Kasm — The Container Streaming Platform

Providing a secure and isolated environment for computing needs

4 min readJun 22, 2023

Intro to Kasm

Kasm Workspaces is a container streaming platform that provides users with a secure and isolated environment for computing needs. The platform works by streaming Docker containers (preconfigured isolated environments) to users’ devices. These containers can be a range of utilities, such as a a Chrome web browser, a terminal session or even a full fledged Kali Linux desktop environment.

Kasm can be used to provide a secure and isolated environment for performing dynamic investigations. By using containers, Kasm can ensure an extra layer of security.

Let’s say you’re… confirming the validity of a link that looks a little sketchy. If you have the Kasm web extension installed, you can right click the sketched out link, click “Open link in Kasm”, it will spin up a Google Chrome container on your Kasm host machine, open the link inside the container, and using the open source KasmVNC technology, it will stream that session back to your browser making it look like you just have another browser tab open.

In reality? Nothing is actually executing locally in your browser or on your local computer.

So we have:

a full-fledged web browser, application or OS that can get created in seconds
it’s running within a Docker container for an extra level of isolation between host machine and the container
if you have it running in a cloud instance, it’s using the cloud’s IP address
it’s completely separated from your LAN
anything that happens inside that container can be torn down in a matter of seconds, leaving (next to) no trace of what happened inside

Let’s look at how to get Kasm set up and a basic use case for it.

Installing Kasm

First you will need a server that meets these hardware requirements.

Install Docker

sudo apt install docker,io -y

Create swap partition

sudo dd if=/dev/zero bs=1M count=1024 of=/mnt/1GiB.swap

Change permissions of swap file

sudo chmod 600 /mnt/1GiB.swap

Create a swap space on the file

sudo mkswap /mnt/1GiB.swap

Turn swap space on

sudo swapon /mnt/1GiB.swap

Make swap persistent

echo '/mnt/1GiB.swap swap swap defaults 0 0' | sudo tee -a /etc/fstab

Download Docker Compose v2

mkdir -p /usr/local/lib/docker/cli-plugins
curl -L https://github.com/docker/compose/releases/download/v2.0.1/docker-compose-$(uname -s)-$(uname -m) -o /usr/local/lib/docker/cli-plugins/docker-compose
chmod +x /usr/local/lib/docker/cli-plugins/docker-compose

Note: If you see the error curl: command not found, just install curl with sudo apt install curl -y

Download and Install Kasm

Note: By default, Kasm installs on port 443. If you’re running a reverse proxy or need to run the application on a different port, pass the -L flag when calling the installer. e.g sudo bash kasm_release/install.sh -L 8443

cd /tmp
curl -O https://kasm-static-content.s3.amazonaws.com/kasm_release_1.13.0.002947.tar.gz
tar -xf kasm_release_1.13.0.002947.tar.gz
sudo bash kasm_release/install.sh

Accept the EULA. It will take a few minutes to download.

Once the install completes, take note of the login credentials, and login to the interface at https://<kasm_server_ip>

Additional Installs

Web Extension

The Open-In Kasm Browser Extension provides a browser context-menu option for opening a link in an isolated Kasm Session. Allowing a user that is navigating the web to easily open untrusted links with the malware protection and anonymization that Kasm Isolation provides.

Install the extension from one of the stores below:

Chrome Extension
Firefox Extension

Open Options for the extension

Type in your Kasm server’s IP address or FQDN into the Kasm URL field and click save.

Note: If you do want to set the URL to your custom FQDN you also will need to go to the Admin section in your Kasm instance, go to the Zones tab, edit the Default zone, and change the Upstream Auth Address to your Kasm server’s IP address.

Now when you right click a link, you have the option to Open link in Kasm.

Install Additional Workspaces

Kasm comes defualt with several applications installed. If you want to install others:

Go to the Admin section in your Kasm instance, click Workspaces on the left hand side and then Workspace Registry.

Click install the official registry.

All the official Workspaces will appear and be available for a one click install.

This covers the basics of getting Kasm up and running. There’s a lot more depth and functionality to this platform that we didn’t explore here. If you’d like to learn more about all the features, check out the documentation on their official site.

Have fun!