KVM via Internet?
Hi, I was wondering if you guys know of any cost-effective KVM (remote access/control) solution that can be accessed over the internet? Everyone knows about the cheapo products that you have to press a button to switch between computers and stuff, but how about being able to accessed these over the net (especially useful if you live far away from the datacenter)? Just in case you're not sure of what I'm talking about, I mean something like the Rose Ultralink (http://www.rosel.com/htm/ultralink.htm). It is nearly exactly what I need, BUT... the cost... is almost astronomical. I don't need those 64 port things... this is just for about 4-5 servers. I'm not sure if there is some way to hook up those cheap push button KVMs to a server, and have the server pass the video feed over the net somehow. Perhaps some video capture card in a server could be hooked up to those cheap KVMs to pass the video feed that way? There seem to be lots of POSSIBLE ways to do it, but I'm not exactly sure how. The main reason for all this is to be able to see what I would normally see sitting in front of the server during bootup, so, for example, if I see e2fsck fail during bootup (requiring root password and a manual e2fsck run), I would be able to do something about it rather than go all the way to the datacenter just to press the Y key a few times and reboot. (if you guys know a good way to get around that, that would be great too, especially if I can't find any solution for the above). Thanks in advance! Sincerely, Jason -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: KVM via Internet?
On Mon, Jun 25, 2001 at 03:41:26AM +0800, Jason Lim wrote: Hi, I was wondering if you guys know of any cost-effective KVM (remote access/control) solution that can be accessed over the internet? I think you are looking for a RealWeasel 2000 I think it's www.realweasel.com Try it is should do what you like (convert video to text and put it on the serial/network... and put input from serial to keyboard in... It converts to serial... but you can connect the serial to another server or whatever to make it networked... They even have a telnettable demo system so you can try for yerself... -- Mark Janssen Unix Consultant @ SyConOS IT E-mail: [EMAIL PROTECTED] GnuPG Key Id: 357D2178 http: maniac.nl, unix-god.[net|org], markjanssen.[com|net|org|nl] Fax/VoiceMail: +31 84 8757555 Finger for GPG and GeekCode -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: KVM via Internet?
Hi, Looks good but unfortunately is ISA only :-/ Since many of our servers don't have legacy ISA support, it won't work :-/ Any other ideas? That one looked pretty good. I wish they had one that translated the stuff directly to asci data that could be pumped over an ethernet connection ;-) Sincerely, Jason - Original Message - From: Mark Janssen [EMAIL PROTECTED] To: Jason Lim [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Monday, June 25, 2001 4:59 AM Subject: Re: KVM via Internet? On Mon, Jun 25, 2001 at 03:41:26AM +0800, Jason Lim wrote: Hi, I was wondering if you guys know of any cost-effective KVM (remote access/control) solution that can be accessed over the internet? I think you are looking for a RealWeasel 2000 I think it's www.realweasel.com Try it is should do what you like (convert video to text and put it on the serial/network... and put input from serial to keyboard in... It converts to serial... but you can connect the serial to another server or whatever to make it networked... They even have a telnettable demo system so you can try for yerself... -- Mark Janssen Unix Consultant @ SyConOS IT E-mail: [EMAIL PROTECTED] GnuPG Key Id: 357D2178 http: maniac.nl, unix-god.[net|org], markjanssen.[com|net|org|nl] Fax/VoiceMail: +31 84 8757555 Finger for GPG and GeekCode -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: KVM via Internet?
On Mon, Jun 25, 2001 at 06:16:14AM +0800, Jason Lim wrote: Any other ideas? That one looked pretty good. I wish they had one that translated the stuff directly to asci data that could be pumped over an ethernet connection ;-) connect the serial ports of two servers to each other with null-modem cables. compile serial console support into the kernel and configure lilo for serial console. if you have more than two machines, it may be worthwhile setting up a terminal server boxan old cisco or annex or whatever or a linux box with a cheap multi-port serial carde.g. a 1RU celeron with an 8-port MOXA card. this gives you remote console access from the time that the LILO prompt appears. if you need remote access to the BIOS then it is possible to buy machines with a serial console BIOS, and it's also possible to upgrade the BIOS on some motherboards. linux boxes are cheaper than brand-name terminal servers, and can also run ssh rather than telnet (recent versions of ciscos can also run ssh, but i've heard that it's not terribly reliable and it requires you to upgrade IOS to unreliable beta versions). if a machine goes down, ssh to the terminal server machine and run minicom to communicate with it. btw, a linux-based terminal server can also be configured to log the boot messages from the serial console. craig -- craig sanders [EMAIL PROTECTED] Fabricati Diem, PVNC. -- motto of the Ankh-Morpork City Watch -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Multiple DSLs, and switching incoming route upon failure?
Mike Fedyk [EMAIL PROTECTED] writes: I already have multiple DSL links to the Internet, but I haven't done anything more as far as incoming connections besides SMTP and a couple others for remote workers. Why not have a DNS server on each network announcing different IPs for each service and then multi-home each server? DNS on DSL1 would only annouunce IPs from DSL1, and DNS on DSL2 would only announce IPs from DSL2. Due to the way DNS servers are used in a round-robin fashion you should get crude load balancing ... if DSL1 goes down only the DNS server in DSL2 would be reachable and therefore only DSL2 IPs handed out. -- Fraser Campbell [EMAIL PROTECTED] Starnix Inc. Telephone: (905) 771-0017 Thornhill, Ontario, Canada http://www.starnix.com/ Professional Linux Services Products -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: privileges problem
On Sunday 24 June 2001 16:15, Jeff S Wheeler wrote: Also, stock 2.4.x series kernel limits supplementary groups to 32. Good point! There would be a per-process penalty for increasing that limit. You could patch apache to include the supplemental groups when it forks children (if it does not do this already..), but overall that is a bad solution. Such a patch would require that Apache keep root privs all the time. Would you REALLY want this? If your users' data really can't be world-readable, your remaining option is to run seperate httpd's for customers with these large privacy concerns. Note that most of the time, though, your customers just don't want people copying their whole directory structures and stealing content whole-sale. This can be accomplished by other means, anyway, but you can give yor customers some comfort by simply instructing them to set all their directories with permissions o-r. You can configure the FTP server and other ways of uploading content to specify the permissions for them (customers will forget). Separate web server instances is a really bad idea, it's a PITA to manage. Note that CGIs/SSIs will be a security concern for you. You had better use suEXEC or something else such that customers cannot execute their CGI programs as the user/group apache's children run as, if you rely on that for your privacy/security mechanism... suexec and cgiwrap are both good solutions to this problem. -- http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/projects.html Projects I am working on http://www.coker.com.au/~russell/ My home page -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: privileges problem
On Saturday 23 June 2001 14:40, :yegon wrote: while configuring dynamic virtual hosting (with mod_vhost_alias) on a new server i ran into this problem i create a new group named g(username) for each new virtual web, I set all user files to chmod 640 to avoid them to be read by another user my apache server runs as www-data so i need to add user www-data to each virtual web group to be able to serve its documents Supplementary groups are only read by login, su, and other programs that change UID etc. They can only be changed by a root process so once the program is running as UID != 0 it can't be changed. this all works fine but when I create a new virtual web, that means a new group, user and home directory and try to access its documents via http I get this error in the apache error.log is there a way to somehow refresh this info for the running process without restarting it? No. do you have another suggestion? Why do you need to have a separate GID for each web space? Why not just have the files owned by the GID for Apache and the UID for the user? Another solution would be to make all the files owned by the UID of Apache and the GID of the user and mode 660... -- http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/projects.html Projects I am working on http://www.coker.com.au/~russell/ My home page
privileges problem
Also, stock 2.4.x series kernel limits supplementary groups to 32. There would be a per-process penalty for increasing that limit. You could patch apache to include the supplemental groups when it forks children (if it does not do this already..), but overall that is a bad solution. See NGROUPS in include/linux/limits.h and other lines containing NGROUPS / NGROUPS_MAX in the source if you want to go ahead with your idea. If your users' data really can't be world-readable, your remaining option is to run seperate httpd's for customers with these large privacy concerns. Note that most of the time, though, your customers just don't want people copying their whole directory structures and stealing content whole-sale. This can be accomplished by other means, anyway, but you can give yor customers some comfort by simply instructing them to set all their directories with permissions o-r. Note that CGIs/SSIs will be a security concern for you. You had better use suEXEC or something else such that customers cannot execute their CGI programs as the user/group apache's children run as, if you rely on that for your privacy/security mechanism... - jsw -Original Message- From: Russell Coker [mailto:[EMAIL PROTECTED] Sent: Sunday, June 24, 2001 5:02 AM To: :yegon; debian-isp@lists.debian.org Subject: Re: privileges problem On Saturday 23 June 2001 14:40, :yegon wrote: while configuring dynamic virtual hosting (with mod_vhost_alias) on a new server i ran into this problem i create a new group named g(username) for each new virtual web, I set all user files to chmod 640 to avoid them to be read by another user my apache server runs as www-data so i need to add user www-data to each virtual web group to be able to serve its documents Supplementary groups are only read by login, su, and other programs that change UID etc. They can only be changed by a root process so once the program is running as UID != 0 it can't be changed. this all works fine but when I create a new virtual web, that means a new group, user and home directory and try to access its documents via http I get this error in the apache error.log is there a way to somehow refresh this info for the running process without restarting it? No. do you have another suggestion? Why do you need to have a separate GID for each web space? Why not just have the files owned by the GID for Apache and the UID for the user? Another solution would be to make all the files owned by the UID of Apache and the GID of the user and mode 660... -- http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/projects.html Projects I am working on http://www.coker.com.au/~russell/ My home page -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
KVM via Internet?
Hi, I was wondering if you guys know of any cost-effective KVM (remote access/control) solution that can be accessed over the internet? Everyone knows about the cheapo products that you have to press a button to switch between computers and stuff, but how about being able to accessed these over the net (especially useful if you live far away from the datacenter)? Just in case you're not sure of what I'm talking about, I mean something like the Rose Ultralink (http://www.rosel.com/htm/ultralink.htm). It is nearly exactly what I need, BUT... the cost... is almost astronomical. I don't need those 64 port things... this is just for about 4-5 servers. I'm not sure if there is some way to hook up those cheap push button KVMs to a server, and have the server pass the video feed over the net somehow. Perhaps some video capture card in a server could be hooked up to those cheap KVMs to pass the video feed that way? There seem to be lots of POSSIBLE ways to do it, but I'm not exactly sure how. The main reason for all this is to be able to see what I would normally see sitting in front of the server during bootup, so, for example, if I see e2fsck fail during bootup (requiring root password and a manual e2fsck run), I would be able to do something about it rather than go all the way to the datacenter just to press the Y key a few times and reboot. (if you guys know a good way to get around that, that would be great too, especially if I can't find any solution for the above). Thanks in advance! Sincerely, Jason
Re: KVM via Internet?
On Mon, Jun 25, 2001 at 03:41:26AM +0800, Jason Lim wrote: Hi, I was wondering if you guys know of any cost-effective KVM (remote access/control) solution that can be accessed over the internet? I think you are looking for a RealWeasel 2000 I think it's www.realweasel.com Try it is should do what you like (convert video to text and put it on the serial/network... and put input from serial to keyboard in... It converts to serial... but you can connect the serial to another server or whatever to make it networked... They even have a telnettable demo system so you can try for yerself... -- Mark Janssen Unix Consultant @ SyConOS IT E-mail: [EMAIL PROTECTED] GnuPG Key Id: 357D2178 http: maniac.nl, unix-god.[net|org], markjanssen.[com|net|org|nl] Fax/VoiceMail: +31 84 8757555 Finger for GPG and GeekCode
Re: KVM via Internet?
Hi, Looks good but unfortunately is ISA only :-/ Since many of our servers don't have legacy ISA support, it won't work :-/ Any other ideas? That one looked pretty good. I wish they had one that translated the stuff directly to asci data that could be pumped over an ethernet connection ;-) Sincerely, Jason - Original Message - From: Mark Janssen [EMAIL PROTECTED] To: Jason Lim [EMAIL PROTECTED] Cc: debian-isp@lists.debian.org Sent: Monday, June 25, 2001 4:59 AM Subject: Re: KVM via Internet? On Mon, Jun 25, 2001 at 03:41:26AM +0800, Jason Lim wrote: Hi, I was wondering if you guys know of any cost-effective KVM (remote access/control) solution that can be accessed over the internet? I think you are looking for a RealWeasel 2000 I think it's www.realweasel.com Try it is should do what you like (convert video to text and put it on the serial/network... and put input from serial to keyboard in... It converts to serial... but you can connect the serial to another server or whatever to make it networked... They even have a telnettable demo system so you can try for yerself... -- Mark Janssen Unix Consultant @ SyConOS IT E-mail: [EMAIL PROTECTED] GnuPG Key Id: 357D2178 http: maniac.nl, unix-god.[net|org], markjanssen.[com|net|org|nl] Fax/VoiceMail: +31 84 8757555 Finger for GPG and GeekCode -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: KVM via Internet?
On Mon, Jun 25, 2001 at 06:16:14AM +0800, Jason Lim wrote: Any other ideas? That one looked pretty good. I wish they had one that translated the stuff directly to asci data that could be pumped over an ethernet connection ;-) connect the serial ports of two servers to each other with null-modem cables. compile serial console support into the kernel and configure lilo for serial console. if you have more than two machines, it may be worthwhile setting up a terminal server boxan old cisco or annex or whatever or a linux box with a cheap multi-port serial carde.g. a 1RU celeron with an 8-port MOXA card. this gives you remote console access from the time that the LILO prompt appears. if you need remote access to the BIOS then it is possible to buy machines with a serial console BIOS, and it's also possible to upgrade the BIOS on some motherboards. linux boxes are cheaper than brand-name terminal servers, and can also run ssh rather than telnet (recent versions of ciscos can also run ssh, but i've heard that it's not terribly reliable and it requires you to upgrade IOS to unreliable beta versions). if a machine goes down, ssh to the terminal server machine and run minicom to communicate with it. btw, a linux-based terminal server can also be configured to log the boot messages from the serial console. craig -- craig sanders [EMAIL PROTECTED] Fabricati Diem, PVNC. -- motto of the Ankh-Morpork City Watch