Server Settings

Server settings are settings that are global, as opposed to those that are per user group. They can be found in the Settings tab on the left side of the Administrative Web UI. In most cases, a change to a global setting requires a restart of some or all components. For a single server environment that would mean just restarting the kasm services on the server. For distributed environments you may only need to restart certain components. The tables below indicate which components need restarted for each setting.

The following shows how to restart all services or individual services.

# restart all services on a server
cd /opt/kasm/bin
./stop
./start

# restart individual components
sudo docker restart kasm_agent
sudo docker restart kasm_api
sudo docker restart kasm_manager
sudo docker restart kasm_db
sudo docker restart kasm_proxy

Authentication

Name

Description

Services Need Restarted

Anonymous User Expiration

Anonymous user accounts are deleted from the system after the defined number of hours. Set this value to 0 to disable automatic deletion.

None

Enable Kasm Authorization

Requires client requests to the Kasm for content such as downloads and uploads to be authenticated with the user’s current session token.

None

Enable SAML

Enables Single Sign on with SAML 2.0 for users.

None

Google reCAPTCHA API URL

The API for Google reCAPTCHA.

None

Google reCAPTCHA Private Key

The Google reCAPTCHA Private Key,

None

Google reCAPTCHA Site Key

The Google reCAPTCHA Site Key.

None

Kasm Authorization Domain

Override the domain used in the Kasm session cookie. The default value will use the domain name the user request came in on, which will fit most use cases. Statically setting the domain name will ensure your Workspaces deployment cannot be proxied under different domain names.

None

Login Assistance

An optional link to display on the login page that will direct users to another site for login assistance.

None

Max Login Attempts

The number of invalid login attempts before an account is locked out. This setting only applies to local accounts.

None

Notice Message

A login banner message to show to users at the login page.

None

Notice Title

The title of the login banner to show to users at the login page.

None

Component Registration Token

Used for multi-server deployments to register new components to the deployment.

None

Same Site Cookie Policy

Configures the SameSite attribute for the Set-Cookie HTTP response headers. Valid options are Lax, Strict and None.

API

Session Lifetime

The number of seconds a session token is valid for.

API

Logging

Kasm provides centralized logging out of the box, whether you install Kasm all on a single server in a distributed system with redundant API servers and multiple Kasm agents, all logs are collected and aggregated. Kasm provides basic log aggregation, analyses, and storage. The system also support logging directly to Splunk or File Based Logs can be ingested by a SIEM solution of choice.

Name

Description

Services Need Restarted

Debug Log Retention

Number of hours to keep debug logs. Default is 4 hours. See the section on log retention for more details.

None

Splunk HEC Token

For Splunk logging, this token provides authentication

Manager, API

HTTP Method

The HTTP method to use, POST or PUT are supported.

Manager, API

Disable Log Certificate Validation

If set to true, the remote logging server’s certificate is ignored. This is required if using self signed certs. If you use properly signed certs you do not need to enable this.

Manager, API

Log Host

The hostname or IP address of the remote logging system.

Manager, API

Log Port

The port number for the remote logging system. Splunk’s default is 8088 other systems may use 443.

Manager, API

Log Protocol

Remote logging protocol. Valid values are https and splunk.

Manager, API

Log Retention

Number of days to keep local logs (excluding debug logs). See the section on log retention for more details.

None

URL Endpoint

The URI path for the logging system. See the sections below for specific logging solutions like Splunk.

Manager, API

Native Kasm Logging

By default, logs are stored in the Kasm database. Kasm managers and Kasm API servers write their logs directly to the database. Kasm Agent nodes send logs via HTTPs to their respective Kasm Manager. The Kasm Dashboard relies on the native logging to provide visual statistics. Native logging cannot be disabled, if you enable remote logging the native logging will continue. See the log settings table for details on adjustments to default log settings.

Splunk Logging

Kasm supports Splunk HEC logging over HTTPS. See Splunk documentation http://dev.splunk.com/view/event-collector/SP-CAAAE7G for details on configuring a HEC input. Note that the URI path for a Cloud Splunk instance and a self hosted Splunk instance are different. The example configuration below is for Splunk Cloud SaaS. A cloud instance will have two domain names, the one you access the UI from and one for inputs. Per the linked documentation, the Splunk Cloud SaaS domain name for data input is the same as the UI but with input- at the front.

  • Log Protocol - splunk

  • Log Host - input-your_cloud_splunk_hostname

  • Log Port - 8088

  • URL Endpoint - /services/collector/event

  • HTTP Method - POST

  • Disable Log Certificate Validation - false

  • Splunk HEC Token - 12345678-1234-1234-1234-1234567890AB

Logging Retention

Logging retention applies only to local logging, it does not affect remote logging. Before adjusting the Log Retention or Debug Log Retention you should evaluate your database system. Ensure the database system has adequate storage and processing power to handle the increased logging. If log retention beyond 30 days is required, it is highly recommended to use a proper external logging solution. The Debug Log Retention setting should not be adjusted unless needed to troubleshoot issues over a longer period of time. A Kasm system can produce over 10,000 debug logs per hour, therefore, the retention of those logs should be considered very carefully.

Manager

Name

Description

Services Need Restarted

Agent Version

This setting is used to restrict which versions of the Kasm Agent are allowed to communicate with the Manager.

Manager

Primary Manager Timeout

The number of seconds until the primary manager is considered unavailable. If other managers are alive one will take over the primary role.

None

Same Zone Reply

If set to true, a manager will only reply to agent heartbeats with a list of managers in the same zone as itself. Otherwise a list of all managers is given. This allows Agents to failover to managers in other zones.

Manager

Token

An authentication token used the communication between Kasm Agents and the Manager API server.

Manager

Update Check

This setting will enable/disable the manager checking for Kasm system updates.

None

Images

Name

Description

Services Need Restarted

Add Images To Default Group

Automatically add images to default group when new images are added.

API

Default CPU Allocation Method

Sets the default cpu allocation strategy for container images. Valid options are Quotas or Shares. See CPU Allocation Method for more details.

None

Web Filter

Name

Description

Services Need Restarted

Web Filter Update URL

URL used to interface with Kasm’s URL category service

API

Connections

Default VM Connection Settings

This Kasm setting is used to define a series of connection parameters for connecting to external RDP/KasmVNC endpoints. It is defined as a single JSON string, a default example is:

{
  "guac": {
    "type": "rdp",
    "settings": {
      "security": "any",
      "ignore-cert": true,
      "enable-font-smoothing": true,
      "enable-wallpaper": true,
      "enable-theming": true,
      "enable-full-window-drag": false,
      "enable-menu-animations": false,
      "resize-method": "display-update",
      "server-layout": "en-us-qwerty"
    }
  },
  "kasm_svc": {
    "port": 4902
  }
}

A break down of the Guacamole (guac/rdp) settings can be found below:

Name

Description

security

The security mode to use for the RDP connection. This mode dictates how data will be encrypted and what type of authentication will be performed, if any. Options any,nla,nla-ext,tls,vmconnect,rdp.

ignore-cert

If set to “true”, the certificate returned by the server will be ignored, even if that certificate cannot be validated.

enable-font-smoothing

If set to “true”, text will be rendered with smooth edges. Text over RDP is rendered with rough edges by default.

enable-wallpaper

If set to “true”, enables rendering of the desktop wallpaper. By default, wallpaper will be disabled, such that unnecessary bandwidth need not be spent redrawing the desktop.

enable-theming

If set to “true”, enables use of theming of windows and controls. By default, theming within RDP sessions is disabled.

enable-full-window-drag

If set to “true”, the contents of windows will be displayed as windows are moved. By default, the RDP server will only draw the window border while windows are being dragged.

enable-menu-animations

If set to “true”, menu open and close animations will be allowed. Menu animations are disabled by default.

resize-method

The method to use to update the RDP server when the width or height of the client display changes. Options display-update,reconnect.

server-layout

The server-side keyboard layout. Options da-dk-qwerty,de-ch-qwertz,de-de-qwertz,en-gb-qwerty,en-us-qwerty,es-es-qwerty,fr-ch-qwertz,fr-fr-azerty,it-it-qwerty,ja-jp-qwerty,pt-br-qwerty,sv-se-qwerty,tr-tr-qwerty.

Additional Guacamole connection settings can be found here.

Scale

Name

Description

Services Need Restarted

Automatically Enable Agents

Automatically enable agents if disabled every time they check in.

None

Guardian Interval

How often to run the guardian. Guardian handles cleanup of agents and Kasms. As well as provision of autoscale agents.

Manager

Guardian Provision Threads

Number of threads to use for tear down and provision tasks.

Manager

Host Dead Expiration

How long to wait after an agent stops checking in before marking it dead. If it was auto provisioned, it will be cleaned up once marked dead.

Manager

Host Missing Expiration

How long to wait after an agent stops checking in before marking it missing. This value should always be less than the Host Dead Expiration

Manager

Keep Alive Expiration

How long the session will stay alive when no client is connected. This is the global setting, can be overridden at the group level.

API

Provision Timeout

How long to wait for an autoscale VM to finish provisioning.

API, Manager

Theme

Name

Description

Services Need Restarted

Launcher Background URL

This URL provides the location of a background image to use on the Workspaces launcher. There are servera built in backgrounds that can be set, See Default Backgrounds for a list of available default images. After changing the setting please logout and log back in for the setting to take effect.

None

Web Filter

Name

Description

Services Need Restarted

Web Filter Update URL

URL used to interface with Kasm’s URL category service

API

Setting Properties

The following table lists the properties of each setting.

Name

Setting name

Category

Setting Category

Services Restart

What services need to be restarted on setting change

Value

Settings Actual Value

Value Type

Data Type

Description

Setting Description