On Github: https://github.com/bmullan/ciab-remote-desktop
CIAB Remote Desktop system requires a User only have an HTML5 capable Web Browser.
CIAB version 2.0 has many changes and improvements.
- Guacamole v1.0.0 has now been integrated/implemented. Guacamole v1.0.0 introduces major
new features/capabilities to Guacamole such as:
- Support for User Groups
- Multi-factor authentication with Google Authenticator / TOTP
- Support for RADIUS authentication
- Support for creating ad-hoc connections
- Support for renaming RDP drive and printer
- Cut & Paste for text-only (no pictures) now works as it normally would on a desktop
- Configurable terminal color schemes
- Optional recording of input events
- SSH host key verification
- Automatic detection of network issues
- Support for systemd
- Incorrect status reported for sessions closed by RDP server
- Automatic connection behavior which means Guacamole will automatically connect
- upon login for users that have access to only a single connection, skipping the home
- screen.
-
All supporting applications, including Guacamole, Tomcat, NGINIX, MySQL, XRDP, etc are now
installed in an LXD container (ciab-guac). -
A new capability utilizing the recently added LXD Device Map feature, is now automatically
configured when ciab-desktop has installation is complete. It will map Port 443 (re HTTPS) on
the Host Server to Port 443 in the ciab-guac LXD container. After this, any remote Browser
pointed to your Cloud or VM Host Server IP address & Port 443 will be redirected to the LXD
ciab-guac container’s Port 443 where it accesses Guacamole so initial Admin setup with
Guacamole can be accomplished. Nothing runs in the Host/Server except LXD. -
Since the Guacamole container and any Desktop containers (re cn1) are all on the same internal
private 10.x.x.x network subnet Guacamole will be able to let users access any other LXD
container cloned from cn1 that you create (assuming you configure Guacamole with
“connections” to all containers). -
An extensive collections of Web Applications have been included for selection by the CIAB
Admin. These applications are especially selected as best-of-class in open source for categories
such as and the CIAB Admin can install them via a convenient GUI application.
These applications will be installed as individual, “nested”, LXD containers inside the CIAB-
GUAC container. Each of the “nested” application containers will be attached to the same
10.x.x.x private network that the CIAB-GUAC management container and the CN1 user MATE
Desktop Container are attached to. Note: XFCE4 and Budgie are also configurable alternatives to MATE.
This will enable any validated CIAB Mate Desktop user access to applications ranging from:
◦ Enterprise Resource Planning (ERP)
◦ Project Management
◦ Content Management Systems (CMS)
◦ Social Media systems
◦ eCommerce Systems
◦ Learning Management Systems (LMS)
◦ IT Management systems
◦ Blogging systems
The implementation & use of “nested” LXD containers for these Web Applications greatly
reduces their Security exposure footprint! This is due to the fact that the Web Applications by default are only accessible by validated Guacamole/CIAB Desktop users and only on the private 10.x.x.x network.
The applications, by default, are not accessible from the Internet although the applications themselves have access “to” the Internet. At the discretion of the CIAB Admin Internet access can be changed so that
Internet Users could be allowed access to one or more of the installed CIAB Web Apps.
- Sound/Audio now works !!! in any of the LXD CIAB Desktop containers.
Anyone wishing to contribute/collaborate would be welcome