Charles> I'm currently investigating the idea of a "remote KVM" for my Charles> servers, to allow our team more direct access when we are not Charles> physically on-site. Ideally, it would do the following:
Charles> - Require login Charles> - Log all access (user, time, and IP) Charles> - Allow (at least) 2 simultaneous connections Charles> - Allow me to switch between servers after I am connected Charles> - Support at least 16 servers Charles> I'm torn about putting it behind our firewall, such that I Charles> would have to VPN in to get to it, and putting it in a DMZ Charles> such that I can get to it without the VPN server being up. Charles> My concern is, if the VPN server is down, then I'm stuck (and Charles> we are off line until someone can physically arrive on-site.) Charles> On the other hand, I don't really want to give unsavory Charles> individuals easy access and unlimited time to hack my system. Charles> How secure are these things on their own? Can they be made Charles> to require certificates, for instance? I'd put it behind the firewall myself, since you'd be giving someone else the keys to your kingdom, esp if there are undocumented backdoors in the KVM system. As for KVMs in general, do your servers have serial console or ILO/ILOM type remote management modules? I'd go with those instead of dedicate hardware if I could. My current $WORK has some ancient Avocent KVMs which I despise and have mostly gotten away from. As for problems with the VPN being down and having to wait for someone to drive in, don't you have redundant VPNs? Or at least maybe a two factor SSH tunnel you could use in the emergency case so you could forceably reboot the VPN box if it hangs? Sorry I don't have any concrete recommendations for hardware to use though. John _______________________________________________ bblisa mailing list [email protected] http://www.bblisa.org/mailman/listinfo/bblisa
