.. title:: Direct To Agent Direct To Agent =============== Overview -------- By default, connections to Kasm session are proxied through the WebApp role to the Agent role. This works well in most situations, and reduces complexity. In some situations it may be desired have users make connections directly through the agent instead of being proxied through the WebApp. .. figure:: /images/direct_to_agent/workflows.png :width: 100% :align: center **Connection Workflows** In order to utilize the Direct to Agent workflow, the following requirements must be met. * Kasm Workspaces is installed in a multi-server configuration. * All WebApp and Agent servers must be resolvable via DNS by clients and all Kasm role servers and must be registered within the same domain eg. :code:`app-1.kasm.example.com` :code:`agent-1.kasm.example.com`. * Clients and Kasm role servers must be able to connect to the Agent and WebApp addresses (as resolved by DNS) via HTTPS. * All WebApp and Agent servers must have valid certificates trusted by the clients. See :doc:`Certificates ` for configuration details. These instructions assumes starting from a working multi-server install. Agent Update ------------ In this section we will configure the Agent's to utilize their DNS name when registering to the Workspaces system. * Stop the services on the Agent .. code-block:: Bash sudo /opt/kasm/bin/stop * Update the :code:`public_hostname` value in :code:`/opt/kasm/current/conf/app/agent.app.config.yaml` the the public DNS name of the Agent eg :code:`agent-1.kasm.example.com` .. code-block:: Bash vi /opt/kasm/current/conf/app/agent.app.config.yaml * Start the services on the Agent .. code-block:: Bash sudo /opt/kasm/bin/start * Log into the Workspaces UI as administrator. Select **Agents**. Verify the Agent is checking in as the proper DNS name. * Repeat these steps for all Agents. Application Settings -------------------- * Log into the Workspaces UI as an administrator * Select **Zones** then select **Edit** next to the applicable Zone. * Uncheck **Proxy Connections**. Click Submit. .. figure:: /images/direct_to_agent/proxy_connections.png :width: 90% :align: center **Zone Configuration** * From the Admin panel select **Settings** * Set **Kasm Authorization Domain** to the parent domain of the WebApp and Agent servers. eg :code:`kasm.example.com`. .. figure:: /images/direct_to_agent/auth_domain.png :width: 90% :align: center * Restart the services on all WebApp servers .. code-block:: Bash sudo /opt/kasm/bin/stop sudo /opt/kasm/bin/start Testing ------- * Log out of the Workspaces UI. * In a new Incognito browser window log into the Workspaces UI. * Open the browser developer tools and navigate to the Network tab. Enter :code:`vnc.html` into the filter. * Launch a new session. The Url in developer tools should have the Agent's address as the domain .. figure:: /images/direct_to_agent/developer_tools.png :width: 90% :align: center