IGEL Cosmos
Secure Endpoint Platform
Simplify and secure the delivery of digital workspaces to access any cloud while reducing costs.
Kasm Workspaces is a containerized desktop infrastructure (CDI) solution that uses a modern scalable and resilient design to provide a web-based remote desktop environment with ease. You can deploy Kasm Workspaces on a single server or Multi Server in minutes with a single command or in a distributed configuration for scalability and redundancy. Kasm Workspaces can be deployed on premise, in the cloud, or in a hybrid configuration. The solution also offers industry-leading security capabilities that contribute to a Zero Trust environment, powered by built-in DLP technology, rendering tech, network isolation, secure perimeters, and least privileged containers. This enables users to connect remote workers with mission-critical and data-sensitive systems with unparalleled security
Kasm Workspaces is a containerized desktop infrastructure (CDI) solution that uses a modern scalable and resilient design to provide a web-based remote desktop environment with ease. You can deploy Kasm Workspaces on a single server or Multi Server in minutes with a single command or in a distributed configuration for scalability and redundancy. Kasm Workspaces can be deployed on premise, in the cloud, or in a hybrid configuration.
Kasm Workspaces provides a wealth of enterprise grade features that ensure security, reliability, and maintainability. Data Loss Prevention Data loss prevention features ensures data stays where it is protected, based on your organizations policies. Kasm Workspaces allows administrators to configure polices on groups which define settings like the ability to upload data from your local system to the remote Kasm Workspaces desktop and download files from the remote Kasm Workspaces desktop to your local system. Kasm Workspaces can rate limit the clipboard and keyboard to ensure they cannot be used as channels to exfiltrate data. Lastly, Kasm Workspaces can be configured to log keystrokes and clipboard content. Updating Desktop/Application Images Keeping desktop and application Docker images up to date on the Kasm Workspaces infrastructure can be entirely automated with no downtime for users. The Kasm Workspaces architecture constantly checks the configured Docker registry, which can be local or the public Docker Hub registry, for updated images and pulls them if they are newer. New desktops created will automatically start using the new image. If using the Kasm Workspaces Technologies maintained images directly, there is nothing you need to do other than allowing systems access to Docker Hub to pull the images. If custom images are used in the environment, CI/CD pipelines can be used to automatically rebuild the images on a regular schedule and push them to an internal Docker registry. Logging Kasm Workspaces has built in logging, analysis, reporting, and manual search capabilities. This works well for small deployments. For enterprise deployments, Kasm Workspaces integrates natively with Splunk and Elastic, without the need to install forwarders on Kasm Workspaces resources. Kasm Workspaces creates data rich logs in JSON format, which contain details about user interaction with the Kasm Workspaces API. Full audit logging of user actions on the desktop sessions can also be implemented. Data Access Kasm Workspaces is able to mount data shares into desktops based on either group settings or image settings. Users will have different shares attached to their desktop based on their group memberships. This makes managing data access simple and all configurable within the Kasm Workspaces administration panel. Roaming Profiles Kasm Workspaces can be configured to use persistent profiles for users. When configured, users will have a desktop that is persistent, no matter where the desktop is provisioned within the Kasm Workspaces cluster. Architecture Updates Keeping underlying operating systems up to date is critical in Enterprise environments. With proper orchestration, most of the Kasm Workspaces architecture components can be updated without affecting users. The Kasm Workspaces architecture contains a cluster of compute nodes called agents, which is where user desktops/applications reside. Kasm Workspaces agents can be disabled and allowed to “drain” over time. When disabled, no further users will be assigned to the agent. Once the agent is empty, it can safely be updated and restarted. Administrators can then re-enable the agent and move to the next one. This process can be automated using the Kasm Workspaces developer API within a DevOps environment. API servers are the components that take API calls from users and proxy incoming desktop streaming sessions. The API servers also manage the agent cluster(s). API servers are redundant and easily scalable, API nodes can be added or removed during operations. DNS is used to ensure users are sent to the appropriate nodes at any given time. An enterprise grade load balancer, such as an F5 load balancer, can be used to provide faster switching between active nodes. Network Access Kasm Workspaces Desktops/Applications can be configured to only provision on particular agent servers or on particular networks. Administrators can configure agents on premise to trunk to physical switches and define docker networks on different VLANs. This allows administrators to place users in different VLANs based on group membership. Alternatively, administrators can setup different zones, with different clusters of compute resources. URL Filtering/URL Categorization Kasm Workspaces has a built-in forward proxy that can be enabled on desktop/application containers to filter user traffic based on administrator defined whitelist/blacklist and filters based on URL categorization. These policies are applied to groups and managed within the Kasm Workspaces administrator UI. Authentication Kasm Workspaces supports LDAP, SAML, and locally defined users. These different authentication methods can be used individually or in combination. Kasm Workspaces allows administrators to define multiple SAML authentication providers and optionally choose the appropriate provider based on the URL the user came in on. This allows a single Kasm Workspaces installation to be hosted behind multiple domain names and show users different logon options based on the domain name they came in on. LDAP and SAML groups/roles can be mapped to Kasm Workspaces groups, allowing the enterprise to easily manage the Kasm Workspaces environment for users based on group membership within your desired enterprise identity and access management solution. Scalability The Kasm Workspaces architecture easily scales to meet requirements. Kasm Workspaces implements a docker orchestration layer that allows the enterprise to easily scale compute resources to meet demand. Adding new agent compute nodes to a cluster takes minutes. Kasm Workspaces can even auto scale resources in AWS and Digital Ocean cloud environments. Fault Tolerance Kasm Workspaces has fault tolerance built into the fully containerized architecture. User Desktop/Application sessions will automatically be provisioned on a compute node in the cluster that has availability. Their sessions are load balanced between multiple redundant API servers. During a major outage of systems, API servers will failover, and users will be able to create desktop/application sessions on any remaining healthy nodes in the cluster. This all happens without user or administrator interaction. Globally Distributed Kasm Workspaces can be deployed in a globally distributed architecture to support large enterprises with globally distributed users. This ensures end-users experience a fast and responsive desktop/application session. Cloud/On-Premise Kasm Workspaces operates the same regardless of if deployed on-premise or in the cloud. Kasm Workspaces natively supports AWS and Digital Ocean for auto provisioning of Kasm Workspaces compute components. Kasm Workspaces supports AWS RDS databases, to include Aurora. Kasm Workspaces can be easily provisioned within a private AWS VPC to operate a private Kasm Workspaces SaaS.