With virtualization squarely in the mainstream, is there a place still for IP KVM switches in the enterprise? Blogger Paul Mah posed this question to an engineer from ATEN Technology Inc, a maker of KVM and remote connectivity solutions.
KVM (Keyboard Video Mouse switch) switches were especially useful in data centers in the past, where there is a need to control multiple banks of "headless" servers. With the advent of virtualization, and the advancement of lights-out management technologies, is the KVM, or the networked IP KVM still relevant?
To understand how IP KVMs are still useful to the enterprise, I posed the below questions to Aaron Johnson, who is a Field Application Engineer at ATEN Technology over at Foothill Ranch, CA. Below are his responses, as well as my thoughts on the matter.In a world increasingly moving towards virtual machines, how are IP KVM's still relevant? Johnson: As part of the IP KVM offering, a VM solution completes the KVM access offering. This access is usually done as part of the access stage where a centralized management appliance/application, now gives you the power to centrally access both virtual and physical servers from a unified interface. It provides both in-band (RDP, VNC) and out-of-band (iLO/DRAC/RSA, VMware Console Viewer, KVM) management capabilities. Mah: Beyond access to the keyboard, mouse, and monitor, traditional KVM technology has grown up to embrace the changing needs of the modern data centre. This entails expanding beyond physical access, and involves connecting natively to virtual machines as well as supporting popular remote access protocols such as RDP or VNC. What are some features to look out for when selecting an IP KVM? Johnson: Look for enterprise KVM features such as redundancy, physical and virtual server connectivity, IP security, CAC/fingerprint readers both locally and remotely, asset management, and visualization of the entire data center (The last is a wish list item). Also, the use of virtual media both at the OS level (software deployments and updates, OS patches, etc.), and the board level (OS installation or re-imaging of systems/servers). Mah: I suppose I asked for it here: never ask a specialist or expert about their dream systems. Still, I hope the feature list will be useful to help administrators or managers to get started when shopping for one. Most of the above is self-explanatory, though some might not be familiar with the concept of virtual media. In essence, virtual media allows access to storage devices over supported endpoints.
On an IP KVM that supports virtual media, a system administrator can theoretically install patches to the operating system from a remote location -- even if the systems are not connected to the network. (Think in terms of installing emergency updates where systems have to be yanked offline.)What are some suggestions to mitigate the security risks when using an IP KVM?
Johnson gave a list of suggestions to mitigate the security risks, which I summarize as follows:
- Leverage policy management tools.
- Make use of AES encryption for end-to-end node access.
- Deploy a broad range of remote authentication servers (LDAP, Active Directory, RADIUS and TACACS+ etc) on top of local authentication and authorization.
- Support card access control and fingerprint authentication locally at the KVM, as well as remotely via the use of authentication servers.
Johnson summed up the continuing importance of the KVMs when he wrote, "Secure access and control down to the BIOS level is still deeply important."
Indeed, the advent of virtualization makes it more important than ever to be able to centrally manage servers in the data center. Far from being obsolete, an enterprise KVM can today be leveraged for this role, whether the servers are physical ones or virtual instances. And where the rise of cloud computing is concerned, the number of servers will actually increase, making high density IP KVMs even more important, and relevant.