Keeper Connection Manager installation instructions in the cloud or on-prem environments.
Keeper Connection Manager is installed as a gateway in your cloud, virtual or on-prem environment. There are several methods of deployment, but in most cases, we recommend using the Simple Docker Install method. Installation only takes a few minutes.


Set Up an Instance

For Docker deployments, Keeper Connection Manager will run on any instance that supports Docker.
For Advanced Linux Install with package installations and custom configurations, we support the use of one of the following OS versions:
  • CentOS 7
  • Red Hat Enterprise Linux 7/8
Note that the use of ed25519 SSH keys requires RHEL 8.
The instance running Keeper Connection Manager needs native network access to the target desktops/systems that will be managed. The port mapping is based on your specific configuration for RDP, SSH, etc... Typical default ports are below:
RDP: Port 3389
VNC: Port 5900
SSH: Port 22
K8s: Port 8080
MySQL: Port 3306

Configure Your FQDN in Your DNS Records

Decide on a domain name to access the endpoint, e.g. and create a new DNS record to map it to your server's public IP. You will be prompted to enter the FQDN (fully qualified domain name) during the installation. Remember, the FQDN does NOT include "https://".
Ensure that the DNS record maps to your server's public IP address, or an IP that is internally available to your end-users over HTTPS port 443.

Let'sEncrypt or Existing Cert

Keeper Connection Manager requires an SSL certificate for installation. We strongly recommend a dedicated single domain cert, as wildcard certs are not as secure and should only be used for testing purposes.
Decide before starting installation if you want to use Let'sEncrypt, or if you have (or will have) your cert file and pem file obtained from a different CA (certificate authority).
LetsEncrypt is a certificate authority that is free, automated, open, and is also the world's largest CA. During installation using the Simple Docker Install method, Keeper Connection Manager will provide an option to utilize LetsEncrypt (option 1), which will generate a 3-month trusted certificate for your domain.
If you plan to use LetsEncrypt as your CA, you should open port 80 and 8080. LetsEncrypt uses port 80 to perform automated SSL certificate generation.
However, if you would like to use your own certificate obtained by a different CA, you can do so by choosing (option 2) during the installation prompt.
If you would like to use your own certificate, Keeper Connection Manager installation will prompt you to enter the full path and file name first for your .crt file, and next for your .pem file. Make sure to transfer these files to your server before beginning installation.

Select an Install Method

Keeper Connection Manager can be installed using one of the following methods.

Option 1: Simple Docker Install

A simplified installer script is available for Linux which automates several of the Docker setup steps, such as generating a Docker Compose file, setting up SSL certificates and other options.
This method is highly recommended for most environments.

Option 2: Custom Docker Install

A more advanced and customized Docker install for Keeper Connection Manager provides the step by step instructions to deploy in any Docker environment with support for additional packages such as SSO, LDAP, TOTP and more.

Option 3: Advanced Linux Install

If using Docker is not preferred, users with knowledge and experience deploying Linux servers can use the manual setup and configuration with yum package manager.
Select the method above, or proceed to the next page for Simple Docker Install.