When we say Guacamole, we are generally referring to the web application produced by the Apache Guacamole project. With Guacamole you just need a web browser or any internet enabled device to remotely access your desktops, applications and servers.

At Blueloop, we’ve implemented Guacamole solutions for a wide range of uses, including remote access to IT systems on ships! In this article, we would like to share a few interesting ways that you can use Guacamole beyond typical system administration deployments.

Windows desktop applications in your browser

Although many applications have moved to the cloud, there are still good reasons to run software on-premises. Perhaps your organisation has legacy software that requires a specific Windows environment or you need to comply with some regulation.

Multiple users can access on-premises Windows applications by using Guacamole and RemoteApp, a feature of Microsoft’s Remote Desktop Services (RDS).

Adding a connection to a published RemoteApp in Guacamole lets users access it in their web browser.

• Guacamole makes the application available anywhere inside your organisation.
• Access to your software is secured by integrated authentication, MFA and RBAC to protect against unauthorised access.

Sharing remote access

Guacamole lets users share an open connection with anyone by sending them a special URL.

But what if you wanted to:

• Provide multiple connections to a third party for support?
• Give temporary access to a contractor?
• Provide a demonstration or training to a group?

For these cases, you can use the Encrypted JSON authentication extension.

This extension lets you create a configuration definition for a user and associated connections. Sending the encrypted configuration to Guacamole returns a token. URLs created using the token take the recipient directly to the Guacamole web application or a particular connection. While configuration and URL creation can done by hand, a better approach is to create a custom software solution.

Reuse of connections is not possible once the user logs out. They also include an expiry date and time.

Each connection configuration can include the ability to turn on session recording and allow joining of other connections. You might turn on session recording when providing access for a contractor. For training, you can configure your audience connections to join read-only, preventing them from being able to control your presenter session.

The video below demonstrates a training scenario where the audience member (right) joins the presenter’s desktop session (left).

Including Guacamole in a web page

We’ve received several enquires about including guacamole in a web page. Sometimes these request relate to education and training, where remote desktop or terminal access is to be provided alongside other content. Alternatively, the requirement is to provide access to a Windows application as part of a larger web application.

It is possible to show Guacamole in a web page using an <iframe>, but that’s not recommended. This can work well for some uses, combined with the Encrypted JSON authentication (described above) and read only access.

Developing a custom client is the preferred approach for seamless integration. This completely replaces the Guacamole web application and database. The Guacamole proxy, guacd, makes connections to the remote systems and communicates with the custom client using guacamole protocol.

The custom client software provides connection details and tells guacd to start a connection, then forwards guacamole protocol messages between guacd and the browser. Guacamole’s JavaScript component displays the desktop or terminal.

The video below demonstrates a custom client created in Python, with Guacamole embedded in a custom web page.

Summary

We’ve shown you few interesting uses for Guacamole beyond straightforward system remote access.

• With RemoteAPP you can publish Windows applications and securely deliver them to your users via a web browser.
• You can provide temporary remote access and share sessions for training or support.
• Creating a custom Guacamole client lets you seamlessly integrate remote access into your own applications.

Is providing remote access to applications a challenge for your organisation? We can help.

Call us on 01460 271055 to discuss your needs, or send a few details on our enquiry form below.