VM Provider Configs

Note

This feature requires a special license. Please contact your Kasm Technologies representative for details.

VM Provider Settings

Name	Description
VM Provider Configs	Select an existing config or create a new config. If you select an existing config and change any of the details, those details will be changed for anything using the same VM Provider config.
Provider	Select a provider from AWS, Azure, Digital Ocean, Google Cloud or Oracle Cloud. If you select an existing provider this will be selected automatically.

AWS Settings

A number of settings are required to be defined to use this functionality.

AWS VM Provider Settings

Name	Description
Name	A name to use to identify the config.
AWS Access Key ID	The AWS Access Key used for the AWS API.
AWS Secret Access Key	The AWS Secret Access Key used for the AWS API.
AWS: Region	The AWS Region the EC2 Nodes should be provisioned in. e.g (us-east-1)
AWS: EC2 AMI ID	The AMI ID to use for the provisioned EC2 nodes. This should be an OS that is supported by the Kasm installer.
AWS: EC2 Instance Type	The EC2 Instance Type (e.g t3.micro). Note the Cores and Memory override settings don’t necessarily have to match the instance configurations. This is to allow for over provisioning.
AWS: Max EC2 Nodes	The maximum number of EC2 nodes to provision regardless of the need for available free slots
AWS: EC2 Security Group IDs	A Json list containg security group IDs to assign the EC2 nodes. e.g ["sg-065ae66f2d", "sg-02522kdkas"]
AWS: EC2 Subnet ID	The subnet ID to place the EC2 nodes in.
AWS: EC2 EBS Volume Size (GB)	The size of the root EBS Volume for the EC2 nodes.
AWS: EC2 EBS Volume Type	The EBS Volume Type (e.g gp2)
AWS: EC2 IAM	The IAM to assign the EC2 Nodes. Administrators may want to assign CloudWatch IAM access.
AWS: EC2 Custom Tags	A Json dictionary for custom tags to assigned on auto-scaled Agent EC2 Nodes. e.g {"foo":"bar", "bin":"baz"}
AWS: EC2 Startup Script	When the EC2 Nodes are provision this script is executed. The script is responsible for installing and configuring the Kasm Agent.
SSH Keys	The SSH Key pair to assign the EC2 node

Azure Settings

A number of settings are required to be defined to use this functionality. The Azure settings appear in the Deployment Zone configuration when the feature is licensed.

Register Azure app

We must create an API key for Kasm to use to interface with Azure. Azure call these apps, and we will walk through registering one along with the required permissions.

1. Register an app by going to the Azure Active Directory service in your Azure portal.

   

2. From the Add dropdown select App Registration

   

3. Give this app a human-readable name such as Kasm Workspaces

   

4. Go to Resource Groups and select the Resource Group that Kasm will autoscale in.

   

5. Select Access Control (IAM)

   

6. From the Add drop down select Add role assignment

   

7. The app we created in Azure will need two roles, first select the Virtual Machine Contributor role, then on the next page select the app by typing in the name e.g. Kasm Workspaces

   

8. Go through this process again to add the Network Contributor and the DNS Zone Contributor roles

   

Azure VM Provider Settings

Name	Description
Name	A name to use to identify the config.
Subscription ID	The Subscription ID for the Azure Account. This can be found in the Azure portal by searching for Subscriptions in the search bar in Azure home then selecting the subscription you want to use. (e.g 00000000-0000-0000-0000-000000000000)
Resource Group	The Resource Group the DNS Zone and/or Virtual Machines belong to (e.g dev)
Tenant ID	The Tenant ID for the Azure Account. This can be found in the Azure portal by going to Azure Active Directory using the search bar in Azure home. (e.g 00000000-0000-0000-0000-000000000000)
Client ID	The Client ID credential used to auth to the Azure Account. Client ID can be obtained by registering an application within Azure Active Directory. (e.g 00000000-0000-0000-0000-000000000000)
Client Secret	The Client Secret credential created with the registered applicaiton in Azure Active Directory. (e.g abc123)
Azure Authority	Which Azure authority to use, there are four, Azure Public Cloud, Azure Government, Azure China and Azure Germany.
Region	The Azure region where the Agents will be provisioned. (e.g eastus)
Max Instances	The maximum number of Azure VMs to provision regardless of the need for additional resources.
VM Size	The size configuration of the Azure VM to provision (e.g Standard_D2s_v3)
OS Disk Type	The disk type to use for the Azure VM. (e.g Premium_LRS)
OS Disk Size (GB)	The size (in GB) of the boot volume to assign the compute instance.
OS Image Reference (JSON)	The OS Image Reference configuration for the Azure VMs (e.g {"publisher":"canonical","offer":"0001-com-ubuntu-server-focal","sku":"20_04-lts-gen2","version":"latest"} or {"id":"/subscriptions/000.../resourceGroups/dev/providers/Microsoft.Compute/galleries/development-gallery/images/ubuntu-20.04-custom"}
Image is Windows	Is this a windows VM being created
Network Security Group	The network security group to attach to the VM (e.g /subscriptions/000.../resourcegroups/dev/providers/Microsoft.Network/networkSecurityGroups/example-nsg)
Subnet	The subnet to attach the VM to (e.g /subscriptions/000.../resourceGroups/dev/providers/Microsoft.Network/virtualNetworks/development-vnet/subnets/default)
Assign Public IP	If checked, the VM will be assigned a public IP. If no public ip IP is assigned the VM must ne attached to a standard load balancer of the subnet must have a NAT Gateway or user-defined route (UDR). If a public IP is used, the subnet must not also include a NAT Gateway. Reference
Tags (JSON)	A JSON dictionary of custom tags to assign to the VMs (e.g {"foo":"bar", "bin": "baz"} )
OS Username	The login username to assign to the new VM (e.g testuser)
OS Password	The login password to assign to the new VM. Note: Password authentication is disabled for SSH by default
SSH Public Key	The SSH public key to install on the VM for the defined user: (e.g ssh-rsa AAAAAAA....)
Agent Startup Script	When instances are provisioned, this script is executed and is responsible for installing and configuring the Kasm Agent.
Config Override (JSON)	Custom configuration may be added to the provision request for advanced use cases. The emitted json structure is visible by clicking JSON View when inspecting the VM in the Azure console. The keys in this configuration can be used to update top level keys within the emitted json config (e.g {"location":"eastus"}). Nested items can be updated by using dot notation in the key (e.g {"hardware_profile.vm_size":"Standard_D4s_v3"}) Exiting array elements can be updated by specifying the index in the dot notation (e.g {"os_profile.linux_configuration.ssh.public_keys.0.path":"/home/ubuntu/.ssh/authorized_keys"})

Digital Ocean Settings

A number of settings are required to be defined to use this functionality.

Warning

Please review Tag Does Not Exist Error for known issues and workarounds

Digital Ocean VM Provider Settings

Name	Description
Name	A name to use to identify the config.
Token	The token to use to connect to this VM
Max Droplets	The maximum number of Digital Ocean droplets to provision , regardless of whether more are needed to fulfill user demand.
Region	The Digital Ocean Region where droplets should be provisioned. (e.g nyc1)
Image	The Image to use when creating droplets. (e.g docker-18-04)
Droplet Size	The droplet size configuration (e.g c-2)
Tags	A tag to assign the droplet when it is created. This tag must already exist in the Digital Ocean Account
SSH Key Name	The SSH Key to assign to the newly created droplets. The SSH Key must already exist in the Digital Ocean Account.
Firewall Name	The name of the Firewall to apply to the newly created droplets. This Firewall must already exist in the Digital Ocean Account.
Startup Script	When droplets are provision this script is executed. The script is responsible for installing and configuring the Kasm Agent.

Tag Does Not Exist Error

Upon first testing AutoScaling with Digital Ocean, you may be presented with the error similar to the follow:

 Future generated an exception: tag zone:abc123 does not exist
 traceback:
 ..
 File "digitalocean/Firewall.py", line 225, in add_tags
 File "digitalocean/baseapi.py", line 196, in get_data
 digitalocean.DataReadError: tag zone:abc123 does not exist
 process: manager_api_server

This error occurs when Kasm Workspaces tries to assign a unique tag based on the Zone Id to the Digital Ocean Firewall. If that tag does not already exist in Digital Ocean, the operation will fail and present the error. To workaround the issue, manually create a tag matching the one specified in the error (e.g zone:abc123) via the Digital Ocean console. This can be done via API, or simply creating the tag on a temporary Droplet.

Google Cloud (GCP) Settings

A number of settings are required to be defined to use this functionality. The GCP settings appear in the Deployment Zone configuration when the feature is licensed.

GCP VM Provider Settings

Name	Description
Name	A name to use to identify the config.
GCP Credentials	The JSON formatted credentials for the service account used to authenticate with GCP: Ref
Max Instances	The maximum number of GCP compute instances to provision regardless of the need for additional resources.
Project ID	The Google Cloud Project ID (e.g pensive-voice-547511)
Region	The region to provision the new compute instances. (e.g us-east4)
Zone	The zone the new compute instance will be provisioned in (e.g us-east4-b)
Machine Type	The Machine type for the GCP compute instances. (e.g e2-standard-2)
Machine Image	The Machine Image to use for the new compute instance. (e.g projects/ubuntu-os-cloud/global/images/ubuntu-2004-focal-v20211212)
Boot Volume GB	The size (in GB) of the boot volume to assign the compute instance.
Disk Type	The disk type for the new instance. (e.g pd-ssd)
Customer Managed Encryption Key (CMEK)	The optional path to the Customer Managaged Encryption Key (CMEK) (e.g projects/pensive-voice-547511/locations/global/keyRings/my-keyring/cryptoKeys/my-key
Network	The path of the Network to place the new instance. (e.g projects/pensive-voice-547511/global/networks/default)
Sub Network	The path of the Sub Network to place the new instance. (e.g projects/pensive-voice-547511/regions/us-east4/subnetworks/default)
Public IP	If checked, a public IP will be assigned to the new instances
Network Tags (JSON)	A JSON list of the Network Tags to assign the new instance. (e.g ["https-server", "foo", "bar"])
Custom Labels (JSON)	A JSON dictionary of Custom Labels to assign the new instance (e.g {"foo": "bar", "bin":"baz"})
Metadata (JSON)	A JSON list of metadata objects to add to the instance. (e.g [{"key": "ssh-keys", "value":"user1:ssh-rsa <key contents> user1"}]) Reference
Service Account (JSON)	A JSON dictionary representing for a service account to attach to the instance. (e.g {"email": "service-account@example.com", "scopes":["https://www.googleapis.com/auth/cloud-platform"]}) Reference
Guest Accelerators (JSON)	A JSON list representing the guest accelerators (e. GPUs) to attach to the instance. (e.g [{"acceleratorType":"projects/<project-id>/zones/<zone>/acceleratorTypes/nvidia-tesla-t4","acceleratorCount":1}]) Reference
GCP Config Override (JSON)	A JSON dictionary that can be used to customize attributes of the VM request. The only attributes that cannot be overridden are name and labels (e.g {"shieldedInstanceConfig":{"enableIntegrityMonitoring":true,"enableSecureBoot":true,"enableVtpm":true}} Reference
Startup Script	When instances are provisioned, this script is executed and is responsible for installing and configuring the Kasm Agent.

Oracle Cloud (OCI) Settings

A number of settings are required to be defined to use this functionality. The OCI settings appear in the Deployment Zone configuration when the feature is licensed.

OCI VM Provider Settings

Name	Description
Name	A name to use to identify the config.
User OCID	The OCID of the user to authenticate with the OCI API. (e.g ocid1.user.oc1..xyz)
Public Key Fingerprint	The public key fingerprint of the authenticated API user. (e.g xx:yy:zz:11:22:33)
Private Key	The private key (PEM format) of the authenticated API user.
Region	The OCI Region name. (e.g us-ashburn-1)
Tenancy OCID	The Tenancy OCID for the OCI account. (e.g ocid1.tenancy.oc1..xyz)
Compartment OCID	The Compartment OCID where the auto-scaled agents will be placed. (ocid1.compartment.oc1..xyx)
Max Instances	The maximum number of OCI compute instances to provision regardless of the need for available free slots.
Availability Domain	The availability domain where the OCI compute instances will be placed. (e.g BEol:US-ASHBURN-AD-1)
Image OCID	The OCID of the Image to use when creating the compute instances. (e.g ocid1.image.oc1.iad.xyz)
Shape	The name of the shape used for the created compute instances. (e.g VM.Standard.E4.Flex)
Flex CPUs	The number of OCPUs to assign the compute instance. This is only applicable when a Flex shape is used.
Flex Memory GB	The amount of memory (in GB) to assign the compute instance. This is only applicable when a Flex shape is used.
Boot Volume GB	The size (in GB) of the boot volume to assign the compute instance.
Custom Tags (JSON)	A Json dictionary of custom freeform tags to assigned the auto-scaled instances. e.g {"foo":"bar", "bin":"baz"}
Subnet OCID	The OCID of the Subnet where the auto-scaled instances will be placed. (e.g ocid1.subnet.oc1.iad.xyz)
SSH Public Key	The SSH public key to insert into the compute instances. (e.g ssh-rsa XYABC)
Startup Script	When instances are provisioned, this script is executed and is responsible for installing and configuring the Kasm Agent.