11/12/13

Guacamole - HTML5 based RDP Connection | Deviant Engineer | Deviant Engineer

Home About

Guacamole HTML5 based RDP Connection

Posted by Derek Horn in Linux on Aug 23rd, 2013 | 0 comments In my quest to simplify my technical life, I have been entertaining the idea of retiring my laptop and buying a Chromebook. From a hardware perspective, Chrome OS is mostly web based and doesn't require much for end user hardware. Not to mention the low price of $200-250 for a Samsung Chromebook, I would much rather buy one of those every few years instead of a new $1,000 laptop. At first thought, I was certain that a Chromebook would not allow me to do everything I need to do from a laptop. My primary use on a laptop is for web based applications and browsing, email, Office, and RDP. RDP is very important for me so that I can manage the 2530 Windows based devices on my network. I currently use Devolution's Remote Desktop Manager, which is a very nice piece of software. It manages all of my RDP connections, as well as SSH connections, certain websites (i.e., Webmin), and organizes it all with saved credentials. I have my RDM profile stored via FTP on a server at home, so my config is always up to date from any computer that I used RDM from, which is the nicest feature in my opinion. With researching a Chromebook, I have discovered that HTML5 based RDP apps are a thing. Who knew??! From some basic testing, they seem to work pretty well. Chrome RDP is a Chrome App that allows for a simple RDP connection, and you can save your list of connections, but for me there are three faults. Can't save credentials, doesn't support NLA (Network Level Authentication) and can't use RD Gateway. I have a RD Gateway in place, so that is very important for me, so that's a deal breaker. With a little bit of research, I found a few HTML5 RDP products that have their own Gateway server that I would put on my network, so I could access a website, login (with LDAP integration, mind you), and click on the connection I want and it would log me in via RDP (or SSH, or VNC) to a server on my internal network. This is great! There are a few products out there, but I like Open Source because I'm cheap. Guacamole seems to be the logical choice, from a pure research perspective. It seems to do what I am looking for, so I decided to set it up. Here's how I did it.

So since my personal environment at home runs on Hyper-V, and Guacamole runs on Linux, I decided to use CentOS 6.4 since it just works with Hyper-V (CentOS 6.4, as well as RHEL, now include Hyper-V drivers so no more installing Integration Components and not having mouse support). So I spun up a new VM (20GB dynamically expanding HDD, 1 vCPU, 2GB of static RAM, and 1 NIC on my LAN), installed CentOS 6.4, and enabled SSH. Very basic setup. Fedora has a great package in it's repo, which also works for RHEL and CentOS as long as you add the EPEL repo. However, version 0.8.2 is the latest in this repo, and I want version 0.8.3 (release just a few days ago) since it supports NLA which is a must for me. So let's just build it from source! ***Note, I am connected via SSH (using Bitvise) to do all configuration. I am also installing the MySQL Authentication package to store my connections in a DB instead of a plain text XML file. And finally

Let's do the Install!

1.) Prerequisites:
#a r c h = $ ( u n a m ep ) #r p mU v hh t t p : / / d l . f e d o r a p r o j e c t . o r g / p u b / e p e l / 6 / $ a r c h / e p e l r e l e a s e 6 8 . n o a r c h . r p m #w g e th t t p : / / d o w n l o a d . o p e n s u s e . o r g / r e p o s i t o r i e s / h o m e : / f e l f e r t / C e n t O S _ C e n t O S 6 / h o m e : f e l f e r t . r e p o #c ph o m e \ : f e l f e r t . r e p o/ e t c / y u m . r e p o s . d / #y u myi n s t a l lt o m c a t 6l i b v n c s e r v e rf r e e r d pl i b v o r b i sl i b g u a cl i b g u a c c l i e n t v n cl i b g u a c c l i e n t r d p l i b g u a c c l i e n t s s hg c cc a i r o d e v e lp a n g o d e v e ll i b v o r b i s d e v e lo p e n s s l d e v e lp u l s e a u d i o l i b s d e v e l l i b s s h d e v e ll i b v n c s e r v e r d e v e lf r e e r d p d e v e l
deviantengineer.com/guacamole-html5-rdp 1/7

11/12/13

Guacamole - HTML5 based RDP Connection | Deviant Engineer | Deviant Engineer

The above is going to first set the architecture variable (I am using x86_64) and add the EPEL repo as well as the felfert repo, which contains some of the prereqs we need. Finally, it's installing all of the packages we need for Guacamole to work, as well as all the dev tools we need to compile from source.

2.) Now we download the binary and compile:

#m k d i rg u a c a m o l e #c dg u a c a m o l e #w g e th t t p : / / s o u r c e f o r g e . n e t / p r o j e c t s / g u a c a m o l e / f i l e s / c u r r e n t / s o u r c e / g u a c a m o l e s e r v e r 0 . 8 . 3 . t a r . g z / d o w n l o a d #t a rx z fg u a c a m o l e s e r v e r 0 . 8 . 3 . t a r . g z #c dg u a c a m o l e s e r v e r 0 . 8 . 3 #. / c o n f i g u r ew i t h i n i t d i r = / e t c / i n i t . d #m a k e #m a k ei n s t a l l #l d c o n f i g The above is going to make a new directory, download the binary, tar, and load the configure script that is included. When this script runs it will echo the library status as well as what protocols are supported. With the above prerequisites, all library should be included and all three protocols (RDP, SSH, VNC) should be supported. Make and make install will create the package and install it for us, while ldconfig is clearing the library cache so that is fully up to date.

3.) Guacamole Server is the first piece, and it is now installed. The guacd service should have been created, but not yet started. The second piece is the Guacamole Client, which is the web interface for managing connections and connecting. We do not need to build this from source since the wonderful devs who work with Guacamole have release a version 0.8.3 .war file for us, which is what we need since this runs under Tomcat6. #m k d i r/ v a r / l i b / g u a c a m o l e #c d/ v a r / l i b / g u a c a m o l e / #w g e th t t p : / / s o u r c e f o r g e . n e t / p r o j e c t s / g u a c a m o l e / f i l e s / c u r r e n t / b i n a r y / g u a c a m o l e 0 . 8 . 3 . w a r / d o w n l o a d #l nf/ v a r / l i b / g u a c a m o l e / g u a c a m o l e . w a r/ v a r / l i b / t o m c a t 6 / w e b a p p s The above is going to create our guacamole directory and download the .war file, and then we create a link from the .war to the tomcat6 webapps directory so tomcat6 will explode the .war as needed. Using links will simplify the upgrade process for the Guacamole Client (simply replace the .war in /var/lib/guacamole with the newer version, using the same name, and restart tomcat6).

4.) Now that we have both the Guacamole Server and Guacamole Client installed, let's install the third and final piece which is for the MySQL Authentication. #r p mU v hh t t p : / / d l . f e d o r a p r o j e c t . o r g / p u b / e p e l / 6 / i 3 8 6 / e p e l r e l e a s e 6 8 . n o a r c h . r p m #r p mU v hh t t p : / / r p m s . f a m i l l e c o l l e t . c o m / e n t e r p r i s e / r e m i r e l e a s e 6 . r p m #y u mye n a b l e r e p o = r e m i , r e m i t e s ti n s t a l lm y s q lm y s q l s e r v e r #m k d i r/ r o o t / g u a c a m o l e / s q l a u t h #c d/ r o o t / g u a c a m o l e / s q l a u t h #w g e th t t p : / / s o u r c e f o r g e . n e t / p r o j e c t s / g u a c a m o l e / f i l e s / c u r r e n t / e x t e n s i o n s / g u a c a m o l e a u t h m y s q l 0 . 8 . 2 . t a r . g z / d o w n l o a d #t a rz x fg u a c a m o l e a u t h m y s q l 0 . 8 . 2 . t a r . g z #w g e th t t p : / / d e v . m y s q l . c o m / g e t / D o w n l o a d s / C o n n e c t o r J / m y s q l c o n n e c t o r j a v a 5 . 1 . 2 6 . t a r . g z / f r o m / h t t p : / / c d n . m y s q l . c o m / #t a rz x fm y s q l c o n n e c t o r j a v a 5 . 1 . 2 6 . t a r . g z #m v/ r o o t / g u a c a m o l e / s q l a u t h / m y s q l c o n n e c t o r j a v a 5 . 1 . 2 6 / m y s q l c o n n e c t o r j a v a 5 . 1 . 2 6 b i n . j a r / r o o t / g u a c a m o l e / s q l a u t h / g u a c a m o l e a u t h m y s q l 0 . 8 . 2 / l i b #c p/ r o o t / g u a c a m o l e / s q l a u t h / g u a c a m o l e a u t h m y s q l 0 . 8 . 2 / l i b / */ v a r / l i b / g u a c a m o l e / c l a s s p a t h / #/ e t c / i n i t . d / m y s q l ds t a r t The above is adding the correct repos, installing mysql, downloading the needed .jar files, and moving them where they belong. All but one .jar file is included in the Guacamole MySQL Auth download, but one is the MySQL Java connection which is downloaded from MySQL.com.

5.) Now we can create our MySQL Database, User, and Configure permissions:
#m y s q l a d m i nur o o tp a s s w o r dM y S Q L R o o t P a $ $ #m y s q lur o o tp #M y S Q L R o o t P a $ $ #c r e a t ed a t a b a s eg u a c a m o l e ; #c r e a t eu s e r' g u a c a m o l e ' @ ' l o c a l h o s t 'i d e n t i f i e db y' g u a c D B P a $ $ ' ;
deviantengineer.com/guacamole-html5-rdp 2/7

11/12/13

Guacamole - HTML5 based RDP Connection | Deviant Engineer | Deviant Engineer

#g r a n ts e l e c t , i n s e r t , u p d a t e , d e l e t eo ng u a c a m o l e . *t o' g u a c a m o l e ' @ ' l o c a l h o s t ' ; #f l u s hp r i v i l e g e s ; #q u i t The above will set your MySQL Root password (consider changing this, or feel free to use the one in my scripts), create the guacamole database, and create a user called guacamole with the needed permissions on the guacamole database.

6.) Create Database tables with Schema scripts:

#c d/ r o o t / g u a c a m o l e / s q l a u t h / g u a c a m o l e a u t h m y s q l 0 . 8 . 2 / s c h e m a / #c a t. / * . s q l|m y s q lur o o tpg u a c a m o l e #M y S Q L R o o t P a $ $ The above will run the .SQL scripts that are included with the Guacamole MySQL Authentication package to generate the neede tables and create the default administrator user.

7.) The install is now complete! Now we configure Guacamole to talk to the database. #m k d i r/ e t c / g u a c a m o l e #m k d i r/ u s r / s h a r e / t o m c a t 6 / . g u a c a m o l e #m k d i r/ v a r / l i b / g u a c a m o l e / c l a s s p a t h #v i/ e t c / g u a c a m o l e / g u a c a m o l e . p r o p e r t i e s The above is creating our needed directories, and then creating the guacamole.properties file. This file is what tomcat6 uses to know what port to talk to guacd on as well as how to access the database. Here is a basic guacamole.properties file that will do what you need. #H o s t n a m ea n dp o r to fg u a c a m o l ep r o x y g u a c d h o s t n a m e :l o c a l h o s t g u a c d p o r t : 4 8 2 2 #L o c a t i o nt or e a de x t r a. j a r ' sf r o m l i b d i r e c t o r y : / v a r / l i b / g u a c a m o l e / c l a s s p a t h #A u t h e n t i c a t i o np r o v i d e rc l a s s a u t h p r o v i d e r :n e t . s o u r c e f o r g e . g u a c a m o l e . n e t . a u t h . m y s q l . M y S Q L A u t h e n t i c a t i o n P r o v i d e r #M y S Q Lp r o p e r t i e s m y s q l h o s t n a m e :l o c a l h o s t m y s q l p o r t :3 3 0 6 m y s q l d a t a b a s e :g u a c a m o l e m y s q l u s e r n a m e :g u a c a m o l e m y s q l p a s s w o r d :g u a c D B P a $ $ This will configure guacamole to use the database and user that we created on the default port of 4822. Note, this is for internal communication only and is not the port that you will be accessing the web interface on.

8.) Now we need to link the guacamole.properties file we create into our tomcat6 directory. #l ns f/ e t c / g u a c a m o l e / g u a c a m o l e . p r o p e r t i e s/ u s r / s h a r e / t o m c a t 6 / . g u a c a m o l e /

9.) Finally, we do a little cleanup and restart the needed services. This will also set all three services (guacd, tomcat6, mysqld) to start automatically at boot. #r mr f/ r o o t / h o m e : f e l f e r t . r e p o #r mr f/ v a r / l i b / g u a c a m o l e / c l a s s p a t h / s c h e m a #r mr f/ r o o t / g u a c a m o l e #c h k c o n f i gt o m c a t 6o n #c h k c o n f i gm y s q l do n #c h k c o n f i gg u a c do n #/ e t c / i n i t . d / t o m c a t 6r e s t a r t #/ e t c / i n i t . d / m y s q l dr e s t a r t #/ e t c / i n i t . d / g u a c dr e s t a r t

deviantengineer.com/guacamole-html5-rdp

3/7

11/12/13

Guacamole - HTML5 based RDP Connection | Deviant Engineer | Deviant Engineer

That wasn't so hard, now what is?? Now that everything is installed and configured, we can access our Guacamole install at http://<IP OR SERVER NAME>:8080/guacamole ***Please note that iptables is probably running and won't allow you to access that IP from outside the local host. I disabled iptables for my install, for simplicity. You probably want to take a minute and configure iptables for optimal security. The default login information is: Username: guacadmin Password: guacadmin

Once logged in, you will see a green "Manage" button in the top right, which is where you go to configure users and connections.

To add a new connection, click the green "New Connection" button in the middle of the screen. When creating an RDP connection for use with NLA, you have to have credentials stored, otherwise the connection will fail. Here is what my connections look like.

deviantengineer.com/guacamole-html5-rdp

4/7

11/12/13

Guacamole - HTML5 based RDP Connection | Deviant Engineer | Deviant Engineer

I use 24 colors just because I don't notice a difference vs 32 colors on my 10" Chromebook screen, and performace is better. Here is an open connection to one of my Server 2012 Hyper-V hosts. This is connected over the internet (I use Dynamic DNS to a domain name I own, and also use Port Address Translation on my firewall, keeping port 8080 for internal, but external it is a different port). It connected in about 7-10 seconds, and that includes the time to log into the box. Overall, performance is great and I love it!

So there it is. Give it a try and let me know what you think!

Leave a Reply
Name (required)

deviantengineer.com/guacamole-html5-rdp

5/7

11/12/13

Guacamole - HTML5 based RDP Connection | Deviant Engineer | Deviant Engineer

Mail (will not be published) (required) Website

Submit Comment

Notify me of follow-up comments by email. Notify me of new posts by email.

Recent Posts
Guacamole HTML5 based RDP Connection SetupComplete.CMD Force ConfigMgr to Check Policy at Logon for VDI Highly Available Server 2012 VDI Customizing the WinX Menu in Windows 8 Deviant Engineer is Back Online and Ready to Rock!

Tags

App-V VDI

Chromebook

ConfigMgr

Guacamole Highly Available HT ML5 Linux

Microsoft

RDP Registry Server 2012 SSH Start Button

VNC Windows 7 Windows 8 WinX

Adsense

deviantengineer.com/guacamole-html5-rdp

6/7

11/12/13

Guacamole - HTML5 based RDP Connection | Deviant Engineer | Deviant Engineer

Copyright 2013 All Rights Reserved Deviant Engineer

deviantengineer.com/guacamole-html5-rdp

7/7