FAQ for KH Connection

You can connect from any device that uses a modern browser (such as FireFox, Safari or Chrome).  

There have been some issues with connecting using Chrome but nothing a simple page refresh shouldn't resolve.

To get the best experience using a Windows based computer will allow a full Remote Desktop Session.  But this is not necessary to function.

If you are unable to connect to the server (https://kasm.thelanges.us) just try to refresh the page, the issue should be temporary and hopefully will be resolved shortly. 

If it isn't resolved quickly just call Ben and tell him his server is bad and he should feel bad.

If you still can't connect but need access remotely, you can always fall back to using TeamViewer.  The installation is still active on the machine but is limited due to licensing issues and overutilization.

The "Bus Convergence Factor" on this deployment is 1.  Meaning it will only take 1 bus to eliminate necessary functional resources and cause a persistent system outage of the service. 

If that happens please take care of my family. 

Also just use TeamViewer, it is still on the machine and will keep working as it always has.  

Alternatively the core components of the remote connection (TailScale) are signed in using the KH account and can be utilized directly circumventing the front end deployment.

The system connects remotely to the machine with RDP via a private mesh network run on TailScale.  

RDP : This is the standard Remote Desktop Connection Protocol that is built into Windows Operating Systems

TailScale : This is a mesh VPN networking product that creates a point to point WireGuard based VPN Mesh and is coordinated via the TailNet system. It is free for limited use and the key software components are open source and available for forking if need be.

Kasm : This is an open source Container Streaming platform that also functions as a HTTPS based Remote Desktop Gateway and desktop streaming application.  It leverages a TailScale connection on the server to route the RDP session directly to the KH computer and then streams the session via HTTPS using Guacamole for web sessions or direct HTTPS via a session broker for RDP connections.

Here is a diagram of how it works:

Client session -> KASM Server <-> RDP <-> TailScale <-> RentonKHPC

Yes! 

The infrastructure that is setup is just to make things easier for end users.  If you want to bypass all that and connect using your own device directly that is certainly possible.

In order to do that you would need to:

• Have a valid TailScale account.
• Deploy a TailScale client on the device that will be connecting. 
• Share the KH PC via TailNet with your TailNet. 
• Then connect directly via RDP to the KH machine from your device that is connected to the shared TailNet.

It sounds more complicated than it is, but in the end it would require running an additional piece of software and handling shared credentials which is more complicated than most people would want to do.

Yes, all the utilities, platforms and software are being used according to their proper license agreements.  The core pieces are either free or hosted on private hardware that has been donated for this purpose.

Yes. 

The TailScale connection uses Enterprise level encryption for the peer to peer connection. 

RDP is secured via NTLM with all recommended best practices.   

KASM is secured via HTTPS using a reverse proxy leveraging CloudFlare tunnels to proxy traffic and obfuscate destination addresses.

There are no open ports or access routes on the KH network or firewall and the system is entirely obfuscated.

The largest security hole is the fact that accounts in KASM are only authenticated using single factor (Username/Password).  Unfortunately there is no simple scalable solution to this with our use case.