I’ve seen mention of a great app called Guacamole. The official blurb from their website says this:
Apache Guacamole is a clientless remote desktop gateway. It supports standard protocols like VNC, RDP, and SSH.
We call it clientless because no plugins or client software are required.
Thanks to HTML5, once Guacamole is installed on a server, all you need to access your desktops is a web browser.
I’ve installed Guacamole a few years back to try it out and I thought it was pretty amazing. But I’m sure others are looking at it and wondering how it can be useful and why would anyone want to add it. I thought I would share my plans for our office’s use case for it.
We are an assaylab business so we use special machines at each workstation to help us do our daily work. The machines have a physical/hardware component and run using software. Rarely does the hardware fail so if there are issues it’s usually with the setup in the software.
All of our workstations that run the software for these machines are locked down from Internet access at our gateway. They are almost like dumb terminals in that they are always running and logged in with a generic account so an operator can go to any workstation and use it. This is a really quick overview of our operation so I’m skipping a lot of detail but you get the idea of our setup now.
All our workstations have VNC Server installed on them so I can remote into the office via VPN to assist. There is no access to any of these workstations from outside unless I’ve granted VPN access.
Our vendors do provide remote support via Internet but with all workstations locked down they cannot automatically remote in and assist when an operator requires help. I have provided VPN access to our vendor (and only allowed them access to the workstations they need to get too) but then our vendor needs to have a list of IP’s for each workstation. It works but is kind of messy.
This is where I see Guacamole can help. Serving up a webpage and creating a user account for our vendor I can display the workstations they can have access too. They can use VNC to look over our operators shoulder and assist. I still prefer to use VPN access as I don’t want to leave the Guacamole page opened for hackers to try and break in. But for a short period of time I suppose I could expose the Guacamole webpage to the Net for the duration of the vendor that provides support. It’s always best to be careful so VPN is very important to me and our office.
If others have a use case for Guacamole they would like to share I’d like to hear it!