Architecture Roles

The following outlines the Role Service in this architecture. The ports and protocols required for communication are listed to allow for firewalls or filtering devices in your environment

Web App Server(s)

This is the landing point for end users. If end-users access this server from the internet this may be put in a DMZ enclave. This Server includes the following services:

• Web Application Web application (kasm_api)

• Manager Service (kasm_manager)

• Proxy (kasm_proxy)

• Ports / Protocols

  • HTTPS (443)

Database Server

The database server must be accessible by API and Management Services. This Server includes the following services:

• Database Service (kasm_db)

• Share Database Service (kasm_redis)

• Ports / Protocols

  • POSTGRESQL (5432)

  • REDIS (6379)

Agent Server(s)

Agents are where end-user sessions are created. Depending on the desired architecture these may be placed in various locations. The agent must be accessible by the Management and Web App Servers. This server includes the following services:

• Agent Service (kasm_agent)

• Proxy (kasm_proxy)

• Ports / Protocols

  • HTTPS (443)

Connection Proxy(s)

Connection proxies are used to broker web native RDP/VNC/SSH and RDP thick client sessions to fixed or autoscaled servers. If this functionality is not needed, this role does not need to be installed. Connection proxies need to be accessible from the WebApp servers and to the destination RDP/VNC/SSH servers. If RDP thick client access is desired then the Connection Proxy role must be internet accessible. This server includes the following services:

• Guac Service (kasm_guac)

• RDP Gateway Service (kasm_rdp_gateway)

• Proxy (kasm_proxy)

• Ports / Protocols

  • HTTPS (443)

  • RDP (3389)

Multi Server Install