheme of what I have in mind to do.
What do you think?

<http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/file/t1104/Schema-Guacamole.png> 



--
Sent from: http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/

---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@guacamole.apache.org
For additional commands, e-mail: user-help@guacamole.apache.org

Re: Guacamole on Xubuntu

[Niubbo75 <a....@me.com.INVALID>]

Hello ivanmarcus,
yes, what you say is exactly what I mean, if you use Guacamole is a non
sense use it over a VPN connection, if you need a VPN to connect to
Guacamole you will have a bottleneck, is better to use Guacamole directly,
w/out VPN, if for some reason you need to have a VPN to connect inside your
office, then you could easy RDP directly into your Winboxes w/out Guacamole.
What I say is that is better to setup a secure connection to guacamole
server and forward only that ports to your guacamole server, and is also
much faster, than setup VPN connection to all users, than setup VPN
connection on all users' PC and have also the risk that users' PC could be
infected, via VPN in this case you put infection inside your IT, with
Guacamole you don't have this risk.

Alessandro



--
Sent from: http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/

---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@guacamole.apache.org
For additional commands, e-mail: user-help@guacamole.apache.org

Re: Guacamole on Xubuntu

[ivanmarcus <iv...@yahoo.com.INVALID>]

Just a comment on your response Alesandro,

I have a number of remote systems I administer. Users have a variety of 
programs they operate on M$ Winboxen at the remote end.

Various of the clients have VPN available, or they use Guacamole.

In many cases Guacamole is [much] faster as Guacamole's network traffic 
can be quite light in comparison to VPN. Typically those users that are 
handling large files find the VPN is much slower (ie. the VPN/internet 
represents a bottleneck), and there are other nuances that lead them to 
prefer Guacamole.

IMV it's also easier to ensure a more stable and secure environment, 
particularly when the remote users are utilising 'home' offices, with 
Guacamole than with a VPN.

Overall I consider it's 'horses for courses'; in some cases a VPN may be 
preferable for certain operations, but in many cases a solution such as 
Guacamole will provide a better experience.


On 16/04/2020 9:24 p.m., Niubbo75 wrote:
> Hi, IMHO if you still use VPN to let user connect from remote side to Office
> internal LAN, you do not need to use guacamole, it could be a bottle neck,
> let your user directly RDP/VPN into their PCs.
> If you use Guacamole you don't need to have a VPN, just forward TCP port 80
> and 443 to your guacamole machine and put guacamole under a reverse proxy
> like NGINX and set a valid SSL CA to have https and the trick is done!
>
> Alesandro
>
>
>
> --
> Sent from: http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@guacamole.apache.org
> For additional commands, e-mail: user-help@guacamole.apache.org
>

Re: Guacamole on Xubuntu

[Niubbo75 <a....@me.com.INVALID>]

WhiteTiger-2 wrote
> I don't have a reverse proxy on the server.

You can easy install NGINX and configure it to work like that, here you can
find how to:

http://guacamole.apache.org/doc/gug/proxying-guacamole.html


WhiteTiger-2 wrote
> Also, there is already a server in the network that uses ports 80 and 443,
> so I should change the ports on the firewall.

well, you can choose two ways, the first and easy, if your firewall is
capable, is to set FQDN rules to forward request to the correct internal IP,
if your firewall is not capable of that, you can configure reverse proxy on
the server that already have 80 and 443 forwarded to and let it forward
related traffic to your guacamole server.
Hope this help.

Alessandro




--
Sent from: http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/

---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@guacamole.apache.org
For additional commands, e-mail: user-help@guacamole.apache.org

Re: Guacamole on Xubuntu

[WhiteTiger <wh...@yahoo.it.INVALID>]

I don't have a reverse proxy on the server.
Also, there is already a server in the network that uses ports 80 and 443,
so I should change the ports on the firewall.



--
Sent from: http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/

---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@guacamole.apache.org
For additional commands, e-mail: user-help@guacamole.apache.org

Re: Guacamole on Xubuntu

[Niubbo75 <a....@me.com.INVALID>]

Hi, IMHO if you still use VPN to let user connect from remote side to Office
internal LAN, you do not need to use guacamole, it could be a bottle neck,
let your user directly RDP/VPN into their PCs.
If you use Guacamole you don't need to have a VPN, just forward TCP port 80
and 443 to your guacamole machine and put guacamole under a reverse proxy
like NGINX and set a valid SSL CA to have https and the trick is done!

Alesandro



--
Sent from: http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/

---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@guacamole.apache.org
For additional commands, e-mail: user-help@guacamole.apache.org