Re: KVM over IP Suggestions?
Here is an article that addresses some of these very issues, naturally there is always a costing factor, because non of the sought for solutions are easy to come by. http://www.networkcomputing.com/showitem.jhtml?docid=1616f3 -Henry --- Daniel Senie <[EMAIL PROTECTED]> wrote: > > At 12:41 PM 8/22/2005, Aaron Glenn wrote: > > >On 8/22/05, Simon Hamilton-Wilkes > <[EMAIL PROTECTED]> wrote: > > > > > > They support P/S2 / USB / Sun and serial - > though are a very expensive > > > way to do serial. > > > >And (last time I looked, at least) they required an > expensive, > >proprietary, Windows-only authentication server > (DSView) in addition > >to the client software licenses and hardware costs. > > Avocent makes several products in the KVM/IP space. > Not all of them > are tied to Windows Server authentication. At the > low end, they've > got a sub-$1000 single port box that works nicely > for front-ending > existing KVM switches that have on-screen controls. > > We've used and tested 4 or 5 products in this > "single port" space. > Results have been fair, bad and ugly. I would not > consider any of > them to be acceptable or better. > > There are several issues. As someone else noted, > these usually push a > viewer to you over either Java or Active-X. The > little Avocent uses > Active-X, so I have to remember to load up IE before > accessing it. > > Internal authentication is, in my experience, > essential. After all, > if you're connecting in to deal with the server > that's doing your > authentication, you're screwed, yes, there are > likely expensive ways > to avoid that situation. > > Serial redirection and terminal servers are an > option, but only if > all of your servers support that. > > VNC isn't an option, unless you like your terminal > sessions going > over unencrypted pipes or set everything up to > tunnel over SSH or VPN. > > Solutions that use VNC direct to the target server > are insufficient. > If you can't talk to the BIOS of a server that's not > feeling well, > what's the point? Once a server is actually up, SSH > into the server > gets you all you need, or VNC over SSH if you must > do some graphics. > > Mouse control: all of the KVM/IP products we've > tested have had > serious issues with mouse control. With Windows > boxes, we generally > do our best to get boxes far enough up to use RDP, > and switch to that > because it's much cleaner. With Linux machines we > find this less of > an issue as we don't run consoles in graphics mode, > thus bypassing > the mouse sync issue. > > For the original poster, if you want to have the > ability to let > customers at the console of their server, but not > others, you're > going to be stuck using expensive equipment, with > the ability to > handle multiple simultaneous users, or go with > servers that have > KVM/IP as an on-board option (Intel's is the one I'm > personally > familiar with. Someone else mentioned Dell has such > too). > > We made the move to KVM/IP and APC power > cycling/control equipment a > few years back and have never regretted doing so. > > Dan > >
Re: KVM over IP Suggestions?
At 12:41 PM 8/22/2005, Aaron Glenn wrote: On 8/22/05, Simon Hamilton-Wilkes <[EMAIL PROTECTED]> wrote: > > They support P/S2 / USB / Sun and serial - though are a very expensive > way to do serial. And (last time I looked, at least) they required an expensive, proprietary, Windows-only authentication server (DSView) in addition to the client software licenses and hardware costs. Avocent makes several products in the KVM/IP space. Not all of them are tied to Windows Server authentication. At the low end, they've got a sub-$1000 single port box that works nicely for front-ending existing KVM switches that have on-screen controls. We've used and tested 4 or 5 products in this "single port" space. Results have been fair, bad and ugly. I would not consider any of them to be acceptable or better. There are several issues. As someone else noted, these usually push a viewer to you over either Java or Active-X. The little Avocent uses Active-X, so I have to remember to load up IE before accessing it. Internal authentication is, in my experience, essential. After all, if you're connecting in to deal with the server that's doing your authentication, you're screwed, yes, there are likely expensive ways to avoid that situation. Serial redirection and terminal servers are an option, but only if all of your servers support that. VNC isn't an option, unless you like your terminal sessions going over unencrypted pipes or set everything up to tunnel over SSH or VPN. Solutions that use VNC direct to the target server are insufficient. If you can't talk to the BIOS of a server that's not feeling well, what's the point? Once a server is actually up, SSH into the server gets you all you need, or VNC over SSH if you must do some graphics. Mouse control: all of the KVM/IP products we've tested have had serious issues with mouse control. With Windows boxes, we generally do our best to get boxes far enough up to use RDP, and switch to that because it's much cleaner. With Linux machines we find this less of an issue as we don't run consoles in graphics mode, thus bypassing the mouse sync issue. For the original poster, if you want to have the ability to let customers at the console of their server, but not others, you're going to be stuck using expensive equipment, with the ability to handle multiple simultaneous users, or go with servers that have KVM/IP as an on-board option (Intel's is the one I'm personally familiar with. Someone else mentioned Dell has such too). We made the move to KVM/IP and APC power cycling/control equipment a few years back and have never regretted doing so. Dan
RE: KVM over IP suggestions?
> -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On > Behalf Of Kevin > Sent: Monday, August 22, 2005 10:27 PM > To: nanog@merit.edu > Subject: Re: KVM over IP suggestions? > > > We have a non-IP switch from Raritan and saw presentations on their > > IP KVM products. Seemed pretty impressive. One problem you may want > > to focus on is screen resolution since the video output must be > > converted to IP packets with a lower refresh rate. We're planning > > to buy a few of these switches for remote monitoring. > > The "IP Reach" video compression is bearable for installation and > recovery. Video quality is degraded, but unless you really cannot > stand moire patterns, it'll take an hour or so staring at the display > before your headache becomes unbearable. > > I have experience with Raritan's "Paragon IP Reach" products, and they > do work, but are expensive for such a low port density. Also it has > been very difficult to work with tech support to make the Paragon > product with a RADIUS server for OTP access control. > > The newer "Dominion" line may be better; I've heard some complaints > about their serial console products, nothing either way about KVM. We've tested Raritan's integrated KVM over IP + serial products for a while, but were less than impressed with their interface tools. Both the standalone client and the ActiveX client were prone to crashing, sometimes taking the raritan device with it. We've since junked the servers for which we needed the KVM over IP for in favor of HPs with advanced ilo or IBMs with remote supervisor cards, if which I'd recommend HPs offering any day. // nick
Re: KVM over IP suggestions?
DELL's DRAC-III is waste of money. DELL's DRAC-IV is a very good thing, and I find it replacing al consoles around (it have embedded monitoring with e-mail and SNMP alerts; have VNC based console servcie with perfect /not ideal, through/ mouse syncronisation, haVE VIRTUAL cd (SLOW, BUT WORKING) AND VIRTUAL FLOPPY, EASY-TO-USE INTERFACE (except strange password management), and so on. Compaq's RIB cards was good but expensive and nbot very reliable. Serial console can be fine, but do not eliminate normal console in many cases. - Original Message - From: "Kevin" <[EMAIL PROTECTED]> To: Sent: Monday, August 22, 2005 1:26 PM Subject: Re: KVM over IP suggestions? On 8/22/05, Matthew Black <[EMAIL PROTECTED]> wrote: > On Mon, 22 Aug 2005 11:15:23 -0400 > "Drew Weaver" <[EMAIL PROTECTED]> wrote: > >Howdy, I'm looking for a way to give our remote users access > > to their servers, perhaps a KVM-IP solution. What we need is support for > > multiple users (more than 2), with access control that limits what users > > can connect to what ports on the KVM switch, and would allow you BIOS > > level access and os-installation type control over the server, would > > also be nice if it worked with windows and linux/unix based systems. Where possible, I strongly prefer to work with serial console on a hardware platform with firmware serial console support. This works for any OS that supports a command line, including Windows Server 2003. Dell includes serial console support in the BIOS on "servers", and offers an enhanced remote management card which appears to work as a KVM-IP solution for Windows and (some versions of) Linux. I've never tried their DRAC/ERAC, only the serial console BIOS. All of the commercial remote serial console products we've considered so far have had serious security and/or usability flaws. This includes Cisco, Lantronix, Raritan, Digi, etc. > We have a non-IP switch from Raritan and saw presentations on their > IP KVM products. Seemed pretty impressive. One problem you may want > to focus on is screen resolution since the video output must be > converted to IP packets with a lower refresh rate. We're planning > to buy a few of these switches for remote monitoring. The "IP Reach" video compression is bearable for installation and recovery. Video quality is degraded, but unless you really cannot stand moire patterns, it'll take an hour or so staring at the display before your headache becomes unbearable. I have experience with Raritan's "Paragon IP Reach" products, and they do work, but are expensive for such a low port density. Also it has been very difficult to work with tech support to make the Paragon product with a RADIUS server for OTP access control. The newer "Dominion" line may be better; I've heard some complaints about their serial console products, nothing either way about KVM. Kevin Kadow
Re: KVM over IP suggestions?
Things you must pay attention to: (1) IP KVM should not use client software - good switches uses VNC and can work via WEB. The same with authentication. (2) If you connect IP KVM to normal KVM, check if they are well compatible in suich things as: - monitor recognition on KVM; - switching ports on KVM; (3) If you use multiple servers, check that IP KVM can keep all your screen resolutions and frequences. I saw a case when everything worked, but IP KVM could not recognize still screen and generated huge traffic all the time. The same with frequencees - we have one Compaq KVM which refuse to work with IP KVM. (4) Pay attention to mouse syncronisation. It is tricky and bad IP KVM can require turning mouse acceleration off. Good IP KVM should know mouse acceleration rules in Windows and Linuxes. (5) If you can use embedded IP KVM card such as DELL : DRAC-IV or Compaq - RIB card, use them - IP KVM do not provides server reboot function and rarely can provide virtual CD or virtual floppy. We use IP KVM (do nopt remember vendor; cheap one, price was about $600) connected to 3 16 port KVMs (chained together), and it is good add-on to other tools. But it do not replace normal console in all cases - mouse sncronisation, slow refresh makes long work on it annoying. DRAC-IV card , on other hand, replaces consokle in 95% cases (5% rely to _DRAC-IV crashh; DRAC-IV lost keybvoard; etc cases). For the new project, I'd better take everything from one brand vendor (even if they OEM this things in most cases), just to be sure that KVM's are compatible. For cheap project, there are many cheap IP KVM's on the market, but TEST IT IN YOUR ENVIRONMENT! - Original Message - From: "Eric A. Hall" <[EMAIL PROTECTED]> To: "Drew Weaver" <[EMAIL PROTECTED]> Cc: Sent: Monday, August 22, 2005 9:56 AM Subject: Re: KVM over IP suggestions? > > > On 8/22/2005 11:15 AM, Drew Weaver wrote: > > Howdy, I'm looking for a way to give our remote users access > > to their servers, perhaps a KVM-IP solution. > > > Any suggestions would be helpful. > > http://www.nwc.com/shared/article/printFullArticle.jhtml?articleID=168500010 > > -- > Eric A. Hallhttp://www.ehsco.com/ > Internet Core Protocols http://www.oreilly.com/catalog/coreprot/
Re: KVM over IP suggestions?
Not a switch, but if you use DELL 2850 , 1850 and other _modern_ DELL xx8x servers, DRAC-IV cards provides very good IP-KVM functionality. (Older DRAC-III cards, used in 1650, are just a piece of junk). - Original Message - From: "Jim Mercer" To: "Drew Weaver" <[EMAIL PROTECTED]> Cc: Sent: Monday, August 22, 2005 8:25 AM Subject: Re: KVM over IP suggestions? > > On Mon, Aug 22, 2005 at 11:15:23AM -0400, Drew Weaver wrote: > > Howdy, I'm looking for a way to give our remote users access > > to their servers, perhaps a KVM-IP solution. What we need is support for > > multiple users (more than 2), with access control that limits what users > > can connect to what ports on the KVM switch, and would allow you BIOS > > level access and os-installation type control over the server, would > > also be nice if it worked with windows and linux/unix based systems. > > Any suggestions would be helpful. > > i haven't used it, but you might want to check out: > > http://www.realvnc.com/products/KVM-over-IP/ > > -- > [ Jim Mercerjim@reptiles.org +1 416 410-5633 ] > [ I want to live forever, or die trying.]
Re: KVM over IP suggestions?
From: "Drew Weaver" <[EMAIL PROTECTED]> Any suggestions would be helpful.<< -Just- got this in an E-mail, fwiw. http://www.nwc.com/showitem.jhtml?docid=1616f3
Re: KVM over IP suggestions?
Drew Weaver wrote: Howdy, I’m looking for a way to give our remote users access to their servers, perhaps a KVM-IP solution. What we need is support for multiple users (more than 2), with access control that limits what users can connect to what ports on the KVM switch, and would allow you BIOS level access and os-installation type control over the server, would also be nice if it worked with windows and linux/unix based systems. One thing to check: does the emulation require Java or Active X? I have a Cyclades, but when I wanted the IP portion, I chose Minicom because it uses Java, whereas Cyclades uses Active X. -jjb
Re: KVM over IP suggestions?
On 8/22/05, Matthew Black <[EMAIL PROTECTED]> wrote: > On Mon, 22 Aug 2005 11:15:23 -0400 > "Drew Weaver" <[EMAIL PROTECTED]> wrote: > >Howdy, I'm looking for a way to give our remote users access > > to their servers, perhaps a KVM-IP solution. What we need is support for > > multiple users (more than 2), with access control that limits what users > > can connect to what ports on the KVM switch, and would allow you BIOS > > level access and os-installation type control over the server, would > > also be nice if it worked with windows and linux/unix based systems. Where possible, I strongly prefer to work with serial console on a hardware platform with firmware serial console support. This works for any OS that supports a command line, including Windows Server 2003. Dell includes serial console support in the BIOS on "servers", and offers an enhanced remote management card which appears to work as a KVM-IP solution for Windows and (some versions of) Linux. I've never tried their DRAC/ERAC, only the serial console BIOS. All of the commercial remote serial console products we've considered so far have had serious security and/or usability flaws. This includes Cisco, Lantronix, Raritan, Digi, etc. > We have a non-IP switch from Raritan and saw presentations on their > IP KVM products. Seemed pretty impressive. One problem you may want > to focus on is screen resolution since the video output must be > converted to IP packets with a lower refresh rate. We're planning > to buy a few of these switches for remote monitoring. The "IP Reach" video compression is bearable for installation and recovery. Video quality is degraded, but unless you really cannot stand moire patterns, it'll take an hour or so staring at the display before your headache becomes unbearable. I have experience with Raritan's "Paragon IP Reach" products, and they do work, but are expensive for such a low port density. Also it has been very difficult to work with tech support to make the Paragon product with a RADIUS server for OTP access control. The newer "Dominion" line may be better; I've heard some complaints about their serial console products, nothing either way about KVM. Kevin Kadow
RE: KVM over IP Suggestions?
True, but I've added it to our Cisco ACS server boxes so at least didn't need more hardware. A couple of models (DSR2161 certainly) have alternative firmware available on the Dell site which removes the requirement for the authentication server, but most of the access control goes with it. -Original Message- From: Aaron Glenn [mailto:[EMAIL PROTECTED] Sent: Monday, August 22, 2005 9:42 AM To: Simon Hamilton-Wilkes Cc: [EMAIL PROTECTED] Subject: Re: KVM over IP Suggestions? On 8/22/05, Simon Hamilton-Wilkes <[EMAIL PROTECTED]> wrote: > > They support P/S2 / USB / Sun and serial - though are a very expensive > way to do serial. And (last time I looked, at least) they required an expensive, proprietary, Windows-only authentication server (DSView) in addition to the client software licenses and hardware costs. aaron.glenn
Re: KVM over IP suggestions?
On 8/22/2005 11:15 AM, Drew Weaver wrote: > Howdy, I'm looking for a way to give our remote users access > to their servers, perhaps a KVM-IP solution. > Any suggestions would be helpful. http://www.nwc.com/shared/article/printFullArticle.jhtml?articleID=168500010 -- Eric A. Hallhttp://www.ehsco.com/ Internet Core Protocols http://www.oreilly.com/catalog/coreprot/
Re: KVM over IP suggestions?
On 8/22/05, Drew Weaver <[EMAIL PROTECTED]> wrote: > > Any suggestions would be helpful. > I'd take a look at Cyclades offering. http://www.cyclades.com/products/kvmnet/ aaron.glenn
Re: KVM over IP Suggestions?
On 8/22/05, Simon Hamilton-Wilkes <[EMAIL PROTECTED]> wrote: > > They support P/S2 / USB / Sun and serial - though are a very expensive > way to do serial. And (last time I looked, at least) they required an expensive, proprietary, Windows-only authentication server (DSView) in addition to the client software licenses and hardware costs. aaron.glenn
Re: KVM over IP suggestions?
On Mon, 22 Aug 2005 11:15:23 -0400 "Drew Weaver" <[EMAIL PROTECTED]> wrote: Howdy, I'm looking for a way to give our remote users access to their servers, perhaps a KVM-IP solution. What we need is support for multiple users (more than 2), with access control that limits what users can connect to what ports on the KVM switch, and would allow you BIOS level access and os-installation type control over the server, would also be nice if it worked with windows and linux/unix based systems. Any suggestions would be helpful. Thanks, -Drew We have a non-IP switch from Raritan and saw presentations on their IP KVM products. Seemed pretty impressive. One problem you may want to focus on is screen resolution since the video output must be converted to IP packets with a lower refresh rate. We're planning to buy a few of these switches for remote monitoring. matthew black california state university, long beach
Re: KVM over IP suggestions?
Title: Re: KVM over IP suggestions? I think this could make it: http://www.lantronix.com/data-center-management/kvm-solutions/securelinx-slk.html Regards, Jordi De: Drew Weaver <[EMAIL PROTECTED]> Responder a: <[EMAIL PROTECTED]> Fecha: Mon, 22 Aug 2005 11:15:23 -0400 Para: Asunto: KVM over IP suggestions? Howdy, I’m looking for a way to give our remote users access to their servers, perhaps a KVM-IP solution. What we need is support for multiple users (more than 2), with access control that limits what users can connect to what ports on the KVM switch, and would allow you BIOS level access and os-installation type control over the server, would also be nice if it worked with windows and linux/unix based systems. Any suggestions would be helpful. Thanks, -Drew The IPv6 Portal: http://www.ipv6tf.org Barcelona 2005 Global IPv6 Summit Information available at: http://www.ipv6-es.com This electronic message contains information which may be privileged or confidential. The information is intended to be for the use of the individual(s) named above. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, including attached files, is prohibited.
Re: KVM over IP suggestions?
On Mon, Aug 22, 2005 at 11:15:23AM -0400, Drew Weaver wrote: > Howdy, I'm looking for a way to give our remote users access > to their servers, perhaps a KVM-IP solution. What we need is support for > multiple users (more than 2), with access control that limits what users > can connect to what ports on the KVM switch, and would allow you BIOS > level access and os-installation type control over the server, would > also be nice if it worked with windows and linux/unix based systems. > Any suggestions would be helpful. i haven't used it, but you might want to check out: http://www.realvnc.com/products/KVM-over-IP/ -- [ Jim Mercerjim@reptiles.org +1 416 410-5633 ] [ I want to live forever, or die trying.]
KVM over IP suggestions?
Howdy, I’m looking for a way to give our remote users access to their servers, perhaps a KVM-IP solution. What we need is support for multiple users (more than 2), with access control that limits what users can connect to what ports on the KVM switch, and would allow you BIOS level access and os-installation type control over the server, would also be nice if it worked with windows and linux/unix based systems. Any suggestions would be helpful. Thanks, -Drew
