You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@guacamole.apache.org by WhiteTiger <wh...@yahoo.it.INVALID> on 2020/01/13 16:42:12 UTC
Why should I use Guacamole?
Forgive my perhaps too naive question, but I'm trying to understand.
If I have to connect to the Guacamole Server via VPN and the server is
located in the LAN, then, why should I use it to connect to PCs for example
with RDP?
If I am in the LAN, with the VPN, then I can already connect directly to the
PCs via RDP without the need for an intermediate server.
I'm missing something, but what?
--
Sent from: http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@guacamole.apache.org
For additional commands, e-mail: user-help@guacamole.apache.org
Re: Why should I use Guacamole?
Posted by Roman <ad...@yandex.ru>.
1) it's not only rdp
2) it can manage user's acl
3) you can manage all your connections in one place
19:41, 13 January 2020, WhiteTiger <wh...@yahoo.it.invalid>:
> Forgive my perhaps too naive question, but I'm trying to understand.
> If I have to connect to the Guacamole Server via VPN and the server is
> located in the LAN, then, why should I use it to connect to PCs for example
> with RDP?
> If I am in the LAN, with the VPN, then I can already connect directly to the
> PCs via RDP without the need for an intermediate server.
> I'm missing something, but what?
>
>
>
>
>
> \--
> Sent from: <http://apache-guacamole-general-user-mailing-
list.2363388.n4.nabble.com/>
>
>
>
> \---------------------------------------------------------------------
> To unsubscribe, e-mail: [user-unsubscribe@guacamole.apache.org](mailto:user-
unsubscribe@guacamole.apache.org)
> For additional commands, e-mail: [user-
help@guacamole.apache.org](mailto:user-help@guacamole.apache.org)
>
>
\--
Sent from Yandex.Mail for mobile
Re: Why should I use Guacamole?
Posted by Tushar Jain <tu...@hitachi.mgrmnet.com>.
In addition, it is also helping us publish our legacy applications
remotely/on the cloud, which otherwise require a local LAN setup.
On Mon, Jan 13, 2020 at 11:33 PM Michael Ballard <mi...@gmail.com>
wrote:
> I use it myself to act as my gateway into my network. Instead of opening
> several ports for RDP/VNC/SSH to various machines (I used non-standard
> ports, so 3389 is not open), I instead have https access to guacamole on my
> webserver, and then from there I can connect to whichever systems I have
> enabled.
>
> This provides me one way in to manage; I don't need multiple firewall
> rules, I don't have to maintain VPN, I don't need any software on the
> machine I'm connecting from: just a web browser. I also don't need
> outbound firewall rules from where I'm connecting from; https is already
> allowed (whereas my non-standard and even standard outbound ports at work
> are blocked).
>
> For myself, it eliminates the need for TeamViewer or other similar
> products.
>
> If you're still requiring connecting to a VPN, then yes, it is not
> accomplishing much for you besides ACLs and centralization.
>
> If all you're looking for is simpler management of remote connections only
> internally to your network, and maintaining VPN access, I'd recommend
> Devolutions' Remote Access Management.
>
> On Mon, Jan 13, 2020 at 8:41 AM WhiteTiger
> <wh...@yahoo.it.invalid> wrote:
>
>> Forgive my perhaps too naive question, but I'm trying to understand.
>> If I have to connect to the Guacamole Server via VPN and the server is
>> located in the LAN, then, why should I use it to connect to PCs for
>> example
>> with RDP?
>> If I am in the LAN, with the VPN, then I can already connect directly to
>> the
>> PCs via RDP without the need for an intermediate server.
>> I'm missing something, but what?
>>
>>
>>
>> --
>> Sent from:
>> http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: user-unsubscribe@guacamole.apache.org
>> For additional commands, e-mail: user-help@guacamole.apache.org
>>
>>
--
**Disclaimer:* This message and any attachment may contain confidential,
proprietary information and is intended only for the individual named. If
you are not the original intended recipient and have erroneously received
this message, you should not disseminate, distribute or copy this e-mail.
Please notify the sender immediately by e-mail if you have received this
e-mail by mistake and delete this e-mail from your system. Hitachi MGRM Net
E-mail transmission cannot be guaranteed to be secure or error-free as
information could be intercepted, corrupted, lost, destroyed, arrive late
or incomplete, or contain viruses. Hitachi MGRM Net therefore does not
accept liability for any errors or omissions in the contents of this
message, which arise as a result of e-mail transmission. If verification is
required, please request a hard-copy version. Hitachi MGRM Net Ltd, C -
6/5, Safdarjung Development Area, New Delhi - 110016, India*
*
*
*'Please
consider the environment before printing this e-mail'.*
Re: Why should I use Guacamole?
Posted by Nick Couchman <vn...@apache.org>.
On Tue, Jan 14, 2020 at 5:01 AM WhiteTiger
<wh...@yahoo.it.invalid> wrote:
> I have to assist small networks. Each of these has a firewall and an
> internal
> LAN.
> Still on this mailing list, I asked if it made sense to have a centralized
> server, for example in the cloud, from which to connect to the various
> networks, but I should have security rules on each firewall.
>
>
One thing to consider with Guacamole is that you can use a single Guacamole
Client front-end (the Tomcat/Java/AngularJS web-based portion) with
multiple guacd instances on the back-end. The Guacamole Client front-end
communicates with the guacd back-end on a single port (4822), so you only
have one port that needs to be opened into your various networks, and from
a single location, rather than opening it up to the entire world. On top
of this, the Guacamole Client <-> guacd channel can be configured for TLS
encryption, protecting the communication between your web server and your
individual networks where your remote desktops reside.
> If the server is in the LAN, then I have to enter it with a VPN and once
> inside I go where I want and it is normal to connect to a Windows PC with
> RDP.
> Centralization is actually a convenience, but if there are fewer than 10
> PCs
> I don't think it's worth it.
>
That's certainly something that you have to decide - it may be worth it for
some people in a smaller environment, it may not for others.
>
> If the server is external to the LAN, I still have to provide ports on the
> firewall to open internal PCs.
>
Not necessarily - see above. Yes, you still have to have something opened,
but maybe not to the same extent.
There are two huge benefits that I have seen of my use of Guacamole in my
day job:
- The ability to access remote systems without any software (other than a
web browser) - no RDP software to install, or VNC, or SSH. All I have to
do is sign in to a web page and I can get to any system I want.
- Centralized management of remote connections. Having a couple of
different systems I use routinely, plus a home system or two, it's really
nice to be able to log in to a single place and have all of my connections
already set up. I manage a total of 1200 or so servers, and access dozens
of them on a daily basis, so being able to have a single point where all of
those connections reside is a big time-saver.
For your environment, you have to decide if it is worth-while, but I'd be
willing to bet that if you started using it you would have a hard time
giving it up :-).
-Nick
Re: Why should I use Guacamole?
Posted by Mike Jumper <mj...@apache.org>.
On Tue, Jan 14, 2020, 02:01 WhiteTiger <wh...@yahoo.it.invalid>
wrote:
> ...
>
> In short, I still haven't understood the architecture model of the service.
> It seems to me that the ideal model is that everything resides in the same
> network: PC to be controlled, PC of the technician who must control the
> other PCs, Guacamole server.
> Outside of this model it is not clear to me how it should be implemented.
>
Not quite. Except for convenience, it wouldn't make that much sense to
deploy Guacamole strictly internally any more than it would to deploy a VPN
strictly internally. The Guacamole server and the PC being controlled need
to be (effectively) on the same network, yes, but the user connecting to
that PC via Guacamole can be anywhere.
The typical use case for Guacamole is similar to the way you already use a
VPN: to provide an single, secure point of entry to machines that are
otherwise intentionally isolated on a private network. In the Guacamole
case, there are auth integration and auditing capabilities that are
helpful, as well, but this is the general idea. This comes with the added
benefit that the user that needs to connect to these machines is freed from
having to use a particular device; any device with a browser should work.
Personally, I've come to rely on being able to use any machine to access
what I need, regardless of where I happen to be. I've been doing absolutely
all my Guacamole development work over Guacamole for years, and while the
practice began as dogfooding, I don't think I could go back to being tied
to a particular physical machine at this point.
- Mike
Re: Why should I use Guacamole?
Posted by WhiteTiger <wh...@yahoo.it.INVALID>.
I have to assist small networks. Each of these has a firewall and an internal
LAN.
Still on this mailing list, I asked if it made sense to have a centralized
server, for example in the cloud, from which to connect to the various
networks, but I should have security rules on each firewall.
If the server is in the LAN, then I have to enter it with a VPN and once
inside I go where I want and it is normal to connect to a Windows PC with
RDP.
Centralization is actually a convenience, but if there are fewer than 10 PCs
I don't think it's worth it.
If the server is external to the LAN, I still have to provide ports on the
firewall to open internal PCs.
In short, I still haven't understood the architecture model of the service.
It seems to me that the ideal model is that everything resides in the same
network: PC to be controlled, PC of the technician who must control the
other PCs, Guacamole server.
Outside of this model it is not clear to me how it should be implemented.
In any case, I am not going to install Guacamole on the corporate Webserver
managed for other needs (for example ecommerce) by somebody else.
Michael Ballard wrote
> I use it myself to act as my gateway into my network. Instead of opening
> several ports for RDP/VNC/SSH to various machines (I used non-standard
> ports, so 3389 is not open), I instead have https access to guacamole on
> my
> webserver, and then from there I can connect to whichever systems I have
> enabled.
>
> This provides me one way in to manage; I don't need multiple firewall
> rules, I don't have to maintain VPN, I don't need any software on the
> machine I'm connecting from: just a web browser. I also don't need
> outbound firewall rules from where I'm connecting from; https is already
> allowed (whereas my non-standard and even standard outbound ports at work
> are blocked).
>
> For myself, it eliminates the need for TeamViewer or other similar
> products.
>
> If you're still requiring connecting to a VPN, then yes, it is not
> accomplishing much for you besides ACLs and centralization.
>
> If all you're looking for is simpler management of remote connections only
> internally to your network, and maintaining VPN access, I'd recommend
> Devolutions' Remote Access Management.
--
Sent from: http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@guacamole.apache.org
For additional commands, e-mail: user-help@guacamole.apache.org
Re: Why should I use Guacamole?
Posted by Michael Ballard <mi...@gmail.com>.
I use it myself to act as my gateway into my network. Instead of opening
several ports for RDP/VNC/SSH to various machines (I used non-standard
ports, so 3389 is not open), I instead have https access to guacamole on my
webserver, and then from there I can connect to whichever systems I have
enabled.
This provides me one way in to manage; I don't need multiple firewall
rules, I don't have to maintain VPN, I don't need any software on the
machine I'm connecting from: just a web browser. I also don't need
outbound firewall rules from where I'm connecting from; https is already
allowed (whereas my non-standard and even standard outbound ports at work
are blocked).
For myself, it eliminates the need for TeamViewer or other similar products.
If you're still requiring connecting to a VPN, then yes, it is not
accomplishing much for you besides ACLs and centralization.
If all you're looking for is simpler management of remote connections only
internally to your network, and maintaining VPN access, I'd recommend
Devolutions' Remote Access Management.
On Mon, Jan 13, 2020 at 8:41 AM WhiteTiger
<wh...@yahoo.it.invalid> wrote:
> Forgive my perhaps too naive question, but I'm trying to understand.
> If I have to connect to the Guacamole Server via VPN and the server is
> located in the LAN, then, why should I use it to connect to PCs for example
> with RDP?
> If I am in the LAN, with the VPN, then I can already connect directly to
> the
> PCs via RDP without the need for an intermediate server.
> I'm missing something, but what?
>
>
>
> --
> Sent from:
> http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@guacamole.apache.org
> For additional commands, e-mail: user-help@guacamole.apache.org
>
>
Re: Why should I use Guacamole?
Posted by brian mullan <bm...@gmail.com>.
Maybe I don't understand your Use-Case
But you don't need a VPN to access Guacamole
On Mon, Jan 13, 2020, 11:41 AM WhiteTiger <wh...@yahoo.it.invalid>
wrote:
> Forgive my perhaps too naive question, but I'm trying to understand.
> If I have to connect to the Guacamole Server via VPN and the server is
> located in the LAN, then, why should I use it to connect to PCs for example
> with RDP?
> If I am in the LAN, with the VPN, then I can already connect directly to
> the
> PCs via RDP without the need for an intermediate server.
> I'm missing something, but what?
>
>
>
> --
> Sent from:
> http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@guacamole.apache.org
> For additional commands, e-mail: user-help@guacamole.apache.org
>
>