Implement HA on Guacamole Server

[Thiago dos Santos Nunes <th...@DIGITALINFORMATICA.COM.BR>]

Hi everyone,

Pax!
I need a lot of help.
We have a guacamole setting with approximately 100-200 simultaneous connections. And we're investigating the option of creating client high availability using Hazelcast or memcached (Nick's tip). Has anyone tried this? Could you share how it was? Because I've never worked with it.
Another essential thing is the server side. We need to implement some High Availability schema for the server. And it would have to be something without downtime if possible.
I had already created a ticket for the HA issue on the guacamole server, in case there is a need to change the code. This would be an exceptional feature for medium to large environments.
Https://issues.apache.org/jira/browse/GUACAMOLE-283
Please help me in this, because the environment has fallen sometimes and the users get very frustrated .... And customers wanting to paralyze services for this.
Stay with GOD!
Aude et Effice!
Thiago.

Re: RES: Implement HA on Guacamole Server

[segfault <ja...@gmail.com>]

Update: Just to see if I can load balance in AWS using ELB *without* SSL
client verification, I set up a new load balancer as follows:

ELB Classic using HTTPS 443. I imported my key and cert and chain and
created a new cert to use so I am terminating customer SSL at the ELB. I set
session stickiness with: Stickiness: AppCookieStickinessPolicy,
cookieName='JSESSIONID'

I then also configured backend SSL using the server cert to the two
instances.

It seems to work fine so far I can log in and my session "sticks" to the
machine I originally connected to.

I also stopped an instance I was logged into and, as expected, it booted me
out. When the load balancer determined it was unhealthy, it connected me to
the other node.

I still have my SSL client verification issue, but if you don't need that,
you should be able to use ELB on AWS with no issues when session stickiness
is turned on.




--
View this message in context: http://apache-guacamole-incubating-users.2363388.n4.nabble.com/Implement-HA-on-Guacamole-Server-tp1343p1416.html
Sent from the Apache Guacamole (incubating) - Users mailing list archive at Nabble.com.

RE: Implement HA on Guacamole Server

[Goncalo Rosa <go...@v2s.us>]

Hello Thiago,

I managed to implement High Availability Active Passive on Guacamole.

I just assured both are fully symmetric and put a firewall NLB in front of both servers. To assure that servers are always synchronized, I created a library of scripts that does all my needed functions, so that way, when I need to reset a user password or associate a new connection to a user, or create a new connection, for example, I do it from script and it does on both servers at the same time.

Its working like a charm.

But If we could have an active - active architecture would be great! 

Gonçalo Rosa


W: www.v2s.us                   Skype: goncalo_rosa

-----Original Message-----
From: Thiago dos Santos Nunes [mailto:thiago@DIGITALINFORMATICA.COM.BR] 
Sent: Thursday, July 27, 2017 19:18
To: user@guacamole.incubator.apache.org
Subject: RES: Implement HA on Guacamole Server

Thanks everyone!

Let me see segfault. Memchached teorically work with websocket? The session replication work with this?

Anybody can tell about sucess on working with memcached?

I need a lot put this working. And about high availability on server? How to do this?

Fique com DEUS!
Aude et Effice!


-----Mensagem original-----
De: segfault [mailto:jay.cee.el@gmail.com] Enviada em: quinta-feira, 27 de julho de 2017 18:31
Para: user@guacamole.incubator.apache.org
Assunto: Re: Implement HA on Guacamole Server

Hi,

I am trying this right now with memcached-session-manager. I have not been able to get it to work though. I can share my logs and more detail if anyone wants to help.

My set up is on AWS. I have a TCP ELB load balancer with two EC2 instances running guacamole on httpd. I have configured SSL Client Verification to be required on the instances.

I was thinking if you don't need SSL Client Verification, you could use an HTTPS ELB load balancer and configure sticky sessions on the ELB. You would have to terminate SSL connections at the load balancer though and this makes SSL client verification tricky if not impossible.

I am on the verge of just settling for an active/passive set up through the load balancer because I have tried everything I can think of to get the memcached-session-manager to work with no success.

Here's a link to some info about memcached-session-manager:
https://github.com/magro/memcached-session-manager/wiki



--
View this message in context: http://apache-guacamole-incubating-users.2363388.n4.nabble.com/Implement-HA-on-Guacamole-Server-tp1343p1401.html
Sent from the Apache Guacamole (incubating) - Users mailing list archive at Nabble.com.

RES: Implement HA on Guacamole Server

[Thiago dos Santos Nunes <th...@DIGITALINFORMATICA.COM.BR>]

Thanks everyone!

Let me see segfault. Memchached teorically work with websocket? The session replication work with this?

Anybody can tell about sucess on working with memcached?

I need a lot put this working. And about high availability on server? How to do this?

Fique com DEUS!
Aude et Effice!


-----Mensagem original-----
De: segfault [mailto:jay.cee.el@gmail.com] 
Enviada em: quinta-feira, 27 de julho de 2017 18:31
Para: user@guacamole.incubator.apache.org
Assunto: Re: Implement HA on Guacamole Server

Hi,

I am trying this right now with memcached-session-manager. I have not been able to get it to work though. I can share my logs and more detail if anyone wants to help.

My set up is on AWS. I have a TCP ELB load balancer with two EC2 instances running guacamole on httpd. I have configured SSL Client Verification to be required on the instances.

I was thinking if you don't need SSL Client Verification, you could use an HTTPS ELB load balancer and configure sticky sessions on the ELB. You would have to terminate SSL connections at the load balancer though and this makes SSL client verification tricky if not impossible.

I am on the verge of just settling for an active/passive set up through the load balancer because I have tried everything I can think of to get the memcached-session-manager to work with no success.

Here's a link to some info about memcached-session-manager:
https://github.com/magro/memcached-session-manager/wiki



--
View this message in context: http://apache-guacamole-incubating-users.2363388.n4.nabble.com/Implement-HA-on-Guacamole-Server-tp1343p1401.html
Sent from the Apache Guacamole (incubating) - Users mailing list archive at Nabble.com.

Re: Implement HA on Guacamole Server

[segfault <ja...@gmail.com>]

Hi,

I am trying this right now with memcached-session-manager. I have not been
able to get it to work though. I can share my logs and more detail if anyone
wants to help.

My set up is on AWS. I have a TCP ELB load balancer with two EC2 instances
running guacamole on httpd. I have configured SSL Client Verification to be
required on the instances.

I was thinking if you don't need SSL Client Verification, you could use an
HTTPS ELB load balancer and configure sticky sessions on the ELB. You would
have to terminate SSL connections at the load balancer though and this makes
SSL client verification tricky if not impossible.

I am on the verge of just settling for an active/passive set up through the
load balancer because I have tried everything I can think of to get the
memcached-session-manager to work with no success.

Here's a link to some info about memcached-session-manager:
https://github.com/magro/memcached-session-manager/wiki



--
View this message in context: http://apache-guacamole-incubating-users.2363388.n4.nabble.com/Implement-HA-on-Guacamole-Server-tp1343p1401.html
Sent from the Apache Guacamole (incubating) - Users mailing list archive at Nabble.com.

RE: Implement HA on Guacamole Server

[James Fraser <Ja...@veritec.com.au>]

Hi Thiago

In answer to your questions we do not have load balancing for spreading load we have a load balancer for active/passive failover.
If we were able to have a PAAS solution for MySQL that was stable OR we stored all objects in active directory then we would essentially round robin the LB between servers.

I do not believe there would be any way to keep alive a connection in the event of a server crash as it's a persistent connection to that server, the best outcome that I could see is the user refreshes  the browser and reconnects to the next host.

Sorry if this was not what you wanted to hear.

From: Thiago dos Santos Nunes [mailto:thiago@DIGITALINFORMATICA.COM.BR]
Sent: Monday, 24 July 2017 10:48 PM
To: user@guacamole.incubator.apache.org
Subject: RES: Implement HA on Guacamole Server

Thanks for sharing James (We have a same name.... but in another languages...).

My problem is not the Database server, but with Guacamole Server and the client.

How you address this questions:

- How to create session persistent in many guacamole client if one server goes down?
- How to not disconnect my users i fone guacamole server goes down?
- How to loadbalance the connections with many guacamole servers and many guacamole clients equality?




Fique com DEUS!
Aude et Effice!
[Assinatura E-mail]

De: James Fraser [mailto:James.Fraser@veritec.com.au]
Enviada em: domingo, 23 de julho de 2017 20:00
Para: user@guacamole.incubator.apache.org<ma...@guacamole.incubator.apache.org>
Assunto: RE: Implement HA on Guacamole Server

Hi Thiago

I have a "HA" setup currently running within Azure
We found to many timeout issues with using a PAAS solution for MYSQL so instead are running a simpler solution at the moment.

We have two servers, one is the Master and one is the slave.

We have a load balancer (traffic manager for setting priority)
Which selects server number 1 (master)
We are locking down the environment using oauth2 followed by LDAP and MYSQL.

Server 1 (Master) has a RW database and syncs data to Server 2 (Slave)

Guacamole on server 2 only have Read Only access to its database.
If server 1 goes off line, server 2 can and will continue to allow connectivity however it will not allow creation of new users or connections, nor will it log who is logged on etc


It is not a perfect but it does allow server 1 to be patched and/or go offline.





From: Thiago dos Santos Nunes [mailto:thiago@DIGITALINFORMATICA.COM.BR]
Sent: Friday, 21 July 2017 1:21 AM
To: user@guacamole.incubator.apache.org<ma...@guacamole.incubator.apache.org>
Subject: Implement HA on Guacamole Server

Hi everyone,

Pax!
I need a lot of help.
We have a guacamole setting with approximately 100-200 simultaneous connections. And we're investigating the option of creating client high availability using Hazelcast or memcached (Nick's tip). Has anyone tried this? Could you share how it was? Because I've never worked with it.
Another essential thing is the server side. We need to implement some High Availability schema for the server. And it would have to be something without downtime if possible.
I had already created a ticket for the HA issue on the guacamole server, in case there is a need to change the code. This would be an exceptional feature for medium to large environments.
Https://issues.apache.org/jira/browse/GUACAMOLE-283
Please help me in this, because the environment has fallen sometimes and the users get very frustrated .... And customers wanting to paralyze services for this.
Stay with GOD!
Aude et Effice!
Thiago.

RES: Implement HA on Guacamole Server

[Thiago dos Santos Nunes <th...@DIGITALINFORMATICA.COM.BR>]

Thanks for sharing James (We have a same name.... but in another languages...).

My problem is not the Database server, but with Guacamole Server and the client.

How you address this questions:

- How to create session persistent in many guacamole client if one server goes down?
- How to not disconnect my users i fone guacamole server goes down?
- How to loadbalance the connections with many guacamole servers and many guacamole clients equality?




Fique com DEUS!
Aude et Effice!
[Assinatura E-mail]

De: James Fraser [mailto:James.Fraser@veritec.com.au]
Enviada em: domingo, 23 de julho de 2017 20:00
Para: user@guacamole.incubator.apache.org
Assunto: RE: Implement HA on Guacamole Server

Hi Thiago

I have a "HA" setup currently running within Azure
We found to many timeout issues with using a PAAS solution for MYSQL so instead are running a simpler solution at the moment.

We have two servers, one is the Master and one is the slave.

We have a load balancer (traffic manager for setting priority)
Which selects server number 1 (master)
We are locking down the environment using oauth2 followed by LDAP and MYSQL.

Server 1 (Master) has a RW database and syncs data to Server 2 (Slave)

Guacamole on server 2 only have Read Only access to its database.
If server 1 goes off line, server 2 can and will continue to allow connectivity however it will not allow creation of new users or connections, nor will it log who is logged on etc


It is not a perfect but it does allow server 1 to be patched and/or go offline.





From: Thiago dos Santos Nunes [mailto:thiago@DIGITALINFORMATICA.COM.BR]
Sent: Friday, 21 July 2017 1:21 AM
To: user@guacamole.incubator.apache.org<ma...@guacamole.incubator.apache.org>
Subject: Implement HA on Guacamole Server

Hi everyone,

Pax!
I need a lot of help.
We have a guacamole setting with approximately 100-200 simultaneous connections. And we're investigating the option of creating client high availability using Hazelcast or memcached (Nick's tip). Has anyone tried this? Could you share how it was? Because I've never worked with it.
Another essential thing is the server side. We need to implement some High Availability schema for the server. And it would have to be something without downtime if possible.
I had already created a ticket for the HA issue on the guacamole server, in case there is a need to change the code. This would be an exceptional feature for medium to large environments.
Https://issues.apache.org/jira/browse/GUACAMOLE-283
Please help me in this, because the environment has fallen sometimes and the users get very frustrated .... And customers wanting to paralyze services for this.
Stay with GOD!
Aude et Effice!
Thiago.

RE: Implement HA on Guacamole Server

[James Fraser <Ja...@veritec.com.au>]

Hi Thiago

I have a "HA" setup currently running within Azure
We found to many timeout issues with using a PAAS solution for MYSQL so instead are running a simpler solution at the moment.

We have two servers, one is the Master and one is the slave.

We have a load balancer (traffic manager for setting priority)
Which selects server number 1 (master)
We are locking down the environment using oauth2 followed by LDAP and MYSQL.

Server 1 (Master) has a RW database and syncs data to Server 2 (Slave)

Guacamole on server 2 only have Read Only access to its database.
If server 1 goes off line, server 2 can and will continue to allow connectivity however it will not allow creation of new users or connections, nor will it log who is logged on etc


It is not a perfect but it does allow server 1 to be patched and/or go offline.





From: Thiago dos Santos Nunes [mailto:thiago@DIGITALINFORMATICA.COM.BR]
Sent: Friday, 21 July 2017 1:21 AM
To: user@guacamole.incubator.apache.org
Subject: Implement HA on Guacamole Server

Hi everyone,

Pax!
I need a lot of help.
We have a guacamole setting with approximately 100-200 simultaneous connections. And we're investigating the option of creating client high availability using Hazelcast or memcached (Nick's tip). Has anyone tried this? Could you share how it was? Because I've never worked with it.
Another essential thing is the server side. We need to implement some High Availability schema for the server. And it would have to be something without downtime if possible.
I had already created a ticket for the HA issue on the guacamole server, in case there is a need to change the code. This would be an exceptional feature for medium to large environments.
Https://issues.apache.org/jira/browse/GUACAMOLE-283
Please help me in this, because the environment has fallen sometimes and the users get very frustrated .... And customers wanting to paralyze services for this.
Stay with GOD!
Aude et Effice!
Thiago.