KVM switch
From Wikipedia, the free encyclopedia
A KVM switch (with KVM being an acronym for Keyboard, Video, Mouse) is a hardware device that allows a user to control multiple computers from a single keyboard, video monitor and mouse. Although multiple computers are connected to the KVM, typically a smaller number of computers can be controlled at any given time. Modern devices have also added the ability to share USB devices and speakers with multiple computers. Some KVM switches allow one PC to be connected to multiple monitors, keyboards, and mice. Although this configuration is not as wide spread as the reverse, it is useful when one wants to be in two different positions such as sitting and standing depending on what they are doing.
Contents |
[edit] Passive and Electronic switches
KVM switches were originally passive devices based on multi-pole switches and some of the cheapest devices on the market still use this technology. Passive switches usually have a rotary knob to select between computers. They typically allow sharing of 2 or 4 computers, with a practical limit of about 12 machines imposed by limitations on available switch configurations. Modern designs use electronics rather than physical switch contacts and can control potentially unlimited numbers of computers.
A limitation with physical switches is that any computer not currently selected by the KVM switch does not 'see' a keyboard or mouse connected to it. In normal operation this is not a problem but while the machine is booting up it will attempt to detect its keyboard and mouse and either fail to boot or boot with an unwanted (e.g. mouseless) configuration if they are not detected. Thus passive KVM switches are unsuitable for controlling machines which may reboot automatically e.g. after a power failure. Some electronic KVM devices provide peripheral emulation, sending signals to the computers that are not currently selected to simulate a keyboard, mouse and monitor being connected. These can be used to control such machines which may reboot in unattended operation.
[edit] Use
A user connects a monitor, keyboard, and mouse to the KVM device, then uses special cables to connect the KVM device to the computers. Control is switched from one computer to another by the use of a switch or buttons on the KVM device, with the KVM passing the signals between the computers and the keyboard, mouse and monitor depending on which computer is currently selected. Most electronic devices also allow control to be switched through keyboard commands (such as hitting a certain key, often Scroll Lock, rapidly two or three times).
Devices differ in the number of computers that can be connected, with anywhere from two up to 64 computers possible. Enterprise-grade devices can also be daisy-chained to allow even greater numbers of computers to be controlled from a single set of a keyboard, video and mouse.
A KVM switch is useful where there are multiple computers, but no need for a dedicated keyboard, monitor and mouse for each one. They are frequently used in data centers where multiple servers are placed in a single rack with a single keyboard, monitor and mouse. A KVM switch then allows data center personnel to connect to any server in the rack.
[edit] Secure KVMs
Security concerns where KVMs are used to control PCs or servers which are in different security domains have lead to the development of secure KVMs. Used mainly in defense and other government due to their additional expense, these devices put measures in place to ensure that risks of data traversing from one domain to another via the KVM are reduced.
An example of such a device is Tenix's Interactive Link Multiple Computer Switch (IL-MCS) [1] which is used in areas where a KVM is required to span networks of differing security levels and the consequence of data leak is high. This device has been evaluated to E6 under ITSEC, the highest level under this security evaluation scheme, and the highest evaluated level of such a device. Threats heavily evaluated against include covert channels, inadvertent store-and-forward of sensitive data via the attached keyboard and user error.
[edit] Software alternatives
There are software alternatives to a hardware KVM switch such as Synergy, Virtual Network Computing (VNC), teleport or the non-free Multiplicity, MaxiVista, Kavoom![2] and PC Anywhere, which do the switching in software and forward input over standard network connections. This has the advantage of reducing the number of wires needed, and the screen-edge switching it provides makes it easier to forget that you are using two computers. However, there are some disadvantages. Software alternatives typically require additional software to be pre-loaded onto each one of the target servers or computers to allow clients to remotely attach to. They also can not be used when the host Operating System is not installed yet or has not started: operating system installations are thus not possible nor is access to a computer's BIOS or other built-in configuration areas. Finally, the software alternatives can be difficult or impossible to access if the computer is very busy or has stopped responding to network connections.
[edit] Remote KVM devices (KVM/ip)
Remote KVM devices are also available that allow multiple computers to be controlled remotely across a wide area network, local area network or telephone-line using the TCP/IP protocols and a web browser or specially designed viewer software. A consideration of this viewer software relative to a browser based application is the area of ActiveX or Java security. Well formed implementations can be found across the major vendors today, yet there are many entry-level implementations that may not be as robust when it comes to security, performance and reliability. Important to note is that many of the stand-alone viewer software applications provided by many manufacturers are also reliant on ActiveX or Java. In addition, each major manufacturer is free to use various licensing mechanisms, some based on numbers of target devices, some based on numbers of users, and some based on numbers of sessions.
In comparison to conventional methods of remote administration (for example Virtual Network Computing or Terminal Services), a KVM switch has the advantage that it doesn't depend on a software component running on the remote computer, thus allowing remote interaction with base level BIOS settings and monitoring of the entire booting process before during and after the operating system loads. Modern KVM over IP gateways or switches typically use at least 128-bit data encryption securing the KVM configuration over a WAN or LAN (leveraging SSL, and thus MD5 or AES)
Other types of products using the similar nomenclature of "remote KVM" or "KVM Extension" rely mainly on hardware only. These products can be associated with KVM switching or can represent point-to-point extension between a single computer and its input/output devices or user interface. See Remote Graphics Unit (RGU).
[edit] KVM over IP
Keyboard Video Mouse over Internet Protocol ("KVMoIP" or "KVM over IP") is very similar to remote graphical console access software such as PCAnywhere, Virtual Network Computing (VNC) and Microsoft Remote Desktop Connection. The main benefit of KVM-over-IP is to make traditional KVM functionality available without the associated cabling limitations.
[edit] Similarities
In each of these remote graphical console applications a user is able to see a local copy of the remote graphics display and to perform most of the keyboard and mouse related tasks that he could if he were in front of the actual system. In fact, some of them even redirect the audio channel to the remote console. Some of the main limitations of these software based implementations are the inability to access the BIOS setup screen and the inability to redirect the graphical console in safe mode. This is because software based remote graphical console applications require the operating system to boot and to load a driver before the graphical console can be redirected. Also, software is inherently difficult to trust because much of the quality is currently tested in, not designed in. The remote graphical console software providers have no way of knowing the configuration of the system that it's being loaded on, and testing with every permutation and combination of 3rd party driver and application software is not practical.
[edit] Differences
KVMoIP is different from the above because it is hardware based, requiring no software to be installed on the remote system. Instead, a dedicated microcontroller and potentially specialized video capture hardware work to capture the video signals, compress and packetize them, and send them over an Ethernet link (which may include very remote connections over the Internet) to a remote console application that unpacks and reconstitutes the dynamic graphical image. This KVMoIP subsystem is typically connected to a system's standby power plane so that it's available during the entire BIOS boot process. Thus one can see all the BIOS messages occur and even cause the remote system to enter BIOS setup to make any required adjustments. KVMoIP is considered by many to be a valuable tool in the support of Service Level Agreements for commercial servers.
[edit] Implementation details
There are many potential ways of implementing KVMoIP. For the graphics capture portion, PCI based KVMoIP cards used a variation of a technique known as screen scraping where the PCI bus master KVMoIP card would access graphics data directly from the graphics memory buffer. In these cases, the PCI card had to know which graphics chip it was working with, and what graphics mode this chip was currently in so that the contents of the buffer could be interpreted correctly as picture data. Newer techniques such as those used by OPMA management subsystem cards and other implementations obtain the video data directly from the graphics chip using the industry standard DVI bus. There are also a variety of ways to emulate the keyboard and the mouse remotely, but newer implementations emulate USB based keyboards and mice using the management controller.
[edit] Related Technology
- Console server — For managing a command-line driven system through a remote terminal.
- Intel_vPro ?
