Raritan Engineering KX II User Manual

Dominion KX II - FAQ

Dominion® KX II

Question Answer General Questions

What is Dominion KX II?

How does Dominion KX II differ from remote control software?

Dominion KX II is a second generation digital KVM (keyboard, video, mouse) switch that enables one, two, four or eight IT administrators to access and control 8, 16, 32 or 64 se rvers over the network with BIOSlevel functionality. Dominion KX II is completely hardware- and OSindependent; users can troubleshoot and reconfigure servers even when servers are down.

At the rack, Dominion KX II provides the same functionality , convenience, space and cost savings as traditional analog KVM switches. However, Dominion KX II also integrates the industry’s highest performing KVM-over-IP technology, allowing multiple administrators to access server KVM consoles from any networked workstation.

When using Dominion KX II remotely, the interface, at first glance, may seem similar to remote con trol software such as pcAnywhere Windows

Terminal Services/Remot e De sktop, VNC, etc. However,

because Dominion KX II is not a software but a hardware solution, it’s much more powerful:

 Hardware- and OS-independent – Dominion KX II can be used

to manage servers running many popular OSs, including Intel

Sun

, PowerPC running Windows, Linux®, SolarisTM, etc.

 State-independent/Agentless – Dominion KX II does not require

the managed server OS to be up and running, nor does it require any special software to be installed on the managed server.

 Out-of-band – Even if the managed server’s own network

connection is unavailable, it can still be managed through Dominion KX II.

 BIOS-level access – Even if the server is hung at boot up,

requires booting to safe mode, or requires system BIOS parameters to be altered, Dominion KX II still works flawlessly to enable these configurations to be made.

Dominion KX II - FAQ

Question Answer

How do the new features of the Dominion KX II compare to the KX I?

How do I migrate from the Dominion KX I to Dominion KX II?

Will my existing KX I CIMs work with Dominion KX II switches?

Can the Dominion KX II be rack mounted?

How large is the Dominion KX II?

Remote Access

Dominion KX II has many new and exciting features, including virtual media, Absolute Mouse Synchronization

, dual power, dual gigabit Ethernet, common Web-based user interfaces, next-generation local ports, etc. See the “Features and Benefits” tab on the KX II Web pages at www.rar i t an . c o m / K XI I

In general, KX I customers can continue to use their existing switches for many years. As their data centers expand, customers can purcha se and use the new KX II models. Raritan’s centralize d management appliance, CommandCenter

Secure Gateway, and the Multiplatform

Client (MPC) both support KX I and KX II switches seamlessly. Yes. Existing KX I CIMs will work with the Dominion KX II switch. In

addition, select Paragon

CIMs will work with the KX II. This provides an easy migration to KX II from Paragon I customers who wish to switch to KVM over IP. However, you may want to consider the D2CIM-VUSB and D2CIM-DVUSB CIMs that support virtual media and Absolute Mouse Synchronization.

Yes. The Dominion KX II ships standard with 19" rack mount brackets. It can also be reverse rack mounted so the server ports face forward.

Dominion KX II is only 1U high (except the KX2-864 and KX2-464, which are 2U), fits in a standard 19" rack mount and is only 11.4" (29 cm) deep. The Dominion KX2-832 and KX2-864 are 13.8" (36 cm) deep.

How many users can remotely access servers on each Dominion KX II?

Can two people look at the same server at the same time?

Can two people access the same server, one remotely and one from the local port?

Dominion KX II models offer remote connections for up to eight users per user channel to simultaneously access and control a unique target server. For one-channel devices like the DKX2-116 , up to eight remote users can access and control a sin g le target server. For two-channel devices, like the DKX2-216, up to eight users can access and control the server on channel one and up to another eight users on channel two. For four-channel devices, up to eight users per channel, for a total of 32 (8 x 4) users, can access and control fo ur se rvers. Likewise, for the eight-channel devices, up to eight users can access a single server, up to an overall maximum of 32 users across the eight channels.

Yes. Actually, up to eight people can access and control any single server at the same time.

Yes. The local port is completely independent of the remote “ports.” The local port can access the same server using the PC-Share feature.

Dominion KX II - FAQ

Question Answer

In order to access Dominion KX II from a client, what hardware, software or network configuration is required?

What is the file size of the applet that’s used to access Dominion KX II? How long does it take to retrieve?

Because Dominion KX II is completely Web-accessible, it doesn’t require customers to install proprietary software on clients used for access. (An optional installed client is available on www.raritan.com; this is required for access by an external modem.)

Dominion KX II can be accessed through major Web browsers, including: Internet Explorer accessed on Windows, Linux and Macintosh

and Firefox®. Dominion KX II can now be

desktops, via Raritan’s new Windows Client, and the Java™-based Multiplatform and Virtual KVM Client™.

Dominion KX II administrators can also perform remote management (set passwords and security, rename servers, change IP address, etc.) using a convenient browser-based interface.

The Virtual KVM Client (VKC) applet used to access Dominion KX II is approximately 500KB in size. The following chart describes the time required to retrieve Dominion KX II’s applet at different network speeds:

100Mbps Theoretical 100Mbit

.05 seconds

network speed

60Mbps Likely practical 100Mbit

.08 seconds

network speed

10Mbps Theoretical 10Mbit

.4 seconds

network speed

How do I access servers connected to Dominion KX II if the network ever becomes unavailable?

Do you have a Windows Client?

Do you have a nonWindows Client?

6Mbps Likely practical 10Mbit

.8 seconds

network speed

512Kbps Cable modem download

8 seconds

speed (typical)

You can access servers at the rack o r via modem. Dominion KX II offers a dedicated modem port for attaching an external modem.

Yes. In Release 2.2, we have a native .NET Windows Client called the Raritan Active KVM Client.

Yes. Both the Virtual KVM Client (VKC) and the Multiplatform Client (MPC), allow non-Windows users to connect to target servers through the Dominion KX I and KX II switches. MPC can be run via Web browsers and stand-alone. Please refer to Raritan’s Dominion KX II and MPC user guides for more information.

Dominion KX II - FAQ

Question Answer Universal Virtual Media

Which Dominion KX II models support virtual media?

Which types of virtual media does the Dominion KX II support?

What is required for virtual media?

Is virtual media secure?

What is a USB profile?

All Dominion KX II models support virtual media. It is available standalone and through CommandCenter Secure Gateway, Raritan’s centralized management appliance.

Dominion KX II supports the following types of media: internal and USBconnected CD/DVD drives, USB mass storage devices, PC hard drives and ISO images.

A Dominion KX II virtual media CIM is required. There are two of these CIMs: the D2CIM-VUSB and the D2CIM-DVUSB.

The D2CIM-VUSB has a single USB connector and is for customers who will use virtual media at the OS level.

The D2CIM-DVUSB has dual USB connectors and should be purchased by customers who wish to utilize virtual media at th e BIOS level. The D2CIM-DVUSB is also required for smart card authentication.

Both support virtual media sessions to target servers supporting the USB 2.0 interface. Available in economical 32 and 64 quantity CIM packages, these CIMs support Absolute Mouse Synchroni zation, as well as remote firmware updates.

Yes. Virtual media sessions are secured using 256-bit AES, 128-bit AES or 128-bit RC4 encryption.

Certain servers require a specifically configured USB interface for USBbased services such as virtual media. The USB profile tailors the KX II’s USB interface to the server to accommodate these server-specific characteristics.

Why would I use a USB profile?

USB profiles are most often required at the BIOS level where there may not be full support for the USB specification when accessing virtual media drives. However, profiles are sometimes used at the OS level, for example, for mouse synchronization fo r Macintosh and Linux servers.

How is a USB profile used?

Individual or groups of ports can be configured by the administrator to use a specific USB profile in th e KX II’s po rt configuration page. A USB profile can also be selected in the KX II Client when required. See the user guide for more information.

Do I always need to set a USB profile when I use virtual media?

What profiles are available? Where can I find more

No. In many cases, the default USB profile is sufficient when using virtual media at the OS level or operating at the BIOS level without accessing virtual media.

Consult the user guide for the available profiles and for more information.

information?

Dominion KX II - FAQ

Question Answer Ethernet and IP Networking

How is bandwidth used in KVM-over-IP systems?

How does bandwidth affect KVM-over-IP performance?

Dominion KX II offers next-generation KVM-over-IP technology – the very best video compression available. Raritan has received nu merous technical awards confirming its high video quality transmissions and the low bandwidth utilization.

The Dominion KX II digitizes, compresses and encrypts the keyboard, video and mouse signals from the target server and transmits IP packets over the IP network to the remote client to create the remote session to the user. The KX II provides an at-the-rack experience based on its industry-leading video processing algorithms.

Screen changes, i.e., video accounts for the majority of the bandwidth used – and keyboard and mouse activity are significantly less.

It is important to note that bandwidth is only used when the user is active. The amount of band width used is based on the amount of change to the server’s video display screen.

If there are no changes to th e video – the user is not interacting wit h t h e server – there is generally no bandwidth used. If the user moves the mouse or types a character, then there is a small amount of bandwidth used. If the display is running a complex screen saver or playing a video, then there can be a larger amount of bandwidth used.

In general, there is a trade-off between bandwidth and performance. The more bandwidth available, the better performance can be. In limited bandwidth environments, performance can degrade. The Dominion KX II has been optimized to provide strong performance in a wide variety of environments.

What factors affect bandwidth?

There are many factors that determine how much bandwidth will be used. The primary factor, noted above, is the amount of change in the target server’s video display. This is dependent on the user’s task and actions.

Other factors include the server’s video resolution, networking speed and characteristics, client PC resources and video card noise.

The Dominion KX II has very sophisticated video processing algorithms that optimize bandwidth and perfo rmance for a variety of environments. In addition, they are highly configurable; there are many settings to optimize bandwidth usage. In particular, the connection speed setting in the remote clients (VKC, MPC) can be set to reduce the bandwidth used.

Unlike KX I, the Noise Filter parameter does not generally have a large role in reducing bandwidth or improving performance.

Dominion KX II - FAQ

Question Answer

How much bandwidth does KX II use for common tasks?

Bandwidth primarily depends on the user’s task and actions. The more the server’s video screen changes, the more bandwidth is utili zed.

The table below summarizes some standard use cases at Dominion KX II’s default and with two reduced bandwidth settings (connection speed setting of 1Mb with 15- and 8-bit color) on a Windows XP target server (1024 x 768 resolution) over a 100 Mb/s LAN:

User Task Default 1Mb Speed

and 15-bit Color

Idle Windows Desktop 0 KB/s 0 KB/s 0 KB/s Move Mouse Cursor 5 – 15 KB/s 2 – 6 KB/s 2 – 3 KB/s Drag Icon 40 – 70 KB/s 10 – 25 KB/s 5 – 15 KB/s Drag Folder 10 – 40 KB/s 5 – 20 KB/s 5 – 10 KB/s Open Text Window 50 – 100 KB/s 25 – 50 KB/s 10 – 15 KB/s Continuous Typing 1 KB/s .5 – 1 KB/s .2 – .5 KB/s Scroll Text Window 1050 KB/s 5 – 25 KB/s 2 – 10 KB/s Close Text Window 50 – 100 KB/s 20 – 40 KB/s 10 – 15 KB/s Open Panel 50 – 100 KB/s 60 – 70 KB/s 20 – 30 KB/s Change Tab in Panel 40 – 50 KB/s 20 – 50 KB/s 10 – 20 KB/s Close Panel 50 – 100 KB/s 40 – 60 KB/s 20 – 30 KB/s Change Panel Option 2 – 10 KB/s 1 – 5 KB/s 1 – 3 KB/s Open Browser Page 100 – 300 KB/s 50 – 200 KB/s 40 – 80 KB/s Scroll Browser 75 – 200 KB/s 50 – 200 KB/s 30 – 100 KB/s Close Browser 100 – 150 KB/s 75 – 100 KB/s 30 – 60 KB/s Open Start Menu 75 – 100 KB/s 50 – 75 KB/s 20 – 30 KB/s Close Start Menu 75 – 100 KB/s 25 – 50 KB/s 10 – 15 KB/s Starfield Screen Saver 25 – 50 KB/s 10 – 15 KB/s 7 – 10 KB/s 3D Pipes Screen Saver 10 – 100 KB/s 5 – 20 KB/s 2 – 10 KB/s Windows Media Video 500 – 1200 KB/s 300 – 500 KB/s 150 – 300 KB/s QuickTime® Video #1 QuickTime Video #2 1500 – 2500 KB/s 400 – 550 KB/s 200 – 350 KB/s

700 – 2500 KB/s 400 – 500 KB/s 150 – 350 KB/s

1Mb Speed and 8-bit Color

With the reduced bandwidth settings, bandwidth is reduced significantly for virtually all tasks. With the 15-bit color setting, perceived performance is similar to the default parameters. Further bandwidth reductions are possible with additional changes in the settings.

Please note that these bandwidth figures are only examples and may vary from those seen in your environm en t d ue t o many fac tors.

Dominion KX II - FAQ

Question Answer

How can I reduce bandwidth?

KX II provides a variety of settings in our remote clien ts fo r the user to optimize bandwidth and performance. The default settings will provide an at-the-rack level of performance in standard LAN/WAN environments with economical use of bandwidth.

Bandwidth management settings include the connection speed and color depth. To reduce bandwidth:

Connection speed. Reducing the connection speed can significantly reduce the bandwidth used. In a standard LAN/WA N environment, setting the connection speed to 1.5 or 1 Mb per second will reduce bandwidth while maintaining good performance. Settings below this will further reduce bandwidth and are appropriate for slow bandwidth links.

Color depth. Reducing the color depth will also significantly decrease bandwidth and increase performance, but fewer colors will be used, resulting in video degradation. This may be acceptable fo r certain system administration task s.

For slow Internet connec tions, use of 8-bit color or lower bit depths can reduce bandwidth and improve performance.

Other tips to decrease bandwidth include:

 Use a solid desktop background instead of a complex image  Disable screen savers  Use a lower resolution on the target server  Uncheck the “Show window contents while dragging” option in

Windows

 Use simple images, themes and desktops (e.g., Windows

Classic)

What should I do on slower bandwidth links?

The connection speed and color depth settings can be tweaked to optimize performance for slower bandwidth links.

For example, in the Multiplatform Client or the Virtual KVM Client, set the connection speed to 1.5 Mb or 1 Mb; and the color depth to 8 bit.

Even lower connection speeds and color depths can be used for very low bandwidth situations.

For modem connections, the KX II will automatically default to a very low connection speed and reduced color depth to optimize performance.

I want to connect over the Internet. What type of performance should I expect?

It depends on the bandwidth and latency of the Internet connection between your remote client and the KX II. With a cable modem or high speed DSL connection, your performance can be very similar to a LAN/WAN connection. For lower speed links, use the suggestions above to improve performan ce.

Dominion KX II - FAQ

Question Answer

I have a high bandwidth environment. How can I optimize performance?

What is the speed of Dominion KX II’s Ethernet interfaces?

Can I access Dominion KX II over a wireless connection?

Does the Dominion KX II offer dual gigabit Ethernet ports to provide redundant failover, or load balancing?

Can I use Dominion KX II with a VPN?

How many TCP ports must be open on my firewall in order to enable network access to Dominion KX II?

The default settings will provide strong performance in a high bandwidth environment.

Ensure that the connection speed is set to 100 Mb or 1 Gb and the color depth is set to 15-bit RGB color.

Dominion KX II supports gigabit as well as 10/100 Ethernet. KX II supports two 10/100/1000 speed Ethernet interfaces, with configurable speed and duplex settings (either autodete cted or manually set).

Yes. Dominion KX II not only uses standard Ethernet, but also very conservative bandwidth with very high quality video. Thus, if a wireless client has network connectivity to a Dominion KX II, servers can be configured and managed at the BIOS level wirelessly.

Yes. Dominion KX II features dual gigabit Ethernet ports to provide redundant failover capabilities. Should the primary Ethernet port (or the switch/router to which it is connected) fail, Dominion KX II will failover to the secondary network port with the same IP address – ensuring that server operations are not dis rupted. Note that automatic failover must be enabled by the administrator.

Yes. Dominion KX II uses standard Internet Protocol (IP) technologies from Layer 1 through Layer 4. Traffic can be easily tunneled through standard VPNs.

Only one. Dominion KX II protects network security by only requiring access to a single TCP port to oper ate. This port is completely configurable for additional security.

Are these ports configurable?

Can Dominion KX II be used with Citrix

Can the Dominion KX II use DHCP?

To use Dominion KX II’s optional Web browser capability, the standard HTTPS port 443 must also be open.

Dominion KX II may work with remote access products like Citrix if configured appropriately, but Raritan cannot guarantee it will work with acceptable performance. Customers should realize that products like Citrix utilize video redirection technologies similar in concept to digital KVM switches so that two KVM-over-IP technolo g i es ar e b e in g us ed simultaneously.

DHCP addressing can be used; however, Raritan recommends fixed addressing since the Dominion KX II is an infrastructure device and can be accessed and administered more effectively with a fixed IP address.

Dominion KX II - FAQ

Question Answer

I’m having problems connecting to the Dominion KX II over my IP network. What could be the problem?

IPv6 Networking

What is IPv6?

The Dominion KX II relies on your LAN/WAN network. Some possible problems include:

 Ethernet auto-negotiation. On some networks, 10/100 auto-

negotiation does not work properly and the Domi nion KX II unit must be set to 100 MB/full duplex or the appropriate choice for its network.

 Duplicate IP address. If the IP address of the Dominion KX II

is the same as another device, network connecti vity may be inconsistent.

 Port 5000 conflicts. If another device is using port 5000, the

Dominion KX II default port must be changed (or the other device must be changed).

 When changing the IP address of a Dominion KX II, or

swapping in a new Dominion KX II, sufficient time must be allowed for its IP and Mac addresses to be known throughout the Layer 2 and Layer 3 networks.

IPv6 is the acronym for Internet Protoc ol Ve rsion 6. IPv6 is the “next generation” IP protocol which will replace the current IP Version 4 (IPv4) protocol.

IPv6 addresses a number of problems in IPv4, such as the limited number of IPv4 addresses. It also improves IPv4 in areas such as routing and network auto-configuration. IPv6 is expected to gradually replace IPv4, with the two coexisting for a numbe r of y ears.

IPv6 treats one of the largest headaches of an IP network from the administrator’s point of view; configuring and maintain ing an IP network.

Why does Dominion KX II support IPv6 networking?

U.S. government agencies and the Department of Defense are now mandated to purchase IPv6 compatible products. In addition, many enterprises and foreign countries, such as China, will be tran sitioning to IPv6 over the next several years.

What is “dual stack” and why is it required?

Dual stack is the ability to simultaneously support both IPv4 and IPv6 protocols. Given the gradual transition from IPv4 to IPv6, dual stack is a fundamental requirement for IPv6 support.

How do I enable IPv6 on the Dominion KX II?

Use the “Network Settings” page, available from the “Device Settings” tab. Enable IPv6 addressing and choose manual or auto-configuration. Consult the user guide for more information.

Dominion KX II - FAQ

Question Answer

What if I have an external server with an IPv6 address that I want to use with my Dominion KX II?

Does the Dominion KX I (the previous generation KX) support IPv6?

What if my network doesn’t support IPv6?

Where can I get more information on IPv6?

Servers

Does Dominion KX II depend on a Windows server to operate?

The Dominion KX II can access external servers via their IPv6 addresses, for example, an SNMP Manager, syslog server or LDAP server.

Using the Dominion KX II’s dual-stack architecture, these external servers can be accessed via (1) an IPv4 address, (2) IPv6 addre ss or (3) hostname. So the Dominion KX II supports the mixed IPv4/IPv6 environment many customers will have.

No. The Dominion KX I does not support IPv6 addresses.

The Dominion KX II’s default networking is set at the factory for IPv4 only. When you are ready to use IPv6, then follow the above instructions to enable IPv4/IPv6 dual-stack operation.

See www.ipv6.org for general information on IPv6. The Dominion KX II user guide describes the Dominion KX II’s support for IPv6.

Absolutely not. Because users depend on the KVM infrastructure to always be available in any scenario whatsoever (as they will likely need to use the KVM infrastructure to fix problems), Dominion KX II is designed to be completely independent from any external server.

For example, should the data cent er come under attack from a malicious Windows worm or virus, administrators will need to use the KVM solution to resolve the situation. The refore, it is imperative that the KVM solution, in turn, must not rely on these same Windows servers (or any server, for that matter) to be operational in order for the KVM solution to function.

To this end, Dominion KX II is completely independent. Even if a user chooses to configure the Dominion KX II to authenticate again st an Active Directory

server – if that Active Directory server becomes unavailable, Dominion KX II’s own authentication will be activated and fully functional.

Do I need to install a Web server such as Microsoft Internet Information

No. Dominion KX II is a completely self-sufficient appliance. After assigning an IP address to Dominion KX II, it’s ready to use – with Web browser and authentication capabilities completely built in.

Services (IIS) in order to use Dominion KX II’s Web browser capability?

What software do I have to install in order to access Dominion KX II from a particular workstation?

None. Dominion KX II can be accessed completely via a Web browser (although an optional installed client is provided on Raritan’s Web site, www.raritan.com, which is required for modem connections). A Javabased client is now available for non-Windows users.

Dominion KX II - FAQ

Question Answer

What should I do to prepare a server for connection to Dominion KX II?

What comes in the Dominion KX II box?

Blade Servers

Can I connect blade servers to the Dominion KX II?

Which blade servers are supported?

Are the Paragon Blade CIMs used?

Which CIM should I use?

Which types of access and control are available?

Simply set the mouse parameters in order to provid e users with the best mouse synchronization during remote connections, as well as turning off the power management features that affect screen display. However, if the Absolute Mouse Synchronization is supported through the new D2CIM-VUSB adapter, then manually setting the mouse parameters isn’t necessary.

The following are included: (1) Dominion KX II unit, (2) Quick Setup Guide, (3) standard 19" rack mount brackets, (4) user manual CD-ROM, (5) network cable, (6) crossover cable, (7) localized AC line cord and (8) warranty certificate and other documentation.

Yes. Dominion KX II supports popular blade server models from the leading blade server manufacturers: HP, IBM

The following models are supported: Dell PowerEdge M1000e; HP BladeSystem c3000 and c7000; and IBM BladeCenter

and Dell®.

1855, 1955 and

E and S. No. The Dominion KX II does not require the use of special blade server

CIMs like the Paragon II. It depends on the type of KVM ports on the specific make and model of

the blade server you are using. The following CIMs are supported: DCIM-PS2, DCIM-USBG2, D2CIM-VUSB and D2CIM-DVUSB.

The Dominion KX II provides automated and secure KVM access: (1) at the rack, (2) remotely over IP, (3) via CommandCenter and (4) by modem.

Do I have to use hotkeys to switch between blades?

Can I access the blade server’s management module?

How many blade servers can I connect to a Dominion KX II ?

Some blade servers require you to use hotkeys to switch between blades. With the Dominion KX II, you don’t have to use these hotkeys. Just click on the name of the blade server, and the Dominion KX II will automatically switch to that blade without the explicit use of the hotkey.

Yes. You can define the URL of the management module and access it from the Dominion KX II or fr om our CommandCenter Secure Gateway. If configured, one-click access is available.

For performance and reliability reasons, you can connect up to eight blade chassis to a Dominion KX II, regardless of model. Raritan recommends connecting u p to two times the number of re mote connections supported by the device. For example, with a KX2-216 with two remote channels, we recommend connecting up to four blade server chassis. You can of course connect individual servers to the remaining server ports.

Dominion KX II - FAQ

Question Answer

I’m an SMB customer with a few Dominion KX IIs. Must I use your CommandCenter Secure Gateway management station?

I’m an enterprise customer using CommandCenter Secure Gateway. Can I access blade servers via CommandCenter Secure Gateway?

What if I also want in-band or embedded KVM access?

I’m running VMware® on some of my blade servers. Is this supported?

Is virtual media supported?

Is Absolute Mouse Synchronization supported?

No, you don’t have to. SMB customers are not required to use CommandCenter Secure Gateway to use the new blade features.

Yes. Once blade servers are configured on the Dominion KX II, the CommandCenter Secure Gateway user can access them via KVM connections. In addition, the blade servers are organized by chassis as well as CommandCenter Secure Gateway custom views.

In-band and embedded access to blade servers can be configured within CommandCenter Secure Gateway.

Yes. With CommandCenter Secure Gateway, you can display and access virtual machines running on blade servers.

This depends on the blade server. HP blades can support virtual media. The IBM BladeCenter (except for BladeCenter T) supports virtual media if configured appropriately. A virtual media CIM – D2CIM-VUSB or D2CIM-DVUSB – must be used.

Servers with internal KVM switches inside the blade chassis typically do not support absolute mouse technology. For HP blade and some Dell blade servers, a CIM can be connected to each bla de , so Absolute Mouse Synchronization is supported.

Is blade access secure?

Does the Dominion KSX II or the KX II-101 support blade servers?

Installation

Besides the unit itself, what do I need to order from Raritan to install Dominion KX II?

Which kind of Cat5 cabling should be used in my installation?

Yes. Blade access uses all of the standa rd Dominion KX II security features such as 128-bit or 256-bit encryption. In addition, there are blade-specific security features such as per blade access permissions and hotkey-blocking that eliminates unauthorized access.

At this time, these products do not

support blade servers.

Each server that connects to Dominion KX II requires a Dominion or Paragon computer interface module (CIM), an adapter that connects directly to the keyboard, video and mouse ports of the server.

Dominion KX II can use any standard UTP (unshielded twisted pair) cabling, whether Cat5, Cat5e or Cat6. Often in our manuals and marketing literature, Raritan will simply say “Cat5” cabling for short. In actuality, any brand UTP cable will suffice for Dominion KX II.

Dominion KX II - FAQ

Question Answer

Which types of servers can be connected to Dominion KX II?

How do I connect servers to Dominion KX II?

How far can my servers be from Dominion KX II?

Some operating systems lock up when I disconnect a keyboard or mouse during operation. What prevents servers connected to Dominion KX II from locking up when I switch away from them?

Are there any agents that must be installed on servers connected to Dominion KX II?

Dominion KX II is completely vendor independent. Any server with standard-compliant keyboard, video and mouse po rts can be connected.

Servers that connect to the Dominion KX II require a Dominion or Paragon CIM, which connects directly to the keyboard, video and mouse ports of the server. Then, connect each CIM to Dominion KX II using standard UTP (unshielded twisted pair) cable such as Cat5, Cat5e or Cat6.

In general, servers can be up to 150 feet (45 m) away from Domi nion KX II depending on the type of server. (See printed user manual or on the Raritan Web site.) For the new D2CIM-VUSB CIM that supports virtual media and Absolute Mouse Synchronization, a 100-foot (30 m) range is recommended.

Each Dominion computer interface module (DCIM) dongle acts as a virtual keyboard and mouse to the server to which it is connected. This technology is called KME (keyboard/mouse emulation). Raritan’s KME technology is data center grade, battle-tested and far more reliable than that found in lower-end KVM switches: it incorporates more than 15 years of experience and has been deployed to millions of servers worldwide.

Servers connected to Dominion KX II do not require any software agents to be installed because Dominion KX II connects directly via hardware to the servers’ keyboard, video and mouse ports.

How many servers can be connected to each Dominion KX II unit?

What happens if I disconnect a server from Dominion KX II and reconnect it to another Dominion KX II unit, or connect it to a different port on the same Dominion KX II unit?

Dominion KX II models range from 8, 16 or 32 server ports in a 1U chassis to 64 server ports in a 2U chassis. This is the industry’s highest digital KVM switch port density.

Dominion KX II will automatically update the server port names when servers are moved from port to port. Furthermore, this automatic update does not just affect the local access port, bu t pr op agates to all remote clients and the optional CommandCenter Secure Gateway management appliance.

Dominion KX II - FAQ

Question Answer

How do I connect a serially controlled (RS-232) device to Dominion KX II, such as a

Cisco

router/switch or a

headless Sun server?

Local Port

Can I access my servers directly from the rack?

When I am using the local port, do I prevent other users from accessing servers remotely?

Can I use a USB keyboard or mouse at the local port?

If there are only a few serially controlled devices, they may be connected to a Dominion KX II using Raritan’s P2CIM-SER serial converter.

However, if there are four or more seri a l ly co n trolled devices, we recommend the use of Raritan’s Dominion SX line of secure console servers. For multiple serial devi ces, Dominion SX offers more serial functionality at a better price point than Dominion KX II. This SX is easy to use, configure and manage, and can be co mpletely integrated with a Dominion series deployment. In p a rticular, many UNIX

and networking administrators appreciate the ability to directly SSH to a Dominion SX unit.

Yes. At the rack, Dominion KX II functions just like a traditional KVM switch – allowing control of up to 64 servers using a single keyboard, monitor and mouse. You can switch between servers by the browserbased user interface or via a hotkey.

No. The Dominion KX II local port has a completely independent access path to the servers. This means a user can access servers locally at the rack – without compromising the number of users that access the rack remotely at the same time.

Yes. Dominion KX II offers both PS/2 and USB keyboard and mouse ports on the local port. Note that the USB por t s ar e USB v1.1, and support keyboards and mice only – not USB devices such as scanners or printers.

Is there an on-screen display (OSD) for local, atthe-rack access?

How do I select between servers while using the local port?

How do I ensure that only authorized users can access servers from the local port?

Yes, but Dominion KX II’s at-the-rack access goes way beyond conventional OSDs. Featuring the industry’s first browser-based interface for at-the-rack access, Dominion KX II’s local port uses the same interface for local and remote acce ss. Moreover, most administrative functions are available at the rack.

The local port displays the connecte d servers using the same user interface as the remote client. Users connect to a server with a simple click of the mouse or via a hotkey.

Users attempting to use the local port must pass the same level of authentication as those accessing remotely. This means that:

 If the Dominion KX II is configured to interact with an external

RADIUS, LDAP or Active Directory server, users attempting to access the local port will authenticate against the same server.

 If the external authentication servers are unavailable, Dominion

KX II fails-over to its own internal authentication database.

Dominion KX II has its own stand-alone authentication, enabling instant, out-of-the-box installation.

Dominion KX II - FAQ

Question Answer

If I use the local port to change the name of a connected server, does this change propagate to remote access clients as well?

Yes. The local port presentation is identical and completely in sync with remote access clients, as well as Raritan’s CommandCenter Secu re Gateway management appliance. To be clear, if the name of a server via the Dominion KX II on-screen display is changed, this updates all remote clients and external management se rvers in real time.

Does it propagate to the optional CommandCenter appliance?

If I use Dominion KX II’s remote administration tools to change the name of a

Yes. If the name of a server is changed remotely, or via Raritan’s optional CommandCenter Secure Gateway management appliance, this update immediately affects Dominion KX II’s on-screen display.

connected server, does that change propagate to the local port OSD as well?

Extended Local Port (Dominion KX2-832 and KX2-864 models only)

What is the extended local port?

The Dominion KX2-832 and KX2-864 feature an extended local port. The KX II eight-user models have a standard local port, plus a new extended local port that extends the local port, via Cat5 cable, beyond the rack to a control room, another point in the data center or to a Paragon II switch.

Is a user station required for the extended local port?

Yes. The following devices can fu nction as the “user station” for the extended local port: Paragon II EUST, Paragon II UST and the Cat5 Reach URKVMG device. In addition, the extended local port can be connected via Cat5 cable to a server port on a Paragon II switch. This configuration can be used to co nsolidate the local ports of many KX28xxx devices to a single switch .

How far can the user station be from the Dominion KX II?

Is a CIM required? Must I use the extended

local port?

Dual Power Supplies

Does Dominion KX II have a dual power option?

Does the power supply used by Dominion KX II automatically detect voltage settings?

The distance is 200 feet to 1,000 feet (61 m – 304 m), but varies according to the type of user station, the video resolution and cable type and quality. See the user guide or Release Notes for more information.

No CIM is required. Just connect a Cat5 cable. No. The extended local port is an optional feature and is disabled by

default. Use the “Local Port Settings” page to enable it. You can also disable the standard local port if you are not going to use it for added security.

Yes. All Dominion KX II models come equipped with dual AC inputs and power supplies with automatic failover. Should one of the power inputs or power supplies fail, then the KX II will automatically switch to the other.

Yes. Dominion KX II’s power supply can be used in AC voltage ranges from 100–240 volts, at 50–60 Hz.

Dominion KX II - FAQ

Question Answer

If a power supply or input fails, will I be notified?

The Dominion KX II front panel LED will notify the user of a power failure. An entry will also be sent to the audit log and displayed on the KX remote client user interface. If configured by the administrator, then SNMP or syslog events will be generated.

Intelligent Power Distribution Unit (PDU) Control

What type of remote power control capabilities does Dominion KX II offer?

Raritan’s intelligent PDUs can be connected to the Dominion KX II to provide power control of target servers and other equipment. For servers, after a simple one-time configuration step, just click on the server name to power on, off or recycle a hung server.

What type of power strips does Dominion KX II support?

Raritan’s Dominion PX and Remote Power Control (RPC) power strips. These come in many outlet, connector and amp variations. Note that

you should not connect the PM series of power strips to the Dominion KX II as these power strips do not provide out l et-level switching.

How many PDUs can be

Up to eight PDUs can be connected to a Dominion KX II device.

connected to a Dominion KX II?

How do I connect the PDU to the Dominion KX II?

The D2CIM-PWR is used to connect the power strip to the Dominion KX II. The D2CIM-PWR must be purchased separately; it does not come with the PDU.

Does Dominion KX II support servers with multiple power supplies?

Yes. Dominion KX II can be ea sily configured to support servers with multiple power supplies connected to multiple power strips. Four power supplies can be connected per target server.

Does the Dominion KX II display statistics and measurements from the PDU?

Does remote power control require any special configuration of attached servers?

What happens when I recycle power to a server?

Can I power on/off other equipment (non-servers) connected to a PDU?

Scalability

Yes. PDU-level power statistics, including power, current and vo ltage, are retrieved from the PDU and displayed to the user.

Some servers ship with default BIOS settings such that the serve r does not automatically restart after losing and regaining power. For these servers, see the server’s documentation to change this setting.

Note that this is the physical equivalent of unplugging the server from the AC power line, and reinserting the plug.

Yes. You can power on/off other equipment attached to the PDU by outlet from the Dominion KX II’s browser-based interface.

Dominion KX II - FAQ

Question Answer

How do I connect multiple Dominion KX II devices together into one solution?

Can I connect an existing analog KVM switch to Dominion KX II?

Multiple Dominion KX II units do not need to be physically connected together. Instead, each Dominion KX II unit connects to the network, and they automatically work together as a single solution if deployed with Raritan’s CommandCenter Secure Gateway management appliance.

CommandCenter Secure Gateway acts as a single access point for remote access and management. CommandCenter Secure Gateway offers a significant set of conven ient tools, such as consolidated configuration, consolidat e d firmware update and a single authentication and authorization database.

In addition, CommandCenter Secure Gateway enables sophisticated server sorting, permissions and access. If deployment of Raritan’s CommandCenter Secure Gateway management appliance isn’t an option, multiple Dominion KX II units still interoperate and scale automatically: The Dominion KX II’s remote user interface and the Multiplatform Client will automatically discover Dominion KX II units. Non-discovered Dominion KX II units can be accessed via a usercreated profile.

Yes. Analog KVM switches can be connected to one of Dominion KX II’s server ports. Simply use a PS/2 Computer Interface Module (CIM), and attach it to the user ports of the existing analog KVM switch.

Please note that analog KVM switches vary in their specifications and Raritan cannot guarantee the interoperability of any particular third-party analog KVM switch. Contact Raritan technical support for further information.

Computer Interface Modules (CIMs)

Can I use computer interface modules (CIMs) from Paragon, Raritan’s analog matrix KVM switch, with Dominion KX II?

Yes. Certain Paragon computer interface modules (CIMs) may work with Dominion KX II. (Please check the Raritan Dominion KX II Release Notes on the Web site for the latest list of certified CIMs.)

However, because Paragon CIMs cost more than Dominion KX II CIMs (as they incorporate technology for video transmission of up to 1,000 feet [304 m]), it is not generally advisable to purchase Paragon CIMs for use with Dominion KX II. Also note that when connected to Dominion KX II, Paragon CIMs transmit video at a distance of up to 150 feet (46 m), the same as Dominion KX II CIMs – not at 1,000 feet (304 m), as they do when connected to Paragon.

Dominion KX II - FAQ

Question Answer

Can I use Dominion KX II computer interface modules (CIMs) with Paragon, Raritan’s analog matrix KVM switch?

Security

Is the Dominion KX II FIPS 140-2 Certified?

What kind of encryption does Dominion KX II use?

Does Dominion KX II support AES encryption as recommended by the U.S. government’s NIST and FIPS standards?

No. Dominion KX II computer interface modules (CIMs) transmit video at ranges of 50 feet to 150 feet (15 m – 46 m) and thus do not work with Paragon, which requires CIMs that transmit video at a range of 1,000 feet (304 m). To ensure that all Raritan’s customers experience the very best quality video available in the industry – a consistent Raritan characteristic – Dominion series CIMs do not interoperate with Paragon.

The Dominion KX II, as of Release 2.2.0, uses an embedded FIPS 140-2 validated cryptographic module running on a Linux platform per FIPS 140-2 implementation guidelines. This cryptographic module is used for encryption of KVM session traffic consisting of video, keyboard, mouse, virtual media and smart card data.

Dominion KX II uses industry-standard (and extremely secure) 256-bit AES, 128-bit AES or 128-bit encryption, both in its SSL communications as well as its own data stream. Literally no data is transmitted between remote clients and Dominion KX II that is not completely secured by encryption.

Yes. The Dominion KX II utilizes the Advanced Encryption Standard (AES) for added security. 256-bit and 128-bit AES is available.

AES is a U.S. government-approved cryptographic algorithm that is recommended by the National Institute of Standards and Technology (NIST) in the FIPS Standard 197.

Does Dominion KX II allow encryption of video data? Or does it only encrypt keyboard and mouse data?

How does Dominion KX II integrate with external authentication servers such as Active Directory, RADIUS or LDAP?

How are usernames and passwords stored?

Does Dominion KX II support strong passwords?

Unlike competing solutions, which only encrypt keyboard and mouse data, Dominion KX II does not compromise security – it allows encryption of keyboard, mouse and video data.

Through a very simple configuration, Dominion KX II can be set to forward all authentication requests to an external server such as LDAP, Active Directory or RADIUS. For each authenticated user, Dominion KX II receives from the authenticat io n server the user group to which that user belongs. Dominion KX II t he n de termines the user’s access permissions depending on the user group to which he or she belongs.

Should Dominion KX II’s internal authentication capabilities be used, all sensitive information, such as usernames and passwords, is stored in an encrypted format. Literally no one, including Raritan technical support or product engineering departments, can retrieve those usernames and passwords.

Yes. The Dominion KX II has administrator-configurable, strong password checking to ensure that user created passwords meet corporate and/or government standards and are resistant to brute force hacking.

Dominion KX II - FAQ

Question Answer

Can I upload my own digital certificate to the Dominion KX II?

Yes. Customers can upload self-signed or certificate authority-provided digital certificates to the Dominion KX II for enhanced authentication and secure communication.

Smart Cards and CAC Authentication

Does Dominion KX II support smart card and

Yes. Smart cards and DoD common access cards (CAC) authentication to target servers is supported by Release 2.1.10 and greater.

CAC authentication? What is CAC?

Mandated by Homeland Security Presidential Directive 12 (HSPD-12), CAC is a type of smart card created by the U.S. government which is used by U.S. military and government staff. The CAC card is a multitechnology, multi-purpose card; the goal is to have a single identification card. For more information, see the FIPS 201 standards.

Which KX II models support smart cards/CAC?

Do enterprise and SMB customers use smart cards,

All Dominion KX II models are supported. The Dominion KSX II and KX II-101 do not currently support smart cards and CAC.

Yes. Although the most aggressive deployment of smart cards is in the U.S. federal government.

too? Which CIMs support

smart card/CAC? What firmware version is

The D2CIM-DVUSB is the required CIM. This CIM must be upgraded with the Release 2.1.10 firmware.

Dominion KX II Release 2.1.10 and later is required.

required? Which smart card readers

are supported?

Can smart card/CAC authentication work on the local port and via CommandCenter?

Are the Paragon smart cardenabled UST & CIM used?

Where can I get more information on the KX II smart card support?

Manageability

Can Dominion KX II be remotely managed and configured via Web browser?

The required reader standards are USB CCID and PC/SC. Consult the version 2.1.10 Release Notes for a list of certified readers and more information.

Yes. Smart card/CAC authentication works on both the local port and via CommandCenter. For the loca l po rt, connect a compatible smart card reader to the USB port of the Dominion KX II.

No. The P2-EUST/C and P2CIM -AUSB-C are not part of the Dominion KX II solution.

See www.raritan.com/cac-reader/, version 2.1.10 Release Notes and the Dominion KX II User Guide for more information.

Yes. Dominion KX II can be completely configured remotely via Web browser. Note that this does require that the workstation have an appropriate Java Runtime Environment (JRE) version installed. Besides the initial setting of Dominion KX II’s IP address, everything about the solution can be completely set up over the network. (In fact, using a crossover Ethernet cable and Dominion KX II’s default IP address, you can even configure the initia l settings via Web browser.)

Dominion KX II - FAQ

Question Answer

Can I back up and restore Dominion KX II’s configuration?

What auditing or logging does Dominion KX II offer?

Can Dominion KX II integrate with syslog?

Can Dominion KX II integrate with SNMP?

Can Dominion KX II’s internal clock be synchronized with a timeserver?

Miscellaneous

What is Dominion KX II’s default IP address?

Yes. Dominion KX II’s device and user configurations can be completely backed up for later restoration in the event of a catastrophe.

Dominion KX II’s backup and restore functionality can be used remotely over the network, or throu gh your Web browser.

For complete accountability, Dominion KX II logs all major user events with a date and time stamp. For instance, reported events include (but are not limited to): user login, user logout, user access of a particular server, unsuccessful login, configuration changes, etc.

Yes. In addition to Dominion KX II’s own internal logging capabilities, Dominion KX II can send all logged events to a centralized syslog server.

Yes. In addition to Dominion KX II’s own internal logging capabilities, Dominion KX II can send SNMP traps to SNMP management systems such as HP Openview and Raritan’s CommandCenter NOC.

Yes. Dominion KX II supports the industry-standard NTP protocol for synchronization with either a corporate timeserver, or with any public timeserver (assuming that outbound NTP requests are allowed through the corporate firewall).

192.168.0.192

What is Dominion KX II’s default username and password?

I changed and subsequently forgot Dominion KX II’s administrative password; can you retrieve it for me?

The Dominion KX II’s default username and password are admin/raritan (all lower case). However, for the highest level of security, the Dominion KX II forces the administrator to change the Dominion KX II default administrative username and password when the unit is first booted up.

Dominion KX II contains a hardware reset button that can be used to factory reset the device, which will reset the administrative password on the device to the default password.

Raritan Engineering KX II User Manual

Specifications and Main Features

Frequently Asked Questions

User Manual