Remote Computer Management: "Computer Shim"?
December 22, 2011 1:57 AM Subscribe
Looking for a hardware approach to remote management, that I can stick on a computer and control everything from the BIOS to any OS I please.
Essentially I was looking for device(s) that would plug into a computer and act as a pass-through for the key services of remote management: Screen grabbing, keyboard emulation, and network IO.
Imagine a device that could connect to a female VGA socket which could then present a female VGA socket for the user's monitor, while in the middle pipe the video information over the network connection.
Now think of something similar for a USB connection, where the device could present a USB hub to the user and pass information into the computer's USB subsystem via its direct connection. Emulating a keyboard, a mouse, a CD drive to mount ISO's, etc.
And a network adapter along similar lines (male RJ-45 connector for the computer, presenting a female RJ-45 for the user's network cabling) for doing network IO.
Now give it some local storage and you've got yourself a pretty nice "computer shim" (a hardware, instead of the noted software shim) that can transparently intercept information from the computer and insert information into the computer at will, with no modification to the actual computer being managed.
Does anyone make one that I could buy / make? A combination of devices would be helpful as well, if available.
Essentially I was looking for device(s) that would plug into a computer and act as a pass-through for the key services of remote management: Screen grabbing, keyboard emulation, and network IO.
Imagine a device that could connect to a female VGA socket which could then present a female VGA socket for the user's monitor, while in the middle pipe the video information over the network connection.
Now think of something similar for a USB connection, where the device could present a USB hub to the user and pass information into the computer's USB subsystem via its direct connection. Emulating a keyboard, a mouse, a CD drive to mount ISO's, etc.
And a network adapter along similar lines (male RJ-45 connector for the computer, presenting a female RJ-45 for the user's network cabling) for doing network IO.
Now give it some local storage and you've got yourself a pretty nice "computer shim" (a hardware, instead of the noted software shim) that can transparently intercept information from the computer and insert information into the computer at will, with no modification to the actual computer being managed.
Does anyone make one that I could buy / make? A combination of devices would be helpful as well, if available.
Best answer: Not having the details of the system you want to manage, I don't want to make specific recommendations. Instead, I'll give you enough information so you can find something yourself.
The concept you are describing is called out-of-band management or lights out management. Most non entry level servers made by Dell, HP, IBM, etc ship (or can ship) with all the features you're describing. Usually it's built into the motherboard, sometimes it is an add on management card. If onboard, servers can have separate management ports or they can share the regular network ports. Newer "enterprise" desktops with Intel Active Management Technology (AMT) also ship with similar features including remote console.
If the system you want to manage doesn't have anything built in, then you want an IP KVM (for example) or an add in management card (example). The downside of an IP KVM is that you usually don't have remote power (though the Aten KN1000 I linked actually does), so if your system gets stuck and you really need to press that power button, you're boned. You can solve this problem by setting your system to "last power state" in the BIOS and then plugging it in to a remotely managed power distribution unit (often called a "switched" PDU) for outlet control.
tl;dr. I second Leon. The device you want exists, and it's called an IP KVM.
Side note. Because of the way TCP/IP works, you cannot "shim" network IO in a simple manner like you're describing. While it's possible to insert packets into a TCP stream (packet injection), this is non trivial. For passive interception or surveillance, you can use a network tap or a mirror port on a switch. But it wouldn't work the way you are describing.
posted by tracert at 3:41 AM on December 22, 2011
The concept you are describing is called out-of-band management or lights out management. Most non entry level servers made by Dell, HP, IBM, etc ship (or can ship) with all the features you're describing. Usually it's built into the motherboard, sometimes it is an add on management card. If onboard, servers can have separate management ports or they can share the regular network ports. Newer "enterprise" desktops with Intel Active Management Technology (AMT) also ship with similar features including remote console.
If the system you want to manage doesn't have anything built in, then you want an IP KVM (for example) or an add in management card (example). The downside of an IP KVM is that you usually don't have remote power (though the Aten KN1000 I linked actually does), so if your system gets stuck and you really need to press that power button, you're boned. You can solve this problem by setting your system to "last power state" in the BIOS and then plugging it in to a remotely managed power distribution unit (often called a "switched" PDU) for outlet control.
tl;dr. I second Leon. The device you want exists, and it's called an IP KVM.
Side note. Because of the way TCP/IP works, you cannot "shim" network IO in a simple manner like you're describing. While it's possible to insert packets into a TCP stream (packet injection), this is non trivial. For passive interception or surveillance, you can use a network tap or a mirror port on a switch. But it wouldn't work the way you are describing.
posted by tracert at 3:41 AM on December 22, 2011
Unless what you meant was that the device you were describing actually just has something like a 4 port switch built into it. In which case I take it back because then yes, that would totally work.
posted by tracert at 3:54 AM on December 22, 2011
posted by tracert at 3:54 AM on December 22, 2011
Some motherboards support ILOM interfaces (either built-in or via an add-on card) that will allow you to do this without using an external interface. The cards aren't generally very expensive but the motherboards that support them are generally server-class. IP-based KVM's are your best bet for a workstation.
posted by tmt at 10:15 AM on December 22, 2011
posted by tmt at 10:15 AM on December 22, 2011
Response by poster: @Leon: At what distance? I think you're either looking for a KVM switch, or KVM-over-IP.
Arbitrary, I'd like to remotely manage from the same building or from home.
posted by Pontifex at 12:42 PM on December 22, 2011
Arbitrary, I'd like to remotely manage from the same building or from home.
posted by Pontifex at 12:42 PM on December 22, 2011
Response by poster: @tracert:
Not having the details of the system you want to manage, I don't want to make specific recommendations.
Didn't want to weigh down the post with a lot of other details. But essentially, looking at attaching this to a desktop or server computer.
I'm managing a small business's computer and won't be local after the next 4-6 months, so planning for a work around when I can't be physically in the office.
The concept you are describing is called out-of-band management or lights out management.
Cool good to know, looking at the details on the wikipedia pages [Out-of-band management], I see lot's of good stuff.
Side note. Because of the way TCP/IP works, you cannot "shim" network IO in a simple manner like you're describing. While it's possible to insert packets into a TCP stream (packet injection), this is non trivial. For passive interception or surveillance, you can use a network tap or a mirror port on a switch. But it wouldn't work the way you are describing.
Unless what you meant was that the device you were describing actually just has something like a 4 port switch built into it. In which case I take it back because then yes, that would totally work.
posted by tracert at 11:54 AM on December 22 [mark as best answer] [+] [!]
I was actually thinking of a one port router or similar (the client computer gets a private address behind the router's NAT) to then use with the client computer and the “shim” (KVM now) can use. A switch would also work, good idea.
Yep, KVM over IP is the winner there; With the power management, as above. Multiple examples of what I'm looking for in this post, excellent. Thank you!
posted by Pontifex at 6:34 PM on December 22, 2011
Not having the details of the system you want to manage, I don't want to make specific recommendations.
Didn't want to weigh down the post with a lot of other details. But essentially, looking at attaching this to a desktop or server computer.
I'm managing a small business's computer and won't be local after the next 4-6 months, so planning for a work around when I can't be physically in the office.
The concept you are describing is called out-of-band management or lights out management.
Cool good to know, looking at the details on the wikipedia pages [Out-of-band management], I see lot's of good stuff.
Side note. Because of the way TCP/IP works, you cannot "shim" network IO in a simple manner like you're describing. While it's possible to insert packets into a TCP stream (packet injection), this is non trivial. For passive interception or surveillance, you can use a network tap or a mirror port on a switch. But it wouldn't work the way you are describing.
Unless what you meant was that the device you were describing actually just has something like a 4 port switch built into it. In which case I take it back because then yes, that would totally work.
posted by tracert at 11:54 AM on December 22 [mark as best answer] [+] [!]
I was actually thinking of a one port router or similar (the client computer gets a private address behind the router's NAT) to then use with the client computer and the “shim” (KVM now) can use. A switch would also work, good idea.
Yep, KVM over IP is the winner there; With the power management, as above. Multiple examples of what I'm looking for in this post, excellent. Thank you!
posted by Pontifex at 6:34 PM on December 22, 2011
Response by poster: For those that come after and just looking for a brief overview:
Certain Intel chipsets have this integrated, called vPro (related to AMT as above)
There appear to be two styles of addons that can do this sort of functionality: PCI cards (MegaRAC® G4 & Raritan eRIC G4) and the “shim” style devices I'm envisioning (Minicom IP Control & Raritan Dominion® KX II-101 V2).
Also KVM Over the NET.
posted by Pontifex at 6:37 PM on December 22, 2011
Certain Intel chipsets have this integrated, called vPro (related to AMT as above)
There appear to be two styles of addons that can do this sort of functionality: PCI cards (MegaRAC® G4 & Raritan eRIC G4) and the “shim” style devices I'm envisioning (Minicom IP Control & Raritan Dominion® KX II-101 V2).
Also KVM Over the NET.
posted by Pontifex at 6:37 PM on December 22, 2011
Response by poster: This question's answer, also answer's this one:
How to do a Remote Offline Malware Scan.
posted by Pontifex at 6:39 PM on December 22, 2011
How to do a Remote Offline Malware Scan.
posted by Pontifex at 6:39 PM on December 22, 2011
« Older What might I be doing or saying that is causing... | I guess it's too much to hope for that there's a... Newer »
This thread is closed to new comments.
posted by Leon at 2:15 AM on December 22, 2011