In our daily lives, we must deal with a wide range of challenges that arise in our workplace. As an independent developer, I am concerned with designing secure code, optimizing application speed, and hunting and fixing bugs. But what if, when searching for something on the Internet, I accidentally click on a site that steals my session or downloads ransomware or malware? That is beyond frustrating. Isn’t that right? Every day, I’m sure firms of various sizes have the same difficulty. What if one of their employees accidentally downloads malware in the workplace? Kasm Workspaces, on the other hand, attempts to solve the same problem to a large extent.

How Kasm Workspaces work?

To be honest, there isn’t much to say about it other than imagine how easy we can launch docker containers on a remote server and access them from our local terminal. It’s the same thing, but with Kasm Workspaces, we can run graphical applications such as Discord, Google Chrome, Brave browser, Edge, even an entire Ubuntu desktop environment, or Kali Linux with the click of a button and access it in our web browser. Each container we deploy is referred to as a session. These sessions are done in isolation, so they have no effect on our local computer or network. You can launch your own demo session here if you want to see how a session works. Kasm will start a 3-minute session for you.

Kasm Workspaces and Docker Containers

Kasm Workspaces do not exist independently of Docker containers. Actually, Kasm builds the image with docker technology and serves it graphically in the web browser with KasmVNC, a highly specialized VNC server package. It takes about 3-6 seconds to start a session. You can do anything in the session once it is launched. Everything from listening to music to analyzing malware is simple and secure.

Customized Docker images

Docker technology is used in the software, although not all Docker images can be deployed as Kasm Workspace. Developers have created customized Docker images that include all of the tools needed to run a session. There are images for all of the common tasks we need to perform on a daily basis, such as images for web browsers (Google Chrome, Chromium, Firefox, Tor Browser, and Edge), Signal, Discord, Zoom, Telegram, and other communication apps, Ubuntu, Kali Linux, CentOS, and other operating systems, and so on. The complete set of images provided by Kasm can be found here. However, the developers have also given an Ubuntu core image that we may use as a base to create our own customized images using Dockerfile. For example, because the sessions are intended to be transitory, there is no root access and hence no ability to install further apps in most of the images provided by the developers. We can create our own custom image by using the Ubuntu core image provided by Kasm.

Firefox and Chrome extension

Isn’t it inconvenient to create a new session merely to click on a potentially harmful link? A session took about 3-5 seconds to launch on a server with 4 cores and 8GB of RAM. Furthermore, we can leverage a browser plugin developed by Kasm technologies to perform actions such as opening a potentially harmful link in a Kasm session. After installing and configuring the extension in a web browser, we can right-click any link and select “Open in Kasm Workspaces” to open the link in the web browser and instantly start a session.

How to setup Kasm Workspaces?

For an application like Kasm, one needs consider performing numerous actions in order to fully install and configure the software on the server. But it’s actually quite simple. Kasm provides images for all major Linux distributions, including Ubuntu, Debian, CentOS, Oracle Linux, and Red Hat. Hardware requirements include a minimum of two cores of CPU, 4 gigabytes of memory, and a 50GB SSD. The script we’ll use to install Kasm will also install Docker from the repository of your distribution. If you have previously installed Docker, it will skip the docker installation. In order for the sessions to work over HTTPS, the server instance must have opened port 443. Another suggestion is to set up a swap space. In the event that the server RAM runs out of space, Kasm will use the swap space. To learn how to build swap space on Linux, click here. Once you’ve met all of the prerequisites, download the script and execute it to automatically install and configure everything. The script can be downloaded from the Kasm download page. I won’t post a direct link because it will change over time. The package can be downloaded in the server’s /tmp directory.

cd /tmp

Right-click the Download button on the Kasm download page and copy the link. Replace the URL in the following command with the URL you just copied.

wget https://kasm-static-content.s3.amazonaws.com/kasm_release*.tar.gz

Extract the downloaded archive and run the script –

tar -xf kasm_release*.tar.gz sudo bash kasm_release/install.sh

The installation starts only if the agreement is accepted. Press Y and hit Enter to accept the license agreement. The installation will now begin. It will download and install all of the necessary dependencies and Docker images. This could take up to 15 minutes, depending on the server’s internet speed. When finished, you should see Kasm UI Login Credentials. Securely copy the credentials. The installer creates an admin user and a standard user by default. Now launch a web browser and navigate to the server’s IP address. For instance, I set up a demo server on a server with the IP address 34.125.140.11. As a result, the Kasm UI is available at https://34.125.140.11. When you access it for the first time, your browser will display a warning about a self-generated SSL certificate. If you’re using Google Chrome, go to ‘Advanced’ and then ‘Proceed to…’. Click ‘Advance’ and then ‘Accept the Risk and Continue’ in Firefox. And that is it. You will now see Kasmweb login screen. The first two credentials from the credentials you copied earlier are what we may use to connect here. As previously stated, the first set of credentials is for an admin user generated by the installer, and the second set is for a client or normal user (no admin privileges). If you log in as an administrator, you will be taken to the admin dashboard. The admin dashboard displays the server’s usage statistics, such as the number of created sessions, failed logins, maximum active users, and so on. The dashboard also displays the sessions that are being produced in descending order of usage. To access the Workspace area, click the Workspaces link in the top navigation bar. This is where all of the active images that can be used to create sessions are listed. Kasm activates 23 images by default, but there are more. Navigate to Admin > Images. More disabled images, such as Kali Linux, can be found here. To enable any image such as Kali Linux, click three dots next to Kali Linux and click ‘Edit’. Now drop down to where you see the Enabled checkbox, mark it enabled, and click ‘Submit’ to save the changes. Now you should see Kali Linux listed in the Workspaces area.

Launch a new session

To create a new session, click the image from the Workspaces area and click “Launch Session”. And your session is ready. Use the Kasm Toolbar on the left of the screen to control basic operations such as session audio, microphone, clipboard, and so on. Once you are done, you can delete the session by clicking the bin icon from the toolbar. Confirm the deletion in the popup and that is it. Kasm’s community version allows you to create as many users as you need (for personal use only). Kasm licence is required for commercial use. To create a user, navigate to Admin > Users, where you will get a list of all existing users. You may disable, delete, edit, and add new users from this page. As an added degree of protection, you can force the user to set up two factor authentication. Explore the admin area to see what elements of the platform can be changed. There are far too many possibilities for customizing the platform, the majority of which are simple for personal usage. If you need assistance with any of the settings, please see the documentation page or let me know in the comments area below.