guacamole - html5 based rdp connection _ deviant engineer _ deviant engineer

11/12/13 Guacamole - HTML5 based RDP Connection | Deviant Engineer | Deviant Engineer

deviantengineer.com/guacamole-html5-rdp 1/7

Home

About

Guacamole HTML5 based RDP Connection

Posted by Derek Horn in Linux on Aug 23rd, 2013 | 0 comments

In my quest to simplify my technical life, I have been entertaining the idea of retiring my laptop and buying a Chromebook. From a

hardware perspective, Chrome OS is mostly web based and doesn't require much for end user hardware. Not to mention the low price

of $200-250 for a Samsung Chromebook, I would much rather buy one of those every few years instead of a new $1,000 laptop. At

first thought, I was certain that a Chromebook would not allow me to do everything I need to do from a laptop. My primary use on a

laptop is for web based applications and browsing, email, Office, and RDP. RDP is very important for me so that I can manage the 25-

30 Windows based devices on my network. I currently use Devolution's Remote Desktop Manager, which is a very nice piece ofsoftware. It manages all of my RDP connections, as well as SSH connections, certain websites (i.e., Webmin), and organizes it all with

saved credentials. I have my RDM profile stored via FTP on a server at home, so my config is always up to date from any computer

that I used RDM from, which is the nicest feature in my opinion.

With researching a Chromebook, I have discovered that HTML5 based RDP apps are a thing. Who knew??! From some basictesting, they seem to work pretty well. Chrome RDP is a Chrome App that allows for a simple RDP connection, and you can save your

list of connections, but for me there are three faults. Can't save credentials, doesn't support NLA (Network Level Authentication) and

can't use RD Gateway. I have a RD Gateway in place, so that is very important for me, so that's a deal breaker. With a little bit of

research, I found a few HTML5 RDP products that have their own Gateway server that I would put on my network, so I could access awebsite, login (with LDAP integration, mind you), and click on the connection I want and it would log me in via RDP (or SSH, or VNC)

to a server on my internal network. This is great!

There are a few products out there, but I like Open Source because I'm cheap. Guacamole seems to be the logical choice, from a pure

research perspective. It seems to do what I am looking for, so I decided to set it up. Here's how I did it.

So since my personal environment at home runs on Hyper-V, and Guacamole runs on Linux, I decided to use CentOS 6.4 since it just

works with Hyper-V (CentOS 6.4, as well as RHEL, now include Hyper-V drivers so no more installing Integration Components and

not having mouse support). So I spun up a new VM (20GB dynamically expanding HDD, 1 vCPU, 2GB of static RAM, and 1 NIC onmy LAN), installed CentOS 6.4, and enabled SSH. Very basic setup. Fedora has a great package in it's repo, which also works for

RHEL and CentOS as long as you add the EPEL repo. However, version 0.8.2 is the latest in this repo, and I want version 0.8.3

(release just a few days ago) since it supports NLA which is a must for me. So let's just build it from source!

***Note, I am connected via SSH (using Bitvise) to do all configuration. I am also installing the MySQL Authentication package to

store my connections in a DB instead of a plain text XML file.

And finally

Let's do the Install!

1.) Prerequisites:# arch=$(uname -p)# rpm -Uvh http://dl.fedoraproject.org/pub/epel/6/$arch/epel-release-6-8.noarch.rpm# wget http://download.opensuse.org/repositories/home:/felfert/CentOS_CentOS-6/home:felfert.repo# cp home\:felfert.repo /etc/yum.repos.d/# yum -y install tomcat6 libvncserver freerdp libvorbis libguac libguac-client-vnc libguac-client-rdplibguac-client-ssh gcc cairo-devel pango-devel libvorbis-devel openssl-devel pulseaudio-libs-devellibssh-devel libvncserver-devel freerdp-devel



The above is going to first set the architecture variable (I am using x86_64) and add the EPEL repo as well as the felfert repo, which contains some of theprereqs we need. Finally, it's installing all of the packages we need for Guacamole to work, as well as all the dev tools we need to compile from source.

2.) Now we download the binary and compile:# mkdir guacamole# cd guacamole# wget http://sourceforge.net/projects/guacamole/files/current/source/guacamole-server-0.8.3.tar.gz/download# tar -xzf guacamole-server-0.8.3.tar.gz# cd guacamole-server-0.8.3# ./configure --with-init-dir=/etc/init.d# make# make install# ldconfig

The above is going to make a new directory, download the binary, tar, and load the configure script that is included. When this script runs it will echo thelibrary status as well as what protocols are supported. With the above prerequisites, all library should be included and all three protocols (RDP, SSH,VNC) should be supported. Make and make install will create the package and install it for us, while ldconfig is clearing the library cache so that is fullyup to date.

3.) Guacamole Server is the first piece, and it is now installed. The guacd service should have been created, but not yet started. The second piece is theGuacamole Client, which is the web interface for managing connections and connecting. We do not need to build this from source since the wonderfuldevs who work with Guacamole have release a version 0.8.3 .war file for us, which is what we need since this runs under Tomcat6.# mkdir /var/lib/guacamole# cd /var/lib/guacamole/# wget http://sourceforge.net/projects/guacamole/files/current/binary/guacamole-0.8.3.war/download# ln -f /var/lib/guacamole/guacamole.war /var/lib/tomcat6/webapps

The above is going to create our guacamole directory and download the .war file, and then we create a link from the .war to the tomcat6 webapps directoryso tomcat6 will explode the .war as needed. Using links will simplify the upgrade process for the Guacamole Client (simply replace the .war in/var/lib/guacamole with the newer version, using the same name, and restart tomcat6).

4.) Now that we have both the Guacamole Server and Guacamole Client installed, let's install the third and final piece which is for the MySQLAuthentication.# rpm -Uvh http://dl.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm# rpm -Uvh http://rpms.famillecollet.com/enterprise/remi-release-6.rpm# yum -y --enablerepo=remi,remi-test install mysql mysql-server# mkdir /root/guacamole/sqlauth# cd /root/guacamole/sqlauth# wget http://sourceforge.net/projects/guacamole/files/current/extensions/guacamole-auth-mysql-0.8.2.tar.gz/download# tar -zxf guacamole-auth-mysql-0.8.2.tar.gz# wget http://dev.mysql.com/get/Downloads/Connector-J/mysql-connector-java-5.1.26.tar.gz/from/http://cdn.mysql.com/ # tar -zxf mysql-connector-java-5.1.26.tar.gz# mv /root/guacamole/sqlauth/mysql-connector-java-5.1.26/mysql-connector-java-5.1.26-bin.jar/root/guacamole/sqlauth/guacamole-auth-mysql-0.8.2/lib# cp /root/guacamole/sqlauth/guacamole-auth-mysql-0.8.2/lib/* /var/lib/guacamole/classpath/# /etc/init.d/mysqld start

The above is adding the correct repos, installing mysql, downloading the needed .jar files, and moving them where they belong. All but one .jar file isincluded in the Guacamole MySQL Auth download, but one is the MySQL Java connection which is downloaded from MySQL.com.

5.) Now we can create our MySQL Database, User, and Configure permissions:# mysqladmin -u root password MySQLRootPa$$# mysql -u root -p# MySQLRootPa$$# create database guacamole;# create user 'guacamole'@'localhost' identified by 'guacDBPa$$';



# grant select,insert,update,delete on guacamole.* to 'guacamole'@'localhost';# flush privileges;# quit

The above will set your MySQL Root password (consider changing this, or feel free to use the one in my scripts), create the guacamole database, andcreate a user called guacamole with the needed permissions on the guacamole database.

6.) Create Database tables with Schema scripts:# cd /root/guacamole/sqlauth/guacamole-auth-mysql-0.8.2/schema/# cat ./*.sql | mysql -u root -p guacamole# MySQLRootPa$$

The above will run the .SQL scripts that are included with the Guacamole MySQL Authentication package to generate the neede tables and create thedefault administrator user.

7.) The install is now complete! Now we configure Guacamole to talk to the database.# mkdir /etc/guacamole# mkdir /usr/share/tomcat6/.guacamole# mkdir /var/lib/guacamole/classpath# vi /etc/guacamole/guacamole.properties

The above is creating our needed directories, and then creating the guacamole.properties file. This file is what tomcat6 uses to know what port to talk toguacd on as well as how to access the database. Here is a basic guacamole.properties file that will do what you need.

# Hostname and port of guacamole proxyguacd-hostname: localhostguacd-port: 4822

# Location to read extra .jar's fromlib-directory: /var/lib/guacamole/classpath

# Authentication provider classauth-provider: net.sourceforge.guacamole.net.auth.mysql.MySQLAuthenticationProvider

# MySQL propertiesmysql-hostname: localhostmysql-port: 3306mysql-database: guacamolemysql-username: guacamolemysql-password: guacDBPa$$

This will configure guacamole to use the database and user that we created on the default port of 4822. Note, this is for internal communication only andis not the port that you will be accessing the web interface on.

8.) Now we need to link the guacamole.properties file we create into our tomcat6 directory.# ln -sf /etc/guacamole/guacamole.properties /usr/share/tomcat6/.guacamole/

9.) Finally, we do a little cleanup and restart the needed services. This will also set all three services (guacd, tomcat6, mysqld) to start automatically atboot.# rm -rf /root/home:felfert.repo# rm -rf /var/lib/guacamole/classpath/schema# rm -rf /root/guacamole# chkconfig tomcat6 on# chkconfig mysqld on# chkconfig guacd on# /etc/init.d/tomcat6 restart# /etc/init.d/mysqld restart# /etc/init.d/guacd restart



That wasn't so hard, now what is?? Now that everything is installed and configured, we can access our Guacamole install at http://:8080/guacamole***Please note that iptables is probably running and won't allow you to access that IP from outside the local host. I disabled iptables for my install, forsimplicity. You probably want to take a minute and configure iptables for optimal security.The default login information is:Username: guacadminPassword: guacadmin

Once logged in, you will see a green "Manage" button in the top right, which is where you go to configure users and connections.

To add a new connection, click the green "New Connection" button in the middle of the screen. When creating an RDP connection foruse with NLA, you have to have credentials stored, otherwise the connection will fail. Here is what my connections look like.



I use 24 colors just because I don't notice a difference vs 32 colors on my 10" Chromebook screen, and performace is better. Here is

an open connection to one of my Server 2012 Hyper-V hosts. This is connected over the internet (I use Dynamic DNS to a domainname I own, and also use Port Address Translation on my firewall, keeping port 8080 for internal, but external it is a different port). Itconnected in about 7-10 seconds, and that includes the time to log into the box. Overall, performance is great and I love it!

So there it is. Give it a try and let me know what you think!

Leave a Reply

Name (required)



Mail (will not be published) (required)

Website

Submit Comment

Notify me of follow-up comments by email.

Notify me of new posts by email.

Recent Posts

Guacamole HTML5 based RDP Connection

SetupComplete.CMD Force ConfigMgr to Check Policy at Logon for VDIHighly Available Server 2012 VDI

Customizing the WinX Menu in Windows 8Deviant Engineer is Back Online and Ready to Rock!

Tags

App-V Chromebook ConfigMgr Guacamole Highly Available HTML5 Linux Microsoft RDP Registry Server 2012 SSH Start ButtonVDI VNC Windows 7 Windows 8 WinX

Adsense

guacamole - html5 based rdp connection _ deviant engineer _ deviant engineer

Documents