What is Kasm Workspaces?
Kasm Workspaces is a tool that allows users to create, manage, and access containerized environments through a web browser. It allows users to quickly set up and stream a variety of applications and tools, such as browsers, IDEs, and operating systems, to their local device without the need for local installation.
Kasm Workspaces uses Docker containers to create these environments, which are isolated and self-contained units that include all necessary dependencies and libraries for the applications to run. This allows users to easily switch between different environments and tools without affecting the host system or other environments.
Kasm Workspaces also includes a web-based console for managing and accessing containerized environments and features for collaboration and integration with other tools and services. It is designed to be a powerful and flexible tool for developers, data scientists, and other professionals who need access to a variety of environments and tools for their work.
How does KASM Work?
Kasm uses KasmVNC, an open-source software, to stream the applications to the user’s browser. This allows users to access and use the applications remotely, without exposing their own devices or networks to potential security risks. Applications in Kasm workspaces run in a docker container on the server. The container is streamed to the user’s browser, allowing them to use the applications as if they were running on their own device.
One of the benefits of using Kasm is that it allows users to access their home or business networks and the applications and devices within them remotely, through the secure and isolated environment of a docker container. This can be useful for accessing resources or performing tasks remotely, while also keeping the user’s own device and network safe from potential security risks.
In addition, Kasm allows users to use the IP address of the server on which it is installed, rather than their own when accessing the Internet. This can provide a level of anonymity and may help to protect the user’s privacy.
Minimum requirements to run Kasm Workspaces?
Kasm Services and end-user sessions are Docker containers. Access to the Docker registry is required for installation. Installation is supported on the following operating systems:
- Ubuntu 18.04 / 20.04 / 22.04 (amd64/arm64)
- Debian 9 / 10 / 11 (amd64/arm64)
- CentOS 7 / 8 / 9 (amd64/arm64)
- Oracle Linux 7 / 8 / 9 (amd64/arm64)
- Raspberry Pi OS (Debian) 10 / 11 (arm64)
- For Red Hat Linux, follow this guide.
System Requirements
The server needs to have a least the following resources:
CPU: 2 cores
Memory: 4GB
Storage: 50GB (SSD)
Although these recommended resources are sufficient to run Kasm, it is recommended to provision more resources for tasks such as provisioning end-user sessions, which require additional compute resources as specified in the Workspace configuration. The default Kasm Workspaces are configured to require 2768MB of memory and 2 cores. We have also had better experiences with configurations having better resources than the recommended ones.
End User Requirements
End-users access the Kasm Workspaces via the web UI. Most modern browsers are supported.
Browsers
- Chrome 49+
- Edge 14+
- Firefox 48+
- Internet Explorer 11
- Safari 11+
Caveats
- Audio is not supported on mobile browsers.
- Seamless Clipboard ( Copying and Pasting without using the control panel ) is only supported on Chrome and Chromium-based client browsers.
Swap Partitions.
While the recommended system requirements are sufficient to run Kasm workspaces, it is recommended to install a Swap partition for the best stability of end-user sessions. Swap partitions can be created manually or by supplying the flag
--swap-size
Docker and Docker-Compose
The installer will install compatible versions of Docker and Docker Compose if they are not already present on the machine. This ensures everything works together smoothly.
If Docker and Docker Compose are already installed, the installer will not overwrite the existing installations.
For the best results, install Kasm on a dedicated machine and let the installer handle the Docker and Docker Compose installations. This ensures Kasm has no compatibility issues.
Here are the recommended versions:
docker > 18.06
docker-compose > 2.1.1
How to set up and install Kasm Workspace Server
Kasm can be deployed in two ways:
- Single Server Installation
- Multi-Server Installation
Single Server Installation
This is the quickest and easiest way of deploying Kasm workspaces. As the name suggests, everything runs on a single server. All interior docker communication occurs within the single server and there are no special configurations required. From the above requirements, Kasm can be set up on any Linux server, both on the cloud or a self-hosted server with access to the internet.
Deploying VMs on the cloud is easier and cheaper for those with limited computing resources. The good thing is most providers provide free trials for their services. Here are the links to get free trials.
- AWS – They have a free Tier for up to one year. Students can also get free credits if they sign up using their student email
- Azure – They offer $200 for 30 days. Students can also receive credits if they sign up using their student’s email.
- Digital Ocean – Get $200 free credits to try out in 60 days.
- Linode – Get $00 free credits to try out in 60 days.
- Vultr – Get $100 free credits to try out in 60 days.
You can choose to install kasm workspaces using the standard installer or an offline installer. For those running VMs on the cloud, the standard installer is recommended. For those with slow and unstable internet access, the offline installer is recommended. Here are the steps:
Standard Install
cd /tmp
curl -O https://kasm-static-content.s3.amazonaws.com/kasm\_release\_LATEST\_RELEASE.tar.gz
tar -xf kasm_release_LATEST_RELEASE.tar.gz
sudo bash kasm_release/install.sh --swap-size
Replace LATEST_RELEASE with the latest release from the official Kasm Workspace Documentation found here. For example
curl -O https://kasm-static-content.s3.amazonaws.com/kasm\_release\_1.13.1.421524.tar.gz
Be sure to replace the –swap-size with the actual size, to automatically create the swap file during installation eg 8192 (will create a swap file with 8GB).
Offline Install x86-64
cd /tmp
curl -O https://kasm-static-content.s3.amazonaws.com/kasm\_release\_1.13.1.421524.tar.gz
curl -O https://kasm-static-content.s3.amazonaws.com/kasm\_release\_service\_images\_amd64\_1.13.1.421524.tar.gz
curl -O https://kasm-static-content.s3.amazonaws.com/kasm\_release\_workspace\_images\_amd64\_1.13.1.421524.tar.gz
tar -xf kasm_release_1.13.1.421524.tar.gz
sudo bash kasm_release/install.sh --offline-workspaces /tmp/kasm_release_workspace_images_amd64_1.13.1.421524.tar.gz --offline-service /tmp/kasm_release_service_images_amd64_1.13.1.421524.tar.gz
Offline Install arm64
cd /tmp
curl -O https://kasm-static-content.s3.amazonaws.com/kasm\_release\_1.13.1.421524.tar.gz
curl -O https://kasm-static-content.s3.amazonaws.com/kasm\_release\_service\_images\_arm64\_1.13.1.421524.tar.gz
curl -O https://kasm-static-content.s3.amazonaws.com/kasm\_release\_workspace\_images\_arm64\_1.13.1.421524.tar.gz
tar -xf kasm_release_1.13.1.421524.tar.gz
sudo bash kasm_release/install.sh --offline-workspaces /tmp/kasm_release_workspace_images_arm64_1.13.1.421524.tar.gz --offline-service /tmp/kasm_release_service_images_arm64_1.13.1.421524.tar.gz
Licensing and Activation
If you have an Activation Key it can be passed to the installation script and activation will be completed on your behalf as part of the installation.
Create a file for the Activation Key e.g. activation_key.txt
and paste in the Activation Key you received in your confirmation email. When running the install.sh use the parameter -a or --activation-key-file
so your command might look something like this sudo bash kasm_release/install.sh -a activation_key.txt
.
This will not work with an offline air-gapped install, as Kasm Workspaces must contact an activation server to complete licensing your installation. In a multi-server install, this option only applies to the database role. Need to install Kasm on a different port?
The end-user license agreement can be accepted by adding the following flag to the installation script.
--accept-eula
After the installation is complete, you will be given a set of login credentials. The Default usernames are [email protected] and [email protected]. The passwords will be randomly generated and presented at the end of the installation. Be sure to save the credentials in a secure place, preferably a good password manager.
Kasm Workspaces on Digitalocean
Another easy way of deploying Kasm workspaces is by using the already-made Kasm workspace available on the digital ocean marketplace. Here are the full instructions. You can get Get $200 credits to try out in 60 days.
Multi-Server Installation
In multi-server installation, the Kasm services are installed on different servers within the environment. Depending on the desired use case, these servers can be put in separate network enclaves according to your environment and typical security best practices.
You an find full installation instructions on the official documentation.
Accessing and using the Kasm Workspace Console
In your web browser, navigate to https[:]//[IP address of your server]
, replacing [IP address of your server]
with the actual IP address of your server.
Enter the “admin” login credentials when prompted.
Launch a workspace
- From the Kasm console, go to the “Workspaces” section.
- Select a browser (e.g. Chrome) to launch a containerized browser session. The browser will stream to your computer.
You can use the three dots on the side of a launched workspace to perform different actions
One of the cool features of Kasm Workspaces is the ability to launch a variety of applications and tools from within a containerized environment. This means that you can use Kasm Workspaces to stream applications like GIMP, a terminal, Ubuntu, and even Visual Studio Code to your computer, all from within a Docker container.
This allows you to use these tools and applications without installing them locally on your device and provides an added layer of security and isolation since they are running in a container.
Another useful feature of Kasm Workspaces is the ability to open links in a secure, isolated container. This can be useful for opening links that you are not sure are safe, or for accessing sites that you want to keep separate from your main browsing environment.
To do this, you can install a Kasm Workspaces extension for your web browser, which will allow you to right-click on a link and choose to open it in a Kasm Workspaces container. This can provide an added layer of security and protection for your device, as the containerized environment will isolate any potentially malicious content from your main system.
Installing Kasm Workspace Browser Extension
To install the Kasm Workspaces browser extension, follow these steps:
- Go to the Chrome Web Store and search for “Kasm”.
- Click on “Add to Chrome” to install the extension.
- Once the extension is installed, go to the Chrome extensions page (found by clicking on the puzzle piece icon in the top right corner of the browser).
- In the options, enter the URL for your Kasm server and choose whether you want to open links in a new tab or a new window.
- Go to your Kasm dashboard and click on the profile icon in the top right corner.
- From the profile settings, select the default browser from the dropdown menu (e.g., Chrome or Brave).
It is worth noting that this setting applies to the logged-in user since Kasm allows multiple users to use one instance at a go.
Once the extension is installed and configured, you can use it to open links in a secure, isolated container by right-clicking on the link and selecting “Open link in Kasm”. This will spin up a container in the background and stream the content to your browser. You can also delete the container at any time by clicking on the dots in the top right corner and selecting “Delete session”.
In addition to installing the browser extension, you can also customize your Kasm Workspaces experience by adding additional images and applications. To do this, go to the admin portal and click on the “Images” tab on the left-hand side. From here, you can browse the available images and select the ones you want to add to your Kasm Workspaces. These images will then be available to launch from within your workspace.
Installing Custom Images on Kasm Workspaces
One image that you may want to add is Kali Linux, a popular operating system used for ethical hacking and penetration testing. To add Kali Linux to your Kasm Workspaces, follow these steps:
- Go to the Images tab in the admin portal and locate Kali Linux in the list of available images.
- Click on the dots on the right and select “Edit” to access the image settings.
Check the “Enabled” box to enable the image.
When we launch Kali Linux without any changes, it’s going to log us in as regular users without root access. To log in as root, we have to make a change on the Docker run Config which can do a ton of stuff because it is just like a regular Docker container. Will achieve this using a simple JSON script.
- Scroll down to the “Docker Run Config” section and enter the following:
{"user": "root"}
. This will allow you to log in to the Kali Linux container as the root user, giving you full access to the system. - Click “Submit” to save your changes.
Wait for a couple of minutes for Kali to download the container and do the setup. Once the warning sign disappears from the Kali Linux workspace in the workspaces section. You can now launch Kali and use it.
Once you have added Kali Linux to your Kasm Workspaces, you can launch it from the “Workspaces” tab. When it launches, you can use the "su -"
command to switch to the root user and gain full access to the system. This can be useful for tasks that require administrative privileges, such as installing
Setting Up Web Filtering using Kasm Workspaces
To set up Web Filtering using Kasm Workspaces
- First, log in to your Kasm admin portal and click on the “Users” option on the left side of the screen. Click on “Add User” to create a new user account. Enter the user’s name and set a password for them.
- Repeat the process to add additional users as needed. It’s worth noting that you can use LDAP and SAML for cases of organizations that already have this setup or for people building home labs.
- To set up web filtering, go to the “Web Filter” option on the left side of the screen. Click on “Add Policy” to create a new web filtering policy.
- Give the policy a name and set it to “Deny by Default” if you want to block all websites except for the ones you explicitly allow.
- To allow certain websites, add them to the white list by entering their URL in the “Domain Whitelist” field. To block certain websites, add them to the blacklist by entering their URL in the “Domain Blacklist” field.
- Enable the “Safe Search” option to prevent users from accessing inappropriate content on search engines.
- If you have a licensed version of Kasm, you can also enable the “Categorization” option to block websites based on specific categories.
- Once you’ve set up your web filtering policy, go to the “Images” option on the left side of the screen and select the image you want to apply the policy (e.g. to Brave).
- Click on the icons on the right side of the screen and select “Edit”. Scroll down to the “Web Filter Policy” field and select your policy from the dropdown menu. Click “Submit” to save your changes.
- To test the web filtering, log in to Kasm with one of the user accounts you created and try to access websites that are either allowed or blocked by the policy.
A really handy feature about Kasm workspaces is that admins can see every activity happening on the server including the URLs visited once web filtering is enabled. This is accessible on the admin dashboard.
Kasm Workspace for enterprises
Kasm is a powerful tool for enterprises that want to improve their web browsing security and efficiency. With Kasm, companies can replace their existing beady eye solution, such as Citrix, with a web-native platform that doesn’t require any software installation on endpoints. Kasm’s images are also constantly updated, ensuring that they are always secure and up-to-date.
Additionally, Kasm can be used for DevOps pipelines, allowing companies to test their custom Docker containers or code using Kasm’s secure API. This makes it easier for businesses to spin up new virtual machines and test new applications without worrying about security vulnerabilities. All these features are available in the Kasm Enterprise Edition.
Conclusion
Overall, Kasm is a versatile platform that can help enterprises improve their web browsing security, streamline their DevOps processes, and reduce the complexity of managing software installations on their endpoints. If you haven’t already tried Kasm, now is the time to give it a try and see how it can benefit your business. Make sure to leave a comment below on your experience and also consider subscribing to the newsletter to stay up to date with the latest tips and guides.