[
https://issues.apache.org/jira/browse/GUACAMOLE-2044?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17935750#comment-17935750
]
Maurice Snoeren commented on GUACAMOLE-2044:
--------------------------------------------
I hope someone could support me so now and then. Especially, to find out how to
implement certain functionality. For example, give some directions where to
look and what is required to be changed. Sometimes the design of the
application is not yet fully clear to me. Currently, I am busy with the
Guacamole-client and I am working on the following functionality that I would
like to add:
* Add data-diode configuration to the web front end and the underlying Java
classes (GuacamoleProxyConfiguration), so the correct GuacamoleSocket can be
created. The configuration consist of three mandatory values that all are
required to be filled:
** Sending data-diode: UDP host and UDP port
** Receiving data-diode: UDP port (to listen to incoming connections)
* Add the new data-diode GuacamoleSocket with the name DDGuacamoleSocket
including the development of
** GuacamoleReader for the DDGuacamoleSocket with the name DDGuacamoleReader
while UDP does not have stream readers like TCP does.
** GuacamoleWriter for the DDGuacamoleSocket with the name DDGuacamoleWriter
while UDP does not have stream readers like TCP does
** Do I forget something to implement a new connection type to connect with
guacd?
* Implement that based on the proxy settings the DDGuacamoleSocket will be
instantiates and used to communicate with guacd.
** I see multiple places where the GuacamoleSockets are instantiated, namely
in *extensions auth-json* in the *ConnectionService.java* class and in the main
guacamole source {*}SimpleConnection.java{*}.
** What is the best approach to make sure the DDGuacamoleSocket is
instantiated?
> Secure remote access for critical networks using data-diode architecture
> ------------------------------------------------------------------------
>
> Key: GUACAMOLE-2044
> URL: https://issues.apache.org/jira/browse/GUACAMOLE-2044
> Project: Guacamole
> Issue Type: New Feature
> Components: guacamole, guacd
> Reporter: Maurice Snoeren
> Priority: Minor
> Labels: security
> Attachments: guacamole_data_diode_design.png,
> guacamole_data_diode_native_design.png
>
>
> To create remote access for critical networks and systems, it would be nice
> to be able to communicate over a data-diode infrastructure. Data-diodes
> provide a physical (or hardware enforced) network isolation between networks.
> The current design idea is to put the data-diodes between the Guacamole
> client and the guacd server.
> Currently, I am already busy with a data-diode implementation apart from the
> Guacamole. This can be found on
> [https://github.com/macsnoeren/guacamole-datadiode.] I am still in testing
> phase and will shortly test this out in a production environment. I have
> added a global design picture in the attachment. However, it would be nice if
> the Guacamole project would natively support the use of a data-diode
> architecture.
> This new feature can be implemented due to the great work of the Guacamole
> protocol. A text-based streaming protocol that can be easily validated and
> send over UDP-channels. How it would work with SSL is not yet thought of.
> First step is to get it to work in my proof-of-concept.
> Today I had a look to the source code of the Guacamole project and build the
> Guacamole client. Got some ideas and created a global design for the native
> support to the Guacamole project concerning data-diodes. I also attached that
> image to this ticket.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
