Domain: raritan.com
Stories and comments across the archive that link to raritan.com.
Comments · 20
-
Re:He got physical access to the machine!
He was more likely using an IP-connected KVM device, like one of these http://www.raritan.com/products/kvm-over-ip/ and not the heavily cabled ones. Hooked up to a cellular router, they don't even need cables except for a power pack.
Full access to the workstation might be needed if the bank implements machine-based access control that requires something on the machine itself for authentication besides username and password. The South African Post Office does this and a bunch of crooks nicked money after stealing a machine that had management access to accounts and then broke into the premises of another branch to plug it into the LAN. That was proved an inside job by tellers.
-
Re:I would say sun is done
From what I can tell, neither Dell nor HP boxes have usable serial consoles. Your hardware is all at a staffed location where you can have someone 24x7 plug in a keyboard and monitor?
-
Re:Lower Level
A lot of servers have this built-in. On Sun servers, there is a separate service processor (an ARM running embedded Linux) that can power the server on/off, provides network access to video/keyboard, and can create a virtual USB DVD drive.
There are also external boxes that will do the same thing. We use several of these where I work.
-
Re:RS-232 Serial Port
Your environment sounds like a single machine is not your entire problem. You may want to look at some of the console servers that are available. They are designed for what you are describing (I have used Digi before):
-
Maybe we need more details?
Perhaps I am not understanding what the issue is with using the standard console servers and PDUs out there? All serial access is pretty darn low bandwidth.
http://www.avocent.com/products/serial-consolemanagement.aspx
http://www.raritan.com/products/serial-console-switches/
Plug one of these in, then connect a serial cable to your servers. Many include a modem if you have a pair of copper wires for a phone line so you can keep it out of band. -
Re:You've achieved your desired goal
The original copyright of the OpenNMS 1.0 code was created by Oculan (they had a dual strategy: open-source OpenNMS, commercial packaged OpenNMS-as-appliance). They have since gone out of business, and Raritan bought the intellectual property to sell as another product, so they don't have much reason to give us copyright to the grandfather of our shared code, they still have a vested interest in it. =)
However, OpenNMS pure-open-source development has continued on quite a bit since (2002?) when Sortova went off on his own to keep the open-source product alive. A large part of the code is now copyright The OpenNMS Group, which is our for-profit company supporting OpenNMS training/support/custom-dev, along with plenty of code copyrighted by tons of other committers.
The OpenNMS Group is certainly viable, and has written plenty of the code in today's OpenNMS codebase, but like many small "don't charge for a stupid enterprise version of free software" companies, legal funds to go after such things are slim. We're profitable, and growing, but we're not VC funded; would we rather fund our developer's conference or pay a bunch of lawyers to enforce something that folks Doing The Right Thing should be doing anyways?
It seems, however, that to enforce that copyright, we need to be more organized. We'd love to create an Apache-like not-for-profit "foundation" to own the copyright so we can be proper stewards of the code and not have things fragmented between us, other community members who have submitted code, and Raritan/Oculan. With the history of the original codebase, though, it's not terribly possible to do it 100% at the moment. We're doing what we can.
Believe me, there's nothing we'd love more than for this to not be an issue of The OpenNMS Group "controlling" the code. We believe in doing things right by way of the GPL, and just want to make sure others using the code do the same.
-
Nice crash cart
I've used crash carts from a company called Ergotron: http://www.ergotron.com/tabid/158/language/en-US/
d efault.aspx
At my current and my past company, they work real well. I looked high and low for a good crash cart and nothing seemed to come close to these. Maybe I was just searching the wrong terms(and apparently my vendors were too). They are a bit pricey though, ~$1500 or so to start. I have a Styleview LCD cart at my current job, and had a LCD cart and a laptop cart at my last place (servers were co-located in a ~900 sq foot cage, 8 feet between rows, so plenty of space for the carts).
I also bought a KVM over IP/CAT5 solution from raritan(http://www.raritan.com/), which worked out real well for those situations where a serial console wasn't enough(unless you have fancy out of band management, some do, some don't). I setup tables in the front of the cage, hooked up a couple of the raritan hardware clients. Typically ran one CAT5 cable w/KVM hookup to each rack, so it could be plugged into any system fairly easily. Range of 1000 feet. This was pretty pricey too, with the adapters and all it was about $25k. Though in the grand scheme of things it was cheap at the time. I had cyclades terminal servers in every rack, with serial consoles on all the servers and network gear.
Also I hooked up a temperature sensor board, from Sensatronics(http://www.sensatronics.com/) I think. I think it was a 16 port board, and I bought all 300 foot cables for all of the sensors, and cut them to length. This ended up being about $5k I think(I went way overkill on the cable lengths).
At my current company we use servertech(http://www.servertech.com/) PDUs, their higher end models come with optional temperature/humidity sensors so we use those instead of the senatronics.
Despite it being a co-location, we had 500kW of power going into that cage(standard setup was ~12kW/rack), if the data center had followed their own procedures(AT&T enterprise network services), we would of had to have about a 5,500 sq foot cage, comparable to your data center :) (@ 90 watts/sq foot of cooling). But they did not(at the time, they wised up July of last year and now strictly enforce their cooling capacity at this particular data center).
posting as AC, since I don't have an account. I read slashdot daily but I post maybe once every 2-3 years, so I haven't bothered to make an account. -
Fixed link
We use Paragon switches.
-
A data center sized KVM solution
For all your fancy servers that have the must-have GUIs, just get a Raritan Paragon for the KVM monitor, a couple of rack-mounted keyboard monitor setups, and then use the IPReach for remote access. All of the cables going to the systems are category five, so it's a painless install. It might be a little pricy at first, but if you work out the cost per port it isn't that bad.
Of course, it was easier with Sun hardware, because I could actually power-cycle the box through a serial console, even if there wasn't an installed OS.
-
pretty common
I think Dell gets their KVM-over-IP equipment from Avocent, though there are other providers, such as Raritan. The best setups allow for a hybrid combination of traditional rackmount matrix KVM and more modern KVM-over-IP.
Also note that not all Cat5/RJ45 KVM units support KVM-over-IP. Many units simply use Cat5 cable to cut down on cost. (Cat5 plus an adapter on either end is cheaper than long runs of coax for video plus USB or PS/2 cables and repeaters. -
Go with hardware
If you really want KVM-over-IP, you'll want a hardware solution. A software-only setup won't help you with BIOS or networking problems. With a hardware-based KVM-over-IP you can have multiple network (and non-networked) paths back to the KVM itself.
I love the Raritan Dominion KX series, it's both a classic KVM and a IP-enabled KVM:
http://www.raritan.com/products/kvm_switches/domin ion_kx/prd_line.aspx
If you haven't worked with high-end KVMs before, don't be alarmed by the RJ-45 ports on the Raritan models. High end KVMs use Cat5 cable and adapters, it's quite handy and cheaper than buying thick bundles of coax for RGBHV. -
Re:long distance video?
However, video seems to be the biggest problem
Video is by far the biggest problem when it comes to putting a computer in another room. There's really no cheap way to run a VGA signal an appreciable distance with any kind of quality.Basically, you need an enterprise-grade KVM system. Systems like this aren't cheap, but they do let you run 1600x1200x24bit video over standard CAT-5 cable with no ghosting. If you've got the money (or if you can find them cheap at an auction) this is the way to go. If you don't have the money, you have to make due with VNC, X-terminals, MS Terminal Server, or similar system.
-
Cheap alternative
Check out Raritan. They have a wide range of such products. Not sure about prices though.
-
Raritan
Raritan has some nice CAT5 based KVM solutions, that work terribly well in scaling between small and large environments. However I think the price may be a bit higher then you were hoping.
-
Re:KVM = $200 suck.
Huh. I bought a Raritan MasterConsole IIx with 8 cables (10'-30') off eBay for $225 shipped. And again, do you use VNC to fix SCSI controller problems, change the boot device order? Didn't think so.
-JPJ -
In my experience...
Most of those lowend KVM switches dont work worth a damn. Its usually the highend ones made by companies like Raritan that actually work well (besides the occasional PS/2 mishaps). As far as USB... I've never owned a system where all the USB devices were stable in the first place, so I cant really imagine having a USB KVM. Sounds like a nightmare to me!
-
Commercial Product: Raritan Paragon 'TeleReach'There is a commercial solution for KVM-over-IP, Raritan Paragon Telereach. We just bought a small installation recently, and it was not anywhere near cheap... but it does work.
This isn't just the 'Cat5 Video extender' product which has been around for years, this is something entirely new, with frame grabber and video compression, SSL, RADIUS authentication, etc.
The client runs only on MS-Windows 98+, at a minumum of 20Kbps. The server to be remotely controlled can be anything that supports VGA and PS/2 keyboards, including some Sun products.
So far, I have no complaints. We haven't tried all of the advanced features yet.
-
Commercial Product: Raritan Paragon 'TeleReach'There is a commercial solution for KVM-over-IP, Raritan Paragon Telereach. We just bought a small installation recently, and it was not anywhere near cheap... but it does work.
This isn't just the 'Cat5 Video extender' product which has been around for years, this is something entirely new, with frame grabber and video compression, SSL, RADIUS authentication, etc.
The client runs only on MS-Windows 98+, at a minumum of 20Kbps. The server to be remotely controlled can be anything that supports VGA and PS/2 keyboards, including some Sun products.
So far, I have no complaints. We haven't tried all of the advanced features yet.
-
Why some KVMS suck
Okay I assume most of you here either a) have a KVM and either like or hate it, or b) don't have a KVM but might consider buying one but don't know which to buy. I'm going to tell you what you should look for. And by the way, Tom's guide (as usual) is dreadfully incomplete.
Some switches are mechanical, and others are electronic. Most electronic ones are better because they feature some kind of "emulation", meaning that when you switch off one machien to another, the machine you switched FROM still thinks the mouse and keyboard are connected when the OS polls the ports. On mechanical KVMs, they won't see anything and will sometimes b0rk.
However, not all emulating electronic KVMs are created equal. Belkin, Aten, Linkysys... they all have the same fundamental flaw: they have only one microprocessor trying to handle the emulation requirements of all the ports on the KVM.
One of the best switches you can possibly buy is a Raritan. They have a dedicated microprocessor for each port.
I have tried using a Belkin Omnicube and an Aten Masterview with a very simple setup: one Windows XP box, and one FreeBSD or Linux box. With both switches, XP worked fine but with FreeBSD, you get (at best) errors from the kernel about how the mouse is out of sync (psmintr....). With Linux, I could only get it to work if I used a standard PS/2 Microsoft Intellimouse with the gpm and X driver settings set to "PS/2". If I wanted to use "IMPS/2", I had to kill and restart GPM every time I switched back to Linux. And neither Linux nor FreeBSD would even RECOGNIZE my Microsoft Optical Intellimouse with the USB-to-PS/2 converter on the end... although I reiterate that XP worked just fine.
Raritans, on the other hand, work flawlessly in any situation. They JUST WORK. I'm currently waiting for my new Raritan to arrive in the mail. They're slightly more expensive, but totally worth the money. And for those of you who are sysadmins for larger-scale projects, consider Raritans for those racks because they make rack-mountable KVMs with up to 12 ports... we used them at Internet2 and they work perfectly.
peace brothas. -
Raritan KVM switches.
Working as a SysAdmin for the Government over the summer, I got a chance to do a little research on a few KVM switches and got to implement a matrix system to allow up to 4 workstations control 72 computers (scalable to 256) using Raritan KVM switches.
One thing you should know when looking at KVM switches, is if there is any form of on-screen control, you WILL have problems of some sort (usually minor). I have experienced all kinds of problems with different brands which usually include errors like "no video detected" or the switch doesn't like the refresh rate. For these type of errors, you should look for a switch with a management port that will allow firmware upgrades.
If you are looking for a matrix system (chaining up KVM switches to allow more computers), you need to look at how many workstations you'll need simultaneously, and which "banks" to put the compuers on. For example, if you have a matrix system with 2 banks of computers "BANK A" and "BANK B", and two workstations "WS A" and "WS B"; depending on the system, and how you configure it, you would want to find out if both workstations can access one bank, or one workstation/bank. ie. If WS A is connected to a machine in BANK A, you may not be able to connect WS B to another computer in BANK A. A good matrix system would allow for multiple connecitons to each bank, but this would usually require an extra cable for cascading.
Let me give a basic explanation of most cabling situations in matrix systems: There will usualy be MASTER & SLAVE KVM switches. All of the workstations will be connected to the master switch, and the output ports of each of the slave switches will be connected to the input of the master switch (the master is kind of like a network hub). Each slave switch will be considered a bank (could be thought of as another hub connected to the main switch). If there is one cable connected between the master and slave, there is only enough "bandwidth" to allow one KVM connection to a computer in that particular bank; therefore, most matrix KVM switches will require/allow more connections between each bank and the master if the user wants to have more than one workstation in each bank.
Some interesting things I found available on KVM switches are features such as user level security to allow only certain users on secure computers, video monitoring - to allow one user to control a computer while the other is able to watch what is happening on the video, but not be able to control, and of course, standard stuff like naming each computer for an on-screen menu. Other addon peripherals include such things as allowing the workstation to be over 600ft away from the KVM switch using CAT5 cabling.
One other thing to know is these KVM switches are very expensive, the cost of implementing the system that I did came close to costing $70,000 CAN. But if you are looking for single user versions with only 8 ports, they are available for approx $1500.
From what I found of Raritan switches, they are fairly easy to use, but did have a few minor glitches which most of were fixed by a firmware upgrade. You may want to take a look at Raritan's web site