KVM Console/Switchs


(jhj 1/15/21) Currently two of the KVM retained from the old correlator are not on the net. These are the KVM in the second rack of SWCs and the KVM in the Lustre/BGFS rack. While these are plugged into the admin net switches, they are using static IPs for the old admin net (10.1.34). I'm trying to get them moved over to the new admin net; the plan is to first plug them into NIC #4 of an SWC, connect from that SWC and then changing the KVMs static IP to the one appropriate for the new correlator. That approach worked for the environmental monitor device but the KVMs are possibly more primitive.

Test Cluster KVM Remote Access

  • Log in to server-1.
  • Go to /opt/services/kvm
  • Do java -jar iClientJ13127.jar
    • This should pop up an XWindow on your desktop although it might take a minute or two.
  • Login as administrator using the appropriate password.
  • Select "remote view"
  • Select the appropriate port.

This will pop up the KVM's user interface window. It should default to the correct IP (10.1.36.10, port=9000). Login using the usual KVM password and username "administrator" (this works on the actual KVM itself, too). Then select remote view which will offer up the various ports on the KVM. Select the appropriate one by clicking on it in the left pane and then press the connect button in the right pane. The window will transform and should start supporting the console interface for the connected host.

ATEN Altusen (kvm-1)

  • ATEN KL1516Ai remote capable KVM with embeded 16-port switch.
  • This KVM serves server-1, server-2 and swc-000 by default. It is located in the same rack as these hosts the cabling on it should allow it to reach all of the hosts in that rack or the adjacent one (swc-033..064). A different KVM will be required to access the file servers.
  • The web interface works rather nicely, too. Follow the instructions below to get up VNC and then launch the browser from that session and open https://kvm-1; login uses the usual user name and password.
  • The test cluster is currently (1/23/20) using the KVM provided by the old test cluster. When the test cluster is no longer in operation that KVM will be moved onto the new admin net (10.1.36) and be default connected to server-1t, server-2t and swc-001t to allow remote access similar to the one on the production cluster.

Access Shortcut

  • On server-1p: cd /opt/services/kvm
  • Do java -jar ATEN-KL1516Ai.jar
    • This should pop up an XWindow on your desktop although it might take a minute or two.
  • Login as administrator using the appropriate password.
  • Select "remote view"
  • Select the appropriate port.

Configuration

Change IP address
When the unit is powered up it will prompt for a username and password. Type administrator and password which are the defaults. Press F4 and select SET IP ADDRESS. Press Space bar to disable DHCP and enter the following
010-001-036-123
255-255-255-000
010-001-036-002
Finally, press ESC to save and exit.

Acounts and Passwords
Once the device is on the network, connect to it with a web browser and login with the default username and password and select the User Management tab.
Change Administrator Password
Change the password of administrator to something new for just the KVMs.
Create Guest account
Add a username like usnogst for the USNO folks with the User permissions.
Restrictions
Both the username and the password must be between six and sixteen characters long. Legal passwd characters are:
  • 0-9
  • A-Z
  • SPACE
  • +-/:,.()?

Share Ports
In order to enable both the console and remote users to access the same port simultaneously, select Device Management -> Port Configuration and then set Access Mode to Share and click Save. This must be done for each port.

Setup Java Access

There is a .jar file that ships with the unit. Using it will allow you to connect from Linux and should be faster than starting a web browser remotely. To retrieve this jar file, connect to the KVM with a web browser, select the Download tab and then select Donwload Java Client AP. Now copy the .jar file to /opt/services/kvm and name it something descriptive like ATEN-KL1516Ai.jar

Access

Since the USNO requires X11Forwarding in ssh to be disabled, we recommend using VNC to access things like the KVMs.
Login to usno server
Either usno-serv-1t-ext or usno-serv-1-ext. E.g.
ssh admin@usno-serv-1t-ext

Start the VNC server
It will return the display it created (e.g. usno-serv-1:1). Make a note of the display number for later use.
vncserver

Set the password
Since it is possible that another sysadmin has used the admin account before you, you will want to set your own password for this vncserver.
vncpasswd

Start VNC client
On your local machine, start the VNC client. Here is where you will use the display number returned from vncserver above. E.g.
vncviewer -via admin@usno-serv-1-ext localhost:1

Launch the JAVA application
Once you have a VNC desktop, open a terminal window and type
java -jar /opt/services/kvm/ATEN-KL1516Ai.jar
  • If it prompts you for the Serial Number enter what is labeled as the Installation No. in the packaging. 5TW0Z-WP2GQ-1YK0L-3DEE2
  • The next window should automaticlly find the KVM and put it in the Server List. If so, click on it. If not, enter the IP address 10.1.36.123 in the IP text box.
  • Click on Login
  • The username is administrator and the passwd is just for the KVMs.
  • Once logged in, click on Remote View
  • The next window should have a list on the left of ports. You can connect to anything with a green icon by clicking on it and the clicking Connect
  • Once connected, if you move the mouse to the bottom or top center of the screen, a control display should appear.

Kill the VNC server
One the usno server, kill the server you started, associated with the display number. E.g.
vncserver -kill :1

RADIUS
Does not work with this KVM. Below is what we tried.
To get the KVM to work with radius, the following must be added to each user section
Vendor-Specific = "C,W,J,L"
  • C Grants the user administrator privileges, allowing the user to configure the system.
  • W Allows the user to access the system via the Windows Client program.
  • J Allows the user to access the system via the Java Client program.
  • L Allows the user to access log information via a Web browser
    These options are from the Tripp-lite manual. The ATEN manual was very unhelpful with respect to radius. Next, the passwords must be set with Cleartext-Password in the radius configuration. Finally, even with all this, a logged in user to the KVM via radius cannot see any of the connected ports which is the whole point of a remote KVM so, unless we figure that out, using radius with the KVMs is a non-starter.

Troubleshooting

  • slow keys: It seems that one cannot quickly hit shift and then a key to get something like "I". One must do it slowly. Very slowly. This will provide much frustration in typing passwords. On further testing this slowness only affects some keys like I and + but not R and B. This only seems to be a problem in Linux. I did not have this problem in windows (rdesktop to aoctsa).

  • password restrictions Note the allowed characters in the password and that the username must be at least six characters long.


Topic revision: r7 - 2021-01-15, JimJacobs
This site is powered by FoswikiCopyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding NRAO Public Wiki? Send feedback