Implement HA on Guacamole Server

classic Classic list List threaded Threaded
8 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Implement HA on Guacamole Server

Thiago dos Santos Nunes

Hi everyone,

 

Pax!

I need a lot of help.

We have a guacamole setting with approximately 100-200 simultaneous connections. And we're investigating the option of creating client high availability using Hazelcast or memcached (Nick's tip). Has anyone tried this? Could you share how it was? Because I've never worked with it.

Another essential thing is the server side. We need to implement some High Availability schema for the server. And it would have to be something without downtime if possible.

I had already created a ticket for the HA issue on the guacamole server, in case there is a need to change the code. This would be an exceptional feature for medium to large environments.

Https://issues.apache.org/jira/browse/GUACAMOLE-283

Please help me in this, because the environment has fallen sometimes and the users get very frustrated .... And customers wanting to paralyze services for this.

Stay with GOD!

Aude et Effice!
Thiago.

 

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

RE: Implement HA on Guacamole Server

James Fraser

Hi Thiago

 

I have a “HA” setup currently running within Azure

We found to many timeout issues with using a PAAS solution for MYSQL so instead are running a simpler solution at the moment.

 

We have two servers, one is the Master and one is the slave.

 

We have a load balancer (traffic manager for setting priority)

Which selects server number 1 (master)

We are locking down the environment using oauth2 followed by LDAP and MYSQL.

 

Server 1 (Master) has a RW database and syncs data to Server 2 (Slave)

 

Guacamole on server 2 only have Read Only access to its database.

If server 1 goes off line, server 2 can and will continue to allow connectivity however it will not allow creation of new users or connections, nor will it log who is logged on etc

 


It is not a perfect but it does allow server 1 to be patched and/or go offline.

 

 

 

 

 

From: Thiago dos Santos Nunes [mailto:[hidden email]]
Sent: Friday, 21 July 2017 1:21 AM
To: [hidden email]
Subject: Implement HA on Guacamole Server

 

Hi everyone,

 

Pax!

I need a lot of help.

We have a guacamole setting with approximately 100-200 simultaneous connections. And we're investigating the option of creating client high availability using Hazelcast or memcached (Nick's tip). Has anyone tried this? Could you share how it was? Because I've never worked with it.

Another essential thing is the server side. We need to implement some High Availability schema for the server. And it would have to be something without downtime if possible.

I had already created a ticket for the HA issue on the guacamole server, in case there is a need to change the code. This would be an exceptional feature for medium to large environments.

Https://issues.apache.org/jira/browse/GUACAMOLE-283

Please help me in this, because the environment has fallen sometimes and the users get very frustrated .... And customers wanting to paralyze services for this.

Stay with GOD!

Aude et Effice!
Thiago.

 

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

RES: Implement HA on Guacamole Server

Thiago dos Santos Nunes

Thanks for sharing James (We have a same name.... but in another languages...).

 

My problem is not the Database server, but with Guacamole Server and the client.

 

How you address this questions:

 

- How to create session persistent in many guacamole client if one server goes down?

- How to not disconnect my users i fone guacamole server goes down?

- How to loadbalance the connections with many guacamole servers and many guacamole clients equality?

 

 

 

 

Fique com DEUS!

Aude et Effice!
Assinatura E-mail

 

De: James Fraser [mailto:[hidden email]]
Enviada em: domingo, 23 de julho de 2017 20:00
Para: [hidden email]
Assunto: RE: Implement HA on Guacamole Server

 

Hi Thiago

 

I have a “HA” setup currently running within Azure

We found to many timeout issues with using a PAAS solution for MYSQL so instead are running a simpler solution at the moment.

 

We have two servers, one is the Master and one is the slave.

 

We have a load balancer (traffic manager for setting priority)

Which selects server number 1 (master)

We are locking down the environment using oauth2 followed by LDAP and MYSQL.

 

Server 1 (Master) has a RW database and syncs data to Server 2 (Slave)

 

Guacamole on server 2 only have Read Only access to its database.

If server 1 goes off line, server 2 can and will continue to allow connectivity however it will not allow creation of new users or connections, nor will it log who is logged on etc

 


It is not a perfect but it does allow server 1 to be patched and/or go offline.

 

 

 

 

 

From: Thiago dos Santos Nunes [[hidden email]]
Sent: Friday, 21 July 2017 1:21 AM
To: [hidden email]
Subject: Implement HA on Guacamole Server

 

Hi everyone,

 

Pax!

I need a lot of help.

We have a guacamole setting with approximately 100-200 simultaneous connections. And we're investigating the option of creating client high availability using Hazelcast or memcached (Nick's tip). Has anyone tried this? Could you share how it was? Because I've never worked with it.

Another essential thing is the server side. We need to implement some High Availability schema for the server. And it would have to be something without downtime if possible.

I had already created a ticket for the HA issue on the guacamole server, in case there is a need to change the code. This would be an exceptional feature for medium to large environments.

Https://issues.apache.org/jira/browse/GUACAMOLE-283

Please help me in this, because the environment has fallen sometimes and the users get very frustrated .... And customers wanting to paralyze services for this.

Stay with GOD!

Aude et Effice!
Thiago.

 

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

RE: Implement HA on Guacamole Server

James Fraser

Hi Thiago

 

In answer to your questions we do not have load balancing for spreading load we have a load balancer for active/passive failover.

If we were able to have a PAAS solution for MySQL that was stable OR we stored all objects in active directory then we would essentially round robin the LB between servers.

 

I do not believe there would be any way to keep alive a connection in the event of a server crash as it’s a persistent connection to that server, the best outcome that I could see is the user refreshes  the browser and reconnects to the next host.

 

Sorry if this was not what you wanted to hear.

 

From: Thiago dos Santos Nunes [mailto:[hidden email]]
Sent: Monday, 24 July 2017 10:48 PM
To: [hidden email]
Subject: RES: Implement HA on Guacamole Server

 

Thanks for sharing James (We have a same name.... but in another languages...).

 

My problem is not the Database server, but with Guacamole Server and the client.

 

How you address this questions:

 

- How to create session persistent in many guacamole client if one server goes down?

- How to not disconnect my users i fone guacamole server goes down?

- How to loadbalance the connections with many guacamole servers and many guacamole clients equality?

 

 

 

 

Fique com DEUS!

Aude et Effice!
Assinatura E-mail

 

De: James Fraser [[hidden email]]
Enviada em: domingo, 23 de julho de 2017 20:00
Para: [hidden email]
Assunto: RE: Implement HA on Guacamole Server

 

Hi Thiago

 

I have a “HA” setup currently running within Azure

We found to many timeout issues with using a PAAS solution for MYSQL so instead are running a simpler solution at the moment.

 

We have two servers, one is the Master and one is the slave.

 

We have a load balancer (traffic manager for setting priority)

Which selects server number 1 (master)

We are locking down the environment using oauth2 followed by LDAP and MYSQL.

 

Server 1 (Master) has a RW database and syncs data to Server 2 (Slave)

 

Guacamole on server 2 only have Read Only access to its database.

If server 1 goes off line, server 2 can and will continue to allow connectivity however it will not allow creation of new users or connections, nor will it log who is logged on etc

 


It is not a perfect but it does allow server 1 to be patched and/or go offline.

 

 

 

 

 

From: Thiago dos Santos Nunes [[hidden email]]
Sent: Friday, 21 July 2017 1:21 AM
To: [hidden email]
Subject: Implement HA on Guacamole Server

 

Hi everyone,

 

Pax!

I need a lot of help.

We have a guacamole setting with approximately 100-200 simultaneous connections. And we're investigating the option of creating client high availability using Hazelcast or memcached (Nick's tip). Has anyone tried this? Could you share how it was? Because I've never worked with it.

Another essential thing is the server side. We need to implement some High Availability schema for the server. And it would have to be something without downtime if possible.

I had already created a ticket for the HA issue on the guacamole server, in case there is a need to change the code. This would be an exceptional feature for medium to large environments.

Https://issues.apache.org/jira/browse/GUACAMOLE-283

Please help me in this, because the environment has fallen sometimes and the users get very frustrated .... And customers wanting to paralyze services for this.

Stay with GOD!

Aude et Effice!
Thiago.

 

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Implement HA on Guacamole Server

segfault
In reply to this post by Thiago dos Santos Nunes
Hi,

I am trying this right now with memcached-session-manager. I have not been able to get it to work though. I can share my logs and more detail if anyone wants to help.

My set up is on AWS. I have a TCP ELB load balancer with two EC2 instances running guacamole on httpd. I have configured SSL Client Verification to be required on the instances.

I was thinking if you don't need SSL Client Verification, you could use an HTTPS ELB load balancer and configure sticky sessions on the ELB. You would have to terminate SSL connections at the load balancer though and this makes SSL client verification tricky if not impossible.

I am on the verge of just settling for an active/passive set up through the load balancer because I have tried everything I can think of to get the memcached-session-manager to work with no success.

Here's a link to some info about memcached-session-manager: https://github.com/magro/memcached-session-manager/wiki
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

RES: Implement HA on Guacamole Server

Thiago dos Santos Nunes
Thanks everyone!

Let me see segfault. Memchached teorically work with websocket? The session replication work with this?

Anybody can tell about sucess on working with memcached?

I need a lot put this working. And about high availability on server? How to do this?

Fique com DEUS!
Aude et Effice!


-----Mensagem original-----
De: segfault [mailto:[hidden email]]
Enviada em: quinta-feira, 27 de julho de 2017 18:31
Para: [hidden email]
Assunto: Re: Implement HA on Guacamole Server

Hi,

I am trying this right now with memcached-session-manager. I have not been able to get it to work though. I can share my logs and more detail if anyone wants to help.

My set up is on AWS. I have a TCP ELB load balancer with two EC2 instances running guacamole on httpd. I have configured SSL Client Verification to be required on the instances.

I was thinking if you don't need SSL Client Verification, you could use an HTTPS ELB load balancer and configure sticky sessions on the ELB. You would have to terminate SSL connections at the load balancer though and this makes SSL client verification tricky if not impossible.

I am on the verge of just settling for an active/passive set up through the load balancer because I have tried everything I can think of to get the memcached-session-manager to work with no success.

Here's a link to some info about memcached-session-manager:
https://github.com/magro/memcached-session-manager/wiki



--
View this message in context: http://apache-guacamole-incubating-users.2363388.n4.nabble.com/Implement-HA-on-Guacamole-Server-tp1343p1401.html
Sent from the Apache Guacamole (incubating) - Users mailing list archive at Nabble.com.
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: RES: Implement HA on Guacamole Server

segfault
Update: Just to see if I can load balance in AWS using ELB *without* SSL client verification, I set up a new load balancer as follows:

ELB Classic using HTTPS 443. I imported my key and cert and chain and created a new cert to use so I am terminating customer SSL at the ELB. I set session stickiness with: Stickiness: AppCookieStickinessPolicy, cookieName='JSESSIONID'

I then also configured backend SSL using the server cert to the two instances.

It seems to work fine so far I can log in and my session "sticks" to the machine I originally connected to.

I also stopped an instance I was logged into and, as expected, it booted me out. When the load balancer determined it was unhealthy, it connected me to the other node.

I still have my SSL client verification issue, but if you don't need that, you should be able to use ELB on AWS with no issues when session stickiness is turned on.
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

RE: Implement HA on Guacamole Server

Goncalo Rosa
In reply to this post by Thiago dos Santos Nunes
Hello Thiago,

I managed to implement High Availability Active Passive on Guacamole.

I just assured both are fully symmetric and put a firewall NLB in front of both servers. To assure that servers are always synchronized, I created a library of scripts that does all my needed functions, so that way, when I need to reset a user password or associate a new connection to a user, or create a new connection, for example, I do it from script and it does on both servers at the same time.

Its working like a charm.

But If we could have an active - active architecture would be great!

Gonçalo Rosa


W: www.v2s.us                   Skype: goncalo_rosa

-----Original Message-----
From: Thiago dos Santos Nunes [mailto:[hidden email]]
Sent: Thursday, July 27, 2017 19:18
To: [hidden email]
Subject: RES: Implement HA on Guacamole Server

Thanks everyone!

Let me see segfault. Memchached teorically work with websocket? The session replication work with this?

Anybody can tell about sucess on working with memcached?

I need a lot put this working. And about high availability on server? How to do this?

Fique com DEUS!
Aude et Effice!


-----Mensagem original-----
De: segfault [mailto:[hidden email]] Enviada em: quinta-feira, 27 de julho de 2017 18:31
Para: [hidden email]
Assunto: Re: Implement HA on Guacamole Server

Hi,

I am trying this right now with memcached-session-manager. I have not been able to get it to work though. I can share my logs and more detail if anyone wants to help.

My set up is on AWS. I have a TCP ELB load balancer with two EC2 instances running guacamole on httpd. I have configured SSL Client Verification to be required on the instances.

I was thinking if you don't need SSL Client Verification, you could use an HTTPS ELB load balancer and configure sticky sessions on the ELB. You would have to terminate SSL connections at the load balancer though and this makes SSL client verification tricky if not impossible.

I am on the verge of just settling for an active/passive set up through the load balancer because I have tried everything I can think of to get the memcached-session-manager to work with no success.

Here's a link to some info about memcached-session-manager:
https://github.com/magro/memcached-session-manager/wiki



--
View this message in context: http://apache-guacamole-incubating-users.2363388.n4.nabble.com/Implement-HA-on-Guacamole-Server-tp1343p1401.html
Sent from the Apache Guacamole (incubating) - Users mailing list archive at Nabble.com.
Loading...