background image

 

39

 

Chain rule 
The Chain rule determines whether the access from the hosts is allowed or not. It can be one of 
these two values: 

  ACCEPT : access allowed

 

  DROP : access not allowed

 

 
The rule can be configured to apply to a particular Group level (All, User, Super, Administrator). 
 
When the IP-KVM receives a TCP packet, it will process the packet with the chain rule depicted 
below. The process ordering is important; the packet will enter the chain at rule 1 first, if it meets 
the rule then take action directly, otherwise go to chain rule 2. 
 

 

 
Check the “Enable Group based System Access Control” to edit the rules 
 
Users can add a new IP filtering rule by populating the fields in the new line by using Append or 
Insert. Users can remove a rule by using Replace or Delete. Use Apply to save your changes. 
 

 

40

 

5.5.4 Certificate 

 

 
The  KVM  OVER  IP  SWITCH  uses  the  Secure  Socket Layer  (SSL)  protocol  for  any  encrypted 
network  traffic between  itself  and  a  connected  client.  During  the  connection  establishment  the 
KVM OVER IP SWITCH has to expose its identity to a client using a cryptographic certificate.  
 
This certificate and the underlying secret key is the same for all KVM OVER IP SWITCH units 
and certainly will not match the network configuration that will be applied to the KVM OVER IP 
SWITCH  by  its  user.  The  certificate's  underlying  secret  key  is  also  used for  securing  the  SSL 
handshake. Hence, this is a security risk (but far better than no encryption at all). 
 
However,  it  is  possible  to  generate  and  install  a  new  certificate  that  is  unique  for  a  particular 
KVM OVER IP SWITCH . In order to do this, the KVM OVER IP SWITCH is able to generate a 
new cryptographic key and the associated Certificate Signing Request (CSR) that needs to be 
certified by a certification authority (CA). A certification authority verifies that you are the person 
you claim you are, and signs and issues a SSL certificate to you. 
 
The following steps are necessary to create and install an SSL certificate for the KVM OVER IP 
SWITCH :  
 

1.  Create  an  SSL  Certificate  Signing  Request  using  the  panel  shown  in  the  screen  shot 

above. You need to fill out a number of fields that are explained on the next page. Once 
this  is  done,  click  on  the  Create  button  to  initiate  the  Certificate  Signing  Request 
generation.  The  CSR  can  be  downloaded  to  your  administration  machine  with  the 
Download CSR button (see the illustration on the next page). 

2.  Send the saved CSR to a CA for certification. You will get the new certificate from the CA 

after  a  more  or  less  complicated  traditional  authentication  process  (depending  on  the 
CA). 

3.  Upload the certificate to the KVM OVER IP SWITCH switch using the Upload button. 

Summary of Contents for 39414

Page 1: ...certificate for the JAVA applet required to run the JAVA based browser tools to access the KVM Switch Since Oracle has issued the Java 7 51 update unsigned applets cannot be used any further VNC suppo...

Page 2: ...9 4 USAGE 10 4 1 Prerequisites 10 4 2 Logging In 11 4 2 1 Login to the KVM OVER IP SWITCH 11 4 3 Navigation 12 4 3 1 Remote Console Main Window 13 4 3 2 Remote Console Control Bar 14 4 3 3 Remote Con...

Page 3: ...ver IP and analogue telephone line requires modem BIOS level access also for remote computers 256 bit SSL encryption SSL Certificate Management No impact on server or network performance Automatically...

Page 4: ...vides one RJ45 port The ports can be used with a 100Mbps 100Base TX connection or a 10Mbps 10Base T connection The KVM OVER IP SWITCH will sense the connection speed and automatically adjust to the ap...

Page 5: ...ne has to be configured with the parameters given in this table When configuring with a serial terminal reset the KVM OVER IP SWITCH and immediately press the ESC key You will see some device informat...

Page 6: ...an be checked using the KVM OVER IP SWITCH web front end 3 4 2 Remote Mouse Settings A common problem with KVM devices is the synchronization between the local and remote mouse cursors The KVM OVER IP...

Page 7: ...embedded operating system offering a variety of standardized interfaces This section will describe these interfaces and the way to use them in a more detailed manner The interfaces are accessed using...

Page 8: ...echnological progress The KVM over IP Module its software and firmware are subject to technological progress and are being continuously upgraded accordingly Therefore minor changes compared to the des...

Page 9: ...English counterpart i e Z Y and Y Z You can circumvent such problems by adjusting the keyboard of your remote system to the same mapping as your local one Also see OSD KVM Settings Keyboard Mouse and...

Page 10: ...1 2 or higher offers the full list Video Settings Opens a panel for changing the KVM OVER IP SWITCH video settings The KVM OVER IP SWITCH features two different dialogs which influence the video sett...

Page 11: ...e Remote Console Norm means a standard connection without encryption SSL indicates a secure connection Furthermore both the incoming In and the outgoing Out network traffic are visible in kb s If comp...

Page 12: ...rd discs CD ROMs and other removable devices like USB sticks can be redirected It is even possible to enable a write support so that for the remote machine it is possible to write data to your local d...

Page 13: ...command dd if dev cdrom of tmp cdrom image dd reads the entire disc from the device dev cdrom and saves the output in the specified output file tmp cdrom image Adjust both parameters exactly to your...

Page 14: ...ur client PC you must create an image of your floppy disk which can be uploaded to the KVM OVER IP SWITCH s built in memory UNIX and UNIX like OS To create an image file make use of dd This is one of...

Page 15: ...em by clicking the Download button Clicking Discard removes the virtual floppy image from the KVM OVER IP SWITCH and from the hosts system 5 2 4 Virtual Drive Options This option allows you to disable...

Page 16: ...on to see the user information New User name The new user name for the selected account Password The password for the login name It must be at least four characters long Confirm password Confirmation...

Page 17: ...identical Java Virtual Machine across different platforms The Remote Console software is optimized for Sun JVM versions and offers wider range of functionality when run with JVM The KVM Java applet is...

Page 18: ...en you will have no remote keyboard access during the boot process of the host If USB and PS 2 are both connected and you selected Auto as host interface then USB will be selected if available otherwi...

Page 19: ...d Please make sure youtr firewall does not block the relevant ports We have tested Tight VNC that works without any problems Most common VNC viewers can be used however some may use special settings I...

Page 20: ...aximum network traffic generated through the KVM OVER IP SWITCH s Ethernet device Value in Kbit s Enable Telnet access Set this option to allow access to ARA express using the Telnet Gateway see the S...

Page 21: ...ing again to the Dynamic DNS server by the KVM OVER IP SWITCH 38 5 5 3 Security Force HTTPS If this option is enabled access to the web front end is only possible using an HTTPS connection The KVM OVE...

Page 22: ...ation that will be applied to the KVM OVER IP SWITCH by its user The certificate s underlying secret key is also used for securing the SSL handshake Hence this is a security risk but far better than n...

Page 23: ...you have to repeat the three steps as described previously 42 Confirm Challenge Password Confirmation of the Challenge Password Email The email address of a contact person that is responsible for the...

Page 24: ...console computer The default value will work in most cases Modem client IP address This IP address will be assigned to your console computer during the PPP handshake Since it is a point to point IP c...

Page 25: ...Settings These mails contain the same description strings as the internal log file and the mail subject is filled with the event group of the occurred log event In order to use this log destination y...

Page 26: ...support information This is an XML file with certain customized support information like the serial number etc You can send this information if you contact LINDY technical support It may help us solve...

Page 27: ...valid firmware file and whether there were any transmission errors In case of any error the Upload Firmware function will be aborted Update January 2014 Due to the large size of these upgrade files th...

Page 28: ...er name is super and the password is pass Furthermore your browser must be configured to accept cookies Q 004 The Remote Console window can t connect to the KVM OVER IP SWITCH A 004 Possibly a firewal...

Page 29: ...eds to be disabled 54 7 Key Codes This table shows the key codes used to define keystrokes or hotkeys for several functions Please note that these key codes do not necessarily represent key characters...

Page 30: ...telephone line modem needed Firmware Upgrade Port 1 x Serial DB9 Pin Max Video Resolution Local 1600 x 1200 Remote 1280 x 1024 OS Compatibility MS Windows family Unix Sum Solaris Linux Mac OSX Browse...

Page 31: ...over TCP Samba Service source port 162 SNMP over TCP SNMP trap reception port 1024 SNMP over TCP SNMP source port 443 RFB over TCP Remote Keyboard and Mouse data 58 Remark for older versions purchase...

Page 32: ...tatement Shielded cables must be used with this equipment to maintain compliance with radio frequency energy emission regulations and ensure a suitably high level of immunity to electromagnetic distur...

Reviews: