The new generation of keyboard, video, and mouse (KVM) switches allows admins to tinker with their systems remotely over an IP connection. We look at six IP KVM packages.
Well, remote access is becoming an important part of many businesses, and sometimes admins need to access their servers even when they're not physically in the server room. An IP KVM switch allows the admin to access their servers remotely over any IP connection -- even from home, if necessary.
This can be achieved in two distinct ways: the first is simply to attach a "black box" with an IP port to an existing KVM switch, and the second is to build the IP functionality into the KVM switch itself.
The IP black box generally includes one or more serial ports and one or more KVM ports, and it is through the KVM port that the black box connects to any KVM switch.
In essence, your keyboard and mouse commands are sent via IP to the black box which then passes the commands through KVM port to the KVM switch as if the switch were controlled by the local keyboard operator. The video feed from the PC being controlled is passed back through the KVM switch to the black box and then via IP to the remote operator's PC for display.
Obviously the black box must first compress the video data before pumping it over the IP network, and each vendor usually offers several levels of compression with compromises between the image quality and the bandwidth consumed. Typically the serial ports can be used to remotely access and/or control LAN switches and powerboards so for example a hung PC can be powered down and up again.
KVM on the Net (CN-6000)
Master View Plus KVM switch (CS-9138)
Power on the Net (CP-0108)
The ports are located on the rear and include 10/100 LAN, serial, PC/KVM port, and local console ports -- the latter included PS/2 connectivity for the mouse and keyboard but no USB. The maximum video resolution supported is a pretty impressive 1600 x 1200 at 60Hz, although this will chew up unnecessary bandwidth. You're probably better off using 1280 x 1024 at 75Hz or even XGA.
The KVM switch supplied was a MasterView Plus, which is an eight-port unit. Two of these KVMs cascaded together will result in 15 usable ports, as one of the master KVM's ports is required for the cascade operation; there are no dedicated ports for this purpose. The KVM is eminently stackable and can be cascaded up to three levels; theoretically you could have a pyramid of 73 units: one at the top level, eight in the middle level, and 64 at the bottom level, supporting a total of 512 servers. The management may get a little hairy in large installations as you are effectively managing down through three KVM levels to get to the target server.
The rear of the unit has one KVM console port, which would connect to the CN-6000, and eight KVM ports all of which are PS/2 (there are no USB ports). We were very disappointed to note the switch doesn't have an internal power supply -- even though it is certainly large enough -- relying instead on a small plug-pack. The units can be easily stacked using the plastic stacking supports or rack-mounted after removing the plastic supports and replacing them with rack mount brackets.
The active KVM port can be selected from the front of the unit, as can the auto scan mode and also keyboard/mouse reset; there is also a hard reset for the unit that can only be accessed with a bent paperclip.
The Power on the Net CP-0108 is a rackmount unit, about the size of a typical switch, which has eight AC outlets. For larger servers with redundant power supplies, you may need two or three units per eight-port KVM switch. The eight power outlets are located at the rear of the unit along with eight linked serial ports to allow the safe shutdown of the connected servers. There is a master breaker reset at the rear as well as a pair of serial ports for controlling the unit and cascading other units; a total of 16 units can be cascaded in this manner for a total of 128 controllable AC power outlets.
The local console interface is quite basic; I would hate to have to administer a large cascaded setup in this manner.
There are actually four software components supplied with the CN-6000: the administration utility, log server, Windows client and Java client. The Java client is to ensure support for platforms other than Windows.
The log server's function is self evident: all events are recorded in a database so particular events can easily be found by a search. The administration utility is used to configure and manage the CN-6000 and this is where we came across an annoying little problem. When installing the utility you are asked to input the serial number off the base of the CN-6000. Problem was, the serial number was 14 characters while the registration software was expecting 20 characters. It turned out the manual is incorrect; the serial number is actually on the CD.
And, while on the topic of documentation, the layout and syntax is clumsy and this results what should be a relatively simple configuration becoming much more complicated.
The Windows client is very basic and switching to the remote view loses all Windows desktop functionality on the client PC (this is why we were unable to capture screenshots of the remote window). Static display quality is quite good at the default settings, although we did notice some annoying interference spikes in the image. To be fair, this may have been a fault of the KVM cable but we didn't have another to confirm this. The image quality can be reduced to improve redraw speed, but the quality and the number of dropped pixels and artefacts increases dramatically without a commensurate increase in redraw speed. Another way to approach the display quality is using the bandwidth slider.
Interestingly, all key combinations -- with the exception of ALT-TAB and CTRL-ALT-DEL -- are passed through to the remote system. Even so, macros are not needed because the F12 key is substituted for the ALT key. So if you need to reboot a remote server, the key sequence CTRL-F12-DEL will do the trick. It is also a simple matter to define other key substitutes.
We couldn't test the Java application as were unable to connect the application to the CN-6000 no matter what we tried. The applet simply reported "Server is Busy" even after reboots of the client and CN-6000 on an isolated network.
Security is a bit of a mixed bag. Apparently the unit supports RSA 1024-bit encryption and through the administration utility up to 64 users and passwords can be defined. The administrator can configure IP address filters and rename the Java applet page. Users logging into the utility must include the page name with the IP address and the page name can be regularly changed to prevent unauthorised access.
|Product||Aten Master View Plus CS-9138, Aten KV on the Net CN-6000|
|Price||CS-9138 AU$600, CN-6000 AU$1250|
|Phone||03 9560 7222|
|Proprietary Windows client and Java client, but KVM cables only support PS/2.|
|Single user only with quite poor management, but has strong cascading ability.|
|Very inexpensive but also not as polished in usability as the other products.|
The front of the unit features a wide range of status LEDs but all the action occurs at the back of the unit with 16 ARI ports, a LAN connector, local console connections, PS/2 connectors, and a serial port. The 2000R can control legacy KVM switches simply by connecting the AVRIQ-PS2 module to the legacy KVM's local console port. Cascading the switches is this way, each ARI can accommodate up to 24 servers for a maximum of 384 servers for all 16 AVR ports.
The maximum resolution on the local port is 1600 x 1280 at 75Hz with the remote management supporting 1280 x 1024 at 75Hz.
We found it strange that while the HP KVM Server can be side mounted in a rack to save precious rack space, the 2000R -- which is identical in size and has the same case mounting locations -- only appears to be horizontally mountable, at least with the brackets provided with the unit we received. Connections can be secured with DES, 3DES, and SSL 128-bit. User authentication with assignable rights is also supported.
Initial network configuration is via a serial cable and Hyper Terminal. While it's not difficult, it would be convenient to be able to do this simply from the local console. The local console interface is called OSCAR, and is reasonably easy to navigate although. Although it's not terribly important, the graphics are a little chunky when compared to some of the other units tested. Remote access is achieved via proprietary software, AVWorks, which may restrict your choice of remote console platform. During the initial configuration, searching for devices can be as simple as inputting names or IP addresses.
AVWorks is reasonably easy to drive and it is a simple matter to build a hierarchical structure to manage the servers and devices connected to your various KVM switches. Renaming of devices from nasty long AVRIQ ID strings is also simple and it is a lot easier to find a particular device by a logical name the administrator can set up.
Controlling a server remotely is pain-free as long as you take simple precautions. For example, our remote PC was running Windows XP Pro and we had to disable "enhanced pointer precision" in the control panel. This or any other form of mouse acceleration will result in the remote unit's mouse and your console mouse falling out of sync. They can be resynced simply by clicking on the resync button at the top of the session window, but if acceleration is enabled the sync will immediately be lost again.
At the default settings, the screen updates are surprisingly fast, and quite smooth in fact. The downside is, the colour depth is quite low. The video can be manually adjusted, although this would rarely be necessary and can impact quite a lot on performance.
Common key presses for Windows and Sun servers are stored as macros and can simply be selected and run on the remote server via the pull-down menu. If you need a new sequence, there is a "create" option.
|Product||Avocent AutoView 2000R|
|Phone||1800 680 086|
|Very good platform support for remote client; wide range of connectivity from PS/2 to Sun 13W3.|
|Up to three users and well-managed cascading.|
|One of the more expensive solutions but feature rich.|
|Two-year RTB warranty, can be extended to three or four years.|
OmniView Remote IP Console
OmniView Enterprise KVM FIDE216C
Belkin's solution consists of a remote IP console linked to a KVM switch that can control up to 16 computers. The RIC is a robust black box about the same size as a CD-ROM drive with mounting locations so that it can be mounted on the side of a rack, for example, and thus not waste valuable rack space. Unfortunately the AC power is provided by an external plug pack, but this appears to be typical for these devices.
Connectivity is quite good with 10/100 LAN port, two serial ports, and two sets of KVM ports. One of the KVM ports is for the local console operator and the second connects to a single computer or a multiport KVM switch. The RIC supports a maximum remote screen resolution of 1280 x 1024 at a refresh rate of 60Hz.
The rackmountable KVM switch is a very impressive piece of kit that allows up to two simultaneous local operators, with each operator able to select the computer to be controlled using colour coded front panel buttons, yellow for one user and green for the other. Of course, the target computer can also be selected by using keyboard shortcuts. The front panel also has navigating switches for each operator to view different banks of servers -- the unit can be daisy-chained with up to 15 other units to control a maximum of 256 computers. The unit's bank number is set via dip switches under a flip-down bezel. This is also where the USB flash-upgrade port is located. Each user can also set the switch to autoscan through the connected computers.
The rear of the unit only has eight remote high density D-sub KVM connectors. Each connector controls two computers through a dual KVM cable, which apparently reduces cabling bulk. There are two ports to daisy-chain the unit, and finally the two sets of console KVM ports that include two USB ports.
The initial network configuration can be carried out either via HyperTerminal and the serial port or via the network by configuring the PC to Belkin's default network address. Either way it's a very simple procedure.
The Web interface is remarkably user friendly with a simple tabbed navigation system. There are tabs for Host Control, Security, and Settings & Configuration. The latter is where all network, remote access, user management, keyboard and mouse settings, maintenance such as firmware updates and KVM switch types are defined and configured. Under the KVM switch option you define the number of ports on the KVM your IP Console is connected to, and have the facility to name each of the ports.
The Java browser plugin can install itself automatically on any client PC.
You can define hot keys to facilitate switching ports on the remote KVM via the browser and macros to send control-key combinations to the remote server.
We found each time we initiated a remote connection, the image was not aligned properly. However, the video alignment button on the bottom of the remote session window works well, if not a little slowly. The resultant image can be scaled to fit any window size.
Colour depth is reasonably low but this was not an issue. We were a little disappointed in the redraw speed; dragging a window around the remote screen was accompanied by quite a lot of image tearing and it took some time to settle down once the movement stopped. There did not appear to be anyway to adjust the video quality or bandwidth other than the ability to set compression on or off; the default is on.
The mouse also tended to fall out of sync a little quicker than the other vendor's products but this can easily be remedied using the resync function in the tool bar at the bottom of the remote session window.
To ensure a secure connection, the user can be forced to use HTTPS and all the remote access ports can be configured by the administrator. The Belkin also includes a simple user-configurable firewall that can be set to allow or disallow particular IP address to connect via remote console. SSL certificate management is included and the key length can be either 1024 or 2048 bits in length. Users and groups are supported with assignable rights.
|Product||Belkin OmniView Enterprise KVM F1DE216Cau, Belkin Remote IP Console F1DE101Nau|
|Price||OmniView AU$1799.95, Remote IP Console AU$999.95|
|Phone||1800 235 546|
|Java remote client ensures wide platform support; PS/2 and USB cables available.|
|Up to two users (one remote and one local), good cascading ability.|
|A little more expensive than the Aten but a much more refined unit.|
KVM Server Console Switch
As for the enigmatic 3 x 1 x 16, this breaks down to three IP remote console users, one local console user, and 16 KVM ports. The HP is identical in size to the Avocent 2000R: Avocent actually manufactures the unit for HP who simply rebadge it. Unlike the 2000R, the HP can be side mounted in the rack and consequently not consume any rack space.
The rear of the unit has 16 RJ45 KVM ports that use Cat5 cable and a KVM dongle that HP calls an Interface Adaptor. The dongle appears to be a rebadged Avocent AVRIQ and is available in PS/2 and USB formats [but for some reason not Sun, can't think why -- Ed].
A single HP KVM can support up to 128 servers through cascading using dedicated expansion modules or up to 256 using older Compaq KVM switches.
The local port maximum resolution is 1600 x 1280 at 75Hz while the remote management supports 1280 x 1024 at 75Hz.
The HP allows user authentication with assignable rights and the connections are via SSL 128-bit.
While HP supplies a neat hardcopy installation guide for bolting the unit to a rack, there is no hardcopy of the unit configuration and software installation. Surprisingly the user guide on the supplied CD is not up to HP's usual high standards and any information on the initial configuration must be ferreted out.
The unit can be configured via HyperTerminal or via the network once you resolve IP addresses. Our test system was a bit uncooperative and the HyperTerminal session, once connected, would not proceed to the configuration menu; we're sure this was a fault with our unit not an overall design flaw.
The management software is called the HP IP Console Viewer and to be blunt is Avocent's AVWorks with an HP label. As a consequence, the HP software has the same features as the Avocent right down to mouse resync, video settings, and macro handling.
And, it's no surprise the graphics characteristics of the remote session are on par with the Avocent; the redraw rates are quite fast and the colour depth low but acceptable.
|Product||HP IP Console 3 x 1 x 16|
|Phone||13 23 47|
|Appears to rely on third-party client software; PS/2 and USB cables supported.|
|Up to four users (one local and three remote), well managed cascading.|
|The most expensive of the integrated solutions but a solid feature set.|
While many vendors are eschewing traditional KVM cables for standard Cat5 cables and dongles at the server end to reduce cable snarl, Peppercon is quite happy to stick with tradition. But Peppercon's KVM cables are only marginally thicker than a typical Cat5, and so there should be no complaints in this regard. The cables are available in lengths up to 10m.
The unit can easy control legacy KVM switches by connecting a KVM port to the legacy switch's console port. If for the legacy switches have eight ports each, the 0801IP can control up to 64 servers.
The local console can support video resolutions up to a very impressive, and probably unnecessary, 1920 x 1440 at 60Hz while remote operators have a maximum of 1280 x 1024 at 75Hz.
Peppercon also sells a 16-port model called the 1601IP which sells for just under AU$5000.
The Peppercon is only a single-user unit, either a local or a remote user, however up to 20 users can simultaneously view a server.
The initial network configuration is performed via the serial port and HyperTerminal. It's a simple task but to connect you must reset the unit and then, to quote the instructions, "immediately press the ESC key". It took us four tries to connect, but maybe we were just unlucky.
Once the IP address has been set, the unit can be accessed with a Web browser, with the options of HTTP or HTTPS for bet-ter security.
Unlike all the other KVM units, the Peppercon does not require mouse acceleration to be disabled; the unit has an algorithm that tracks the mouse quite well. The mouse pointers eventually go out of sync but it's a simple matter of clicking the Sync button in the window toolbar to correct.
The Web browser interface has a very traditional layout with options such as Remote Console, Server, and Administration down the left hand side.
The Remote console display quality was not very good. The colour depth was quite low and the refresh rates were very slow and jerky. We experimented with the various display settings: the noise filter can be set larger to speed up redraws at the expense of dropped pixels, and the quality can be set to either High Speed or Best Quality, but were still not satisfied with the quality or the speed. Quite obviously the vendor has tried to ensure the IP connection consumes as little bandwidth as possible while also providing the widest console platform support possible by employing a Web browser interface and Java. This should run on just about any box you can think of.
There is one key macro -- CTRL-ALT-DEL -- available by default from the pull-down menu, the user can define up to four. The macros are defined using relatively simple scripting language, but it's not as simple as some of the other vendors products.
Security features are quite strong in the Peppercon. You can chose to secure network access with HTTPS and up to 256-bit SSL. In addition, up to 200 user profiles can be stored in the unit and individual rights defined right down to the access of individual KVM ports. Authentication can be handled by a nominated LDAP server if required.
|Phone||1800 100 345|
|Java remote client ensures wide platform support; PS/2 cables with adaptors for USB and Sun.|
|Single user but up to 20 simultaneous viewers; cascades to legacy switches.|
|The least expensive of the integrated units with a good feature set.|
At the rear are 16 KVM RJ45 ports. A 32-port model is also available. Connecting to a server requires a standard Cat5 cable and a KVM dongle called a Computer Interface Module (CIM). CIMs are available to support PS/2, USB, Sun HD15 video, and Sun USB. There are ports for a single local user catering for both PS/2 and USB; the latter is a welcome addition over most of the other vendors offerings. There is also a serial port for modem connection and two 10/100TX LAN ports to provide redundancy if one fails; another nice touch. The maximum video resolution supported is 1280 x 1024 at 60Hz.
The manuals make no mention of the unit's cascading abilities and after chatting with the vendor's technical staff we were informed that the Dominion KX was not designed to be cascaded. Raritan recommends using multiple units if you need more ports, and since each unit has IP capability, this should not be too much of a problem. However the Dominion should be able to connect to legacy KVM switches' local console ports without any problems. The Dominion KX116 supports a single local console and a single remote console; there is a KX216 model that supports up to two remote consoles simultaneously.
Initial configuration of the unit is very simple and the network settings such as IP address can be set simply by plugging a keyboard, mouse, and monitor into the local console port. Why don't the other vendors make it this easy?
To ensure correct tracking of the remote mouse, acceleration must be disabled. By default the Dominion communicates over TCP port 5000, but if for some reason you firewall blocks this port, the unit can be configured to use a different port.
For ease of use, each of the ports can be assigned a name, making it a lot easier to navigate around a large KVM installation than remembering port 16 is the mail server.
The Raritan is remotely accessed using a Web browser which then dynamically loads the Raritan Remote Client for each session. The client is an ActiveX application and will only run on Windows machines. It will be interesting to see with the tightening of control on executable content in Windows XP Service Pack 2 if this becomes more difficult to install.
The interface is very clean and is organised in a simple tree structure, we found navigation very easy but as we only had a single Raritan device we could not confirm the ease of use in a large KVM infrastructure.
The default image quality for the remote server is excellent; there are no nasty coarse gradients because the colour depth is quite high. Movement of objects on the remote display is surprisingly smooth given the display quality although at the default noise filter level of four there tended to be quite a few stray pixels left behind. We set the filter to two, which reduced the artifacts dramatically and did not impact appreciably on the redraw speed. Moving the pointer rapidly results on the remote pointer being left behind, but it very quickly realigns with the local pointer when the movement stops of slows. Should the pointers fall out of sync there is a synchronise mouse option to correct the problem.
There are only a couple of default key macros, certainly nothing as extensive as the Avocent for example, however it is very simple to create additional macros.
Security is certainly the Dominion's strong point. Users and user groups can be created and access rights to the Dominion defined, the passwords can be set to expire, and the user can be forced to use "strong" passwords. There is also support for LDAP, Active Directory, and RADIUS authentication.
Remote connections can have various levels of protection applied from no encryption -- definitely not recommended -- through to SSL authentication and data encryption.
|Product||Raritan Dominion KX116|
|Phone||1800 222 898|
|ActiveX client supports Windows clients only; cables for PS/2, USB, and Sun.|
|Two users (one remote and one local) with good cascade management.|
|Moderately priced for an integrated unit, a relatively strong feature set, and extremely fast display redraws.|
|KVM switch||Aten Master View Plus CS-9138||Avocent AutoView 2000R||Belkin OmniView Enterprise KVM F1DE216Cau|
|IP unit||Aten KV on the Net CN-6000||Integrated||Belkin Remote IP Console F1DE101Nau|
|Phone||03 9560 7222||1800 680 086||1800 235 546|
|Price (RRP inc GST)||CS-9138 AU$600, CN-6000 AU$1250||From AU$6980||Omniview AU$1799.95, Remote IP Console AU$999.95|
|Warranty||3 years||2 Years RTB, optional 3 or 4 years||3 years|
|KVM switch size||1RU||1RU||1RU|
|IP module size||200 x 80 x 25mm||Integrated||N/A|
|Maximum cascade depth||3||1||1|
|Maximum ports supported when cascaded||512||Up to 384||256|
|KVM connections supported||PS/2||PS/2, USB, Sun VGA, Sun 13W3, VT100||USB, PS/2|
|Price per KVM cable/dongle (RRP inc GST)||Included||From AU$165||PS2: 6ft AU$74.95, 10ft AU$84.95, 15ft AU$94.95, 25ft AU$109.95; USB 6ft AU$74.95, 12ft AU$84.95|
|Max concurrent operators||1 local or 1 remote||1 local and 2 remote||1 local and 1 remote|
|IP security supported||RSA 1024 bit, DES 56 bit, AES 256 bit||User authentication, DES, 3DES, SSL 128-bit||User authentication, HTTPS, SSL Certificates up to 2048-bit|
|Maximum local console video resolution||1920x1440||1600x1280 75Hz||2048x1536 85Hz|
|Maximum IP console video resolution||1600 x 1200 60Hz||1280x1024 75Hz||1280x1024 60Hz|
|IP client interface||Proprietary Windows client or Java client||Proprietary AVWorks client||Java client|
|KVM switch||HP IP Console 3 x 1 x 16||Peppercon 0801IP||Raritan Dominion KX116|
|Vendor||HP Australia||Zantech||KVM Australia|
|Phone||13 23 47||1800 100 345||1800 222 898|
|Price (RRP inc GST)||From AU$7250||AU$3300||AU$5170|
|Warranty||2 years||3 years||2 years|
|KVM switch size||1RU||1RU||1RU|
|IP module size||Integrated||Integrated||Integrated|
|Maximum cascade depth||1||1||Depends on legacy switch used|
|Maximum ports supported when cascaded||128 or up to 256 with older Compaq switches||64||Depends on legacy switch used|
|KVM connections supported||PS/2, USB||PS/2 (USB and Sun using adapters)||PS/2, USB, Sun|
|Price per KVM cable/dongle (RRP inc GST)||AU$210||Included||PS/2 and USB AU165, Sun AU$180|
|Max concurrent operators||1 local and 3 remote||1 local or 1 IP, up to 20 viewing||1 local and 1 remote|
|IP security supported||User authentication, SSL 128-bit||HTTPS, SSL up to 256-bit, user profiles, certificates||SSL 128-bit; authentication using LDAP, RADIUS or Active Directory; user profiles|
|Maximum local console video resolution||1600x1280 75Hz||1920x1440 60Hz||1280x1024 60Hz|
|Maximum IP console video resolution||1280x1024 75Hz||1280x1024 75Hz||1280x1024 60Hz|
|IP client interface||Proprietary HP client||Java client||ActiveX client|
This company is planning to install 10 new servers in its datacentre and is looking for tools to help keep them running.
Approximate budget: Open.
Requires: A rack-mountable KVM switch capable of remote access over IP.
Concerns: Ease of installation and use will be a major consideration. The ability to connect and manage the servers remotely over IP will also be a strong consideration, but the level of security in doing so will also be a big issue. The availability of modules to control the power of the servers and to do console management via serial ports will also be taken into account.
Best solution: As long as this company only plans to manage the servers from Windows PCs, we would give the nod to the Raritan Dominion KX116; it's moderately priced and feature rich. If budget is a concern, and more importantly if you cannot be certain what platform the remote administrators will be using, a higher-end Peppercon unit with more ports than the one we reviewed is the way to go.
What operating systems does the client software run on? Which systems can you plug the device into?
How many users can use the device simultaneously? Can units be "cascaded" or daisy-chained?
Do the features, usability, and performance justify the price?
How long is the warranty? What service and maintenance contracts are available?
Editor's Choice: Raritan Dominion KX116
This article was first published in Technology & Business magazine.
Click here for subscription information.
About RMIT IT Test Labs