Kasm: A secure computing platform

6 min read
Kasm: A secure computing platform

Kasm: Disposable Secure Browser or Desktop
Kasm - Web Accessible Browser/Desktop Provides Security, Disposability, and Accessibility

What is Kasm?

According to its web site...

Kasm is a cheap, scalable method of providing a remote desktop, or a sandboxed web browser onto an infrastucture from a remote host without the need of a VPN or installing clients on a PC.

With the joy of 2020 lockdown still being a thing at the time this post written, and people have been working from home for most of the year. The long term security implications of this are not lost on IT staff..

Kasm is looking to provide a simple, secure remote access solution for small businesses.

Its not going to be for everyone, I thinks that's pretty evident, its not providing a Microsoft Windows Desktop experience and to be honest, does it need to any more? Its providing a desktop or a web browser window which is run from the businesses platform, with the added security that brings. With most of what we do being web based these days. For those situations this is a really interesting tool.

What resources do I need?

The server resources needed to run this scale with users, the more users and services you add, the more resource the systems Kasm runs on will need.

In this blog i'm going to install a single box install (it will scale horizonally as well) and the site suggest the following base resources

CPU - 2 cores
Memory - 4GB
Storage - 30GB (SSD)

I installed on pretty much this with 320Gb of disk space on Ubuntu 20.04

Install Kasm

The install is really simple, its a precreated script which sets up a docker environment and everything you need including secure creds to get the single box install running.

The Docs for Install can be found here.

Getting Started — Kasm 1.7.0 documentation

Resource Allocation

Administrators can configures Kasms to provision with with any amount of cpu or memory allocations by editing the in the Kasm Image Settings . However, even a host with more than enough system memory can run into stability issues without enabling a swap partition. For this reason, the Kasm installation requires a swap partition to be present.

Install Swap partition for best stability of end user Kasms. For additional details on docker resource constraints see the folowing link: Docker Resource Constraints

Creating A Swap Partition

For general information on swap partitions check out the Ubuntu Documentation

The following steps will create a 1 gigabyte (1g) Swap partition. It is recommended to allocate 1 gigabyte per concurrent Kasm you expect to run at any given time. Please adjust according to your needs.

sudo fallocate -l 1g /mnt/1GiB.swap 
sudo chmod 600 /mnt/1GiB.swap 
sudo mkswap /mnt/1GiB.swap 
sudo swapon /mnt/1GiB.swap

Verify swap file exists

cat /proc/swaps

To make the swap file available on boot

echo '/mnt/1GiB.swap swap swap defaults 0 0' | sudo tee -a /etc/fstab


cd /tmp 
tar -xf kasm_release*.tar.gz 
sudo bash kasm_release/install.sh


If you would like to run the Web Application on a different port pass the -L flag when calling the installer. e.g sudo bash kasm_release/install.sh -L 8443

Install Complete

Once the installation is complete the following login details will be displayed, save these somewhere

Installation Complete

Kasm UI Login Credentials

   username: admin@kasm.local
   password: MXbRtmBSxUN
   username: user@kasm.local
   password: 9Zg2sHVWem1

Kasm Database Credentials
   username: kasmapp
   password: tqtS9F27HesI9c

Kasm Redis Credentials
  password: mk0r25vZzICroGTPyW52

Default Login

  • Access the Web Application running on port 443 at https://<WEBAPP_SERVER>
  • Log into the Web Application as the Administrator using the default credentials produced during the install.
By default, the Administrators group has a 2 hours daily usage limit defined. This can be changed or removed by altering the usage_limit  Group Setting on the Administrators group.

Setup Kasm

Logging in as administrator takes you to a pretty standard Admin page with a dashboard view.

The first thing I did with my test install is to setup SAML Single Sign on with my Gsuite account

Google GSuite SAML Setup — Kasm 1.7.0 documentation

Which even with my KASM install not being public internet facing lets me login using my GSuite account.

This worked first time and shows how good the instructions are with the product.

Other Useful setup guides include

Persistent Data — Kasm 1.7.0 documentation
Deployment Zones — Kasm 1.7.0 documentation

Using Kasm

Once the users and groups are setup, out of the box Kasm comes with 5 Kasm Images (which are docker images)  which are split into


  • Kasm Desktop - A light browser based desktop with Firefox installed
  • Kasm Desktop Delux - A fully stacked desktop with Microsoft Teams, Slack, Nextcloud (Built as a demo)

These Desktops will stay open even when you log off Kasm, however if the desktop is killed by the Administrator the data in the container by default is lost.  It is possible to map data out to a central server using the persistant data link above.

Both Desktops have a config menu on the left side


The Application examples like the Desktop are Docker based Images and create a sandboxed version of each of these browsers.

  • Kasm Firefox
  • Kasm Chrome
  • Kasm Tor Browsder

As an application the browser again opens within your preferred browser, so in this example I've got Firefox running on KDE Plasma. I opened the Kasm Chrome sandboxed browser and that opened in the browser window.

Like the Desktops the Applications have the same config options to a menu on the left.

Files can be copied up and down from the Desktops of Apps using this menu and as an administrator you get a complete audit of almost everything uploaded, downloaded, Shared when the Mic/Video is launched and what is copied to the clipboard.

Creating Custom Kasm Images

Images — Kasm 1.7.0 documentation

Its very obvious that while out of the box there are some very useful examples of Kasm Images to run and they do provide useful functionality (well they do for me at least)

The true power of Kasm is being able to create your own custom desktop or sandboxed apps.

I'll be looking into how to deliver these over the next few weeks and see what is needed to create a desktop with the Apps i use daily as a Linux user.

There is no doubt about it, this is really cool tech.

Its useful tech and in todays workspaces where the browser and a handful of apps which are more and more getting Linux versions or seriously usable alternatives (OnlyOffice, Nextcloud)

The Auditability is a great feature for those companies increasing home users and the fact i can run this without being internet facing (over vpn), or being internet facing connecting my login to Gsuite or Office365 is a great feature.

Personally out of the box having the Documents folder of a desktop linked directly to my personal Nextcloud server. Use Teams, OnlyOffice Remmina and Slack makes having a disposable desktop which will stay open between sessions or be killed and start again quickly means I can use this as is out of the box.

I'm going to spend some time building my own desktop Image and see how easy that is..

I like this tech.

Tech Blog Posts - David Field