Section: Experiment and work safely in an isolated environment

If you have some experience using Docker, you know how easy it is to start a container for a specific server service and ignore it. These usually relate to web-based applications, which you access via the web interface via your browser. Kasm Workspaces goes even further: it enables so-called streaming containers, allowing you, for example, to run a browser or even an entire Linux desktop in a container. The application, as it does, is streamed to the browser, which you can compare to a remote desktop.

The application works isolated from your own system. So you can play or work safely without the risk of breaking anything. Moreover, malware, ransomware, and phishing don't stand a chance. For example, use it to try out a new Linux distro. Or set up a temporary browser, for example to test your own website that you developed yourself. You have the certainty that your entire browser history will be deleted after that. You can also create a safe browsing environment for your kids for the online games they play. We show how to install Kasm Workspaces and explore the possibilities for home use.

1 versions

You can run Kasm Workspaces locally on your device Private server Installation, but also purchase as a service via the cloud. The cloud service is intended for large companies, because you must purchase it for at least 25 users. If you install the program yourself, you can choose from several versions. We are using the Community Edition of this article, which is completely free for personal use. This allows up to five simultaneous sessions, which is more than enough for home use. So a light server may have already reached its limit, even though the system requirements are not very high. Affordable licenses are available for upgrade.

2 System requirements

Although Kasm Workspaces even runs on a Raspberry Pi, a somewhat heavier server is certainly preferable. Suitable operating systems include Ubuntu 22.04 and Debian 12. You need at least a dual-core processor, 4GB of RAM, and 50GB of storage space. Each session requires approximately 1 to 3 GB of memory and one or two processor cores.

You can also install Kasm Workspaces in a Linux container or in a KVM-based virtual machine inside Proxmox VE (see section below: “Kasm Workspaces in Proxmox VE”). We previously wrote an article about the popular open source virtualization platform Proxmox VE, I read it here. It then works isolated from the server (the rest of the server). Moreover, it remains free of additional installed software. Making any backups is also easier.

Users can simply use a modern browser such as Chrome, Edge, Firefox, and Safari to access Kasm workspaces. We'll cover a fairly standard installation in this article. If you have special desires, you will likely find a broad answer Online documentation.

3 Kasm Workspaces in Proxmox VE

In this article, we install Kasm Workspaces in a Linux container under Proxmox VE using Ubuntu 22.04 as the template. You can also choose the latest TurnKey Core template based on Debian. When you create a container, leave it unchecked Unmarked container Stand up and check the option Overlapping It stays active, which is essential for Docker. Start with 4096MB memory, 1024MB swap, and a kernel for example.

Before you start the container, click below Options on Features And activate next Nesting Also option Fuse. go to Control unit To open the shell and log in with your root account. Make sure your operating system is updated with the following commands:

apt update

And the:

apt upgrade

Install the pigtail required for installation using:

apt install curl

Set the correct time zone using:

dpkg-reconfigure tzdata

You can now install Kasm Workspaces via shell by following the instructions in this article. Note that you will encounter an error message once: This issue can be easily resolved by running the installation script again. If the installer asks you to create a swap partition, you can skip it.

4 Installation

Installation takes some time, but it is not difficult because the installation script takes all the work out of your hands. Please check the commands below. You will likely need to modify it slightly for newer versions.

Brief explanation of these commands: Before installation, we first go to the temporary folder (which is automatically emptied every time the operating system is restarted). We then retrieve the installation files using rollthey go out with tar, navigate to the correct folder and start the installation. As a root user you can do this sudo Otherwise delete.

Note that by default https port 443 is used for installation. If there is a conflict, for example with a web server, you can change it to 8443 for example before installation with this command:

sudo bash install.sh -L 8443

After installation, all created accounts will be displayed. Keep this information safe!

5 Administrative environment

After installation, you can use your administrator account ([email protected]) Log in via https://ipaddress:port. We advise you to change your password immediately. This can be done on your profile, which you can access via the icon at the top right. Then log in with the new password. Then go to Access/user management. Delete the default user created during installation [email protected]. Create a new user with at least a username and password.

6 User rights

It is advisable to check what rights users have. So go to Access control/groupsOpens All users Click on the brush. Then go to the tab Institutions. Here you can choose the default permissions for users. In recent versions, the most important options are already active by default, but it's a good idea to check that.

For example, you can ensure that users can hear audio from the workspace, such as a YouTube video in the browser. You can also choose which devices can be passed into the workspace, such as a webcam, microphone, or game console. Moreover, you can enable the use of the clipboard to cut and paste text.

You'll also see options for downloads and uploads, for example to transfer files downloaded using a browser to your computer. Many of the options mentioned will be discussed later in this article.

7 Create workspaces

A workspace basically means an application that you can run, which can also be an entire operating system. There are no workspaces available by default, so the user cannot do much yet. That's why we'll do a little first. For that go to Photos/Registration. (Note that “images” is a very inaccurate translation of “images”. This will likely be fixed in a future release. You can also set the language to English via your profile.)

The image is actually the foundation of the workspace. For example, we include the Brave browser. Just find it in the list, click on it and select it to install. The image is then downloaded in the background and Brave becomes available as a workspace. We're also adding Chrome, Ubuntu Jammy, Discord, and Doom. For each photo you can see approximately how much space is required. Especially with large workspaces, you should monitor available storage space. A full Linux operating system requires about 7GB of space.

8 Show workspaces

In the previous section we added some workspaces. If you go to the top bar Workplaces You'll see this in some sort of dashboard. If you currently see a red exclamation mark next to the workspace, this means that this workspace has not been (fully) downloaded yet.

If you log in as a regular user, for example using the user account that we created in a previous step, you will not see any management options, but you will see all the workspaces. This means that only you can open and use workspaces. This is definitely recommended for roommates who you would prefer to exclude from the administrative environment. If there are active sessions due to open workspaces, you will also see them on your dashboard, as shown on the left in the image.

9 Open work space

When you open a workspace, you can choose whether it should open in the current tab, a new tab, or a new window in your current browser. The session has now started in the background. As mentioned earlier, you'll see an indication of this session and any other active sessions in the dashboard.

By default, the session ends after one hour. You can also pause, stop, or delete the session manually on the dashboard. If you choose to pause or stop, you can resume the session at a later time in the state you left it. If you delete a session, you can of course start a new session, but you start with a clean slate.

10 brave browser

If we take Brave browser as an example, you will see that with a new session you are always offered a new installation. This also means that you always have the option to set Brave as your default browser and import settings. To avoid such questions, you can choose to stop the session instead of deleting it.

What you should also pay attention to is that the files you download using, in this case, the Brave browser, are usually stored in the container in question – they are actually “locked” there. There is a special menu with additional options that you can access via an icon on the left side of your screen. if you go Downloadable You will see all the files you have downloaded using this browser. You can also upload files from your computer to the container via to lift. In that menu, you'll also see other options, such as turning your webcam, sound, and microphone on or off.

11 Linux desktop

We also tried a full desktop, in this case Ubuntu Jammy. The workspace seems to start up quickly and you'll immediately have a large number of applications, including GIMP, OnlyOffice, Visual Studio Code, and Zoom.

If you prefer, you can view your desktop full screen via the menu.

We also installed Kali Linux. This operating system is very popular among ethical hackers, who will appreciate the added isolation of Kasm workspaces.

You can customize the configuration of each workspace to use a VPN connection by default. However, it is easier to set up a separate VPN container. The documentation calls this “VPN Sidecar.” By adjusting the configuration for a specific workspace, you ensure that that workspace's traffic goes through the VPN from now on.

12 Open in Al-Kasm

You can make excellent use of Kasm Workspaces for unsafe links that you encounter while browsing in your regular browser. You can also open it automatically in an isolated browser with a simple procedure. To do this, install the named extension Kasm – open in isolation (This is in the Chrome Web Store).

Right click on the extension to open its options. Enter the https address of your server. In our example it is https://10.0.10.57. If you come across a link while browsing using your regular browser, right-click on the link and choose the option from the menu Open the link in the chat.

The first time you have to select which workspace should be used by default, in the option Image of a standard workspace. You can also find this option on your profile.