Multi Server Installation

In this example, the Kasm services are installed on different servers within the environment. Depending on the desired use case, these servers can be put in separate network enclaves according to your environment and typical security best practices.

Architecture Roles

The following outlines the Role Service in this architecture. The ports and protocols required for communication are listed to allow for firewalls or filtering devices in your environment

Web App Server(s)

This is the landing point for end users. If end-users access this server from the internet this may be put in a DMZ enclave. This Server includes the following services:

  • Ports / Protocols
    • HTTPS (443)

Database Server

The database server must be accessible by API and Management Services. This Server includes the following services:

  • Ports / Protocols
    • POSTGRESQL (5432)

    • REDIS (6379)

Agent Server(s)

Agents are where end-user Kasms are created. Depending on the desired architecture these may be placed in various locations. The agent must be accessible by the Management and Web App Servers This server includes the following services:

  • Ports / Protocols
    • HTTPS (443)

../_images/multiple_install.png

Ports and Protocols

Source

Destination

Port

Notes

End User

Web App Server

443

Web Application

Web App Server

Database Server

5432,6379

Database Access

Web App Server

Agent Server

443

Agent Instructions

Agent Server

Management Server

443

Check-in, Request Images, Request Authentication

System Requirements

Please review the System Requirements before beginning.

Resource Allocation

Administrators can configures Kasms to provision with with any amount of cpu or memory allocations by editing the in the Kasm Image Settings . However, even a host with more than enough system memory can run into stability issues without enabling a swap partition. For this reason, the Kasm installation requires a swap partition to be present.

Warning

Install Swap partition for best stability of end user Kasms. For additional details on docker resource constraints see the folowing link: Docker Resource Constraints

Creating A Swap Partition

For general information on swap partitions check out the Ubuntu Documentation

The following steps will create a 1 gigabyte (1g) Swap partition. It is recommended to allocate 1 gigabyte per concurrent Kasm you expect to run at any given time. Please adjust according to your needs.

sudo fallocate -l 1g /mnt/1GiB.swap
sudo chmod 600 /mnt/1GiB.swap
sudo mkswap /mnt/1GiB.swap
sudo swapon /mnt/1GiB.swap

Verify swap file exists

cat /proc/swaps

To make the swap file available on boot

echo '/mnt/1GiB.swap swap swap defaults 0 0' | sudo tee -a /etc/fstab

Installation Guide

Follow these steps to setup Kasm on separate servers.

Install Database Server Role

The following steps can be followed to install the Database service on the Database Server

  • Download the latest version of Kasm Server to /tmp

  • Extract the package and execute the installation. Please note the default login credentials produced during the install.

cd /tmp
tar -xf kasm_release*.tar.gz
sudo bash kasm_release/install.sh -b

Install Web App Role

The following steps can be followed to provision the Web App components on a single server. Repeat these steps on additional servers to add redundancy and scalability. Utilize a single public DNS name with multiple public IPs to have DNS load distribute requests to the Web App Kasm server cluster.

For the next steps you need the following information

  • DATABASE_HOSTNAME

    The IP, hostname or FQDN of the Database Server that is resolvable and reachable by the Web App server.

  • DATABASE_PASSWORD

    The database password generated during the installation of the database.

  • REDIS_PASSWORD

    The Redis password generated during the installation of the database.

Before continuing verify this server can access port [DATABASE_HOSTNAME]:5432 and 6379

  • Download the lastest version of Kasm Server to /tmp

  • Extract the package and run execute the installation

cd /tmp
tar -xf kasm_release*.tar.gz
sudo bash kasm_release/install.sh -s -q [DATABASE_HOSTNAME] -Q [DATABASE_PASSWORD] -R [REDIS_PASSWORD]

Default Login

  • Access the Web Application running on port 443 at https://<WEBAPP_SERVER>

  • Log into the Web Application as the Administrator using the default credentials produced during the install.

../_images/login.png

Install Agent Server Role(s)

The following steps can be followed to install the Agent and Proxy services. Repeat this step for any additional servers intended for provision end user Kasms

For the next steps you need the following information

  • MANAGER_HOSTNAME

    The IP, hostname or FQDN of the Web App Server that is resolvable and reachable by the Agent server.

  • AGENT_HOSTNAME

    This IP, hostname, or FQDN of this Agent Server that is resolvable and reachable by the Web App Server. This value will be reported by the Agent Service during check in routines and used by other services to communicate with it.

Before continuing verify this server can access port [MANAGER_HOSTNAME]:443

  • Download the latest version of Kasm Server to /tmp

  • Extract the package and execute the installation

cd /tmp
tar -xf kasm_release*.tar.gz
sudo bash kasm_release/install.sh -a -p [AGENT_HOSTNAME] -m [MANAGER_HOSTNAME]
  • Verify the Agent Service is properly checking into the Manager Service.

sudo tail -f /opt/kasm/current/log/agent.log | grep "Successfully processed heartbeat\|Sending manager request"
  • Verify the Agent Service is receiving “hello” requests from the Manager Service:

sudo tail -f /opt/kasm/current/log/agent.log | grep "hello"
  • If no hello messages are seen the agent likely can’t resolve or connect to [AGENT_HOSTNAME]:443