Viewing active connections while using user-mapping.xml

classic Classic list List threaded Threaded
10 messages Options
Reply | Threaded
Open this post in threaded view
|

Viewing active connections while using user-mapping.xml

Roman V. Isaev
Is it possible to view active connections while using user-mapping.xml?

I have our internal database with ~200 users and their computers.
It's trivial to export them as user-mapping.xml (and re-export as
needed, because that database is fluid with all hires/leaves), but
with user-mapping.xml I can't login as guacadmin and check who's
online and can't use rest api to fetch active connections
information too.

I tried to run both user-mapping and sql authorizations at once.
They co-exist, but sql backend can't see user-mapping's connections..

I tried rest api, but it seems to be broken, or at least guacapy
library seems to be broken. It can fetch data, but it does not add
anything, here is an issue:
https://github.com/pschmitt/guacapy/issues/31

I don't like the idea of messing with sql tables directly, too.

This leaves the only option user-mapping.xml, but again, how
to fetch active connections?

--
    Roman V. Isaev    http://www.isaev.ru    Moscow, Russia

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Viewing active connections while using user-mapping.xml

vnick
On Sat, Apr 4, 2020 at 5:58 AM Roman V. Isaev <[hidden email]> wrote:
Is it possible to view active connections while using user-mapping.xml?


No, the user-mapping.xml file is designed to be a very simple mechanism to test that authentication is working, and does not support most of the extended features that the other authentication mechanisms do.
 
I have our internal database with ~200 users and their computers.
It's trivial to export them as user-mapping.xml (and re-export as
needed, because that database is fluid with all hires/leaves), but
with user-mapping.xml I can't login as guacadmin and check who's
online and can't use rest api to fetch active connections
information too.


If you have another database, I'd suggest that you could use some sort of ETL tool, either of your own build/design, or some free ones that are out there (Pentaho is good) to automate the load of data from one system to the other.  The Guacamole JDBC schema is well-documented in the manual, and can be manipulated underneath the client so long as the schema and data are consistent.
 
I tried to run both user-mapping and sql authorizations at once.
They co-exist, but sql backend can't see user-mapping's connections..


One of the key features that the user-mapping.xml authentication mechanism does not support is layering with other modules, so this likely won't work.
 
I tried rest api, but it seems to be broken, or at least guacapy
library seems to be broken. It can fetch data, but it does not add
anything, here is an issue:
https://github.com/pschmitt/guacapy/issues/31


I'm not familiar with this tool - it isn't something directly supported by the project.  Not sure if the author is lurking about here - if so, perhaps they can chime in on it, but it's not a familiar tool to me.
 
I don't like the idea of messing with sql tables directly, too.


See:

You should be careful, but it is documented in the manual because we have foreseen the possibility that folks will want to manipulate the data directly.

-Nick
Reply | Threaded
Open this post in threaded view
|

hardware requirements for Guacamole

kang
Hi.

The other day, I asked a question about load balancing on Guacamole. 
Nick provided useful information in that respect. Thanks again Nick!   
On the other hand, I'd like to get some idea of how many desktop
connections a single Guacamole server could handle.  There's really very
little information about that online (that I can find).  I understand
that different users will all do different activities (text editing
versus YouTube steaming), and that's going to have an impact on the
numbers, but really, I'm just looking for averages. I saw one single
mention online to this: 1 core and 2G of memory for 25 users.  If that's
correct, that's really amazing!   Although, I didn't see any mention of
the network requirements.  I'd like to build a server capable of
handling 150-300 simultaneous desktop connections.  If I could do it
with one server, it would be great.  Sure, I can load it with dual Xeon
processors, and gigabytes of memory, but how much network do I need? Is
1 x 10G enough? and will it really be able to handle the average load?

Thanks for any feedback you can provide.  You'll be helping me, but
you'll also be helping others who are trying to search online for the
limitations of Guacamole.

Jason.

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: hardware requirements for Guacamole

Chris Misztur
Hey Jason, yeah compute requirements are fairly low.  As far as network,  20 RDP users for me have been under 1Mbit outbound total.  There are bursts.  if user starts watching YouTube on their remote session then it jumps to 7Mbits for that session.

Had same experience running on a RaspberryPi 4.  However, lag was present.  Compute and network was fine so I’m not sure why.  Video core?


Chris



On Apr 4, 2020, at 9:50 AM, Jason Keltz <[hidden email]> wrote:

Hi.

The other day, I asked a question about load balancing on Guacamole.  Nick provided useful information in that respect. Thanks again Nick!    On the other hand, I'd like to get some idea of how many desktop connections a single Guacamole server could handle.  There's really very little information about that online (that I can find).  I understand that different users will all do different activities (text editing versus YouTube steaming), and that's going to have an impact on the numbers, but really, I'm just looking for averages. I saw one single mention online to this: 1 core and 2G of memory for 25 users.  If that's correct, that's really amazing!   Although, I didn't see any mention of the network requirements.  I'd like to build a server capable of handling 150-300 simultaneous desktop connections.  If I could do it with one server, it would be great.  Sure, I can load it with dual Xeon processors, and gigabytes of memory, but how much network do I need? Is 1 x 10G enough? and will it really be able to handle the average load?

Thanks for any feedback you can provide.  You'll be helping me, but you'll also be helping others who are trying to search online for the limitations of Guacamole.

Jason.

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: hardware requirements for Guacamole

ivanmarcus

I expect like many of us who administer systems I've gone from having a handful of remote users (across several different companies) to a much larger number in a matter of days. Just to add to the general body of knowledge I cite one example here 'cos I've kept a particular eye on it.

With approx 80-85 users, of which circa 35 or a little more are doing intensive CAD type work and the rest a mix of documents incl PDF images, the average bandwidth when busy has been less than 20Mb/s, server load is typically in the range 1.5-2 (6 cores allocated) and memory use up to 8GB (incl OS) out of 12GB allocated. Very rarely server load will get a little beyond 3, and bandwith will burst to 100Mb/s.

I'm not collecting stats directly from the various Guacamole VM's I've got running (I guess I could, but am reluctant to mess with them much at this time), but attach a 1-day plot of network traffic from one site here. Bear in mind this will also include outgoing traffic from the various machines, and a busy mailserver, not just Guacamole <-> remote.

I'm not sure but I may be able to separate the Guacamole server traffic out from the rest and plot that, will look at it next week and if so I'll provide that detail FYI.


On 5/04/2020 3:27 a.m., Chris Misztur wrote:
Hey Jason, yeah compute requirements are fairly low.  As far as network,  20 RDP users for me have been under 1Mbit outbound total.  There are bursts.  if user starts watching YouTube on their remote session then it jumps to 7Mbits for that session.

Had same experience running on a RaspberryPi 4.  However, lag was present.  Compute and network was fine so I’m not sure why.  Video core?


Chris



On Apr 4, 2020, at 9:50 AM, Jason Keltz [hidden email] wrote:

Hi.

The other day, I asked a question about load balancing on Guacamole.  Nick provided useful information in that respect. Thanks again Nick!    On the other hand, I'd like to get some idea of how many desktop connections a single Guacamole server could handle.  There's really very little information about that online (that I can find).  I understand that different users will all do different activities (text editing versus YouTube steaming), and that's going to have an impact on the numbers, but really, I'm just looking for averages. I saw one single mention online to this: 1 core and 2G of memory for 25 users.  If that's correct, that's really amazing!   Although, I didn't see any mention of the network requirements.  I'd like to build a server capable of handling 150-300 simultaneous desktop connections.  If I could do it with one server, it would be great.  Sure, I can load it with dual Xeon processors, and gigabytes of memory, but how much network do I need? Is 1 x 10G enough? and will it really be able to handle the average load?

Thanks for any feedback you can provide.  You'll be helping me, but you'll also be helping others who are trying to search online for the limitations of Guacamole.

Jason.

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]




---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

network_traffic.png (25K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: hardware requirements for Guacamole

kang

Thanks Chris, and Ivan,

So far, it seems that the load requirements are surprisingly fairly minimal.  The type of standalone server that I'm looking at getting for this task would be more than enough to handle this load.

That being said, if anyone else has specs on their systems with even larger numbers of users, please keep them coming.  It's very interesting to me.

Jason.

On 4/4/2020 6:43 PM, ivanmarcus wrote:

I expect like many of us who administer systems I've gone from having a handful of remote users (across several different companies) to a much larger number in a matter of days. Just to add to the general body of knowledge I cite one example here 'cos I've kept a particular eye on it.

With approx 80-85 users, of which circa 35 or a little more are doing intensive CAD type work and the rest a mix of documents incl PDF images, the average bandwidth when busy has been less than 20Mb/s, server load is typically in the range 1.5-2 (6 cores allocated) and memory use up to 8GB (incl OS) out of 12GB allocated. Very rarely server load will get a little beyond 3, and bandwith will burst to 100Mb/s.

I'm not collecting stats directly from the various Guacamole VM's I've got running (I guess I could, but am reluctant to mess with them much at this time), but attach a 1-day plot of network traffic from one site here. Bear in mind this will also include outgoing traffic from the various machines, and a busy mailserver, not just Guacamole <-> remote.

I'm not sure but I may be able to separate the Guacamole server traffic out from the rest and plot that, will look at it next week and if so I'll provide that detail FYI.


On 5/04/2020 3:27 a.m., Chris Misztur wrote:
Hey Jason, yeah compute requirements are fairly low.  As far as network,  20 RDP users for me have been under 1Mbit outbound total.  There are bursts.  if user starts watching YouTube on their remote session then it jumps to 7Mbits for that session.

Had same experience running on a RaspberryPi 4.  However, lag was present.  Compute and network was fine so I’m not sure why.  Video core?


Chris



On Apr 4, 2020, at 9:50 AM, Jason Keltz [hidden email] wrote:

Hi.

The other day, I asked a question about load balancing on Guacamole.  Nick provided useful information in that respect. Thanks again Nick!    On the other hand, I'd like to get some idea of how many desktop connections a single Guacamole server could handle.  There's really very little information about that online (that I can find).  I understand that different users will all do different activities (text editing versus YouTube steaming), and that's going to have an impact on the numbers, but really, I'm just looking for averages. I saw one single mention online to this: 1 core and 2G of memory for 25 users.  If that's correct, that's really amazing!   Although, I didn't see any mention of the network requirements.  I'd like to build a server capable of handling 150-300 simultaneous desktop connections.  If I could do it with one server, it would be great.  Sure, I can load it with dual Xeon processors, and gigabytes of memory, but how much network do I need? Is 1 x 10G enough? and will it really be able to handle the average load?

Thanks for any feedback you can provide.  You'll be helping me, but you'll also be helping others who are trying to search online for the limitations of Guacamole.

Jason.

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]


Reply | Threaded
Open this post in threaded view
|

Re: Viewing active connections while using user-mapping.xml

Roman V. Isaev
In reply to this post by Roman V. Isaev
> One of the key features that the user-mapping.xml authentication mechanism
> does not support is layering with other modules, so this likely won't work.

Ok, I see -- user-mapping.xml is no-go.

> > I tried rest api, but it seems to be broken, or at least guacapy
> > library seems to be broken. It can fetch data, but it does not add
> > anything, here is an issue:
> > https://github.com/pschmitt/guacapy/issues/31
> I'm not familiar with this tool - it isn't something directly supported by
> the project.  Not sure if the author is lurking about here - if so, perhaps
> they can chime in on it, but it's not a familiar tool to me.

Ok, I ran tcpflow, recorded data exchange between the library and Guacamole
server and now I see the problem -- all library's get_ and login methods are using
GET and x-www-form-urlencoded and these are okay. I can simulate authentication
procedure with curl:

% curl -i -X POST "http://127.0.0.1:6060/api/tokens" -d 'username=guacadmin&password=guacadmin' -H "Content-Type: application/x-www-form-urlencoded"
HTTP/1.1 200
Content-Type: application/json
Transfer-Encoding: chunked
Date: Sun, 05 Apr 2020 18:31:05 GMT

{"authToken":"A6F2080CE953348AF4D7CBA920F9986CEF46FEFC3DC75856924329C46945A596","username":"guacadmin","dataSource":"postgresql","availableDataSources":["postgresql","postgresql-shared"]}

But add_* methods are using json, and they aren't working, here is
tcpflow dump of add_user attempt:

% cat 010.001.000.146.53620-010.001.000.174.06060
POST
/api/session/data/postgresql-shared/connectionGroups?token=B9D5E7224FBDF70B77FF17C9712DD62F3EC393C0506A6E2B90F4739B8291AF30
HTTP/1.1
Host: g.aroma.ru:6060
Connection: keep-alive
Accept-Encoding: gzip, deflate
Accept: */*
User-Agent: python-requests/2.23.0
Content-Length: 169
Content-Type: application/json

"{\"parentIdentifier\":\"ROOT\", \"name\":\"iaas-099 (Test)\", \"type\":\"ORGANIZATIONAL\", \"attributes\":{\"max-connections\":\"\",\"max-connections-per-user\":\"\"}}"

% cat 010.001.000.174.06060-010.001.000.146.53620
HTTP/1.1 500
Content-Type: application/json
Transfer-Encoding: chunked
Date: Sun, 05 Apr 2020 17:50:18 GMT
Connection: close

ac
{"message":"Unexpected internal
error","translatableMessage":{"key":"Unexpected internal
error","variables":null},"statusCode":null,"expected":null,"type":"INTERNAL_ERROR"}
0

Even authentication does not work json style, again curl test:

% curl -i -X POST "http://127.0.0.1:6060/api/tokens" -d % '{"username":"guacadmin", "password":"guacadmin"}' -H "Content-Type: application/json"
HTTP/1.1 500
Content-Type: application/json
Transfer-Encoding: chunked
Date: Sun, 05 Apr 2020 18:33:10 GMT
Connection: close

{"message":"Unexpected internal error","translatableMessage":{"key":"Unexpected internal error","variables":null},"statusCode":null,"expected":null,"type":"INTERNAL_ERROR"}

Guacamole log:

18:49:34.482 [http-nio-8080-exec-9] ERROR o.a.g.rest.RESTExceptionMapper - Unexpected internal error: Can not deserialize instance of java.util.ArrayList out of VALUE_STRING token at [Source: org.apache.catalina.connector.CoyoteInputStream@22bf9b00; line: 1, column: 2]

Is it supposed to work at all with json bodies? And if I can't use POST and nested
data as json, how to encode more complicated requests as application/x-www-form-urlencoded
for user/connection adding?..

> You should be careful, but it is documented in the manual because we have
> foreseen the possibility that folks will want to manipulate the data
> directly.

I spent last day migrating mysql data backend to postgres, because
official guacamole/guacamole docker image does not support RDP
printing while oznu/guacamole does, and oznu is postgres-based. And I
had to move users and connections, hundreds of them were entered
earlier.

So, now I finished moving, it finally works and damn, I hate this
stuff!! That's why I want to communicate with Guacamole via external API
without digging into database.

--
    Roman V. Isaev    http://www.isaev.ru    Moscow, Russia

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Viewing active connections while using user-mapping.xml

vnick
On Sun, Apr 5, 2020 at 2:58 PM Roman V. Isaev <[hidden email]> wrote:
> One of the key features that the user-mapping.xml authentication mechanism
> does not support is layering with other modules, so this likely won't work.

Ok, I see -- user-mapping.xml is no-go.

It's not really intended to be a production solution.  There are other ways to deliver connection information - I think Mike wrote an extension for his Day Job that takes connection information as a JSON string.  This might help you out - I think it's available on Mike's github page.
 

> > I tried rest api, but it seems to be broken, or at least guacapy
> > library seems to be broken. It can fetch data, but it does not add
> > anything, here is an issue:
> > https://github.com/pschmitt/guacapy/issues/31
> I'm not familiar with this tool - it isn't something directly supported by
> the project.  Not sure if the author is lurking about here - if so, perhaps
> they can chime in on it, but it's not a familiar tool to me.

Ok, I ran tcpflow, recorded data exchange between the library and Guacamole
server and now I see the problem -- all library's get_ and login methods are using
GET and x-www-form-urlencoded and these are okay. I can simulate authentication
procedure with curl:

% curl -i -X POST "http://127.0.0.1:6060/api/tokens" -d 'username=guacadmin&password=guacadmin' -H "Content-Type: application/x-www-form-urlencoded"
HTTP/1.1 200
Content-Type: application/json
Transfer-Encoding: chunked
Date: Sun, 05 Apr 2020 18:31:05 GMT

{"authToken":"A6F2080CE953348AF4D7CBA920F9986CEF46FEFC3DC75856924329C46945A596","username":"guacadmin","dataSource":"postgresql","availableDataSources":["postgresql","postgresql-shared"]}


This looks good - you are getting the authentication token.
 
But add_* methods are using json, and they aren't working, here is
tcpflow dump of add_user attempt:

% cat 010.001.000.146.53620-010.001.000.174.06060
POST
/api/session/data/postgresql-shared/connectionGroups?token=B9D5E7224FBDF70B77FF17C9712DD62F3EC393C0506A6E2B90F4739B8291AF30
HTTP/1.1
Host: g.aroma.ru:6060
Connection: keep-alive
Accept-Encoding: gzip, deflate
Accept: */*
User-Agent: python-requests/2.23.0
Content-Length: 169
Content-Type: application/json

"{\"parentIdentifier\":\"ROOT\", \"name\":\"iaas-099 (Test)\", \"type\":\"ORGANIZATIONAL\", \"attributes\":{\"max-connections\":\"\",\"max-connections-per-user\":\"\"}}"

% cat 010.001.000.174.06060-010.001.000.146.53620
HTTP/1.1 500
Content-Type: application/json
Transfer-Encoding: chunked
Date: Sun, 05 Apr 2020 17:50:18 GMT
Connection: close

ac
{"message":"Unexpected internal
error","translatableMessage":{"key":"Unexpected internal
error","variables":null},"statusCode":null,"expected":null,"type":"INTERNAL_ERROR"}
0


You're trying to write it to the postgresql-shared endpoint, which isn't going to work, because the postgresql-shared extension doesn't support storing connections - it's simply there to share existing connections.  So, you need to post to the postgresql endpoint (api/session/data/postgresql/connectionGroups).  There may be other issues with that particular POST query, but that's at least the initial one.
 
Even authentication does not work json style, again curl test:

% curl -i -X POST "http://127.0.0.1:6060/api/tokens" -d % '{"username":"guacadmin", "password":"guacadmin"}' -H "Content-Type: application/json"
HTTP/1.1 500
Content-Type: application/json
Transfer-Encoding: chunked
Date: Sun, 05 Apr 2020 18:33:10 GMT
Connection: close

{"message":"Unexpected internal error","translatableMessage":{"key":"Unexpected internal error","variables":null},"statusCode":null,"expected":null,"type":"INTERNAL_ERROR"} 
Guacamole log:

18:49:34.482 [http-nio-8080-exec-9] ERROR o.a.g.rest.RESTExceptionMapper - Unexpected internal error: Can not deserialize instance of java.util.ArrayList out of VALUE_STRING token at [Source: org.apache.catalina.connector.CoyoteInputStream@22bf9b00; line: 1, column: 2]

Is it supposed to work at all with json bodies? And if I can't use POST and nested
data as json, how to encode more complicated requests as application/x-www-form-urlencoded
for user/connection adding?..


No, the api/tokens endpoint expects the application/x-www-form-urlencoded encoding type.  So, plain JSON encoding will not work.  The answer on how to encode more complicated requests is, as a form.  There are plenty of tools out there that will facilitate this.  Also, I can't remember off the top of my head, but some of the other non-login endpoints may take JSON data - may just be the login one that expects form encoding.  I can't remember...
 
> You should be careful, but it is documented in the manual because we have
> foreseen the possibility that folks will want to manipulate the data
> directly.

I spent last day migrating mysql data backend to postgres, because
official guacamole/guacamole docker image does not support RDP
printing while oznu/guacamole does, and oznu is postgres-based. And I
had to move users and connections, hundreds of them were entered
earlier.


I know we have a bug or two in RDP printing at the moment that we need to resolve, but hopefully those will be fixed, soon.  I believe a solution has been identified and needs to be committed.
 
So, now I finished moving, it finally works and damn, I hate this
stuff!! That's why I want to communicate with Guacamole via external API
without digging into database.


Yes, migrating between databases can be a little bit painful, but shouldn't be too bad, particularly if you keep things like user and group IDs the same as you go across.  Anyway, sounds like you're past that point.

The REST API works perfectly fine - the entire Guacamole Client application uses the underlying REST API, so the API is fully functional.  You do have to interact with it in the expected fashion, so figuring that out can take some time.  We also don't have great documentation on the REST API at the moment - it's been identified as something we need to document better and we're currently looking at trying to find a tool that will generate the documentation rather than having to manually create and maintain documentation for the REST API.

-Nick
Reply | Threaded
Open this post in threaded view
|

Re: hardware requirements for Guacamole

ivanmarcus
In reply to this post by kang

I mentioned before that I'd see if I could separate the Guacmaole traffic from the rest of the network, and post the results.

Here's a 1-hr plot of Guacamole only traffic for ~85 users at a reasonably busy part of the day. Also included a snapshot showing some detail on the server load, CPU & memory usage etc.

What you see is fairly typical, as previously described, as I type this the 1-h server load average is somewhat less (1.8), instantaneous load is 1.5 and 1h average traffic is also down - but it could be the other way at any one time.

FWIW this is a VM running on an i7 host with 16 cores/64GB of which 6 cores/16GB are allocated to this VM. Ubuntu 18.04 on host and guest, host has a number of other VM's running under Vbox. I deliberately over-spec'd the Guacamole VM resource because it's presently mission critical to this client and I didn't want anything to get in its way.

It may also be worth commenting that while some people might cringe at using Vbox I've found it to be very reliable and used it for this situation because others may need to do something on it occasionally and it's user interface is fairly simple. Uptime for the previous Guacamole VM (and host) was approx 18months, this system was new, in reaction to the rapidly escalating need to have the entire company working remotely, hence the low current uptime.

Thus from my experience I'd suggest that Mike's simple rule of thumb seems pretty good, and that for 300 users if I were to allocate 12 cores/24GB I'd expect it to work reasonably well. At that number of users I might consider a standalone box with similar specs to my present host (perhaps just 32GB RAM) which would nicely give it some extra headroom.


On 5/04/2020 12:58 p.m., Jason Keltz wrote:

Thanks Chris, and Ivan,

So far, it seems that the load requirements are surprisingly fairly minimal.  The type of standalone server that I'm looking at getting for this task would be more than enough to handle this load.

That being said, if anyone else has specs on their systems with even larger numbers of users, please keep them coming.  It's very interesting to me.

Jason.

On 4/4/2020 6:43 PM, ivanmarcus wrote:

I expect like many of us who administer systems I've gone from having a handful of remote users (across several different companies) to a much larger number in a matter of days. Just to add to the general body of knowledge I cite one example here 'cos I've kept a particular eye on it.

With approx 80-85 users, of which circa 35 or a little more are doing intensive CAD type work and the rest a mix of documents incl PDF images, the average bandwidth when busy has been less than 20Mb/s, server load is typically in the range 1.5-2 (6 cores allocated) and memory use up to 8GB (incl OS) out of 12GB allocated. Very rarely server load will get a little beyond 3, and bandwith will burst to 100Mb/s.

I'm not collecting stats directly from the various Guacamole VM's I've got running (I guess I could, but am reluctant to mess with them much at this time), but attach a 1-day plot of network traffic from one site here. Bear in mind this will also include outgoing traffic from the various machines, and a busy mailserver, not just Guacamole <-> remote.

I'm not sure but I may be able to separate the Guacamole server traffic out from the rest and plot that, will look at it next week and if so I'll provide that detail FYI.


On 5/04/2020 3:27 a.m., Chris Misztur wrote:
Hey Jason, yeah compute requirements are fairly low.  As far as network,  20 RDP users for me have been under 1Mbit outbound total.  There are bursts.  if user starts watching YouTube on their remote session then it jumps to 7Mbits for that session.

Had same experience running on a RaspberryPi 4.  However, lag was present.  Compute and network was fine so I’m not sure why.  Video core?


Chris



On Apr 4, 2020, at 9:50 AM, Jason Keltz [hidden email] wrote:

Hi.

The other day, I asked a question about load balancing on Guacamole.  Nick provided useful information in that respect. Thanks again Nick!    On the other hand, I'd like to get some idea of how many desktop connections a single Guacamole server could handle.  There's really very little information about that online (that I can find).  I understand that different users will all do different activities (text editing versus YouTube steaming), and that's going to have an impact on the numbers, but really, I'm just looking for averages. I saw one single mention online to this: 1 core and 2G of memory for 25 users.  If that's correct, that's really amazing!   Although, I didn't see any mention of the network requirements.  I'd like to build a server capable of handling 150-300 simultaneous desktop connections.  If I could do it with one server, it would be great.  Sure, I can load it with dual Xeon processors, and gigabytes of memory, but how much network do I need? Is 1 x 10G enough? and will it really be able to handle the average load?

Thanks for any feedback you can provide.  You'll be helping me, but you'll also be helping others who are trying to search online for the limitations of Guacamole.

Jason.

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]





---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

guacamole_network_traffic_1h_85_users.png (25K) Download Attachment
guacamole_server_load_htop.png (521K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

RE: hardware requirements for Guacamole

Dennis Newman

Ivan,

Thank you for that – it is very helpful.

 

For those collecting info –

We are running our Guacamole system on a two server

VMware ESXi, 6.7.0 setup.

Server 1 is an HP ProLiant DL380 G7

with Dual Intel(R) Xeon(R) CPU E5620 @ 2.40GHz

and 140 Gigs of Ram - which hosts 47 Virtual systems

 

1 - production web server

1- Guacamole Server - running on a CentOs7

Set with

8 virtual CPU

16 gig Memory

a 100 gig Hard disk

and 1 virtual Nic

 

40 virtual windows 7 desktops being connected through Guac RDP

 

Server 2 is an HP ProLiant DL360 Gen10

With Dual Intel(R) Xeon(R) Gold 5218 CPU @ 2.30GHz

and 580 gigs of Ram currently hosting 65 Virtual systems

 

1 Development Sql server and

64 virtual windows 7 desktops being connected through Guac RDP

 

We have also added 75 new Guacamole RDP to Physical desktops (mostly Windows 10) since Work From Home began.

ESXI Hosts are using about 20% of theis CPU resources

We are sitting at about 50% host memory usage

My Guacamole system averages about 30% memory and cpu usage to allocation

We have seen a few more of our international users complain about system speed and Guacamole connection instability since moving from our offices to their homes, but I feel most of that is due to their home internet connections being slower than their office ones were.

 

We have also been asked to start adding between 50 and 100 new Virtual Windows 7 users to our system over the next three months. We are confident that we can manage this primarily on Server #2

 

From: ivanmarcus <[hidden email]>
Sent: Sunday, April 5, 2020 7:05 PM
To: [hidden email]; Jason Keltz <[hidden email]>
Subject: Re: hardware requirements for Guacamole

 

I mentioned before that I'd see if I could separate the Guacmaole traffic from the rest of the network, and post the results.

Here's a 1-hr plot of Guacamole only traffic for ~85 users at a reasonably busy part of the day. Also included a snapshot showing some detail on the server load, CPU & memory usage etc.

What you see is fairly typical, as previously described, as I type this the 1-h server load average is somewhat less (1.8), instantaneous load is 1.5 and 1h average traffic is also down - but it could be the other way at any one time.

FWIW this is a VM running on an i7 host with 16 cores/64GB of which 6 cores/16GB are allocated to this VM. Ubuntu 18.04 on host and guest, host has a number of other VM's running under Vbox. I deliberately over-spec'd the Guacamole VM resource because it's presently mission critical to this client and I didn't want anything to get in its way.

It may also be worth commenting that while some people might cringe at using Vbox I've found it to be very reliable and used it for this situation because others may need to do something on it occasionally and it's user interface is fairly simple. Uptime for the previous Guacamole VM (and host) was approx 18months, this system was new, in reaction to the rapidly escalating need to have the entire company working remotely, hence the low current uptime.

Thus from my experience I'd suggest that Mike's simple rule of thumb seems pretty good, and that for 300 users if I were to allocate 12 cores/24GB I'd expect it to work reasonably well. At that number of users I might consider a standalone box with similar specs to my present host (perhaps just 32GB RAM) which would nicely give it some extra headroom.

 

On 5/04/2020 12:58 p.m., Jason Keltz wrote:

Thanks Chris, and Ivan,

So far, it seems that the load requirements are surprisingly fairly minimal.  The type of standalone server that I'm looking at getting for this task would be more than enough to handle this load.

That being said, if anyone else has specs on their systems with even larger numbers of users, please keep them coming.  It's very interesting to me.

Jason.

On 4/4/2020 6:43 PM, ivanmarcus wrote:

I expect like many of us who administer systems I've gone from having a handful of remote users (across several different companies) to a much larger number in a matter of days. Just to add to the general body of knowledge I cite one example here 'cos I've kept a particular eye on it.

With approx 80-85 users, of which circa 35 or a little more are doing intensive CAD type work and the rest a mix of documents incl PDF images, the average bandwidth when busy has been less than 20Mb/s, server load is typically in the range 1.5-2 (6 cores allocated) and memory use up to 8GB (incl OS) out of 12GB allocated. Very rarely server load will get a little beyond 3, and bandwith will burst to 100Mb/s.

I'm not collecting stats directly from the various Guacamole VM's I've got running (I guess I could, but am reluctant to mess with them much at this time), but attach a 1-day plot of network traffic from one site here. Bear in mind this will also include outgoing traffic from the various machines, and a busy mailserver, not just Guacamole <-> remote.

I'm not sure but I may be able to separate the Guacamole server traffic out from the rest and plot that, will look at it next week and if so I'll provide that detail FYI.

 

On 5/04/2020 3:27 a.m., Chris Misztur wrote:

Hey Jason, yeah compute requirements are fairly low.  As far as network,  20 RDP users for me have been under 1Mbit outbound total.  There are bursts.  if user starts watching YouTube on their remote session then it jumps to 7Mbits for that session.

 

Had same experience running on a RaspberryPi 4.  However, lag was present.  Compute and network was fine so I’m not sure why.  Video core?

 

Chris

 





On Apr 4, 2020, at 9:50 AM, Jason Keltz [hidden email] wrote:

Hi.

The other day, I asked a question about load balancing on Guacamole.  Nick provided useful information in that respect. Thanks again Nick!    On the other hand, I'd like to get some idea of how many desktop connections a single Guacamole server could handle.  There's really very little information about that online (that I can find).  I understand that different users will all do different activities (text editing versus YouTube steaming), and that's going to have an impact on the numbers, but really, I'm just looking for averages. I saw one single mention online to this: 1 core and 2G of memory for 25 users.  If that's correct, that's really amazing!   Although, I didn't see any mention of the network requirements.  I'd like to build a server capable of handling 150-300 simultaneous desktop connections.  If I could do it with one server, it would be great.  Sure, I can load it with dual Xeon processors, and gigabytes of memory, but how much network do I need? Is 1 x 10G enough? and will it really be able to handle the average load?

Thanks for any feedback you can provide.  You'll be helping me, but you'll also be helping others who are trying to search online for the limitations of Guacamole.

Jason.

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

 

 




The information contained in this message is intended only for the recipient, and may be a confidential attorney-client communication or may otherwise be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, please be aware that any dissemination or copying of this communication is strictly prohibited. If you have received this communication in error, please immediately notify us by replying to the message and deleting it from your computer. S&P Global Inc. reserves the right, subject to applicable local law, to monitor, review and process the content of any electronic message or information sent to or from S&P Global Inc. e-mail addresses without informing the sender or recipient of the message. By sending electronic message or information to S&P Global Inc. e-mail addresses you, as the sender, are consenting to S&P Global Inc. processing any of your personal data therein.