I'd like to buy an IP-KVM switch, please.

Hi! I'd like to buy an IP-KVM switch, please.

"Sure! We got plenty."

Now wait... I have some very specific requirements.

"Shoot."

First, I want it to connect via some kind of pod or something that I can only buy from you. If there is any interoperability between vendors, I'm going to be very upset. I want full vendor lock-in.

"No worries, sir. We have a variety of pods, all highly proprietary. I assure you they won't work with any other vendor. Heck, some of them don't even work with our own products! In fact, if you are switching from another brand we send you a box of bandaids since we know you'll need them after changing all those cables."

How thoughtful! Next issue... I want you to stop making firmware updates in about 6 months. 7 at the most. I don't care if the next Heartbleed only affects KVM switches and permits hackers to get in and set my machine room on fire. No. Firmware. Updates.

"But sir! What if..."

Did you hear me??? No firmware updates! These things connect to my servers at "the bios level"... whatever the f--- marketing people mean by that. As you know every security-related feature and service on a Windows or Linux box has the caveat that "all bets are off" if someone has physical access to the machine. These IP-KVM switches basically give remote people physical access. I don't want any risks! I want to be 100% sure about whether or not people will be able to break into my machines!

"Ok, sir, I'll make sure we stop making firmware updates shortly after you receive the product."

Good. Ok, now one more thing. You tell me that there's no client software on my end because it uses Java. I want to make sure that we're perfectly clear about this. There are many versions of Java. I want to make sure that your system requires me to use a version of Java that is incompatible with the Java that is installed on my machine.

"Sir, I hate to brag but I think we've really out-done ourselves in that department. First, we require a version of Java that is so old, James Gosling himself would be shocked."

Tell me more....

"Next, we give you a choice: If you install the latest version of Java, our code is rejected because we don't include the new security profiles stuff that is required. If you downgrade to an older version, you're machine basically stops functioning."

oh yes! I like it! I like it! What else do you have?

"Our Java support on the Mac is so bad, Oracle has basically done our job for us. No changes need on our part."

Wow! You really thought this all through!

"Well, sir, I hate to brag but we have one more feature that I think is the cherry on top. We only support Java on web browsers that you don't use. Chrome? Never heard of it!"

Good show! IE6 forever! Thank you!

"We're happy to serve, sir."

Great! Now would you now sucker-punch me and leave me bleeding?

"That's all taken care of by our billing department."

Posted by Tom Limoncelli in Rants

No TrackBacks

TrackBack URL: http://everythingsysadmin.com/cgi-bin/mt-tb.cgi/1759

9 Comments | Leave a comment

Sounds eerily familiar. We have an IE6 VM precisely for this purpose.

Hey, uhm, so why are SysAdmins loath to deploy serial consoles any more? These days there seems to be the KVM camp, and the IPMI camp, but it is hard to find anyone any more with the beard and suspenders to advocate serial consoles.

Hahahahhahahaha! Lord I wish someone would actually sell a KVM switch which didn't fit the above.

To Daniel Howard. I have gone from using serial cables because the problems are usually even worse with vendor lockin. Does the server have a real UART? It looks like it does but no its really a UART over USB which requires a special kernel module to use for serial consoles.. or the fact that the new serial console has to use Java 1.4 to be configured (don't try anything after that it fails spectacularly.. there is a windows xp activex plugin too) Then my other favourite the "I forgot everything you set in me after a power outage." to be fixed in the next firmware which never gets shipped.

So if you have a good working 1990's serial console already you are probably ok and hope it never breaks. If you are trying to get one newer than that.. you end up with exactly the same problems as the KVM but less support from the manufacturer because they don't want to sell these things anymore.

I laughed all the way through this post. Very, very funny!

I cried all the way through this post. Very, very sad!

I nodded all the way through this post. Very, very true!

Funny, sad, true -- FTW!

I can't tell you how many hours I've lost to iKVM and its ilk. I wish that serial consoles were still viable with all of the OSes we need to support.

Windows servers :-/

Serial consoles are for network devices and Sparc. And who uses them anymore :-( Instead we have most PCs w/o serial support and a few server PCs with varying levels of non standard serial support.

It's all PCs and they *need* a KVM. Most winders sysadmins can't conceive of a computer that doesn't have a monitor. I've seen some put a $300 video card into a sparc so they can use a $100/port kvm instead of the $50/port serial console.

*sigh*

Hi - KVM over IP doesn't need to be that difficult.
Admittedly, I would say that, being part of the sales department of Adder Technology, UK manufacturer of, amongst other things, IP KVM switches.
Adder's IP KVMs are accessible using Java or VNC - as they have an integrated RealVNC server, it is recommended to download the VNC viewer from the switch to your client. If you prefer to use your own version of VNC that will work too (though potentially with some limitations), as will any Java browser.
Our AVX5016IP, for example, will allow you to connect to and administer not only computers, but also console servers. There are switches for just 1 local or IP user, switches for 4 concurrent IP users or switches for different combinations of local, remote or IP users. If you need dedicated IP access to one computer system, then the IPEPS (IP-Engine-Per-Server) is the one for you. Take a look at adder.com and leave us a message on there if you have any questions.

Hey Patrick,

i guess, configuration only with Java or a Windows Tool and VNC not encrypted?

Leave a comment