Comparing Apache Guacamole & Awingu
Awingu has a built-in RDP to HTML5 gateway. No wonder that we get compared to Apache Guacamole from time to time. In this blog we’ll have a look at what Guacamole is and how it compares to Awingu.
Apache Guacamole is a client-less remote desktop gateway. It supports standard protocols like VNC, RDP, and SSH. It is client-less in the sense that it delivers apps (or desktops) in HTML5 when Guacamole is installed on the back-end. Apache Guacamole is a free and open-source platform that is maintained by the Apache community.
As a free open-source tool, it got a nice basis of fans; from home-users to businesses to software companies. The latter embed Guacamole in their products (VPN and firewall vendors for example; even if most of them will be secretive about it).
How can they be compared exactly?
Awingu does not rely on Apache Guacamole
For starters, lets be clear about this: Awingu does not use (build on, rely on, …) Apache Guacamole. Awingu uses its own proprietary HTML5 gateway. I frequently hear the false claim that Awingu used Guacamole… and while this is true for a number of competitors in our space, it is certainly not for Awingu.
Awingu is a commercial product
Secondly, Awingu is a commercial product with a commercial organization around it. So this means we have extensive product documentation, technical support, technical trainings, commercial models for channel partners, contractual obligations, etc. That obviously means we sell our product and don’t offer it for free. I guess that’s the first big difference. Who will you call when you have a problem? What happens when there are security vulnerabilities identified? And so on.
This also extends into the organization behind Awingu. We are a very security and compliance focused organization, e.g. we are ISO27001 certified. I need of course to be very cautious as there is no such thing as absolute security: we continuously get pen-tested (by customers, internally and by neutral third parties) and always pass the bar, moreover our roadmap is very security / Zero Trust focused (with capabilities such as MFA, SSL, context awareness, usage audit, …). Apache Guacamole has been hit by a pretty severe vulnerability in July 2020. Since then, 5 other CVEs (Common Vulnerabilities and exposures) have been identified (and fixed!)
Furthermore, it means that we not only have a wide channel ecosystem with trained and certified engineers that covers big parts of the globe; but also that we have a set of tested technology partnerships (e.g. BlackBerry, OpsWat, IdenProtect, …) that extend and complement the Awingu perimeter.
Differences on technology level
Thirdly, if we take a look at the technology perspective there are also some obvious (and less obvious) differences. Awingu was built with the idea that it should be simple to deploy and work with, for Windows or Linux admins. I think its not a false statement to claim Guacamole has most fans in the Linux and open-source communities.
Now, let’s take a deeper look in the architecture and features (this will not be an exhaustive list, but I try to list the main differences):
- HTML5 gateway & Protocols supported: Guacamole supports SSH, VNC and RDP. From that list, Awingu supports RDP. However, Awingu also supports WebDAV as well as CiFS and further Awingu’s built-in reverse proxy supports web applications.
- Similar(ish) features for published applications:
- HMTL5 access (browser-based access)
- Virtual keyboard
- Virtual (pdf) printer
- Session sharing and session recording
- MFA TOTP built-in, incl. support for RADIUS
- Also similar to Awingu, Guacamole is not built to render highly graphical applications (e.g. 3D rendering), video or run video/voice calls
… and some differences:
- File server access:
- Awingu includes access to file servers via WebDAV or CIFS via the Awingu ‘files’ section. Files can be opened from Awingu ‘files’ with associated published applications
- Via Awingu files, one can also ‘share’ files (large or small) similar to the functioning of WeTransfer (with the exception that you don’t need to upload your file(s) into a 3rd party cloud)
- Awingu comes with a built-in Reverse proxy to enable access to (internal) web applications without the need for RDP (nor RDS CALs)
- I’m too biased to judge on the intuitiveness and look and feel of the workspace front-end. I’m not going to comment on it
- Multi-monitor capabilities in Awingu are better developed with multiple options (more on this feature)
- Smartcard support (in-app usage): Awingu can support the use of smartcard (e.g. eID card) within applications (e.g. reading an eID card info) with the support of its RAH (Remote Application Helper). The RAH is the only exception in Awingu’s HTML5 centric story. The RAH is an agent that needs to be installed on the local computer (Windows, MacOS or Linux). Guacamole does not support in-app usage.
- Security & compliance: Awingu also comes with…
- built-in Context Awareness capabilities (e.g. based on location or IP address as context)
- built-in usage audit and anomaly detection (which can be hooked-up into a SIEM)
- Single Sign-On (SSO) capabilities over SAML or OpenID Connect without vaulting passwords in the Awingu appliance. Guacamole does support SSO, but leverages password caching. We believe the Awingu setup is more secure.
- SSL encryption built-in
- Also, from an architecture perspective there are differences:
- Awingu is delivered as a virtual appliance, while Guacamole requires installing multiple services (or multiple docker containers which require to be linked). We believe the virtual appliance does not only offer significant benefits in speed of deployment but especially stands out in simplicity.
- Inside the Guacamole Server, Guacamole will behave different than Awingu as it leverages in an internal translation protocol (RDP Guacamole protocol HTML5) while Awingu does not. This makes Awingu a more resource optimized HTML5 gateway (but obviously, Awingu runs a lot of other services on the same virtual appliance).
- Awingu can enable HA (High Availability). In a multi-node deployment, Awingu can fail-over between nodes when issues arise.
- Awingu comes with out-of-the-box multi-tenancy.
So, Guacamole vs. Awingu? A lot of similarities, but even more differences. This blog post is based on our knowledge of Guacamole – which might not be complete, we don’t pretend to be Guacamole experts – and takes a deeper look into those elements that we hear our customers mostly talk about.
Speaking of those Awingu customers, could be interesting to know that they are typically part of these following groups:
- Organizations (public or private) that enable:
- Work from Home
- Contractor Access
- Secure intra-network access
- Cloud/managed service providers that offer their customers a digital workspace
- ISVs (making legacy applications available in the browser, just like SaaS)
About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.
Awingu produces a browser-based Unified Workspace solution. It allows users to work and collaborate from virtually anywhere using any device compatible with HTML5 browsers. As a turnkey solution, Awingu offers businesses the ease and convenience of platform-independent mobility and offers everything you need to stay productive: legacy and cloud applications, documents and data. Awingu requires zero configuration and zero client software installation, making IT administration extremely simple.
Ceeyu provides a cloud-based analysis of a company’s digital presence, outside-in. This posture analysis displays all IT assets visible to any internet user, including malicious ones applying a similar analysis to gather intelligence to determine their attack paths. Ceeyu aims to quickly expand its intelligence gathering, support to standardize the results and automate the analysis to minimize its cost and provide continuously near real-time posture analysis.
Toreon is the largest Flemish originated cybersecurity expert services company. Grown from a team of specialized professionals, the company expanded rapidly organically. Toreon analyses the cybersecurity posture from the inside-out. A cybersecurity analysis can quickly require between 100 and 200 different scans that need to be executed, resulting in information that requires analysis. To optimize its services to its customers, but also to optimize the internal expert resources, Toreon has started to automate these analyses, but aims to further expand this process automation and by adding automated intelligence.
About VUB Labs
The VUB Software Languages Lab and the VUB Artificial Intelligence Lab are both innovative engineering departments from one of the leading Flemish universities in Belgium. Both have a long-standing scientific and industry-supporting background. Their expertise from the domain of applying AI-based automation and fuzzing technologies will be supporting the technology companies throughout the two-year project.
LSEC, an industry association that celebrates its 20th anniversary in 2022 will be focusing on the standardization work for automated postures, in relation to third party risk management analysis and relaying to developing industry standards in the US and EU. For more information, please contact Ulrich Seldeslachts, MD LSEC, Sebastien Deleersnyder, CTO Toreon, or any of the industry and scientific partners.