---
myst:
html_meta:
"description lang=en": "Automated Workspaces session scaling for Docker agents and fixed infrastructure for cloud deployments."
"keywords": "Kasm, Autoscaling, Cloud, AWS, OCI, Digital Ocean, Oracle Cloud, Azure, GCP, Google Compute Engine"
"property=og:locale": "en_US"
---
# VM Provider Configs
```{note}
The Auto-Scaling feature is not available in the Professional license. For more information on licensing please visit: [Licensing](https://kasmweb.com/docs/latest/license.html).
```
```{figure} /images/compute/vm_create_new.webp
:align: center
**Create New Provider**
```
```{eval-rst}
.. table:: VM Provider Settings
:widths: 200
+-----------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| **Name** | **Description** |
+-----------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| **VM Provider Configs** | Select an existing config or create a new config. If selecting an existing config and changing any of the details, those details will be changed for anything using the same VM Provider config. |
+-----------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| **Provider** | Select a provider from AWS, Azure, Digital Ocean, Google Cloud or Oracle Cloud. If selecting an existing provider this will be selected automatically. |
+-----------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
```
## AWS Settings
A number of settings are required to be defined to use this functionality.
```{figure} /images/compute/vm_aws.webp
:align: center
**AWS Settings**
```
```{eval-rst}
.. table:: AWS VM Provider Settings
:widths: 200
+-------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| **Name** | **Description** |
+-------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| **Name** | A name to use to identify the config. |
+-------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| **AWS Access Key ID** | The AWS Access Key used for the AWS API. |
+-------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| **AWS Secret Access Key** | The AWS Secret Access Key used for the AWS API. |
+-------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| **AWS: Region** | The AWS Region the EC2 Nodes should be provisioned in. e.g (us-east-1) |
+-------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| **AWS: EC2 AMI ID** | The AMI ID to use for the provisioned EC2 nodes. This should be an OS that is supported by the Kasm installer. |
+-------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| **AWS: EC2 Instance Type** | The EC2 Instance Type (e.g t3.micro). Note the Cores and Memory override settings don't necessarily have to match the instance configurations. This is to allow for over provisioning. |
+-------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| **AWS: Max EC2 Nodes** | The maximum number of EC2 nodes to provision regardless of the need for available free slots |
+-------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| **AWS: EC2 Security Group IDs** | A Json list containg security group IDs to assign the EC2 nodes. e.g :code:`["sg-065ae66f2d", "sg-02522kdkas"]` |
+-------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| **AWS: EC2 Subnet ID** | The subnet ID to place the EC2 nodes in. |
+-------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| **AWS: EC2 EBS Volume Size (GB)** | The size of the root EBS Volume for the EC2 nodes. |
+-------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| **AWS: EC2 EBS Volume Type** | The EBS Volume Type (e.g gp2) |
+-------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| **AWS: EC2 IAM** | The IAM to assign the EC2 Nodes. Administrators may want to assign CloudWatch IAM access. |
+-------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| **AWS: EC2 Custom Tags** | A Json dictionary for custom tags to assigned on auto-scaled Agent EC2 Nodes. e.g :code:`{"foo":"bar", "bin":"baz"}` |
+-------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| **AWS: EC2 Startup Script** | When the EC2 Nodes are provision this script is executed. The script is responsible for installing and configuring the Kasm Agent. |
+-------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| **Retrieve Windows VM Password from AWS** | When provisioning an AWS Windows VM Kasm can retrieve the password generated by AWS and store it in the :doc:`Server ` configuration record created during the autoscale provision. |
| | This will only happen if the **Connection Password** field from the attached Autoscale config is blank. When populated Kasm will use the defined value instead of what is returned from AWS. |
| | The Administrator may want to leave this field blank and disable retrieving the password from AWS if they wish the Kasm user to be presented with a login screen to manually enter credentials upon |
| | connecting to the Windows Workspace. NOTE: This setting only affects Windows (RDP connection type) AWS instances. |
+-------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| **SSH Keys** | The SSH Key pair to assign the EC2 node |
+-------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| **AWS Config Override (JSON)** | Custom configuration may be added to the provision request for advanced use cases. Instance configuration is overridden in the 'instance_config' configuration block e.g. |
| | :code:`{"instance_config":{"EbsOptimized": true}}` `See EC2 Documentation for available options. `__ |
+-------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
```
## Azure Settings
A number of settings are required to be defined to use this functionality. The Azure settings appear in the
Deployment Zone configuration when the feature is licensed.
```{figure} /images/compute/vm_azure.webp
:align: center
**Azure Settings**
```
## Register Azure app
An API key for Kasm must be created to use to interface with Azure. Azure call these apps, and the example will walk through registering one along with the required permissions.
1. Register an app by going to the Azure Active Directory service in the Azure portal.
```{figure} /images/autoscaling/azure/azure_active_directory.png
:align: center
**Azure Active Directory**
```
2. From the **Add** dropdown select **App Registration**
```{figure} /images/autoscaling/azure/app_registration.png
:align: center
**App Registration**
```
3. Give this app a human-readable name such as **Kasm Workspaces**
```{figure} /images/autoscaling/azure/app_registration_name.png
:align: center
**App Registration**
```
4. Go to **Resource Groups** and select the **Resource Group** that Kasm will autoscale in.
```{figure} /images/autoscaling/azure/azure_resource_groups.png
:align: center
**Azure Resource Groups**
```
5. Select **Access Control (IAM)**
```{figure} /images/autoscaling/azure/resource_group_access_control.png
:align: center
**Access Control**
```
6. From the **Add** drop down select **Add role assignment**
```{figure} /images/autoscaling/azure/add_role_assignment.png
:align: center
**Add Role Assignment**
```
7. The app created in Azure will need two roles, first select the *Virtual Machine Contributor* role, then on the next page select the app by typing in the name e.g. **Kasm Workspaces**
```{figure} /images/autoscaling/azure/select_virtual_machine_contributor.png
:align: center
**Virtual Machine Contributor**
```
```{figure} /images/autoscaling/azure/virtual_machine_contributor_assign_app.png
:align: center
**Assign Contributor**
```
8. Go through this process again to add the *Network Contributor* and the *DNS Zone Contributor* roles
```{figure} /images/autoscaling/azure/assign_network_contributor.png
:align: center
**Network Contributor**
```
```{figure} /images/autoscaling/azure/assign_dns_zone_contributor.png
:align: center
**DNS Zone Contributor**
```
```{eval-rst}
.. table:: Azure VM Provider Settings
:widths: 75
+-------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| **Name** | **Description** |
+===============================+===========================================================================================================================================================================================================+
| **Name** | A name to use to identify the config. |
+-------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| **Subscription ID** | The Subscription ID for the Azure Account. |
| | This can be found in the Azure portal by searching for Subscriptions in the search bar in Azure home then selecting the subscription to use. |
| | (e.g :code:`00000000-0000-0000-0000-000000000000`) |
+-------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| **Resource Group** | The Resource Group the DNS Zone and/or Virtual Machines belong to (e.g :code:`dev`) |
+-------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| **Tenant ID** | The Tenant ID for the Azure Account. |
| | This can be found in the Azure portal by going to Azure Active Directory using the search bar in Azure home. |
| | (e.g :code:`00000000-0000-0000-0000-000000000000`) |
+-------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| **Client ID** | The Client ID credential used to auth to the Azure Account. |
| | Client ID can be obtained by registering an application within Azure Active Directory. |
| | (e.g :code:`00000000-0000-0000-0000-000000000000`) |
+-------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| **Client Secret** | The Client Secret credential created with the registered applicaiton in Azure Active Directory. (e.g :code:`abc123`) |
+-------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| **Azure Authority** | Which Azure authority to use, there are four, Azure Public Cloud, Azure Government, Azure China and Azure Germany. |
+-------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| **Region** | The Azure region where the Agents will be provisioned. (e.g :code:`eastus`) |
+-------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| **Max Instances** | The maximum number of Azure VMs to provision regardless of the need for additional resources. |
+-------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| **VM Size** | The size configuration of the Azure VM to provision (e.g :code:`Standard_D2s_v3`) |
+-------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| **OS Disk Type** | The disk type to use for the Azure VM. (e.g :code:`Premium_LRS`) |
+-------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| **OS Disk Size (GB)** | The size (in GB) of the boot volume to assign the compute instance. |
+-------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| **OS Image Reference (JSON)** | The OS Image Reference configuration for the Azure VMs |
| | |
| | (e.g :code:`{"publisher":"canonical","offer":"0001-com-ubuntu-server-focal","sku":"20_04-lts-gen2","version":"latest"}` or |
| | |
| | :code:`{"id":"/subscriptions/000.../resourceGroups/dev/providers/Microsoft.Compute/galleries/development-gallery/images/ubuntu-20.04-custom"}` |
+-------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| **Image is Windows** | Is this a windows VM being created |
+-------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| **Network Security Group** | The network security group to attach to the VM |
| | |
| | (e.g :code:`/subscriptions/000.../resourcegroups/dev/providers/Microsoft.Network/networkSecurityGroups/example-nsg`) |
+-------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| **Subnet** | The subnet to attach the VM to |
| | |
| | (e.g :code:`/subscriptions/000.../resourceGroups/dev/providers/Microsoft.Network/virtualNetworks/development-vnet/subnets/default`) |
+-------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| **Assign Public IP** | If checked, the VM will be assigned a public IP. If no public ip IP is assigned the VM must ne attached to a standard load balancer of the subnet must have a NAT Gateway or user-defined route (UDR). |
| | If a public IP is used, the subnet must not also include a NAT Gateway. `Reference `__ |
+-------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| **Tags (JSON)** | A JSON dictionary of custom tags to assign to the VMs (e.g :code:`{"foo":"bar", "bin": "baz"}` ) |
+-------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| **OS Username** | The login username to assign to the new VM (e.g :code:`testuser`) |
+-------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| **OS Password** | The login password to assign to the new VM. Note: Password authentication is disabled for SSH by default |
+-------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| **SSH Public Key** | The SSH public key to install on the VM for the defined user: (e.g :code:`ssh-rsa AAAAAAA....`) |
+-------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| **Agent Startup Script** | When instances are provisioned, this script is executed and is responsible for installing and configuring the Kasm Agent. |
+-------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| **Config Override (JSON)** | Custom configuration may be added to the provision request for advanced use cases. The emitted json structure is visible by clicking **JSON View** when inspecting the VM in the Azure console. |
| | The keys in this configuration can be used to update top level keys within the emitted json config (e.g :code:`{"location":"eastus"}`). |
| | Nested items can be updated by using dot notation in the key (e.g :code:`{"hardware_profile.vm_size":"Standard_D4s_v3"}`) |
| | Exiting array elements can be updated by specifying the index in the dot notation (e.g :code:`{"os_profile.linux_configuration.ssh.public_keys.0.path":"/home/ubuntu/.ssh/authorized_keys"}`) |
+-------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
```
## Digital Ocean Settings
A number of settings are required to be defined to use this functionality.
```{warning}
Please review [Tag Does Not Exist Error](#tag-does-not-exist-error) for known issues and workarounds
```
```{figure} /images/compute/vm_do.webp
:align: center
**Digital Occean VM**
```
```{eval-rst}
.. table:: Digital Ocean VM Provider Settings
:widths: 75
+-----------------------------------+---------------------------------------------------------------------------------------------------------------------------------+
| Name | Description |
+===================================+=================================================================================================================================+
| **Name** | A name to use to identify the config. |
+-----------------------------------+---------------------------------------------------------------------------------------------------------------------------------+
| **Token** | The token to use to connect to this VM |
+-----------------------------------+---------------------------------------------------------------------------------------------------------------------------------+
| **Max Droplets** | The maximum number of Digital Ocean droplets to provision , regardless of whether more are needed to fulfill user demand. |
+-----------------------------------+---------------------------------------------------------------------------------------------------------------------------------+
| **Region** | The Digital Ocean Region where droplets should be provisioned. (e.g nyc1) |
+-----------------------------------+---------------------------------------------------------------------------------------------------------------------------------+
| **Image** | The Image to use when creating droplets. (e.g docker-18-04) |
+-----------------------------------+---------------------------------------------------------------------------------------------------------------------------------+
| **Droplet Size** | The droplet size configuration (e.g c-2) |
+-----------------------------------+---------------------------------------------------------------------------------------------------------------------------------+
| **Tags** | A tag(s) to assign the droplet when it is created. This should be a comma separated list of tags. |
+-----------------------------------+---------------------------------------------------------------------------------------------------------------------------------+
| **SSH Key Name** | The SSH Key to assign to the newly created droplets. The SSH Key must already exist in the Digital Ocean Account. |
+-----------------------------------+---------------------------------------------------------------------------------------------------------------------------------+
| **Firewall Name** | The name of the Firewall to apply to the newly created droplets. This Firewall must already exist in the Digital Ocean Account. |
+-----------------------------------+---------------------------------------------------------------------------------------------------------------------------------+
| **Startup Script** | When droplets are provision this script is executed. The script is responsible for installing and configuring the Kasm Agent. |
+-----------------------------------+---------------------------------------------------------------------------------------------------------------------------------+
```
## Tag Does Not Exist Error
Upon first testing AutoScaling with Digital Ocean, an error similar to the following may be presented:
```{code-block} bash
:emphasize-lines: 1
Future generated an exception: tag zone:abc123 does not exist
traceback:
..
File "digitalocean/Firewall.py", line 225, in add_tags
File "digitalocean/baseapi.py", line 196, in get_data
digitalocean.DataReadError: tag zone:abc123 does not exist
process: manager_api_server
```
This error occurs when Kasm Workspaces tries to assign a unique tag based on the Zone Id to the Digital Ocean Firewall.
If that tag does not already exist in Digital Ocean, the operation will fail and present the error.
To workaround the issue, manually create a tag matching the one specified in the error (e.g `zone:abc123`) via
the Digital Ocean console. This can be done via API, or simply creating the tag on a temporary Droplet.
## Google Cloud (GCP) Settings
A number of settings are required to be defined to use this functionality. The GCP settings appear in the
Deployment Zone configuration when the feature is licensed.
```{figure} /images/compute/vm_google.webp
:align: center
**Google Cloud VM**
```
```{eval-rst}
.. table:: GCP VM Provider Settings
:widths: 75
+-----------------------------------+---------------------------------------------------------------------------------------------------------------------------------+
| Name | Description |
+===================================+=================================================================================================================================+
| **Name** | A name to use to identify the config. |
+-----------------------------------+---------------------------------------------------------------------------------------------------------------------------------+
| **GCP Credentials** | The JSON formatted credentials for the service account used to authenticate with GCP: |
| | `Ref `__ |
+-----------------------------------+---------------------------------------------------------------------------------------------------------------------------------+
| **Max Instances** | The maximum number of GCP compute instances to provision regardless of the need for additional resources. |
+-----------------------------------+---------------------------------------------------------------------------------------------------------------------------------+
| **Project ID** | The Google Cloud Project ID (e.g pensive-voice-547511) |
+-----------------------------------+---------------------------------------------------------------------------------------------------------------------------------+
| **Region** | The region to provision the new compute instances. (e.g us-east4) |
+-----------------------------------+---------------------------------------------------------------------------------------------------------------------------------+
| **Zone** | The zone the new compute instance will be provisioned in (e.g us-east4-b) |
+-----------------------------------+---------------------------------------------------------------------------------------------------------------------------------+
| **Machine Type** | The Machine type for the GCP compute instances. (e.g e2-standard-2) |
+-----------------------------------+---------------------------------------------------------------------------------------------------------------------------------+
| **Machine Image** | The Machine Image to use for the new compute instance. (e.g projects/ubuntu-os-cloud/global/images/ubuntu-2004-focal-v20211212) |
+-----------------------------------+---------------------------------------------------------------------------------------------------------------------------------+
| **Boot Volume GB** | The size (in GB) of the boot volume to assign the compute instance. |
+-----------------------------------+---------------------------------------------------------------------------------------------------------------------------------+
| **Disk Type** | The disk type for the new instance. (e.g pd-ssd) |
+-----------------------------------+---------------------------------------------------------------------------------------------------------------------------------+
| **Customer Managed Encryption** | The optional path to the Customer Managaged Encryption Key (CMEK) |
| **Key (CMEK)** | (e.g projects/pensive-voice-547511/locations/global/keyRings/my-keyring/cryptoKeys/my-key |
+-----------------------------------+---------------------------------------------------------------------------------------------------------------------------------+
| **Network** | The path of the Network to place the new instance. (e.g projects/pensive-voice-547511/global/networks/default) |
+-----------------------------------+---------------------------------------------------------------------------------------------------------------------------------+
| **Sub Network** | The path of the Sub Network to place the new instance. (e.g projects/pensive-voice-547511/regions/us-east4/subnetworks/default) |
+-----------------------------------+---------------------------------------------------------------------------------------------------------------------------------+
| **Public IP** | If checked, a public IP will be assigned to the new instances |
+-----------------------------------+---------------------------------------------------------------------------------------------------------------------------------+
| **Network Tags (JSON)** | A JSON list of the Network Tags to assign the new instance. (e.g :code:`["https-server", "foo", "bar"]`) |
+-----------------------------------+---------------------------------------------------------------------------------------------------------------------------------+
| **Custom Labels (JSON)** | A JSON dictionary of Custom Labels to assign the new instance (e.g :code:`{"foo": "bar", "bin":"baz"}`) |
+-----------------------------------+---------------------------------------------------------------------------------------------------------------------------------+
| **Metadata (JSON)** | A JSON list of metadata objects to add to the instance. |
| | (e.g :code:`[{"key": "ssh-keys", "value":"user1:ssh-rsa user1"}]`) |
| | `Reference `__ |
+-----------------------------------+---------------------------------------------------------------------------------------------------------------------------------+
| **Service Account (JSON)** | A JSON dictionary representing for a service account to attach to the instance. |
| | (e.g :code:`{"email": "service-account@example.com", "scopes":["https://www.googleapis.com/auth/cloud-platform"]}`) |
| | `Reference `__ |
+-----------------------------------+---------------------------------------------------------------------------------------------------------------------------------+
| **Guest Accelerators (JSON)** | A JSON list representing the guest accelerators (e. GPUs) to attach to the instance. |
| | (e.g :code:`[{"acceleratorType":"projects//zones//acceleratorTypes/nvidia-tesla-t4","acceleratorCount":1}]`) |
| | `Reference `__ |
+-----------------------------------+---------------------------------------------------------------------------------------------------------------------------------+
| **GCP Config Override (JSON)** | A JSON dictionary that can be used to customize attributes of the VM request. The only attributes that cannot be overridden |
| | are :code:`name` and :code:`labels` |
| | (e.g :code:`{"shieldedInstanceConfig":{"enableIntegrityMonitoring":true,"enableSecureBoot":true,"enableVtpm":true}}` |
| | `Reference `__ |
+-----------------------------------+---------------------------------------------------------------------------------------------------------------------------------+
| **Startup Script** | When instances are provisioned, this script is executed and is responsible for installing and configuring the Kasm Agent. |
+-----------------------------------+---------------------------------------------------------------------------------------------------------------------------------+
```
## Oracle Cloud (OCI) Settings
A number of settings are required to be defined to use this functionality. The OCI settings appear in the
Deployment Zone configuration when the feature is licensed.
```{figure} /images/compute/vm_oracle.webp
:align: center
**OCI VM**
```
```{eval-rst}
.. table:: OCI VM Provider Settings
:widths: 75
+-----------------------------------+---------------------------------------------------------------------------------------------------------------------------------+
| Name | Description |
+===================================+=================================================================================================================================+
| **Name** | A name to use to identify the config. |
+-----------------------------------+---------------------------------------------------------------------------------------------------------------------------------+
| **User OCID** | The OCID of the user to authenticate with the OCI API. (e.g ocid1.user.oc1..xyz) |
+-----------------------------------+---------------------------------------------------------------------------------------------------------------------------------+
| **Public Key Fingerprint** | The public key fingerprint of the authenticated API user. (e.g xx:yy:zz:11:22:33) |
+-----------------------------------+---------------------------------------------------------------------------------------------------------------------------------+
| **Private Key** | The private key (PEM format) of the authenticated API user. |
+-----------------------------------+---------------------------------------------------------------------------------------------------------------------------------+
| **Region** | The OCI Region name. (e.g us-ashburn-1) |
+-----------------------------------+---------------------------------------------------------------------------------------------------------------------------------+
| **Tenancy OCID** | The Tenancy OCID for the OCI account. (e.g ocid1.tenancy.oc1..xyz) |
+-----------------------------------+---------------------------------------------------------------------------------------------------------------------------------+
| **Compartment OCID** | The Compartment OCID where the auto-scaled agents will be placed. (ocid1.compartment.oc1..xyx) |
+-----------------------------------+---------------------------------------------------------------------------------------------------------------------------------+
| **Network Security Group OCIDs** | A JSON list of Security Group OCIDs that will be assigned to the auto-scaled agents. |
| **(JSON)** | (e.g :code:`["ocid1.networksecuritygroup.oc1.iad.xxx","ocid1.networksecuritygroup.oc1.iad.yyy"]`) |
+-----------------------------------+---------------------------------------------------------------------------------------------------------------------------------+
| **Max Instances** | The maximum number of OCI compute instances to provision regardless of the need for available free slots. |
+-----------------------------------+---------------------------------------------------------------------------------------------------------------------------------+
| **Availability Domains (JSON)** | A JSON list of availability domains where the OCI compute instances may be placed. |
| | (e.g :code:`["BEol:US-ASHBURN-AD-1", "BEol:US-ASHBURN-AD-2"]`) |
+-----------------------------------+---------------------------------------------------------------------------------------------------------------------------------+
| **Image OCID** | The OCID of the Image to use when creating the compute instances. (e.g ocid1.image.oc1.iad.xyz) |
+-----------------------------------+---------------------------------------------------------------------------------------------------------------------------------+
| **Shape** | The name of the shape used for the created compute instances. (e.g VM.Standard.E4.Flex) |
+-----------------------------------+---------------------------------------------------------------------------------------------------------------------------------+
| **Flex CPUs** | The number of OCPUs to assign the compute instance. This is only applicable when a Flex shape is used. |
+-----------------------------------+---------------------------------------------------------------------------------------------------------------------------------+
| **Burstable Base CPU** | The baseline percentage of a CPU Core that can be use continuously on a burstable instance (Select 100% to use a non-burstable |
| **Utilization** | instance). `Reference `__. |
+-----------------------------------+---------------------------------------------------------------------------------------------------------------------------------+
| **Flex Memory GB** | The amount of memory (in GB) to assign the compute instance. This is only applicable when a Flex shape is used. |
+-----------------------------------+---------------------------------------------------------------------------------------------------------------------------------+
| **Boot Volume GB** | The size (in GB) of the boot volume to assign the compute instance. |
+-----------------------------------+---------------------------------------------------------------------------------------------------------------------------------+
| **Boot Volume VPUs Per GB** | The Volume Performance Units (VPUs) to assign to the boot volume. Values between 10 and 120 in mulitples of 10 are acceptable. |
| | 10 is the default and represents the `Balanced` profile. The higher the VPUs, the higher the volume performance and cost. |
| | `Reference `__. |
+-----------------------------------+---------------------------------------------------------------------------------------------------------------------------------+
| **Custom Tags (JSON)** | A Json dictionary of custom freeform tags to assigned the auto-scaled instances. e.g :code:`{"foo":"bar", "bin":"baz"}` |
+-----------------------------------+---------------------------------------------------------------------------------------------------------------------------------+
| **Subnet OCID** | The OCID of the Subnet where the auto-scaled instances will be placed. (e.g ocid1.subnet.oc1.iad.xyz) |
+-----------------------------------+---------------------------------------------------------------------------------------------------------------------------------+
| **SSH Public Key** | The SSH public key to insert into the compute instances. (e.g ssh-rsa XYABC) |
+-----------------------------------+---------------------------------------------------------------------------------------------------------------------------------+
| **Startup Script** | When instances are provisioned, this script is executed and is responsible for installing and configuring the Kasm Agent. |
+-----------------------------------+---------------------------------------------------------------------------------------------------------------------------------+
| **OCI Config Override** | A JSON dictionary that can be used to customize attributes of the VM request. An OCI Model can be specified with the |
| | "OCI_MODEL_NAME" key. |
| | Reference: `OCI Python Docs `__ |
| | and `Kasm Examples <#oci-config-override-examples>`__. |
+-----------------------------------+---------------------------------------------------------------------------------------------------------------------------------+
```
You can find the OCI Image ID for the version of the desired operating system in the desired region by finding navigating the [OCI Image page](https://docs.oracle.com/en-us/iaas/images/).
### OCI Config Override Examples
Below are some OCI autoscale configurations that utilize the OCI Config Override.
```{eval-rst}
.. dropdown:: Disable Legacy Instance Metadata Service
:animate: fade-in
Disables instance metadata service v2 for additional security.
.. code-block:: json
{
"launch_instance_details": {
"instance_options": {
"OCI_MODEL_NAME": "InstanceOptions",
"are_legacy_imds_endpoints_disabled": true
}
}
}
.. dropdown:: Enable Instance Agent Plugins
:animate: fade-in
A list of available plugins can be retrieved by navigating to an existing instance's "Oracle Cloud Agent" config page.
This example enables the "Vulnerability Scanning" plugin.
.. code-block:: json
{
"launch_instance_details": {
"agent_config": {
"OCI_MODEL_NAME": "LaunchInstanceAgentConfigDetails",
"is_monitoring_disabled": false,
"is_management_disabled": false,
"are_all_plugins_disabled": false,
"plugins_config": [{
"OCI_MODEL_NAME": "InstanceAgentPluginConfigDetails",
"name": "Vulnerability Scanning",
"desired_state": "ENABLED"
}]
}
}
}
```
## VMware vSphere Settings
A number of settings are required to be defined to use this functionality. The VMware vSphere settings appear in the
Pool configuration when the feature is licensed.
```{figure} /images/compute/vm_vsphere.webp
:align: center
**VSphere VM**
```
```{eval-rst}
.. table:: vSphere VM Provider Settings
:widths: 75
+-----------------------------------+---------------------------------------------------------------------------------------------------------------------------------+
| Name | Description |
+===================================+=================================================================================================================================+
| **Name** | A name to use to identify the config. |
+-----------------------------------+---------------------------------------------------------------------------------------------------------------------------------+
| **vSphere vCenter Address** | The location of the VMware vSphere vCenter server to use. |
+-----------------------------------+---------------------------------------------------------------------------------------------------------------------------------+
| **vSphere vCenter Port** | The port to use. (This is usually 443) |
+-----------------------------------+---------------------------------------------------------------------------------------------------------------------------------+
| **vSphere vCenter Username** | The username to use when authenticating with the vSphere vCenter server. |
+-----------------------------------+---------------------------------------------------------------------------------------------------------------------------------+
| **vSphere vCenter Password** | The password to use when authenticating with the vSphere vCenter server. |
+-----------------------------------+---------------------------------------------------------------------------------------------------------------------------------+
| **VM Template Name** | The template VM to use when cloning new autoscaled VMs. |
+-----------------------------------+---------------------------------------------------------------------------------------------------------------------------------+
| **Max Instances** | The maximum number of vSphere VM instances to provision regardless of the need for available free slots. |
+-----------------------------------+---------------------------------------------------------------------------------------------------------------------------------+
| **Datacenter Name** | The datacenter to use for cloning the new vSphere VM instances. |
+-----------------------------------+---------------------------------------------------------------------------------------------------------------------------------+
| **VM Folder** | The VM folder to use for cloning the new vSphere VM instances. This field is optional, if left blank the VM folder of the |
| | template is used. |
+-----------------------------------+---------------------------------------------------------------------------------------------------------------------------------+
| **Datastore Name** | The datastore to use for cloning the new vSphere VM instances. This field is optional, if left blank the datastore of the |
| | template is used. |
+-----------------------------------+---------------------------------------------------------------------------------------------------------------------------------+
| **Cluster Name** | The cluster to use for cloning the new vSphere VM instances. This field is optional, if left blank the cluster of the template |
| | is used. |
+-----------------------------------+---------------------------------------------------------------------------------------------------------------------------------+
| **Resource Pool** | The resource pool to use for cloning the new vSphere VM instances. This field is optional, if left blank the resource pool of |
| | the template is used. |
+-----------------------------------+---------------------------------------------------------------------------------------------------------------------------------+
| **Datastore Cluster Name** | The datastore cluster to use for cloning the new vSphere VM instances. This field is optional, if left blank the datastore |
| | cluster of the template is used. |
+-----------------------------------+---------------------------------------------------------------------------------------------------------------------------------+
| **Guest VM Username** | The username to use for running the startup script on the new vSphere VM instance. This account should have sufficient |
| | privileges to execute all commands in the startup script. |
+-----------------------------------+---------------------------------------------------------------------------------------------------------------------------------+
| **Guest VM Password** | The password for the **Guest VM Username** account. |
+-----------------------------------+---------------------------------------------------------------------------------------------------------------------------------+
| **Number of Guest CPUs** | The number of CPUs to configure on new vSphere VM instances. This option is not dependent on the number of CPUs configured on |
| | the template. |
+-----------------------------------+---------------------------------------------------------------------------------------------------------------------------------+
| **Amount of Guest Memory(MB)** | The amount of memory in MegaBytes to configure on new vSphere VM instances. This option is not dependent on the amount of memory|
| | configured on the template. |
+-----------------------------------+---------------------------------------------------------------------------------------------------------------------------------+
| **What family of OS is installed**| Whether the template OS is Linux or Windows. This is needed to ensure proper execution of the startup script. |
| **in the VM** | |
+-----------------------------------+---------------------------------------------------------------------------------------------------------------------------------+
| **Startup Script** | When instances are provisioned, this script is executed and is responsible for installing and configuring the Kasm Agent. |
| | Scripts are ran as bash scripts on a Linux host and Powershell scripts on a Windows host. |
| | Additional troublshooting steps can be found in the :ref:`vmware_templates` section of the server documentation. |
+-----------------------------------+---------------------------------------------------------------------------------------------------------------------------------+
```
### Notes on vSphere Datastore Storage
When configuring VMware vSphere with Kasm Workspaces one important item to keep in mind is datastore storage. When clones are created VMware will attempt to satisfy the clone operation if the datastore runs out of space, any VMs that are running on that datastore will be paused until space is available.
Kasm Workspaces recommends that critical management VMs such as the Vcenter server VM and cluster management VMs are on separate datastores that are not used for Kasm autoscaling.
## OpenStack Settings
A number of settings are required to be defined to use this functionality. The VMware vSphere settings appear in the
Pool configuration when the feature is licensed. Correct can be determined using the "API Access" page of the OpenStack UI and the "OpenStack RC File".
```{figure} /images/compute/vm_openstack.webp
:align: center
**OpenStack VM**
```
```{eval-rst}
.. table:: OpenStack VM Provider Settings
:widths: 75
+-----------------------------------+---------------------------------------------------------------------------------------------------------------------------------+
| Name | Description |
+===================================+=================================================================================================================================+
| **Name** | A name to use to identify the config. |
+-----------------------------------+---------------------------------------------------------------------------------------------------------------------------------+
| **Max Instances** | The maximum number of OpenStack compute instances to provision regardless of the need for additional resources. |
+-----------------------------------+---------------------------------------------------------------------------------------------------------------------------------+
| **OpenStack Identity Endpoint** | The endpoint address of the OpenStack Keystone endpoint (e.g. :code:`https://openstack.domain:5000`) |
+-----------------------------------+---------------------------------------------------------------------------------------------------------------------------------+
| **OpenStack Nova Endpoint** | The endpoint address of the OpenStack Nova (Compute) endpoint (e.g. :code:`https://openstack.domain:8774/v2/`) |
+-----------------------------------+---------------------------------------------------------------------------------------------------------------------------------+
| **OpenStack Nova Version** | The version to use with the OpenStack Nova (Compute) endpoint (e.g. :code:`2.90`) |
+-----------------------------------+---------------------------------------------------------------------------------------------------------------------------------+
| **OpenStack Glance Endpoint** | The endpoint address of the OpenStack Glance (Image) endpoint (e.g. :code:`https://openstack.domain:9292`) |
+-----------------------------------+---------------------------------------------------------------------------------------------------------------------------------+
| **OpenStack Glance Version** | The version to use with the OpenStack Glance (Image) endpoint (e.g. :code:`2`) |
+-----------------------------------+---------------------------------------------------------------------------------------------------------------------------------+
| **OpenStack Cinder Endpoint** | The endpoint address of the OpenStack Cinder (Volume) endpoint. **Note: The address contains the OpenStack Project ID** |
| | (e.g. :code:`https://openstack.domain:8776/v3/383a0dad105e460ab5a863ea0a45932b`) |
+-----------------------------------+---------------------------------------------------------------------------------------------------------------------------------+
| **OpenStack Cinder Version** | The version to use with the OpenStack Cinder (Volume) endpoint. (e.g. :code:`3`) |
+-----------------------------------+---------------------------------------------------------------------------------------------------------------------------------+
| **Project Name** | The name of the OpenStack Project where VMs will be provisioned. |
+-----------------------------------+---------------------------------------------------------------------------------------------------------------------------------+
| **Authentication Method** | The kind of credential used to authenticate against the OpenStack Endpoints. |
+-----------------------------------+---------------------------------------------------------------------------------------------------------------------------------+
| **Application Credential ID** | The Credential ID of the OpenStack Application Credential. |
+-----------------------------------+---------------------------------------------------------------------------------------------------------------------------------+
| **Application Credential Secret** | The OpenStack Application Credential secret. |
+-----------------------------------+---------------------------------------------------------------------------------------------------------------------------------+
| **Project Domain Name** | The Domain that OpenStack Project belongs to (e.g. :code:`domain-1353722761`) |
+-----------------------------------+---------------------------------------------------------------------------------------------------------------------------------+
| **User Domain Name** | The Domain that the OpenStack User belongs to (e.g. :code:`domain-1353722761`) |
+-----------------------------------+---------------------------------------------------------------------------------------------------------------------------------+
| **Username** | The Username of the OpenStack User used to authentication against OpenStack. |
+-----------------------------------+---------------------------------------------------------------------------------------------------------------------------------+
| **Password** | The Password of the OpenStack User used to authenticate against OpenStack. |
+-----------------------------------+---------------------------------------------------------------------------------------------------------------------------------+
| **Metadata** | A Json Dictionary containing the metadata tags applied to the OpenStack VMs (e.g. :code:`{"my_tag": "my_value"}`) |
+-----------------------------------+---------------------------------------------------------------------------------------------------------------------------------+
| **Image ID** | The ID of the Image used to provision OpenStack VMs. |
+-----------------------------------+---------------------------------------------------------------------------------------------------------------------------------+
| **Flavor** | The name of the desired Flavor for the OpenStack VM (e.g. :code:`gen.medium`) |
+-----------------------------------+---------------------------------------------------------------------------------------------------------------------------------+
| **Create Volume** | Enable to create a new Block storage (Cinder) volume for the OpenStack VM. (When disabled, ephemeral Compute (Nova) storage is |
| | used.) |
+-----------------------------------+---------------------------------------------------------------------------------------------------------------------------------+
| **Volume Size (GB)** | The desired size of the VM Volume in GB. This can only be specified when "Create Volume" is enabled. |
+-----------------------------------+---------------------------------------------------------------------------------------------------------------------------------+
| **Volume Type** | The type of volume to use for the new OpenStack VM Volume (e.g. :code:`__DEFAULT__`) |
+-----------------------------------+---------------------------------------------------------------------------------------------------------------------------------+
| **Startup Script** | When OpenStack VMs are provision this script is executed. The script is responsible for installing and configuring the Kasm |
| | Agent. |
+-----------------------------------+---------------------------------------------------------------------------------------------------------------------------------+
| **Security Groups** | A list containing the security groups applied to the OpenStack VM (e.g. :code:`["sg1", "sg2"]`) |
+-----------------------------------+---------------------------------------------------------------------------------------------------------------------------------+
| **Network ID** | The ID of the network that the OpenStack VMs will be connected to. |
+-----------------------------------+---------------------------------------------------------------------------------------------------------------------------------+
| **Key Name** | The name of the SSH Key used to connect to the instance. |
+-----------------------------------+---------------------------------------------------------------------------------------------------------------------------------+
| **Availability Zone** | The Name of the Availability Zone that the OpenStack VM will be placed into. |
+-----------------------------------+---------------------------------------------------------------------------------------------------------------------------------+
| **Config Override** | A JSON dictionary that can be used to customize attributes of the VM request |
+-----------------------------------+---------------------------------------------------------------------------------------------------------------------------------+
```
### Openstack Notes
```{eval-rst}
.. dropdown:: Openstack Endpoints Require Trusted Certificates
:animate: fade-in
The OpenStack provider requires that OpenStack endpoints present trusted, signed TLS certificates. This can be done through an API gateway that presents a valid certificate or
through configuring valid certificates on each individual service (Reference: `Openstack Docs `_.).
.. dropdown:: Application Credential Access Rules
:animate: fade-in
Openstack Application credentials allow for administrators to specify Access Rules to restrict the permissions of an application credential further than a role might allow.
Below is an example of the minimum set of permissions that Kasm Workspaces requires in an Application Credential
.. code-block:: Bash
- service: volumev3
method: POST
path: /v3/*/volumes
- service: volumev3
method: DELETE
path: /v3/*/volumes/*
- service: volumev3
method: GET
path: /v3/*/volumes
- service: volumev3
method: GET
path: /v3/*/volumes/*
- service: volumev3
method: GET
path: /v3/*/volumes/detail
- service: compute
method: GET
path: /v2.1/servers/detail
- service: compute
method: GET
path: /v2.1/servers
- service: compute
method: GET
path: /v2.1/flavors
- service: compute
method: GET
path: /v2.1/flavors/*
- service: compute
method: GET
path: /v2.1/servers/*/os-volume_attachments
- service: compute
method: GET
path: /v2.1/servers/*
- service: compute
method: GET
path: /v2.1/servers/*/os-interface
- service: compute
method: POST
path: /v2.1/servers
- service: compute
method: DELETE
path: /v2.1/servers/*
- service: image
method: GET
path: /v2/images/*
- service: image
method: GET
path: /v2/schemas/image
```