Online Workshops with Virtual Desktops in the Browser

Earlier this year, I started experimenting with how to make online talks and learning sessions online more interactive. Yes, after a year of conferences being online-only, I grew a bit tired of staring into a tiny camera lens and only getting little feedback. So I came up with cloud based virtual desktops for interactive online hands-on workshops, and I’ve held quite a number of them since then on topics such as Docker, Kubernetes and mobile network tracing. In addition to describing the setup in my blog post over here, I’ve recently given a talk about how to set up such a system. You can find the original talk in German here and with an English simultaneous translation here. And as I was hoping, I got interesting feedback after the talk on how to further improve the setup.

Things for Improvement

While my setup works quite well, there is one thing that could be improved significantly: To attend a workshop, participants have to install a VNC remote desktop viewer on their PC or notebook. While that’s not a problem on private equipment, this usually doesn’t work on company owned devices. Also, company firewalls often only allow access to the Internet via a web proxy, which in effect blocks communication to the remote workstations. So far, I did not have a solution for this. But after my talk, someone in the audience suggested that I should have a look at Apache Guacamole. Hm, I’ve never heard of it!?

The Proposed Solution

So I had a look and was very positively surprised to find out that Guacamole is an open source client-less remote desktop gateway. On the back end, it communicates with the graphical user interface of a server or workstation over VNC or RDP. In the other direction, it offers a web browser based front end, and puts the graphical user interface of servers or workstations into a browser window. This works surprisingly well in practice. Mouse movements, keyboard input and the GUI itself are working as they should, and there is only a very small delay like in any remote desktop session. In the web browser, everything is Javascript based, so no add-ons have to be installed. And depending on the Guacamole server setup, http or https is used. In other words, many company firewalls do not have a problem with such sessions. On the Guacamole server, the administrator can create users and allow them to use one or more VNC/RDP connections to back end servers. If only one server is configured for a user, a direct connection is made right after the username and password have been entered. Also, several users can share access to a workstation, which is perfect for my online workshop needs, as it allows me to help people when they are stuck with a problem.

How to Setup

Image: A Gnome desktop with Wireshark and a shell window open in the web browser via Guacamole

I was told that installation of the Guacamole server can be a bit painful if done by hand. The online manual goes into great detail of the process and lays out all the options. That’s a bit daunting, and unfortunately there is no quick-start section to get a basic installation up and running quickly. The project does support Docker, but even such a setup seemed to be far from trivial. However, other people have been there already and have thankfully put their docker-compose.yml scripts online. I decided to give this one a try and I had my Guacamole server up and running with a LetsEncrypt certificate behind an nginx reverse proxy in less than 10 minutes. The nginx reverse proxy and Letsencrypt setup are not part of the docker-compose.yml script, but I’ve described this part over here.

Using The Guacamole Setup In Practice

It didn’t take long before I could actually use the setup in practice for a real session. As I wanted to be on the save side, I ran the Guacamole server on a cloud based server with 8 vCPUs, as I wanted to do a session with 20 virtual machines. It turned out that this was way overdimensioned. During the session with the 13 virtual desktops that were eventually used, CPU use on the central server was minimal. Two or perhaps even only one vCPU would probably have sufficed. Good to know! Next time, I will spin-up a cheaper cloud instance with fewer cores. But I’d still like to know where the limits are so I did some stress testing and will publish the results in a follow-up post.

Over all I am super happy with the solution as it worked flawlessly during my 2 hour session and can highly recommend it for your own hands-on tutorial projects!