Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Detailed list of system and operating system requirements for Keeper Connection Manger
The recommended method to install Keeper Connection Manager is via the automated docker install. This removes any operating system, system pre-requisites and other requirements. If the underlying system supports a current version of Docker, the container is fully supported.
Glyptodon 1.x - Full support for 2 years after any major release
Glyptodon 2.x - Full support for 2 years after any major release
Keeper Connection Manager 2.x - Full support for 2 years after any major release
The generalized formula for sizing Keeper Connection Manager is 1 CPU core and 2 GB of memory for every 25 concurrent users anticipated. We recommend a minimum of 8GB RAM and 2 cores for any small deployment.
0-25
2
8gb
26-50
3
12gb
51-100
4
16gb
101-200
8
32gb
200+
Contact us
Contact us
For anything over 200 concurrent sessions, we have several options, and it may be best to talk through this with our sales engineering team to find the right solution based on your needs and connection types.
A single session recording can vary based on the content being shown. This is affected by the type of connection. GUIs typically have higher recording sizes versus CLI connections like SSH, which can be quite small.
There are far too many variables in play to accurately predict disk space needs for recordings. The best practices are to monitor the recordings folder and offload them to another location as needed.
Network throughput also varies based on activity, type of session and connection settings. From actual examples, we've found that for a system running about 100 concurrent sessions, network traffic varies between 9Mbit/s and 15Mbit/s for all 100 connections. Each connection would be on average 1/100th of the 15Mbit value.
In the same above scenario with 100 connections, we would expect about 15gb total traffic per hour on the network adaptor. Comparing inbound and outbound traffic, just over 90% of the traffic is outbound from the server to the clients.
Instantly access your infrastructure with zero-trust security.
Keeper Connection Manager (KCM) On-Prem is an agentless remote desktop gateway that provides instant and secure access to desktops, servers, databases and web applications from a web browser.
Benefits of the KCM On-Prem platform:
Self-hosted
Agentless
Lightning Fast and Responsive
Simple Access Controls
Customizable
Features include:
Support for RDP, SSH, VNC, K8s remote access protocols
Support for MySQL, PostgreSQL, SQL Server database protocols
Support for web application protection through Remote Browser Isolation technology
Session Recording and playback
Privileged Session Management
Multi-User Session Sharing
Role-Based Access Controls
MFA Options: TOTP, Duo
PIV/CAC smart card authentication
SSO, OpenID Connect, Active Directory, LDAP Integration
Custom Branding
Keeper is typically deployed as a Docker container. The system architecture diagram is below.
Keeper Connection Manager is the commercially-supported solution produced by the original creators of Apache Guacamole, the open source platform used by millions of people for accessing remote desktops. Keeper Connection Manager is built on top of the Guacamole gateway, with expanded capabilities, advanced integrations and ongoing feature development. Glyptodon was Acquired by Keeper Security in December 2021.
Ready to get started with Keeper Connection Manager? Proceed to the installation instructions.
Get your environment, network, and system ready and prepared.
Keeper Connection Manager will serve your secure "jumpbox" and you'll use your web browser to access it. First, choose a URL that you'd like to use for accessing KCM.
You'll need the following:
1. A designated machine (usually a Linux VM) with a static IP address 2. Choose a fully-qualified domain name (FQDN) 3. Your DNS record set to point your FQDN to the IP of your designated machine 4. An SSL certificate
No cert? Don't worry, you can:
Start by choosing "use a self-signed certificate" (for testing)
Choose "Let's Encrypt" to generate a 90 day auto-renewing cert (requires 80 and 443 open)
Bring your own cert during setup or add it in later using the reconfigure command
You can either bring your own SSL certificate, or you can generate one during the installation by choosing the option for Let's Encrypt. If planning to use Let's Encrypt, make sure that ports 80 and 443 are open to the internet during the installation.
To prepare for installation:
Create/Identify and establish root access to the server that will run the Keeper Connection Manager gateway
Decide if you want your KCM gateway to be public-facing (assign public IP), or internal-only (assign private IP)
Add internal/external DNS A Record (or AAAA record) to point your domain to your KCM server's IP address
Make sure that ports 80 and 443 are open to the public if you plan to use Let's Encrypt.
Check your firewall to make sure that traffic can flow between your server and Docker. Some domains that it will need to reach include docker.com, docker.io and others.
To check your that your linux system's entropy level is at least 1000, use the command:
To increase the speed of entropy generation, you can install the haveged
service to ensure that the environment can efficiently create secure random numbers.
On RHEL, the haveged
package is not available from the Red Hat repositories and must instead be installed from the EPEL repository. EPEL provides instructions for configuring their repository here: https://docs.fedoraproject.org/en-US/epel/. After EPEL is installed, run the following commands: