[BBLISA] Remote KVM?

[Rob Taylor]

Hi Charles. I have some raritan kxii kvm's and I believe that they have all the features that you require.
(I think it can do the logging, but I have to look into it)

We have several of the 16 port models. The use ssl from a browser, and open a java applet to show you the screen.
Or, you can install a java application on your desktop and skip the web interface.
You can choose how many simultaneous host connections depending on the model that you buy.
Ours will do 2 simultaneous users, but that includes the console on it, so if someone is using the console, then you only get 1 remote session.
It will allow 2 users to look at the same screen if need be, (for remote assistance to a kvm console user or 2 remote users) and that only uses 1 session.

They have ps2 and usb CIMs(computer interface modules), and the usb ones will do virtual media if you need them to, either from the remote computer,
or from a URL the kvm can access I believe, so you could have iso images on a web server at the remote office for better speed.
The also just introduced DVI, HDMI, and Displayport CIM's and can support dual-display machines. (Which would use both session I think though)
Overall, we are pretty happy with them. Not the cheapest things in the world though. Doing a quick web search:
 
http://www.kvm-switches-online.com/dkx2-216.html 

Has the main unit for ~$3200, and the CIM's are ~$100 each. (You can get bulk CIM packs that make them slightly cheaper)
So figure another $1600 for CIMs. So, about $5k all in.

We had HP kvm's before, which was old rebranded avocent(with an HP twist), and these raritans are much better. (Haven't used any recent avocent to compare to though)
The annoying thing about the HP one is that even though it was rebranded avocent, HP had them make some changes that made it incompatible with the other avocent gear.
So I couldn't just buy avocent and reuse the dongles. At the time Avocent was pricier than the raritan as well.

We also have ours tied into a group in AD for our admins, but you can still login local if you need to(really slow to login when AD is down though, I'm guessing timeouts)

I personally would have it behind a firewall/vpn. Even if it uses certificates, that doesn't mean that the web server isn't vulnerable to exploits, etc.

If you have any more questions on them let me know, I'd be happy to answer.

rgt

Whitehead Network/System Administrator

----- Original Message -----
> 
> Greetings fellow admins,
> 
> 
> I'm currently investigating the idea of a "remote KVM" for my
> servers, to allow our team more direct access when we are not
> physically on-site. Ideally, it would do the following:
> 
> 
> - Require login
> - Log all access (user, time, and IP)
> - Allow (at least) 2 simultaneous connections
> - Allow me to switch between servers after I am connected
> - Support at least 16 servers
> 
> 
> I'm torn about putting it behind our firewall, such that I would have
> to VPN in to get to it, and putting it in a DMZ such that I can get
> to it without the VPN server being up. My concern is, if the VPN
> server is down, then I'm stuck (and we are off line until someone
> can physically arrive on-site.) On the other hand, I don't really
> want to give unsavory individuals easy access and unlimited time to
> hack my system. How secure are these things on their own? Can they
> be made to require certificates, for instance?
> 
> 
> Does anyone have a preferred solution for this problem? Are there any
> gotchas I may be missing? Any advice would be welcome.
> 
> 
> Thanks,
> Charles
> 
> 
> _______________________________________________
> bblisa mailing list
> bblisa at bblisa.org
> http://www.bblisa.org/mailman/listinfo/bblisa