Aten KN2124VA: 24-port IP KVM review
ATEN KN series KVM switches are designed for large enterprises and data centers to improve the efficiency of servicing a diverse fleet of IT equipment, which can include not only conventional servers, but also switches, Blade servers, UPS and storage systems. In our flagship model Aten KN2124V A, the manufacturer has taken care to increase fault tolerance at the network access level by installing two Gigabit network ports and at the power supply level - due to a dual power supply unit. This IP KVM model has two IP access buses, which allows three administrators to work independently (one locally and two remotely), while RADIUS, Microsoft AD, and LDAP authorization tools can be used for access. In large installations, The ATEN KN2124V A can be cascaded from top to bottom up to 384 or centered up to 512 serviced devices.
Wherever the administrator is located: in the next room, in the next building, or in another city, he can use the Virtual Media function to provide any server with an ISO image of the file in the form of a virtual flash drive or disk, from which you can boot or update the firmware via EFI. If the operator is physically located near the server rack, he can connect his own laptop to the LAN port of the KVM switch, after which The Aten KN2124VA is recognized by the laptop as a removable media on which the JAVA client is located. Once you run it, you can use your laptop as a local console, so you don't have to spend rack space on a KVM with a keyboard and monitor.
IP KVM usage area in 2018
Today, when any device in a data center has its own Web panel and is managed from the command line, and most servers are supplied with a built-in console access system via a dedicated network port, it would seem that the scope of IP KVM usage is narrowing, but this segment of equipment remains in demand among customers. To understand this contradiction, we turned to the leading cloud provider in Russia, Stack Group (M1 Cloud).
Dmitry Solovyov, technical Director of Stack Group: For the M1Cloud cloud infrastructure, we use IP KVM only during the initial server initialization, after that we use only iLO or iDRAC (depending on the hardware vendor). In General, you can do without IP KVM at all in this situation, but this is how the installation process is built.
Plus, we provide IP KVM service to customers who consume Colocation.
Of course, in their own server Park, enterprise administrators can implement remote management using the built - in software and hardware of the equipment at the stage of data center design.if necessary, they can purchase the necessary licenses for iLO / iDRAC or regulate the physical access of on-duty administrators to the equipment. It is quite another matter when the data center provides Colocation services. Here, IP KVM access is a prerequisite for customers who are often located in other regions.
Security and registration of user actions
As a rule, administrators working over the Internet connect to the IP KVM via a special client program over an encrypted channel, but a remote session is also supported through a web browser window that uses a Java application. In General, using a Java applet in 2018 no longer seems like a good idea - various locks associated with security warnings force you to use a separate application. What's more, the super user can use a single CC2000 interface to manage all ATEN devices in the enterprise infrastructure, or multiple enterprises around the world, including IP KVM, power distribution units, and conventional KVM devices.
It should be said at once that created for large organizations such as oil companies, banks and state-owned enterprises, Aten KN2124VA has several levels to ensure security. The simplest example is that all wired connections from the KVM itself to connected servers can be encrypted using the DES 56-bit, 3DES 168-bit, AES 256-bit, or RC4 128-bit protocols. It seems that why is this necessary within the same data Center, where all cables are locked and guarded? But no, security is never superfluous, especially if you transfer any files to the servers via Virtual Media.
Third-party RADIUS, LDAP(s), and Microsoft Active Directory servers are supported for user authentication.
But even more interesting is the ability to monitor and record the actions of connected operators using SOFTWARE installed on a third-party server. All actions of administrators, including video recordings of the screen, entered characters and passwords, can be saved and then viewed in case of any incidents.
Administrators even have their own chat room where they can exchange messages, but its features are too simple - there is no exchange of configuration files or video communication.
Managing a large fleet of servers
Aten KN2124V A can be used in cascade connection as a master or slave KVM switch. In the first case, it acts as the parent device to switch CS9134, CS9138, KH1508A, and KH1516A (384 supported by the server), and in the second case - a child KM0532 and KM0932 (supports up to 512 servers). For such a large fleet, a very interesting function is provided for simultaneous transmission of keyboard and mouse signals to all connected computers. For example, to send an update or reboot command to all connected machines.
Built-in support for blade servers allows you to connect to all the blades in the basket via a single console port, significantly saving on console adapters. However, this feature is only available for Dell and IBM blades. There is a widespread opinion that with the growth of the server fleet, the company may move away from the principle of monobrandedness and lose the flexibility of managing its own infrastructure.
HWP: Dmitry, M1Cloud has a server fleet of hundreds of servers. Is there any statistics on how often I have to use IP KVM in such a large infrastructure?
Dmitry Solovyov (M1Cloud): Only for primary initialization, if you immediately install a large fleet of servers (we usually do not encounter this, we have a smooth growth), it is better to automate this process by correctly configuring the DHCP server for the network segment management and entering the primary username/password and THE Mac address of the iLO interface when installing the server in a rack in a special database, for example.
This (IP KVM, ed.) is just one of the tools that we and our clients use in extremely limited cases. The basis for a high level of availability and continuity is the right choice of equipment vendor with good QA and a professional team of engineers who maintain a fleet of servers, who know all the subtleties and weaknesses and do not allow situations that can negatively affect the performance of equipment located in the data center, and, consequently, the quality of services provided.
Classically, for connecting KVM in racks, so-called KVM cables are usually and traditionally used, on the one hand there is a connector for video (VGA) and keyboard –mouse, on the other-the so-called KVM connector, which is very similar in size to D-SUB, however, this connection has a number of disadvantages. First, it is a small cable length from the KVM switch to the server, which is usually no more than 5-6 meters. Secondly, such cables usually have only VGA outputs, so their use is limited. And third, if the connected server is moved to a neighboring rack during operation, then you have to re-shift the KVM cable, wind it into the Bay if the distance to the KVM has decreased, or buy another KVM switch if the server was moved to 2-3 racks and the distance increased.
Therefore, for high-density IP-KVM switches, the de facto standard is the use of interface modules (CIM modules, KVM modules, or CPU modules). Each such module is connected to the server via an interface connector, and the connection to the KVM switch is made via a conventional twisted pair. If the distance from the KVM to the server is less than 10 meters, you can use a category 5E cable, and at a greater distance - a shielded patch cord. For each modern Aten CIM module, the cable length is set programmatically and the signal compensation is adjusted, so that it does not need to switch any jumpers, as was the case in the first generations of such devices.
Moreover, today Aten CIM modules store server connection settings, including resolution, in their memory, so that they can be switched between ports without the need for additional reconfiguration. Note that there should be no network devices, such as switches, extenders, or media servers, between the module and the IP KVM.
Each module has a specific interface for connecting to a video card (VGA, DisplayPort, HDMI), some of them can support the Virtual Media function, which was mentioned at the beginning of the article, Smart card readers and analog audio transmission. Among the variety of General-purpose CIM modules, there are also specialized ones, for example, for old Sun servers, for equipment controlled via RS232 port, and for connecting via PS/2.
The classification of KVM modules for Aten KN2124VA is given below.
Adapters with USB Virtual Media and Smart Card support:
- KA7166 - DVI
- KA7168 - HDMI
- KA7169 - DisplayPort
- KA7177 - VGA
These modules have two USB 2.0 ports with the ability to emulate PS/2 connectivity. One of the ports can be used as a virtual smart card reader, for example, for access control. Virtual Media technology allows you to remotely connect files, folders, and ISO images from your desktop computer to the server, presenting them as physical flash drives or CD/DVD media, for example, for remote installation of the operating system.
Adapter for connecting the server to two IP KVMs:
- KA7178 - VGA, Virtual Media, Audio In/Out
This is a specialized model for highly critical nodes that need to provide fault-tolerant management via IP KVM.
Adapters with Virtual Media support, but without support for Smart Card:
- KA7175 - VGA
- KA7176 - VGA, Audio In/Out
- KA7120 - VGA, PS/2 with composite signal
- KA7130 - Sun Legacy
- KA7140 - RS232
- KA9140 - RS232 with additional console
- KA7170 - VGA with composite support
For specialized modules, external power is used from the server's USB port.
The Aten KN2124V A is made in a universal 1U enclosure that is designed for rack mounting, but can also be installed on a desktop as an option. Under the cover of the front panel are hidden 3 USB 2.0 ports for keyboard and mouse, two 3.5 mm audio headset jacks, a Mini-USB port for connecting a laptop and buttons for switching active client machines of the "up/down" type.
The main connections of console adapters are located at the back, and here it should be noted that the RJ45 ports have no activity indication. Apparently, the manufacturer decided that the display on the front panel will be enough.
For cooling, two Sunon fans with magnetic rotor suspension are used, which have automatic speed control.
The Aten KN2124V a has two independent, unassembled power supplies, each with a simple switch. Of course, in a device of this class, you expect to see hot-swappable power supplies, but this design requires active cooling of each power module, and due to the high noise level, it cannot be used in devices that allow installation on the staff's desktop.
Two 1-Gigabit ports for Internet connection and remote administration are much more useful. You can set up a simple fault-tolerant scheme with a single IP for both ports, or allocate them different IP addresses to present Aten KN2124VA to different segments of your corporate network, and configure access from the Internet, for example, only via VPN.
If the KVM port or cable to the server fails, you can physically switch the KVM module to another port while maintaining all existing client settings, reducing system downtime to a minimum.
When using KA7178 adapters, you can connect one server to two KVM switches of the KN series at once, and thus provide fault tolerance in case of failure of the KVM switch itself (this technology is called Channel Forwarding).
We used Aten KN2124V A when configuring a VM with a dedicated GPU in our QNAP TS-16489 u storage overview. To test the remote connection, we set up different channel bandwidth to see how the quality of communication affects the ability of remote administration.
The minimum connection speed at which it was possible to work with programs using a remote desktop with a resolution of 1920x1200 at 24-bit color depth was 50 Mbit/s. At a lower speed, connections to IP KVM were periodically lost, even if no actions were performed with the remote server.
At the same time, it is worth saying that Aten KN2124VA does not have any middle state between "working" and "breaking". At low speeds, which are inherent in working over the Internet or VPN, there are no image artifacts or pixel drops, but only periodic fading, but commands from the keyboard and mouse movements still pass to the client server.
In the IP KVM switch settings, you can use various methods to improve stability at low speeds. For example, you can convert an image to black and white or set a lower resolution on the client machine.
And, of course, if the speed is higher than 100 megabits / s, you can work with a remote server as with a local one, without feeling any brakes. The connection speed of Virtual Media corresponds to the stated speed-20 Mbit / s for reading and 30 Mbit / s for writing.
The ATEN KN series IP KVM comes with a standard 3-year warranty. The extended warranty is provided depending on the distributor and the project to which the equipment is delivered.
All the considered functionality is included in the standard configuration of the device. No additional licenses are required for cascading or any functions.
The retail price of Aten KN2124V A is 290 thousand rubles. To the price of the device itself, you need to add the cost of console modules of the KA71xx series, of which the cheapest KA7170 will cost 8 thousand rubles, and the most expensive two - port KA7178-19 thousand rubles. In the full configuration with 24 KA7177 adapters (VGA+USB), the IP KVM kit will cost 530 thousand rubles.
The high starting price of the kit is offset by the low cost of scaling. So, when cascading with child KVM switches Aten KH1516, each such switch will cost you 65 thousand rubles, plus console modules.
In large projects that require connections to hundreds of servers, keep in mind that although the KN2124VA model supports 384 client computers, two remote consoles may not be enough to service them, and it makes sense to pay 10-15% extra for a KN4132 with four remote consoles.
The flagship IP KVM switch of the KN2124VA series makes sense to use in cascading configurations when administering hundreds of machines. In this case, you will be able to fully experience the charms of a large selection of console modules designed for servers of different generations, a single authorization via the head unit using RADIUS, LDAP(s) and Microsoft Active Directory.
Inside an Ethernet network, you can get the same quality of work at a remote desktop as if the monitor and mouse were connected directly. For slow communication channels over the Internet, you can configure the image to the minimum network bandwidth, and support for 256-bit AES encryption will allow you to connect to the KVM switch directly, without using a VPN tunnel.
Michael Degtjarev (aka LIKE OFF)