LesserGeek

Azure Bastion is a great product and I have been using it for a while now. It is easy to deploy and manage. During a recent discussion with a Cloud Architect “Guacamole” was mentioned to me as an alternative to Bastion. I thought of trying it in Azure. Before I could find the steps and requirements for its deployment in an IAAS instance I figured out an appliance was already available in Azure Marketplace. See the following screen

To my surprise I found that this was completely free and I just needed to pay for the compute instance

I choose a low spec virtual machine instance for my testing. I deployed it with Standard_B2s

I deployed it in an existing Virtual Network where I had another Windows VM. Deployment was quick and easy.

Note: Remember to allow NSG inbound rules to communicate on port 3389 from Private IP address of the Guacamole VM to the Windows VM you want to connect to.

I enabled boot diagnostics because the boot diagnostics showed the credentials to be used with the web interface. The credentials can be changed after you login to the console.

Note the credentials from the serial console, you can jump to the Guacamole web interface using the public IP address of the Guacamole VM.

Use the credentials to login to the web interface. Since it is a fresh installation of the Guacamole service there are no VM connections that exist. You can change password, Guacamole settings and setup new connections from the settings

Click “New Connection”

Enter the settings as shown in the screenshot below. You need to provide a name for the connection, credentials to be used for authenticating to the VM. Most importantly choose “NLA (Network Level Authentication) and “Ignore Server Certificate”

Save the connection settings and you should be able to see a new connection appear under connection. You need to go to the Guacamole console home

From Home screen double click the connection to open an RDP session directly within the Guacamole console

The below screenshot is from my Guacamole console.

Overall Assessment

1. The RDP session/connection within the Guacamole console is pretty responsive and I didn’t see any lag. Setup was quick and easy. I didn’t run into any major issues.
2. For a price of approximately AUD 50 and with the ability to shutdown all VM’s I think it is a good low cost alternative to Azure Bastion in a small test/lab setup.
3. I do not think it is a replacement for Azure Bastion in a production environment since Bastion provides fully managed, highly available and scalable setup along with trusted security.
4. Setting up and managing Guacamole would require much more effort than Bastion with both manual or automated deployments.
5. Support has always been important factor and a priority and I it is needless to mention Azure Bastion would win.

I think it was a good 30 minute exercise to tickle the brain cells. Hope you liked this blog post. Feel free to send your feedback, comments and suggestions to gsjutla@lessergeek.com