Experience the Simplification of Computer Room Management - New KVM Usage Experience
1 background
With the continuous increase of network applications, the number of servers in various computer rooms has also increased. The use of multi traditional host switches (see the figure below) can no longer meet the current situation of wide areas and shortage of personnel due to multiple devices. Even with some remote management software, the remote desktop sharing method cannot achieve the management level of BIOS. When the computer system crashes, it is even more difficult to control the screen of the peer service. Moreover, the desktop method implemented through software is also vulnerable to attacks such as denial of service and password bypass. Therefore, this article thoroughly solves the above problems by introducing the use of a remote digital switch based on Kvm Over IP technology.
II What is KVM Over IP
If you are a server manager in a computer room, you will definitely be familiar with LCD screen KVM switches in cabinets. Nowadays, KVM has transformed from the traditional image of bulky, complex cables, and limited transmission distance to a completely new design that is not limited by distance. This will ensure remote maintenance of data centers or IDC rooms that provide critical task services 24/7 without interruption. Based on its principle, this device is implemented using KVM Over IP technology. The so-called "OVER IP" is to manage KVM through the Internet, using digital KVM based on KVM over IP technology, transmitting KVM control information through IP network, allowing managers to switch between multiple machines both locally and remotely, achieving centralized management and control of machines in the central computer room. Its implementation principle is to capture analog signals from the interfaces of computer keyboards, displays, and mice, and digitize these analog signals into digital information packets. After encryption and compression, they are securely transmitted through TCP/IP connections in the network, thereby achieving remote control of IT equipment. Let's take a look at the specific advantages. Compared to popular remote control software such as PC Anywhere, Remote Desktop, and VNC, KVM OVER IP has more powerful features.
1) BIOS level management.
Through KVM Over IP, BIOS level management of managed servers can be achieved, enabling the lowest level of hardware management. For example, when a server unexpectedly crashes and needs to be manually repaired, or when RAID needs to be redone, it can be used to fully manage the server.
2) Independent of the operating system, stable operation.
It is remotely controlled through hardware and does not occupy any communication ports of the system, so it does not occupy system resources like software remote control software, and it is also not vulnerable to network attacks.
3) Support multiple platforms
In the past, installing remote control software on different platforms was quite cumbersome. For example, installing VNC on server operating systems that Unix, Linux, Mac OS X, and Windows did not understand had different steps and methods, and was often subject to interference from firewalls or proxy servers.
4) Transmission encryption
The most important issue when considering a remote control solution is transmission security. To ensure security, the KVM Over IP system performs encryption, decryption, password protection, and data compression at both the transmitting and receiving ends of the network. The password system supports algorithms such as 1024-bit RSA, 56 bit DES, 256 bit AES, and 128 bit SSL; Support the Radius authentication communication protocol to ensure secure remote data transmission.
5) Support centralized authentication
Waiting for DAPS, AES will definitely support authentication methods such as Radius, LDAP, and Microsoft Active Directory for the LCD in the cabinet, making it easier to manage.
III Case study of remote control in computer room
1. Current situation and demand analysis of server clusters in the computer room
The central data center of a certain company currently has nearly a hundred servers of various types, including IBM, Sun, Dell brand servers, as well as various PC servers purchased at different times. The operating systems include AIX, Solaris, RedHat Linux, Windows series, and FreeBSD system (traffic monitoring equipment). Except for SUN mini computers, the interfaces are all PS/2. These servers respectively undertake core business such as enterprise OA, ERP, financial systems, as well as various self built databases, web services, email, etc.
With the continuous increase of critical services, there is a higher demand for controllable time of critical task servers. If the system management personnel are on a business trip, guiding other personnel in the data center through out of town phone calls to determine the fault time will be relatively long, and the server will not be able to resume normal operation in a timely manner; In addition, due to the lack of a unified management platform for centralized management and control of all servers, staff frequently shuttle between the central computer room when managing and controlling servers, causing significant hidden dangers. In response to the current situation of the computer room, the author proposes to build a centralized intelligent management system for equipment in the central computer room, and puts forward the following requirements:
1) IP based remote management function;
2) Capable of managing multiple operating systems across platforms;
3) Having comprehensive security mechanisms to achieve user authentication management;
4) Easy to upgrade when servers increase;
5) Bottom level access functionality. Including: initialization configuration of the operating system; Restart after system crash; Video startup guidance and performance settings; Modify server hardware configuration by accessing BIOS.
Through the mandatory selection of the plan, the Hongzheng KVM system was ultimately chosen because Hongzheng Automatic Technology Co., Ltd. is a leading global manufacturer of digital information sharing, connection, and switching. The company was listed on the Taiwan Stock Exchange in October 2003, and its product family includes KVM multi computer switches (covering personal, commercial, and enterprise levels), video switches/distributors, IPMI solutions, etc
2. KVM over IP solution based on Hongzheng
The Hongzheng KVM Over IP management system consists of three parts: an IP based digital KVM digital switch, a server module, and system management software. When there are multiple KVM hosts in the data center, the Altusen CC2000 management software can also be deployed to help administrators view all servers connected to multiple KVM hosts and achieve unified authentication through single sign on. The main accessories and functions are as follows:
■KN4124VKVM host, which has 24 high-density KVM interfaces and can connect 24 servers, looks like a switch when viewed from the back. The appearance design of this device is stylish, occupying only 1U of space in height (as shown in the figure below).
■KA7175USB virtual media computer module: Implement virtual media functions, for example, if there is an optical drive on the server, the effect of inserting the system disk into the remote computer optical drive through it for operation is the same as local operation. This allows operation and maintenance personnel to remotely install and repair the operating system, as well as diagnose problems (see the appearance below). Please note that when selecting this module, you need to equip as many modules as there are servers in your data center.
4、 Application effect
At present, a remote monitoring and management system based on KVM Over IP from Hongzheng has been adopted in the renovation of a certain computer room. After centralized management of 48000 servers in the central computer room, the following effects have been achieved:
1. Remote managementAt present, engineers do not need to enter the computer room. They can connect to any server in the central computer room through a browser (supporting JAVA plugins) interface through a LAN and a terminal with an IP address in the office area. The management level reaches BIOS level. Even if the system administrator is on a business trip, they can remotely monitor the servers and various application services in the central computer room, solve server problems in a timely manner, and troubleshoot problems in a timely manner.
2. Integrated managementIncorporate servers of different brands and operating systems from the data center into a unified management platform. This centralized management level of KVM has reached a cross platform hardware level, which is superior to the shortcomings of general software management such as inability to cross platforms and occupying server processes.
3. Safety managementBy utilizing the new generation KVM system from Hongzheng and the accompanying CC2000 management software, multi-level permission security management functions can be achieved. Specifically, the system can be configured with users and passwords; Both users and servers can be grouped for management, and the control permissions of each server can be assigned to any one or a group of users for management. Implemented centralized authentication for multiple KVM users.
4. Multi person collaborative managementHongzheng KVM truly realizes collaborative management among multiple people. This system has 5 concurrent users, of which 4 are remote users; One is a local user. When a server failure requires multiple people to participate in judgment and handling, one person can operate in the local computer room, and the other four people can view or collaborate in different locations, making remote consultation of the server possible.
After several months of trial use, I feel that the ATEN KN4124V device is not only well-designed and powerful, but also stylish in appearance, simple and practical, and has excellent performance. Overall, it is a switch that switches quickly and runs stably, suitable for use by major IDC data centers and enterprise users.
matters needing attention:
There are requirements for the browser, and the client must support Java Runtime Environment 6 Update 3 or above (1.6.3) to run. The browser must also support 128 bit SSL encryption transmission, and the client is preferably a combination of Windows and IE. Of course, Linux and MAC OSX clients can also be used, but the browser must be able to support JAVA.