Remote access with Guacamole

Many of us, who work in the technology industry, find it beneficial to have somewhere to learn and test new technologies. While providers such as Amazon, Rackspace and Digital Ocean etc, are enough for most Developers, we Sysadmins often need something more.

Labs

This means we end up creating our own Labs. For many these are hosted at home, and some host at external companies. Once we have setup our environment (probably a one to three hypervisors and many VMs and containers) the problem of remote access comes up.

Before I discuss solutions, lets look at which type of remoate access a sysadmin typically requires

Types of access

The types of remote access we need broadly fits into three catagorires

  • Console Based

  • Web UI Based

  • Desktop Based

Console Based

This one could be as simple as just setting up different port numbers to forward to different IP addresses internally - so port 50001 could be port-forwarded to port 22 on your Gitlab server, port 50002 could be forwarded to port 22 on your IdM server etc. The only downside to this is that if, at work, we are behind a firewall that blocks all ports apart from Web Ports (80 & 443). (A solution to this will be discussed lower down)

Web UI Based

Many/most applications these days provide a Web UI. Forwarding port 443 on your router to the application is quite straightforward, but what if you have many different Web UIs that you require access to? Again, we could use different port numbers to point to each one, but then you potentially run into the proxy issue mentioned above.

The best way to addesss this is to setup a reverse proxy (such as nginx) and forward port 443 to it. Then you can use SNI and different hostnames to access these applications. This is quite simple these days and the proxy is also a good place to setup certbot so that you dont have to present self-signed certificates to the world

Desktop Based

If the first two are not enough, and to be honest until recently they always have been, then you could also consider Desktop Based remote access. By this I mean that you have a VM running a desktop based OS and provide access to this desktop remotely. In the Windows world this is called Remote Desktop or Terminal Services. Again, we could just do some simple port forwards on our firewall but, yet again, we may face issues if access is required from behind a corporate firewall. This is the reason for this blogpost

In this post I will show how you can setup up browser based access to both console or desktops running at home (or in a remote lab)

Installation of Guacamole is documented in their online documentation. It is packaged for most distrubutions and it has also been containerised. That said, for a quick and easy was to get this setup, I used this hand script that I found linked off this site. After that, all that remains is to open the web site in your browser and login using the credentials below

Default username and password is guacadmin

Make sure that the very first thing you do is change the password, then you can go about adding connections to Guacamole.

Guacamole is a superb piece of open source software, and I simply cant be without it now - I urge you to take a look

OSG