Whilst writing DevTest's Adventures in Dockerland it became apparent that it should be possible to provide a complete DevTest/Service Virtualization environment running in Docker containers, with a need only to provide access for the chosen remote desktop display. This would include running DevTest Workstation and having a browser available to access the DevTest Portal.
As this concept matured, the following list of initial requirements gelled
- Access should be via a single port, secured by TLS
- Any client-side software installations should be minimal, ideally with no installation begin required
- It should be possible to easily transfer files to and from the remote environment
- LDAP (and thus Active Directory) integration should be possible.
- If possible, the solution should be built wholly with open source software.
- Any solution should be "brandable" to allow an in-house look and feel
- Any chosen software should be actively supported, and commercial support should be available if required.
With the above requirements in mind, the technologies that were chosen to provide a solution were
xrdp was chosen over VNC since it is generally more responsive, and appears more suited to an application such as DevTest since it contains a richer set of drawing primitives.
The possible down-side of using xrdp is that of needing to install a RDP viewer if using a non-windows client - this however, is not necessary if using Apache Guacamole
Guacamole takes remote desktop sessions and renders them as HTML5 web pages - thus allowing multiple desktops to be presented as a single port. The presentation layer runs as an applet in a Java servlet container such as Tomcat or Jetty, and can therefore easily be secured with TLS, via the servlet container or by using a reverse proxy. The Guacamole team recommend the use of a reverse proxy and provide recipes for Apache HTTPD and Nginx, although any reverse proxy should suffice, with the proviso that performance may be slightly impacted if WebSockets are not supported.
Guacamole allows the use of LDAP as an authentication mechanism and provides access controls. File transfer to and from the remote desktop is also supported.
With a stack identified, the first step is to create the remote desktop container - this will be the subject of the following article.
Please also see