--- myst: html_meta: "description lang=en": "Configuring Kasm Workspaces in a multi server deployment to forward sessions directly to the Agent running the containers." "keywords": "Kasm, How to, How-to, Enhancements, Direct to Agent, Multi Server" "property=og:locale": "en_US" --- ```{title} Direct To Agent ``` # Direct To Agent ## Overview By default, connections to Kasm session are proxied through the Web App role to the Agent role. This works well in most situations, and reduces complexity. In some situations it may be desired have users make connections directly through the agent instead of being proxied through the Web App. ```{figure} /images/direct_to_agent/workflows.png :align: center **Connection Workflows** ``` In order to utilize the Direct to Agent workflow, the following requirements must be met. - Kasm Workspaces is installed in a multi-server configuration. - All Web App and Agent servers must be resolvable via DNS by clients and all Kasm role servers and must be registered within the same domain eg. {code}`app-1.kasm.example.com` {code}`agent-1.kasm.example.com`. - Clients and Kasm role servers must be able to connect to the Agent and Web App addresses (as resolved by DNS) via HTTPS. - All Web App and Agent servers must have valid certificates trusted by the clients. See {doc}`Certificates ` for configuration details. These instructions assumes starting from a working multi-server install. ## Agent Update In this section we will configure the Agent's to utilize their DNS name when registering to the Workspaces system. - Stop the services on the Agent ```Bash sudo /opt/kasm/bin/stop ``` - Update the {code}`public_hostname` value in {code}`/opt/kasm/current/conf/app/agent.app.config.yaml` the the public DNS name of the Agent eg {code}`agent-1.kasm.example.com` ```Bash vi /opt/kasm/current/conf/app/agent.app.config.yaml ``` - Start the services on the Agent ```Bash sudo /opt/kasm/bin/start ``` - Log into the Workspaces UI as administrator. Select **Infrastructure** -> **Docker Agents**. Verify the Agent is checking in as the proper DNS name. - Repeat these steps for all Agents. ## Application Settings - Log into the Workspaces UI as an administrator - Select **Infrastructure** -> **Zones** then select **Edit** next to the applicable Zone. - Uncheck **Proxy Connections**. Click Save. ```{figure} /images/direct_to_agent/proxy_connections.webp :align: center **Zone Configuration** ``` - From the Admin panel select **Settings** -> **Global** - Set **Kasm Authorization Domain** to the parent domain of the Web App and Agent servers. eg {code}`kasm.example.com`. ```{figure} /images/direct_to_agent/auth_domain.webp :align: center **Auth Domain** ``` - Restart the services on all Web App servers ```Bash sudo /opt/kasm/bin/stop sudo /opt/kasm/bin/start ``` ## Testing - Log out of the Workspaces UI. - In a new Incognito browser window log into the Workspaces UI. - Open the browser developer tools and navigate to the Network tab. Enter {code}`vnc.html` into the filter. - Launch a new session. The Url in developer tools should have the Agent's address as the domain ```{figure} /images/direct_to_agent/developer_tools.png :align: center **Developer Tools** ```