Black Box KV0424A-R2, KV1424A-R2 manual Placing ServSwitch CX with IP alongside the firewall, Ports

Page 43

Placing ServSwitch CX with IP alongside the firewall

ServSwitch CX with IP is built from the ground-up to be secure. It employs a sophisticated 128bit public/private key system that has been rigorously analysed and found to be highly secure (a security white paper is available upon request). Therefore, you can position the ServSwitch CX with IP alongside the firewall and control hosts that are also IP connected within the local network.

IMPORTANT: If you make the ServSwitch CX with IP accessible from the public Internet or from a modem, care should be taken to ensure that the maximum security available is activated. You are strongly advised to enable encryption and use a strong password. Security may be further improved by restricting client IP addresses, using a non-standard port number for access or limiting remote access to dial up connections only.

Ensuring sufficient security

The security capabilities offered by the ServSwitch CX with IP are only truly effective when they are correctly used. An open or weak password or unencrypted link can cause security loopholes and opportunities for potential intruders. For network links in general and direct Internet connections in particular, you should carefully consider and implement the following:

Ensure that encryption is enabled.

By standard configuration menu or by configuration page via viewer.

Ensure that you have selected secure passwords with at least 8 characters and a mixture of upper and lower case and numeric characters.

By configuration page via viewer.

Reserve the admin password for administration use only and use a non- admin user profile for day-to-day access.

Use the latest Secure VNC viewer (this has more in-built security than is available with the Java viewer). To download the viewer.

Use non-standard port numbers.

Restrict the range of IP addresses that are allowed to access the ServSwitch CX with IP to only those that you will need to use. To restrict IP access.

Do NOT Force VNC protocol 3.3. Configuration page via viewer.

Add a further level of inherent security by restricting access only via modem or ISDN dialup.

Ensure that the server accessing the ServSwitch CX with IP is clean of viruses and spyware and has up-to-date firewall and anti-virus software loaded that is appropriately configured.

Avoid accessing the ServSwitch CX with IP from public servers.

Security can be further improved by using the following suggestions:

Place the ServSwitch CX with IP behind a firewall and use the port numbers to route the VNC network traffic to an internal IP address.

Review the activity log from time to time to check for unauthorised use.

Lock your server consoles after they have been used.

A security white paper that gives further details is available upon request.

Ports

In this configuration there should be no constraints on the port numbers because the ServSwitch CX with IP will probably be the only device at that IP address. Therefore, maintain the HTTP port as 80 and the VNC port as 5900.

Addressing

When the ServSwitch CX with IP is situated alongside the firewall, it will require a public static IP address (i.e. one provided by your Internet service provider).

More addressing information:

Discover DHCP-allocated addresses

DNS addressing

®

   



42

Page 42 Page 44
Image 43
Page 42 Page 44
Contents ServSwitch CX Contents Further information Index Introduction Front panel buttons ServSwitch CX features front and rearWhat’s in the box What you may additionally need ServSwitch CX ServSwitch CX with IPRack brackets MountingConnections Connections To connect the local user port Local userCable lengths for remote user locations Remote user via CX Remote extenderTo connect a remote user To connect the Global user IP network port Global user IP network portTo connect a server system Server system via SAMTo connect a modem or Isdn adapter Modem/ISDN portTo connect the power supply Power in connectionTo connect and address the switch boxes Power control portSee also Cascading multiple unitsHow cascade connections operate 43 41 Addressing servers in a cascadeTo connect units in cascade Connecting ServSwitch CX units in cascadeNumbering diagram Tips for successful cascadingTesting specific links to cascaded servers Using cascaded serversTo test a specific link Multiple video head connections Slave ServSwitch CXOverall initial configuration Hotkeys Configuration menusTo access the configuration menu local and remote users To access the configuration menu global usersTo set an Admin password General security and configuration stepsConfiguration menus layout To enable general securityTo create/edit user accounts Admin userAccess to all servers Press Access to no servers Press Registering users edit user listRegistering servers edit computer list Tips when creating/editing server entriesTo create/edit server entries Video compensation See Remote user skew adjustment for detailsTo apply server video compensation Server video compensationVertical edges of images If the image controls cannot provide a crisp image Remote user video compensationTo display a suitable high contrast image To apply remote user video compensationCreating a skew test pattern Remote user skew adjustmentTo use skew adjustment Using the supplied skew patternNum Lock for Red, Caps Lock for Green To define an autoscan list To select an autoscan modeAutoscanning To select an autoscan periodPreparations for configuration save/load Saving and restoring configuration settingsConfiguration screens What to do if the Admin password has been forgottenTo reset ServSwitch CX models To reset the ServSwitch CX with IP modelsRecognising an IntelliMouse-style mouse Which restore setting do I use?To restore mouse operation when hot plugging Hot plugging and mouse restorationTo use the initial IP-configuration sequence Initial IP configurationTo configure IP-specific settings To configure IP details from a global user location IP configuration by global userUser Accounts ServSwitch CX with IP encryption settings Encryption settingsViewer encryption settings Positioning ServSwitch CX with IP in the network Networking issuesPort settings Placing ServSwitch CX with IP behind a router or firewallAddressing DNS addressing To discover a DHCP-allocated IP addressPorts Placing ServSwitch CX with IP alongside the firewallBy configuration page via viewer Ensuring sufficient securityTo control two or more ports simultaneously Power switching configurationPower control sequences To configure the power sequences for each host serverKvmadmin -setusers users.csv Kvmadmin utilityKvmadmin command ip address parameters Kvmadmin -getconfig kvm1.cfgTo use the KVM Firmware Uploader utility Performing upgradesUpgrading ServSwitch CX models and SAMs Items required to use the upgrade utilityCommence the upgrade Select the items to be upgradedSelect the upgrade file to be used Where Vxxx is the upgrade file version numberTo upgrade ServSwitch CX with IP models Upgrading ServSwitch CX with IP modelsPerform upgrade button User button and numeric indicator ServSwitch CX modelsServSwitch CX with IP models Computer button and numeric indicatorSelecting a server Local and remote user accessTo gain access as a local or remote user To select a server using the front panel controlsStandard hotkeys To select a server using hotkeysKeep Pressed down until all other Numbers have been entered To select a server using mouse buttons To select a server using the on-screen menuTo select a server using mouse buttons Advanced method Selecting cascaded servers Logging in and outConfirmation box Routing status To change banner colours or disable the bannerTo use the Routing status feature Reminder bannerTo switch a server on or off Power switching via configuration menuUser preferences and functions Global user access To access via the VNC viewer Global user access via VNC viewerTo download the VNC viewer To access via your web browser Global user access via web browserWhen using the viewer window Using the viewer windowMenu bar Mouse pointers ConfigureTo select a host Re-synchronise mouse Access mode shared/privatePower switching via viewer Auto calibrateResync Mouse Single Mouse ModeControls Mouse ControlKeyboard Control Info KVM switch menuWhen entering codes Video SettingsHost system information Using automatic configurationsIncreased by 50% when a slow link is detected Setting the Threshold manuallyTo enter a port number in a Web browser Access via dial up modem or Isdn linkIf you need to enter a port number To initiate a dial up linkLinux Viewer encryption settingsSupported web browsers WindowsTechhelp@blackbox.co.uk TroubleshootingWhen logging on using VNC viewer, I cannot enter a username Getting assistanceTo access the configuration menus Appendix 1 Configuration menusConfigure IP port Functions Reminder Colour User PreferencesOSD Colour Reminder BannerScreen Saver Mouse SwitchingAutoscan Mode Global PreferencesMouse Type User TimeoutOSD Dwell Time RS232 Mouse TypeExclusive Use Setup OptionsKeypads Controls LanguageAutomatic Logout DDC Options Advanced OptionsUnit Configuration Configure IP portNetwork Configuration Reset Configuration Modem ConfigurationWhat is IP access control? Clearing IP access controlTo clear IP access control To access the remote configuration pages Appendix 2 Configuration pages via viewerUser accounts Firmware Version Unit configurationAdmin Password Hardware VersionAdvanced unit configuration Time & date configuration IP Network Mask Network configurationIP Access Control MAC addressTo edit/remove access control entries Setting IP access controlTo define a new IP access control entry To reorder access control entriesPower control port Serial port configurationModem port To create a new host entry Host configurationErase Host Configuration Add entry for unrecognised hostPort Direct Port/host addressing using Port DirectExamples For further details To get here Logging and statusTo copy and paste the log Syslog Server IP AddressPreferred encoding Appendix 3 VNC viewer connection optionsColour/Encoding Auto selectCustomise Enable all inputsDisable all inputs view-only mode InputsMisc ScalingLoad / Save Defaults ReloadDefaults Save IdentitiesAppendix 4 VNC viewer window options Encoding and colour level Appendix 5 Browser viewer optionsSecurity Want to know more? Appendix 6 Addresses, masks and portsIP addresses Net masksNet masks the binary explanation 154Address ranges Calculating the mask for IP access controlSingle locations All locationsPorts Security issues with portsPower switch to power switch daisy chain cable Appendix 7 Cable and connector specificationsRS232 serial flash upgrade cable Multi-head synchronisation cable Permissible key presses Appendix 8 Hotkey sequence codesCreating macro sequences Appendix 9 Supported video modes General Public License Linux Safety informationEnd user licence agreement Canadian Department of Communications RFI statement Radio Frequency EnergyEuropean EMC directive 89/336/EEC FCC Compliance Statement United StatesCertification notice for equipment used in Canada FCC requirements for telephone-line equipmentInstrucciones de seguridad Normas Oficiales Mexicanas NOM electrical safety statement109 Index 111 112 Country Web Site/Email Phone Fax BlackBox subsidiary contact details
Top Page Image Contents