Commercializing a solution?

S. Dale Morrey sdalemorrey at gmail.com
Tue Jan 15 14:35:49 MST 2013


So I've been using my little "roll your own" desktop solution now for
a few days.
I have to say I'm actually rather impressed this works as well as it
does, even over a higher latency, limited bandwidth connection like
3g.

For those who are new to this discussion let me give a quick introduction.
I'm an IT Consultant and my job is to help companies find the best
solution to their technical problems.
Many times this means I end up having to code a new app or debug or
adapt an existing one.
Other times I compile reports and prepare presentations.
Basically whatever the client needs, I try to make sure they know they
need it and help them get it deployed in a timely fashion.

Up until very recently, most of my clients required very little face time.
This pleasant fact has been changing and some of my clients now want
me to travel internationally.

To travel at all I would obviously have to take a laptop, and I had
serious concerns about the ability of even a new laptop to actually do
all I need it to do.
To make matters worse, my primary laptop is a 5 year old HP, that
judging from the keyboard, my kids have evidently been using to make
peanut butter sandwiches.

Nevertheless ,a laptop is not appropriate for my case because there
are many times I need to compile applications that may take up to 30
minutes on a high end workstation, and this would be a major drain on
battery life.
Other times (most frequent use case actually), I need to have a ready
to go glassfish, jboss or tomcat environment and need to be able to
basically run a full fledged enterprise system so I can demo
something.
Again, neither of these are tasks that would be very good uses for a laptop.

The other major concern is security.  i.e. What happens if the laptop
is stolen?  Not only would I lose my work, but client data might be
put at risk.
The final problem I need to address is customs. What happens should
they decide to clone the laptop's drive and further risk exposing
sensitive information.

I solved many of these problems by running VNC to my desktop, but it
was slow, especially on DSL or 3g, so then I moved to VNC on an AWS
instance.
However the VNC protocol is horribly insecure and it left me feeling
naked and exposed.

I mentioned this on the list and someone asked why not use VNC over an
SSH tunnel.
I tried this, but in the end the latency was terrible.

So I contacted a friend of mine who still works for a company I used to work at.
He's a sysadmin and deals alot with sales people and others who need
to travel internationally.

He mentioned I should try RDP because it is moderately secure if
configured properly and it's pretty quick because it can use
compression.
For some reason there are also more RDP clients than VNC clients and
the RDP clients tend to be more interoperable (this was his reasoning,
not the result of any actual research on my part).

That discussion set me down a path and here is what I've now got running.

I have an AWS instance (Ubuntu 12.04)  with X11 installed, it's
running XRDP with encryption and compression set to maximum.
I have a Tomcat instance running Guacamole over SSL.

This forces the RDP connection to also tunnel over SSL.
In fact, I'm considering turning off encryption on XRDP to provide a
snappier experience (I don't see the point of encrypting RDP on top of
tunneling it over SSL).

I now have an "instant on" completely portable Linux desktop solution
that I can log into from anywhere in the world.
All I really need is a web-browser.  No matter what machine I use,
there is nothing to download or install, because guacamole is an HTML5
based RDP client.
It runs great on every browser I've tried so far and the toughest part
has been getting the web-browser to accept my self signed SSL cert.
That problem could be remedied by actually buying a cert instead of
cheaping out ;)

Because everything is running on the server and not the client, I no
longer have to be concerned about battery life if I need to recompile
an app.
Since it's an actual remote desktop, any apps I have open when I close
the session continue to run unless I explicitly exit the desktop.
This means I don't have to sit around all day waiting on a task to
complete, I can just start it going, close the session and come back
later.

Since it's all running remotely, I don't have to worry about what
would happen, productivity wise, if my laptop came up missing.
Wherever I can find a web-browser and an internet connection I can do my job.

Physical security isn't much of an issue because after 10 minutes of
inactivity it will log out automatically.
As long as I'm not dumb enough to have my browser store my password I
figure the solution is reasonably secure.

It's a really flexible setup too, if I want to run a Windows session I
just need to fire up an AWS Windows instance and point my solution at
it and it would be added to the list automatically.

I have a strong feeling that a setup like this could be commercialized.
Specifically any small business that either has lots of folks who work
remotely, or doesn't have the resources for a fulltime sysadmin.
Another market could be organizations, using older machines that can
no longer run the latest software.
This could help them squeeze a little more life out of those old boxes.

This is NOT a good solution for gaming or streaming live video or
audio, but for any use case where you would just like to pick up where
you left off, it seems to work very well.

Well I'm not here to toot my own horn.  I'm here to determine the
feasibility of commercializing it.  Most likely as a hosted/leased
service.
I see it as being multi-tenant but only at the company level.  That is
to say no more than 1 company per server.  A company could provision
more servers on the fly if they needed it.  But no two companies would
share a server.

I believe that I've taken every available step to secure and stabilize
it including daily automatic encrypted backups to S3.
The S3 buckets back up weekly to glacier.
I've tested a full recovery from glacier and it's very slow, but it does work.

Obviously if the internet goes out or Amazon has an outage this system
is borked during the down time.
I can't do anything about the client side connection going down, but
I've determined that this could be deployed (and probably should be),
to multiple regions (not just availability zones), simultaneously.
A little extra work on a monitor of some sort that checks each region
for a running instance in other regions and fires up new ones if the
old ones go down should solve the Amazon outage issue.

I've tried the setup on servers in regions such as Singapore, Virginia
and N California, and latency is acceptable in the US, it does suck
pretty bad if you're trying to remote to a server on the other side of
the planet.
To address that issue I'm currently working out a way to migrate a
single desktop instance to the region closest to the end user (for the
sake of latency), but that's probably going to be out of my league
right now.

Oh yeah one more thing, the solution comes with dropbox & insync
pre-installed (but not configured) and /home/username/documents is a
symlink to the dropbox folder, so availability of data during a "cloud
outage", shouldn't be a significant issue.

I'd like to pick the brains of the good folks on the list and make
sure I've at least accounted for every reasonable contingency before I
make any effort at commercialization.
If anyone wants to demo this before providing feedback, let me know
and I'll create a login for you and send a link.
I could sure use some willing guinea pigs ;)

Thanks in advance!


More information about the PLUG mailing list