informa
/
4 min read
Feature

Review: Cyclades' AlterPath KVM/net Switch

This appliance gives admins secure access to the keyboards, video and mice of remote servers.
Remotely and securely accessing critical servers in your data center shouldn't be difficult--ever. Cyclades' AlterPath KVM/net switch is a 1U appliance that aims to give administrators secure access to the KVMs (keyboards, video and mice) of remote servers. I tested it in Network Computing's Syracuse University Real-World Labs® and found it to be a dependable device that requires virtually no setup.

Remote in-band access typically is built into most operating systems, but these tools fall short when the OS is having problems. KVM/net lets you work with every aspect of your server--from configuring BIOS, POST and RAID controllers to managing intelligent Cyclades power strips--up to 500 feet away.

Cyclades uses a Linux OS, giving the KVM/net a stable and secure environment that integrates easily with most networks' authentication methods, including RADIUS, TACACS+, LDAP, NTLM and Kerberos, and even two-factor authentication such as SecureID. When those methods are unavailable, it falls back to checking against its locally stored user accounts.

The appliance is available in two versions--one for 16 servers and one for 32 servers. Multiple units can be daisy-chained to control up to 1,024 servers as if they were a single unit. And the appliance is virtually bulletproof: It contains no moving parts other than a fan to cool the processors.

Test Run

I hooked up the KVM/net 16-port device to a Windows 2000 Server, Windows XP desktop and three servers running different versions of Linux. After connecting the supplied KVM adapters to each server's keyboard, video and mouse ports, I connected the KVM to the adapters using the existing Cat 5 cable.

Setup was a snap. From a Web browser, I configured the device's network interface, placed it on the production network, and configured users, groups, authentication and other security controls.

Good
  • Supports multiple OSs
  • Provides smooth KVM access
  • Configurable access controls tighten security

  • Bad

  • Remote KVM access only with IE on Windows
  • Allows only two users at a time even when daisy-chaining KVMs together
  • Cyclades alterpath KVM/net16, starts at $3,995. Cyclades Corp., (888) CYCLADES, (510) 771-61006. www.cyclades.com

    Unfortunately, when the box was configured using LDAP authentication, my attempts to control connected computers using Web browsers other than Internet Explorer on Windows didn't work. KVM/net uses ActiveX and requires IE on Windows to control remotely any console it commands. Cyclades should add support for other browsers and platforms.

    Despite these problems, I could control any of the attached servers, simulating the day-to-day work of an administrator. I connected over the WAN and updated the XP machine with the latest IE patches, rebooted two of the Linux servers, and even wiped a Linux server clean and installed Solaris x86. The device performed without a hitch during my tests, especially since the ActiveX client lets you adjust connection speeds and video resolution.

    Two for One

    KVM/net allows for two simultaneous users--one over the Web and one connected locally to a monitor and keyboard. These users can control two different servers at the same time. KVM/net also lets you configure the appliance so one user can watch the other work. Unfortunately, even if you've daisy-chained many KVMs, you'll still be restricted to only two users at one time.

    Obviously, Cyclades is not the first vendor to sell a digital KVM, but the company built its device with security in mind. Additionally, KVM/net provides advanced access controls, letting administrators set restrictions on ports based on users.

    IPsec, SSH access, SNMP and IP filtering are all built in, giving admins fine control over access to the device. And the device can encrypt any combination of video, keyboard and mouse traffic. It can even be configured to remotely log errors and access to a centralized logging service over syslog.

    Christopher T. Beers is a Unix Systems Engineer at Syracuse University. Write to him at [email protected]