Thanks!

[Lars Kellogg-Stedman <la...@redhat.com>]

Hey,

I just wanted to describe how we're using Guacamole, and thank
everyone for making a potentially complex project easy to implement.

I work *for* Red Hat, but I work *with* the Mass Open Cloud project.
Some folks from another university contacted wondering if they could
make use of one of our cloud environments to provide a group of
students with access to a Linux development environment.

An additional complication was that their students don't necessarily
have a lot of prior technical experience, and in many situations they
might not be able to install any software on their local systems (they
may be working from a library, or on a chromebook, etc). So...

- No local virtualization
- No PuTTY
- Etc.

I hadn't previously heard of Guacamole, but it really seemed like the
perfect match for our requirements. With just a little work, I was
able to glue together Keycloak, Guacamole, and our OpenShift
environment to create a functional solution that met all our
requirements:

- Students authenticate using their existing Google credentials.
  Guacamole's support for OpenID connect was really helpful here (we
  could have solved this using oauth2-proxy as well, but having the
  native support removes one level of complexity).

  We're able to manage group membership in Keycloak such that the
  instructor(s) can see all the connections for their students.

- The REST API made it very simple to hack together some scripts to
  automate the process of creating Guacamole connections, complete
  with cached credentials.

- We're using OpenShift virtualization, so it's also very easy to
  deploy a new virtual machine for each student.

All together, it takes just about 2 minutes from "May I have a virtual
machine?" to being able to log in and use it, and because we're
using ephemeral passwords and private keys stored with the Guacamole
connections we don't need to deal with credential distribution (or
with walking novice users through the process of generating an ssh
keypair).

This is one of those situations in which all the pieces really came
together in a way that was easier than I would have expected.
Guacamole is a really neat project and I wanted to thank everyone who
has worked on it; I've found it both well documented and easy to use.

Cheers,

-- 
Lars Kellogg-Stedman <la...@redhat.com> | larsks @ {irc,twitter,github}
http://blog.oddbit.com/                | N1LKS


---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@guacamole.apache.org
For additional commands, e-mail: user-help@guacamole.apache.org