Tuesday, January 21, 2020

Access and Manage Your Servers Remotely with the Bitnami Stack for Apache Guacamole

Want to access your computers from anywhere using just a Web browser? Look no further than Apache Guacamole, a "clientless remote desktop gateway" that supports standard protocols like VNC, SSH, and RDP and requires no plugins or client software.

Apache Guacamole allows users to access their computers from anywhere while also providing administrators with a way to configure, manage and control access to remote desktop connections. You can also combine it with a cloud-hosted desktop operating system to benefit from the flexibility and resilience of cloud computing.

Bitnami has released an up to date and secure image that you can use to launch Apache Guacamole locally or in the cloud. Choose the platform you want to run it on and immediately benefit from having your desktop reachable from any part of the world and from any device.

This blog post shows you how easy it is to deploy the Bitnami Stack for Apache Guacamole on the Microsoft Azure Cloud. It also walks you through the process of creating a remote connection with a Windows machine running on a Microsoft Azure server.
These instructions are for the Microsoft Azure Portal, but you can also run Apache Guacamole on an AWS instance, an Oracle server, and soon on a Google Cloud Platform server. You can also play with it on your local machine by downloading a virtual appliance.

Glyptodon Enterprise also available for Apache Guacamole

For those users and organizations that require enterprise-class scalability and management, Glyptodon Inc. offers a commercial solution powered by Apache Guacamole: Glyptodon Enterprise.

This package includes streamlined installation and maintenance, and timely security updates.
It also offers long-time support for major releases for at least five years and receives regularly scheduled updates. Updates to new releases ensure compatibility, facilitating administrators to keep their installations always up to date.

Glyptodon Enterprise is packaged in RPM repositories and compatible with any Red Hat Enterprise Linux or CentOS release.

Deploy the Bitnami Stack for Apache Guacamole 

Deploying Apache Guacamole from the Bitnami Launchpad for Microsoft Azure is easy; everything is included in the image that Bitnami provides for Apache Guacamole. Thus, the application will run on an Azure server without issues. This image uses the latest version of Apache and it includes SSL auto-configuration with Let's Encrypt certificates.

Let's take a quick look at the Bitnami Stack for Apache Guacamole default configuration.  There are three major components included in the image:

  • Apache Guacamole Server 
  • Apache Guacamole Client 
  • Database

Apache Guacamole Server
It is a daemon server (guacd) that talks to the remote desktops and accepts connections from the users logged in to the Web application.

Apache Guacamole Client
It is the frontend of Guacamole, implemented as a Java application that runs on top of Apache Tomcat.

The user authentication for Apache Guacamole is configured to work with PostgreSQL.

Launch the Apache Guacamole image

To launch Apache Guacamole, follow these steps:

1. In the Apache Guacamole deployment offering page, click the “Single-Tier” button to display the deployment options for the cloud.

2. Select the cloud where you want to deploy the application. This post uses Microsoft Azure, but the deployment process is similar in other clouds.

Make sure that your Microsoft Azure and Bitnami accounts are connected. Check the Get Started with the Bitnami Launchpad for Microsoft Azure guide for more information on this.

You will be redirected to the Bitnami launchpad to create a new virtual machine on Azure.

3. Enter a name for your server, select the server size, and the region where you want to deploy the solution. As you can see in the image below, the image type is selected by default:

4. Confirm your selection by hitting the “Create” button at the end of the page. The Bitnami Launchpad will now begin spinning up the new server. The process usually takes a few minutes, and a status indicator on the page provides a progress update.

Access the client

Once the cloud server has been provisioned, the status indicator will show that it is “running”, and the Bitnami Launchpad page will display the server details, application credentials, IP address, and the SSH keys and command for connecting to the server remotely.

You can manage your application from the Bitnami Launchpad user interface or by accessing the Azure Console through the “Manage in the Azure Console” button.

To access the Apache Guacamole Client:

1. Click the “Go to the application” button.

2. Log in to the client by using the credentials provided in the “Application Info” section.

Use Apache Guacamole

To start managing users and connections, navigate to the user profile and select the “Settings” option from the drop-down menu.

Create a new connection

To enable a new remote connection, follow these instructions:

1. Navigate to the “Settings -> Connections” tab.  Click the “New Connection” button.

2. In the resulting form, enter a name to identify the connection, location, and protocol.

3. Select “ROOT” as location. Then select the protocol you want to use to connect to the machine.

In general, the protocol used for connecting with a Windows machine is RDP. In case you want to connect to a Linux server, then use the VNC protocol.

4. Fill the rest of the required values such as the connection limit, load balancing details, or the Guacamole proxy parameters.

5. In the “PARAMETERS -> Network” section, enter the public IP address of your machine in the “Hostname” field and the port. In the “Authentication” section, enter the username and password associated with your machine.

NOTE: Make sure that the server where the Windows machine is running. It should be publicly accessible to ensure that Apache Guacamole is able to connect remotely to it.

6. Click “Save” to create this new connection.

Create a user 

Once the connection is created, you need to create a user and associate the connection with it. 
1. Navigate to the “Settings -> Users” tab. You will see the admin user in the list of enabled users. To add a new user, click the “New users” button.

2. In the resulting form, enter the username, password, and personal info. Define the account restrictions and permissions and click “Save” to make the changes take effect.

3. In the “CONNECTIONS” section, you will find the connection you have created. Activate the checkbox to associate the user with that connection. Click “Save” to make the changes take effect.

Connect remotely to your machine

To start using the new connection, back to the “Home” page and click the RDP connection.
Apache Guacamole will connect you directly to your machine:

Learn more about how to use the Bitnami Stack for Apache Guacamole in the Bitnami documentation page or the Apache Guacamole official manual. Remember that if you need enterprise-class scalability and management, Glyptodon Enterprise is the best choice for you. Start working remotely!

Wednesday, November 27, 2019

AWS re:Invent 2019 Is Coming!

Join the Bitnami team at AWS re:Invent 2019, December 2-5, in Las Vegas and learn more about how Bitnami’s range of offerings can help you accelerate software development and delivery.

You can find us at VMware booth #2108 (pod 12) in the Venetian / Sands Expo Hall. Our experts will be able to show you how to leverage our open-source application catalog available on the AWS Marketplace, in a hybrid cloud model on VMC on AWS, and more.

Bitnami will also be sharing more about our recent announcement, Project Galleon - a new enterprise offering focused on delivering a superior developer self-service experience, while simultaneously helping IT enforce security and compliance standards. The focus of this offering is to help development teams go from ideation to production easier, faster, and with best practices built-in from the ground up.

We’ll also be highlighting Bitnami solutions for building modern apps during sessions at the VMware Code booth. Check out all our sessions and presentations below, and remember to add them to your re:Invent agenda today!

{CODE} Sessions 

VMware Booth #309, Aria / Pinyon Ballroom

Wednesday, 1:30 PM

Shortcut and Better Secure Modern App Development with Bitnami Containers and Chart Foundations

Thursday, 12.30 PM

Continuously Refresh and Secure Software Catalogs, Providing Simple and Secure Access


VMware booth #2108 Theatre area, Venetian / Sands Expo Hall

Tuesday, 1.30 PM | Wednesday, 9.30 AM | Thursday, 11 AM

Managing Software Supply Chains with Bitnami and Project Galleon

We’re looking forward to seeing you in Las Vegas!

Wednesday, November 13, 2019

Helm 3 Arrives to Boost the Way to Deploy Applications on Kubernetes

It's been three years since Helm's first release and it is, undoubtedly, the de-facto way of deploying applications in Kubernetes. This is thanks to its simplicity and ease of use and its ability to manage upgrades and rollbacks with ease.

Helm 3 is further evidence the community is continuing to advance and mature. Its new features and improvements make Helm charts even easier to manage, and offers the most secure way to move applications to production. Read on for the details.

Say goodbye to Tiller

Helm is comprised of two parts: Helm (the client) and Tiller (the server). In previous versions, when you initialized Helm running “helm init”, Tiller was installed automatically. 

Tiller had an important role in clusters that were shared across different teams as it allowed multiple operators to interact with the same set of releases at the same time.

When role-based access controls (RBAC rules) came along with the release of Kubernetes v.1.6, the use of Tiller in a production scenario became more difficult due to the multiple security policies that you can set for your cluster. Take a look at the numerous pre-configurations you should do in order to install and configure Helm and Tiller to realize how RBAC rules complicated the management in a multi-tenant cluster.

Based on user feedback, the Helm team removed Tiller in the latest release. They found that fetching the information from the Kubernetes API server, rendering the charts client-side, and storing the record of the installation in Kubernetes was the best way to collect Helm release information (instead of using Tiller as a central hub). 

With Tiller gone, Helm’s security relies on your kubeconfig file where cluster administrators define user’s roles and permissions.

Open Container Initiative: Removing Chart Repository Limitations for Production Environments 

Helm 3 also provides new ways of managing chart repositories. For a long time, Docker Registry has been the de-facto toolset to store and deliver Docker images. Many cloud vendors also offered different versions of the Docker Registry that implemented security features to try and mitigate some of the more common chart repository limitations:

Chart repositories usually take a long time to abstract the security implementations needed for a production environment.

Not every chart repository includes tools for signing and verifying the origin and integrity of a chart.

Using a unique index file for metadata information makes searching and fetching charts hard, and makes it more difficult to manage security in multi-tenant scenarios.

Although it is still experimental, the Open Container Initiative may solve these limitations by adding login support and other features that will be essential for managing charts with Helm 3.

Try Bitnami charts with Helm 3

The Bitnami catalog has already been tested and validated to work with Helm 2 and Helm 3 across the major Kubernetes platforms.

Bitnami runs daily tests on its entire application catalog to make sure that all solutions can be deployed successfully without issues in any platform.

As one of the largest maintainers of Helm charts (currently 60), we have focused our efforts on delivering maintained, secure, and production-ready charts.

Why don’t give it a try? Install Helm 3 in your cluster now and select any of Bitnami charts from our GitHub repository to test its new features!

For more information about Helm 3 new features and changes, read the official announcement or refer to Helm FAQ.