That just defeats the IP part of the KVM and in that case you’d better stick with a traditional KVM.
Your setup depends entirely on your threat model. In my case in a normal state everything on the network is locked. The KVM is never used for normal ops, only rebooting and entering a disk encryption key in case I’m remote and have a failure. The KVM can only be accessed through a VPN. That limits my threat exposure to be well below my threat model. If I was Edward Snowden this might not be enough, but last I checked I’m not hunted by any state actor, rogue or not, so making sure the KVM is not accessible from the internet is enough.
I’ve sold a half dozen small to midsize KVM systems. IP gives a lot of flexibility for deployment that “traditional” systems don’t, and can be done a lot cheaper as the switches can be much less than the “big iron” requirements for traditional systems.
That just defeats the IP part of the KVM and in that case you’d better stick with a traditional KVM.
Video cables and USB cables were never designed for a 20m run. Most have difficulties beyond a 2-5m distance.
My servers will be in my basement, at the other end of the house. My C&C machine will be in my office. The entire purpose of remote KVM is such that I don’t have to hoof it all the way down into the basement just to do something quick. Or go back-and-forth if there is something in my office I have to reference while doing the work.
In fact, I suspect that network KVM is exceedingly useful for anyone whose machines are more than five steps away. Even across the room makes a hell of a lot of sense.
…while Lazyness surely is an added bonus,you still do not understand the purpose of IP KVM/BMC for anyone beyond a lazy homenet enthusiast (which is fair enough,but don’t critisise people for stuff then).
BMC/KVM is must when it comes to professional deployments - for even a small DC or most professional settings anything else is unfeasible. And sadly in these settings at some point you will need some point of internet access (Which in most cased a VPN will do fine unless you are customer facing). And no, your solution via jump host is not a good idea - it simply adds a single point of failure that caused a false sense of security (great now you have only one device you need to get into and behind that it’s open field). Besides it’s highly unfeasible for a multiuser enviroment.
Proper Zero Trust, proper firewalling/IDS/IDM proper network segmenation AND proper device security are key.
Tbh, I am not surprised Gl.i was hit so hard here - they chucked out a LOT of new KVM devices recently that it was somewhat likely they had issues - which is a shame because some of their devices have some unique selling points.
Meanwhile I am more surprised that nanoKVM came back with only one issue - their traffic patterns are a major headache still.
That just defeats the IP part of the KVM and in that case you’d better stick with a traditional KVM.
Your setup depends entirely on your threat model. In my case in a normal state everything on the network is locked. The KVM is never used for normal ops, only rebooting and entering a disk encryption key in case I’m remote and have a failure. The KVM can only be accessed through a VPN. That limits my threat exposure to be well below my threat model. If I was Edward Snowden this might not be enough, but last I checked I’m not hunted by any state actor, rogue or not, so making sure the KVM is not accessible from the internet is enough.
I’ve sold a half dozen small to midsize KVM systems. IP gives a lot of flexibility for deployment that “traditional” systems don’t, and can be done a lot cheaper as the switches can be much less than the “big iron” requirements for traditional systems.
Video cables and USB cables were never designed for a 20m run. Most have difficulties beyond a 2-5m distance.
My servers will be in my basement, at the other end of the house. My C&C machine will be in my office. The entire purpose of remote KVM is such that I don’t have to hoof it all the way down into the basement just to do something quick. Or go back-and-forth if there is something in my office I have to reference while doing the work.
In fact, I suspect that network KVM is exceedingly useful for anyone whose machines are more than five steps away. Even across the room makes a hell of a lot of sense.
…while Lazyness surely is an added bonus,you still do not understand the purpose of IP KVM/BMC for anyone beyond a lazy homenet enthusiast (which is fair enough,but don’t critisise people for stuff then).
BMC/KVM is must when it comes to professional deployments - for even a small DC or most professional settings anything else is unfeasible. And sadly in these settings at some point you will need some point of internet access (Which in most cased a VPN will do fine unless you are customer facing). And no, your solution via jump host is not a good idea - it simply adds a single point of failure that caused a false sense of security (great now you have only one device you need to get into and behind that it’s open field). Besides it’s highly unfeasible for a multiuser enviroment.
Proper Zero Trust, proper firewalling/IDS/IDM proper network segmenation AND proper device security are key.
Tbh, I am not surprised Gl.i was hit so hard here - they chucked out a LOT of new KVM devices recently that it was somewhat likely they had issues - which is a shame because some of their devices have some unique selling points. Meanwhile I am more surprised that nanoKVM came back with only one issue - their traffic patterns are a major headache still.