How to compare Apache Guacamole & Awingu?
Awingu has a built-in RDP to HTML5 gateway. No wonder that we get compared to Apache Guacamole from time to time. In this blog we’ll have a look at what Guacamole is and how it compares to Awingu.
Apache Guacamole is a client-less remote desktop gateway. It supports standard protocols like VNC, RDP, and SSH. It is client-less in the sense that it delivers apps (or desktops) in HTML5 when Guacamole is installed on the back-end. Apache Guacamole is a free and open-source platform that is maintained by the Apache community.
As a free open-source tool, it got a nice basis of fans: from home-users to businesses to software companies. The latter embed Guacamole in their products (VPN and firewall vendors for example; even if most of them will be secretive about it).
What are the differences between Apache Guacamole & Awingu?
Does Awingu rely on Guacamole?
For starters, lets be clear about this: Awingu does not use (build on, rely on, …) Apache Guacamole. Awingu uses its own proprietary HTML5 gateway. I frequently hear the false claim that Awingu used this open-source tool … and while this is true for a number of competitors in our space, it is certainly not for Awingu.
Is Awingu an open-source tool?
Secondly, Awingu is a commercial product with a commercial organization around it. So this means we have extensive product documentation, technical support, technical trainings, commercial models for channel partners, contractual obligations, etc. That obviously means we sell our product and don’t offer it for free. We guess that’s the first big difference. Who will you call when you have a problem? What happens when there are security vulnerabilities identified? And so on.
This also extends into the organization behind Awingu. We are a very security and compliance focused organization, e.g. we are ISO27001 certified. We need of course to be very cautious as there is no such thing as absolute security: we continuously get pen-tested (by customers, internally and by neutral third parties) and always pass the bar.
Moreover our roadmap is very security / Zero Trust focused (with capabilities such as MFA, SSL, context awareness, usage audit, …). Apache Guacamole has been hit by a pretty severe vulnerability in July 2020. Since then, 5 other CVEs (Common Vulnerabilities and exposures) have been identified (and fixed!)
Furthermore, it means that we not only have a wide channel ecosystem with trained and certified engineers that covers big parts of the globe; but also that we have a set of tested technology partnerships (e.g. BlackBerry, OpsWat, IdenProtect, …) that extend and complement the Awingu perimeter.
How is Guacamole different than Awingu?
Thirdly, if we take a look at the technology perspective there are also some obvious (and less obvious) differences. Awingu was built with the idea that it should be simple to deploy and work with, for Windows or Linux admins. We think its not a false statement to claim Guacamole has most fans in the Linux and open-source communities.
Now, let’s take a deeper look in the architecture and features (this will not be an exhaustive list, but we’ll try to list the main differences):
What are the similarities?
HTML5 gateway & Protocols supported
Guacamole supports SSH, VNC and RDP. From that list, Awingu supports RDP.
However, Awingu also supports WebDAV as well as CiFS and further Awingu’s built-in reverse proxy supports web applications.
Similar(ish) features for published applications
HMTL5 access (browser-based)
Virtual (pdf) printer
Session sharing and session recording
MFA TOTP built-in, incl. support for RADIUS
Same restrictions for certain applications
Also similar to Awingu, Guacamole is not built to render highly graphical applications (e.g. 3D rendering), video or run video/voice calls
What are the differences?
File Server Access
Awingu includes access to file servers via WebDAV or CIFS via the Awingu ‘files’ section. Files can be opened from Awingu ‘files’ with associated published applications
Via Awingu files, one can also ‘share’ files (large or small) similar to the functioning of WeTransfer (with the exception that you don’t need to upload your file(s) into a 3rd party cloud)
Built-in reverse proxy
Awingu comes with a built-in Reverse proxy to enable access to (internal) web applications without the need for RDP (nor remote desktop server (RDS) CALs)
We’re too biased to judge on the intuitiveness and look and feel of the workspace front-end. No comment on that one. 😊
Multi-monitor capabilities in Awingu are better developed with multiple options
Smartcard support (in-app usage)
Smartcard support (in-app usage): Awingu can support the use of smartcard (e.g. eID card) within applications (e.g. reading an eID card info) with the support of its RAH (Remote Application Helper).
The RAH is the only exception in Awingu’s HTML5 centric story. The RAH is an agent that needs to be installed on the local computers (Windows, MacOS or Linux). In-app usage is not supported by the free Apache tool.
Relevant to say, further you don’t need to install any plugins or clients to work with Awingu!
Security & compliance
Awingu also comes with interesting capabilities to help you secure your data even more.
built-in Context Awareness capabilities
e.g. based on location or IP address as context access can be disabled for a user (group)
this gives the admin extra control capabilities
built-in usage audit and anomaly detection
which can be hooked-up into a SIEM)
Single Sign-On (SSO) capabilities over SAML or OpenID Connect
without vaulting passwords in the Awingu appliance.
Guacamole does support SSO, but leverages password caching.
We believe the Awingu setup is more secure.
SSL encryption built-in
No local data
Also, from an architecture perspective there are differences:
Awingu is delivered as a virtual appliance, while Guacamole requires installing multiple services (or multiple docker containers which require to be linked).
We believe the virtual appliance does not only offer significant benefits in speed of deployment but especially stands out in simplicity.
Inside the Guacamole Server, Guacamole will behave different than Awingu as it leverages in an internal translation protocol (RDP Guacamole protocol HTML5) while Awingu does not.
This makes Awingu a more resource optimized HTML5 gateway (but obviously, Awingu runs a lot of other services on the same virtual appliance).
Awingu can enable HA (High Availability). This means that in a multi-node deployment, Awingu can fail-over between nodes when issues arise.
Awingu comes with out-of-the-box multi-tenancy.
So, comparing Guacamole vs. Awingu? We see a lot of similarities, but even more differences. This blog post is based on our knowledge of Guacamole – which might not be complete, we don’t pretend to be Guacamole experts – and takes a deeper look into those elements that we hear our customers mostly talk about.
Speaking of those Awingu customers, could be interesting to know that they are typically part of these following groups:
Organizations (public or private) that enable:
Work from Home
Contractor Access (Awingu is a perfect alternative for VPN for example)
Secure intra-network access
Cloud/managed service providers that offer their customers a digital workspace
ISVs (making legacy applications available in the browser, just like SaaS)
About the author
Chief Sales & Marketing Officer