Kvm virtualization installation. Using KVM to create virtual machines on the server


Personally, it’s easiest for me to think of KVM (Kernel-based Virtual Machine) as a level of abstraction over Intel VT-x and AMD-V hardware virtualization technologies. We take a machine with a processor that supports one of these technologies, install Linux on this machine, install KVM in Linux, and as a result we get the opportunity to create virtual machines. This is roughly how cloud hosting works, for example, Amazon Web Services. Along with KVM, Xen is also sometimes used, but a discussion of this technology is beyond the scope of this post. Unlike container virtualization technologies, for example, Docker, KVM allows you to run any OS as a guest system, but it also has O Higher overhead for virtualization.

Note: The steps described below were tested by me on Ubuntu Linux 14.04, but in theory they will be largely valid for both other versions of Ubuntu and other Linux distributions. Everything should work both on the desktop and on the server, accessed via SSH.

Installing KVM

We check whether Intel VT-x or AMD-V is supported by our processor:

grep -E "(vmx|svm)" /proc/cpuinfo

If something gets hot, it means it is supported, and you can move on.

Installing KVM:

sudo apt-get update
sudo apt-get install qemu-kvm libvirt-bin virtinst bridge-utils

What is usually stored where:

  • /var/lib/libvirt/boot/ - ISO images for installing guest systems;
  • /var/lib/libvirt/images/ — images of hard drives of guest systems;
  • /var/log/libvirt/ - here you should look for all logs;
  • /etc/libvirt/ - directory with configuration files;

Now that KVM is installed, let's create our first virtual machine.

Creating the first virtual machine

I chose FreeBSD as the guest system. Download the ISO image of the system:

cd /var/lib/libvirt/boot/
sudo wget http:// ftp.freebsd.org/ path/ to/ some-freebsd-disk.iso

Virtual machines are managed in most cases using the virsh utility:

sudo virsh --help

Before launching the virtual machine, we will need to collect some additional information.

We look at the list of available networks:

sudo virsh net-list

View information about a specific network (named default):

sudo virsh net-info default

Let's look at the list of available optimizations for guest operating systems:

sudo virt-install --os-variant list

So, now we create a virtual machine with 1 CPU, 1 GB of RAM and 32 GB of disk space, connected to the default network:

sudo virt-install\
--virt-type =kvm\
--name freebsd10\
--ram 1024\
--vcpus=1\
--os-variant =freebsd8 \
--hvm\
--cdrom =/ var/ lib/ libvirt/ boot/ FreeBSD-10.2 -RELEASE-amd64-disc1.iso \
--network network =default,model =virtio \
--graphics vnc\
--disk path =/ var/ lib/ libvirt/ images/ freebsd10.img,size =32 ,bus =virtio

You can see:

WARNING Unable to connect to graphical console: virt-viewer not
installed. Please install the "virt-viewer" package.

Domain installation still in progress. You can reconnect to the console
to complete the installation process.

This is normal, this is how it should be.

Then look at the properties of the virtual machine in XML format:

sudo virsh dumpxml freebsd10

The most complete information is provided here. This includes, for example, a MAC address, which we will need later. For now we are finding information about VNC. In my case:

Using your favorite client (I personally use Rammina), we log in via VNC, using SSH port forwarding if necessary. We get straight into the FreeBSD installer. Then everything is as usual - Next, Next, Next, we get the installed system.

Basic Commands

Let's now look at the basic commands for working with KVM.

Getting a list of all virtual machines:

sudo virsh list --all

Obtaining information about a specific virtual machine:

sudo virsh dominfo freebsd10

Launch virtual machine:

sudo virsh start freebsd10

Stop virtual machine:

sudo virsh shutdown freebsd10

Hardly nail the virtual machine (despite the name, this Not deletion):

sudo virsh destroy freebsd10

Reboot the virtual machine:

sudo virsh reboot freebsd10

Clone virtual machine:

sudo virt-clone -o freebsd10 -n freebsd10-clone \
--file /var/lib/libvirt/images/freebsd10-clone.img

Enable/disable autorun:

sudo virsh autostart freebsd10
sudo virsh autostart --disable freebsd10

Running virsh in dialog mode (all commands in dialog mode - as described above):

sudo virsh

Editing the properties of the virtual machine in XML, including here you can change the limit on the amount of memory, etc.:

sudo virsh edit freebsd10

Important! Comments from the edited XML are unfortunately removed.

When the virtual machine is stopped, the disk can also be resized:

sudo qemu-img resize /var/ lib/ libvirt/ images/ freebsd10.img -2G
sudo qemu-img info /var/lib/libvirt/images/freebsd10.img

Important! Your guest OS probably won't like the disk suddenly getting bigger or smaller. At best, it will boot into emergency mode with a proposal to repartition the disk. You probably shouldn't want to do that. It may be much easier to create a new virtual machine and migrate all the data to it.

Backup and restore are quite simple. It is enough to save the dumpxml output somewhere, as well as the disk image, and then restore them. On YouTube managed to find the video With a demonstration of this process, everything is really not difficult.

Network settings

An interesting question - how to determine what IP address the virtual machine received after loading? KVM does this in a clever way. I ended up writing this script in Python:

#!/usr/bin/env python3

# virt-ip.py script
# (c) 2016 Aleksander Alekseev
# http://site/

import sys
import re
import os
import subprocess
from xml .etree import ElementTree

def eprint(str) :
print(str, file = sys.stderr)

if len(sys.argv)< 2 :
eprint("USAGE: " + sys .argv [ 0 ] + " " )
eprint("Example: " + sys .argv [ 0 ] + " freebsd10" )
sys.exit(1)

if os .geteuid() != 0 :
eprint("ERROR: you should be root" )
eprint("Hint: run `sudo " + sys .argv [ 0 ] + " ...`" ) ;
sys.exit(1)

if subprocess .call ( "which arping 2>&1 >/dev/null", shell = True ) != 0 :
eprint("ERROR: arping not found" )
eprint( "Hint: run `sudo apt-get install arping`")
sys.exit(1)

Domain = sys.argv[1]

if not re .match ("^*$" , domain) :
eprint( "ERROR: invalid characters in domain name")
sys.exit(1)

Domout = subprocess .check_output ("virsh dumpxml " +domain+" || true" ,
shell = True)
domout = domout.decode("utf-8").strip()

if domout == "" :
# error message already printed by dumpxml
sys.exit(1)

Doc = ElementTree.fromstring(domout)

# 1. list all network interfaces
# 2. run `arping` on every interface in parallel
#3.grep replies
cmd = "(ifconfig | cut -d " " -f 1 | grep -E "." | " + \
"xargs -P0 -I IFACE arping -i IFACE -c 1 () 2>&1 | " + \
"grep "bytes from") || true"

for child in doc.iter() :
if child.tag == "mac" :
macaddr = child.attrib["address"]
macout = subprocess .check_output (cmd .format (macaddr) ,
shell = True)
print(macout.decode("utf-8"))

The script works with both the default network and the bridged network, the configuration of which we will consider later. However, in practice, it is much more convenient to configure KVM so that it always assigns the same IP addresses to guest systems. To do this, edit the network settings:

sudo virsh net-edit default

... something like this:

>



>

After making these changes


>

... and replace it with something like:




>

We reboot the guest system and check that it has received an IP via DHCP from the router. If you want the guest system to have a static IP address, this is configured as usual within the guest system itself.

virt-manager program

You may also be interested in the virt-manager program:

sudo apt-get install virt-manager
sudo usermod -a -G libvirtd USERNAME

This is what its main window looks like:

As you can see, virt-manager is not only a GUI for virtual machines running locally. With its help, you can manage virtual machines running on other hosts, as well as look at beautiful graphics in real time. I personally find it especially convenient in virt-manager that you don’t need to search through the configs to find out on which port VNC is running on a particular guest system. You just find the virtual machine in the list, double-click, and get access to the monitor.

With the help of virt-manager it is also very convenient to do things that would otherwise require labor-intensive editing of XML files and, in some cases, the execution of additional commands. For example, renaming virtual machines, setting CPU affinity and similar things. By the way, using CPU affinity significantly reduces the effect of noisy neighbors and the impact of virtual machines on the host system. Always use it if possible.

If you decide to use KVM as a replacement for VirtualBox, keep in mind that they will not be able to share hardware virtualization between themselves. For KVM to work on your desktop, you will not only have to stop all virtual machines in VirtualBox and Vagrant, but also reboot the system. I personally find KVM much more convenient than VirtualBox, at least because it doesn't require you to run a command sudo /sbin/rcvboxdrv setup after each kernel update, it works adequately with Unity, and generally allows you to hide all windows.

I am writing this note to demonstrate step-by-step installation and configuration of a KVM-based virtual machine in Linux. I previously wrote about virtualization, where I used the wonderful .

Now I am faced with the question of renting a good server with a large amount of RAM and a large hard drive. But I don’t want to run projects directly on the host machine, so I will separate them into separate small virtual servers running Linux or Docker containers (I’ll talk about them in another article).

All modern cloud hostings work on the same principle, i.e. a hoster on good hardware raises a bunch of virtual servers, which we used to call VPS/VDS, and distributes them to users, or automates this process (hello, DigitalOcean).

KVM (kernel-based virtual machine) is software for Linux that uses the hardware of x86-compatible processors to work with Intel VT/AMD SVM virtualization technology.

Installing KVM

I will carry out all the machinations of creating a virtual machine on Ubuntu 16.04.1 LTS OS. To check whether your processes support hardware virtualization based on Intel VT/AMD SVM, run:

Grep -E "(vmx|svm)" /proc/cpuinfo

If the terminal is not empty, then everything is in order and KVM can be installed. Ubuntu officially only supports the KVM hypervisor (part of the Linux kernel) and recommends using the libvirt library as a tool to manage it, which is what we will do next.

You can also check hardware virtualization support in Ubuntu using the command:

If successful, you will see something like this:

INFO: /dev/kvm exists KVM acceleration can be used

Install packages for working with KVM:

Sudo apt-get install qemu-kvm libvirt-bin ubuntu-vm-builder bridge-utils

If you have access to the system's graphical shell, you can install the libvirt GUI manager:

Sudo apt-get install virt-manager

Using virt-manager is quite simple (no more difficult than VirtualBox), so in this article we will talk about the console option for installing and configuring a virtual server.

Installing and configuring a virtual server

In the console version of installation, configuration and system management, an indispensable tool is the virsh utility (an add-on to the libvirt library). It has a large number of options and parameters; a detailed description can be obtained as follows:

Man virsh

or call the standard "help":

Virsh help

I always adhere to the following rules when working with virtual servers:

  1. I store iso OS images in the /var/lib/libvirt/boot directory
  2. I store virtual machine images in the /var/lib/libvirt/images directory
  3. I explicitly assign each new virtual machine its own static IP address via the hypervisor’s DHCP server.

Let's start installing the first virtual machine (64-bit server Ubuntu 16.04 LTS):

Cd /var/lib/libvirt/boot sudo wget http://releases.ubuntu.com/16.04/ubuntu-16.04.1-desktop-amd64.iso

After downloading the image, start the installation:

Sudo virt-install \ --virt-type=kvm \ --name ubuntu1604\ --ram 1024 \ --vcpus=1 \ --os-variant=ubuntu16.04 \ --hvm \ --cdrom=/var/ lib/libvirt/boot/ubuntu-16.04.1-server-amd64.iso \ --network network=default,model=virtio \ --graphics vnc \ --disk path=/var/lib/libvirt/images/ubuntu1604. img,size=20,bus=virtio

Translating all these parameters into “human language”, it turns out that we are creating a virtual machine with Ubuntu 16.04 OS, 1024 MB of RAM, 1 processor, a standard network card (the virtual machine will access the Internet as if due to NAT), 20 GB HDD.

It is worth paying attention to the parameter --os-variant, it tells the hypervisor which OS the settings should be adapted to.
A list of available OS options can be obtained by running the command:

Osinfo-query os

If such a utility is not on your system, then install:

Sudo apt-get install libosinfo-bin

After starting the installation, the following message will appear in the console:

Domain installation still in progress. You can reconnect to the console to complete the installation process.

This is a normal situation, we will continue the installation via VNC.
Let's look at which port it was raised on our virtual machine (in the next terminal, for example):

Virsh dumpxml ubuntu1604... ...

Port 5900, on local address 127.0.0.1. To connect to VNC, you need to use Port Forwarding via ssh. Before doing this, make sure that tcp forwarding is enabled in the ssh daemon. To do this, go to the sshd settings:

Cat /etc/ssh/sshd_config | grep AllowTcpForwarding

If nothing was found or you see:

AllowTcpForwarding no

Then we edit the config to

AllowTcpForwarding yes

and reboot sshd.

Setting up port forwarding

We execute the command on the local machine:

Ssh -fN -l login -L 127.0.0.1:5900:localhost:5900 server_ip

Here we have configured ssh port forwarding from local port 5900 to server port 5900. Now you can connect to VNC using any VNC client. I prefer UltraVNC because of its simplicity and convenience.

After successful connection, the standard welcome window for starting Ubuntu installation will be displayed on the screen:

After the installation is complete and the usual reboot, the login window will appear. After logging in, we determine the IP address of the newly created virtual machine in order to later make it static:

Ifconfig

We remember and go to the host machine. We pull out the mac address of the virtual machine’s “network” card:

Virsh dumpxml ubuntu1604 | grep "mac address"

Let's remember our mac address:

Editing the network settings of the hypervisor:

Sudo virsh net-edit default

We look for DHCP and add this:

It should look something like this:

In order for the settings to take effect, you need to restart the DHCP server of the hypervisor:

Sudo virsh net-destroy default sudo virsh net-start default sudo service libvirt-bin restart

After this, we reboot the virtual machine, now it will always have the IP address assigned to it - 192.168.122.131.

There are other ways to set a static IP for a virtual machine, for example, by directly editing the network settings inside the guest system, but here it’s whatever your heart desires. I just showed the option that I prefer to use.

To connect to the virtual machine terminal, run:

Ssh 192.168.122.131

The car is ready for battle.

Virsh: command list

To view running virtual hosts (all available ones can be obtained by adding --all):

Sudo virsh list

You can reboot the host:

Sudo virsh reboot $VM_NAME

Stop a virtual machine:

Sudo virsh stop $VM_NAME

Execute halt:

Sudo virsh destroy $VM_NAME

Sudo virsh start $VM_NAME

Disable:

Sudo virsh shutdown $VM_NAME

Add to autorun:

Sudo virsh autostart $VM_NAME

Very often it is necessary to clone a system in order to use it in the future as a framework for other virtual operating systems; for this, the virt-clone utility is used.

Virt-clone --help

It clones an existing virtual machine and changes host-sensitive data, for example, mac address. Passwords, files and other user-specific information in the clone remain the same. If the IP address on the cloned virtual machine was registered manually, then problems with SSH access to the clone may arise due to a conflict (2 hosts with the same IP).

In addition to installing a virtual machine via VNC, it is also possible to use X11Forwarding through the virt-manager utility. On Windows, for example, you can use Xming and PuTTY for this.

I have tried many web management interfaces and none of them were good enough like virt-manager.

You know, I'm one of those guys who used to have VMware, where 90% of the control is clickable.

My questions:

1) Is there any "interactive" CLI utility like mc (midnight commander) or something how to control KVM? (ON/OFF VM, increase memory, restart virtual machines, add virtual hardware, add new disks, etc.)

2) Could you recommend me some web interface management interface for KVM on debian squeeze? Have you seen VMware Server 2? There is web control. I know it was slow, but that's normal when you're somewhere without a terminal. (for example on Android with a web browser) I've tried a lot of them, but nothing I've tried has worked.

5) How to improve KVM security? Could some web interface solve this problem? (e.g. accounting, user management?)

I know there is google, wiki, there is a long list of UI for kvm, but I need opinions, experiences from experts or users who use KVM. I hope this isn't some stupid question. Thanks everyone for answering my questions.

5 Solutions collect form web for “KVM – Which web management should I use?”

For a web-based KVM manager, you can try Proxmox. Instructions for Debian Squeeze are here.

It has command line tools but no text based menu.

You should set up a small environment and try it out. Then state the goal and implement it.

There is no exact answer/tutorial for this. How configurable a KVM server/client is really depends on how many resources (cpu/ram/storage) are available.

Again, it depends on your environment and those are multi-layer/devices for example. routers, firewall, ip tables, password policy, access policy, etc. I don't know of any gui, webbase or not, that can handle all of these, including KVM. (OK, there is a cloud, but I have no experience with it at all)

You tried Kimchi? is the most user-friendly open source KVM and is sponsored by IBM.

Disclaimer: I am not affiliated with Kimchi at all. I just love his friendliness.

Experts use the CLI. Not GUI. This is even true for experienced Windows administrators.

No, GUIs are still improving, but self-logging scripts are faster and do what you want.

Improve performance in KVM? Throw it away.

This is just a hint from the XEN-PV expert. Only LXC (or other containers) or chroot-based solutions are faster.

The KVM installation guide may not be very detailed, but at least give or provide ideas regarding the installation and configuration process.

There's a new enterprise-level KVM and AV/IT system management called Boxilla, which features a comprehensive and centralized command center that delivers maximum performance, ease of use, and security.

It provides the ability to manage high-performance KVM, KVM over IP, virtualized endpoints and various AV/IT devices in one centralized command center, allowing administrators to manage multi-tier KVM and AV/IT deployments using a powerful web-based and shared user interface. You can find about this here: https://www.blackbox.co.uk/gb-gb/page/37929/Solutions-Industries/Technology-Products/KVM-Switching-and-Extension/Centralised-KVM-AV-Manager -Boxilla

KVM or Kernel Virtual Module is a virtualization module for the Linux kernel that allows you to turn your computer into a hypervisor for managing virtual machines. This module operates at the kernel level and supports hardware acceleration technologies such as Intel VT and AMD SVM.

KVM software itself does not virtualize anything in user space. Instead, it uses the /dev/kvm file to configure virtual address spaces for the guest in the kernel. Each guest machine will have its own video card, network and sound card, hard drive and other equipment.

Also, the guest system will not have access to components of the real operating system. The virtual machine runs in a completely isolated space. You can use kvm both on a GUI system and on servers. In this article we will look at how to install kvm Ubuntu 16.04

Before proceeding with the KVM installation itself, you need to check whether your processor supports hardware virtualization acceleration from Intel-VT or AMD-V. To do this, run the following command:

egrep -c "(vmx|svm)" /proc/cpuinfo

If the result returns 0, then your processor does not support hardware virtualization, if 1 or more, then you can use KVM on your machine.

Now we can proceed to installing KVM, a set of programs can be obtained directly from the official repositories:

sudo apt install qemu-kvm libvirt-bin bridge-utils virt-manager cpu-checker

We installed not only the kvm utility, but also the libvirt library, as well as the virtual machine manager. Once the installation is complete, you need to add your user to the libvirtd group, because only root and users in this group can use KVM virtual machines:

sudo gpasswd -a USER libvirtd

After running this command, log out and log in again. Next, let's check if everything was installed correctly. To do this, use the kvm-ok command:

INFO: /dev/kvm exists
KVM acceleration can be used

If everything was done correctly, you will see the same message.

Using KVM on Ubuntu 16.04

You have completed the task of installing kvm in Ubuntu, but you cannot yet use this virtualization environment but it still needs to be configured. Next, we will look at how kvm Ubuntu is configured. First you need to set up your network. We need to create a bridge with which the virtual machine will connect to the computer's network.

Setting up a bridge in NetworkManager

This can be done in several ways, for example, you can use the network configuration program NetworkManager.

Click the NetworkManager icon in the panel, then select change connections, then click the button Add:

Then select the connection type Bridge and press Create:

In the window that opens, click the button Add, to link our bridge to the internet connection:

From the list, select Ethernet and press Create:

In the next window, select in the field device, network interface to which our bridge should be associated:

Now you will see your bridge in the list of network connections. All that remains is to reboot the network to fully apply the changes, to do this, run:

Manual bridge setup

First you need to install the bridge-utils set of utilities if you have not already done so:

sudo apt install bridge-utils

Then, using the brctl program, we can create the bridge we need. To do this, use the following commands:

sudo brctl addbr bridge0
$ sudo ip addr show
$ sudo addif bridge0 eth0

The first command adds the bridge device br0, with the second you need to determine which network interface is the main connection to the external network, in my case it is eth0. And with the last command we connect bridge br0 to eth0.

Now you need to add a few lines to the network settings so that everything starts up automatically after the system starts. To do this, open the /etc/network/interfaces file and add the following lines there:

sudo gedit /etc/network/interfaces

loopback
auto lo bridge0
iface lo inet loopback
iface bridge0 inet dhcp
bridge_ports eth0

When the settings are added, reboot the network:

sudo systemctl restart networking

Now the installation and configuration of KVM is completely completed and you can create your first virtual machine. After this, you can view the available bridges using the command:

Creating KVM virtual machines

The Ubuntu KVM setup is complete and we can now move on to using it. First, let's look at the list of existing virtual machines:

virsh -c qemu:///system list

It's empty. You can create a virtual machine through the terminal or in the graphical interface. To create via the terminal, use the virt-install command. First let's go to the libvirt folder:

cd /var/lib/libvirt/boot/

To install CentOS the command will look like this:

sudo virt-install\
--virt-type=kvm \
--name centos7\
--ram 2048\
--vcpus=2 \
--os-variant=rhel7 \
--hvm\
--cdrom=/var/lib/libvirt/boot/CentOS-7-x86_64-DVD-1511.iso \
--network=bridge=br0,model=virtio \
--graphics vnc\
--disk path=/var/lib/libvirt/images/centos7.qcow2,size=40,bus=virtio,format=qcow2

Let's take a closer look at what the parameters of this command mean:

  • virt-type- type of virtualization, in our case kvm;
  • name- name of the new car;
  • ram- amount of memory in megabytes;
  • vcpus- number of processor cores;
  • os-variant- type of operating system;
  • cdrom- installation image of the system;
  • network-bridge- the network bridge that we configured earlier;
  • graphics- a way to gain access to the graphical interface;
  • diskpath- address of the new hard drive for this virtual machine;

After the installation of the virtual machine is complete, you can find out the VNC connection parameters using the command:

sudo virsh vncdisplay centos7

Now you can enter the received data in your VNC client and connect to the virtual machine even remotely. For Debian the command will be slightly different, but everything looks similar:

Go to the folder for images:

cd /var/lib/libvirt/boot/

You can download the installation image from the Internet if necessary:

sudo wget https://mirrors.kernel.org/debian-cd/current/amd64/iso-dvd/debian-8.5.0-amd64-DVD-1.iso

Then let's create a virtual machine:

sudo virt-install\
--virt-type=kvm \
--name=debina8 \
--ram=2048\
--vcpus=2 \
--os-variant=debian8 \
--hvm\
--cdrom=/var/lib/libvirt/boot/debian-8.5.0-amd64-DVD-1.iso \
--network=bridge=bridge0,model=virtio \
--graphics vnc\
--disk path=/var/lib/libvirt/images/debian8.qcow2,size=40,bus=virtio,format=qcow2

Now let's look at the list of available machines again:

virsh -c qemu:///system list

To start the virtual machine you can use the command:

sudo virsh start machinename

To stop:

sudo virsh shutdown machinename

To switch to sleep mode:

sudo virsh suspend machinename

To reboot:

sudo virsh reboot machinename

sudo virsh reset machinename

To completely remove a virtual machine:

sudo virsh destroy machinename

Creating virtual machines in GUI\

If you have access to a graphical interface, there is no need to use a terminal; you can use the full graphical interface of the Virtual Manager virtual machine manager. The program can be launched from the main menu:

To create a new machine, click on the icon with the monitor icon. Next, you will need to select the ISO image of your system. You can also use a real CD/DVD drive:

On the next screen, select the amount of memory that will be available to the virtual machine, as well as the number of processor cores:

On this screen, you need to select the size of the hard drive that will be available in your machine:

At the last step of the wizard, you have to check that the machine settings are correct and also enter its name. You also need to specify the network bridge through which the machine will connect to the network:

After this, the machine will be ready for use and will appear in the list. You can launch it using the green triangle on the manager toolbar.

conclusions

In this article, we looked at how to install KVM Ubuntu 16.04, we looked at how to fully prepare this environment for work, as well as how to create virtual machines and use them. If you have any questions, ask in the comments!

To conclude, a lecture from Yandex about what virtualization is in Linux:

I believe many people have encountered ordinary KVM switches. The abbreviation "KVM" stands for "Keyboard Video Mouse". A KVM device allows you, having only one set of keyboard+monitor+mouse (K.M.M.), to control several computers (system units). In other words, we take N system units, connect their outputs from the K.M.M. into a KVM device, and to the device itself we connect a real monitor, keyboard and mouse. By switching between computers using KVM, we can see what is happening on the screen of the selected computer, as well as control it as if we were connected to it directly.

This is convenient if we need several machines for work, but access to them at the same time is not necessary. In addition, it saves a lot of space - monitors, even LCD ones, take up quite a lot of space on the table. Yes, and they cost quite a bit. And in a pile of keyboards and mice on the table you can quickly get confused...

Advanced readers will object - why such complexity if the computers are most likely connected to the same local network and you can use remote access programs built into the operating system (or external), for example Terminal Services or Radmin under Windows, VNC, ssh under *nix- like operating systems. Everything is correct, but what should we do if, for example, we need to enter the computer’s BIOS or the operating system has stopped loading because we installed some incorrect driver or program? Or do we have several operating systems installed on our computer and we needed to choose a different one from the one that starts by default? In general, all these programs are really good, but up to certain limits - as long as the computer's OS is functional and we only need access to the computer after this OS boots.

For example, let's look at several typical KVM switches using devices manufactured by the company as an example.

Device Specifications

CN-6000 supports the division of powers between users and allows you to create up to 64 administrative or user accounts, of which up to 16 accounts can work with the device simultaneously. The device has a built-in WEB administration interface, and its small size allows you to place it on a table or mount it (using a special bracket included in the kit) on the side truss of a rack (0U rack mountable). The CN-6000 supports firmware updates via an Ethernet connection (from the web interface or native utility). The maximum video resolution that the device supports is 1600x1200 pixels.

Specification summary table:

Hardware requirement (remote client)Pentium III 1Ghz
InterfacesLocal consoleKeyboard1 × Mini-DIN-6 F(Purple)
Video1 × HDB-15 F(Blue)
Mouse1 × HDB-15 F(green)
System (KVM)1 × SPHD-15 F(Yellow)
LAN port1 × RJ-45(F)
Power on the net (reserved)1 x DB9(M)
Power interface1
Buttons/switchesKVM Reset1 × semi-hidden, front
Indicatorsnutrition1 x orange
remote user connection1 x green
LAN 10/100 Mbps1 x green/orange
Supported protocols10baseT Ethernet and 100baseTX Fast Ethernet. TCP/IP
Video ResolutionsUp to 1600×1200 60Hz
Framemetal
Dimensions (length × width × height)200 × 80 × 25mm

Let's move on to the tests.

On the included CD you can find four utilities:

  • CN6000 Client - client program for Windows, with which you can connect to a remote computer
  • a similar client program written in Java (in jar format)
  • CN6000 Admin Tool - device configuration manager (for Windows)
  • log server - a program that can be configured to receive and store log files from the CN-6000

In addition, the KVM switch has a built-in WEB server, so the device can be accessed through a WEB browser. But we’ll return to the web interface a little later, first we’ll look at the individual utilities.

Configuring CN-6000 through the Admin Tool utility.

The program is designed to configure the device, set access passwords, security, etc.

When it was launched, there was a funny thing:

The first time you launch all utilities from the supplied disk, you are required to enter the serial number. The documentation (even the latest version, which is on the manufacturer’s website) says that the serial number is printed at the bottom of the CN-6000 case. And there really is some kind of serial number printed there, only it is much shorter than what the programs require. In general, after suffering a little, entering the found serial number this way and that, adding zeros or spaces to it and not achieving anything more than the “Invalid Serial Number” window, I already wanted to finish testing the device that day. Having taken the CD out of the CD-ROM (I inserted it into the CD drive first - I had to install the software), I discovered a strange sticker on the disk - this turned out to be the treasured serial number.

Of course, theoretically, a person can pay attention to what is written or pasted on a CD when inserting it into the drive. But how many people immediately pay attention to this? :) And, one might ask, why was it necessary to write deliberately false information in the documentation? I repeat - there is a newer version of the documentation on the site and this “typo” is not corrected there. I note that this is not the last inaccuracy that appears in the documentation, so sometimes you have to act according to the saying “don’t believe your eyes.”

The CN-6000 administration utility is useful in that it allows us to find a device on the network, even if its IP address does not belong to the subnet we are in, it is enough that we (the computer from which we are trying to access the CN-6000 ) were in the same local network segment as the KVM switch.

After entering the user login and password, we are taken to the device configuration menu:

ATEN has taken a good approach to the issue of device security. When we first enter the device configuration, we are warned that it would be a good idea to change the standard login and password...

In chapter Network the IP addressing of the device is configured, ports are set for remote access to computers controlled by the CN-6000. And here you can also specify the MAC address of the machine on which the “Log Server” program is located, which stores log files (events) sent from the KVM switch (if you do not specify it, the logs will be stored on the KVM itself and you can view them from the web interface). This machine (for the Log server) can be any computer running Windows and running the program under discussion. The only problem is that the computer must be in the same network segment (roughly speaking, connected to the same switch) as the KVM CN-6000 itself, so the usefulness of this “feature” is questionable.

Bookmarked Security filters are configured (by MAC and/or IP addresses) for accessing the remote screen of administered computers, as well as a filter for administering the CN-6000 itself.

The next tab specifies user names and passwords, as well as their rights. What’s noteworthy is that you can limit logins for configuring the CN-6000 and using the JAVA client. The minimum password length that the configuration utility accepts is eight characters. It’s a pity, of course, that the password is not checked for “simplicity,” but even checking the password length indicates that ATEN pays attention to security.

The last tab allows you to update the device’s firmware, enable the ability for several people to simultaneously connect to a remote computer (though the mouse and keyboard are still the same, from the point of view of the controlled computer, so one controls, the rest watch... or interfere with each other by dragging the mouse in different directions) . The reaction to an incorrect authentication process is also configured, as well as the inclusion of various “hiding” modes of the CN-6000 (no response to ping and a ban on showing itself when automatically searching for devices on the local network through the client utility or administration utility).

In the same tab there is another item - Reset on Exit. I would assume that this is resetting the settings to default, but in this case it involves rebooting the device when exiting the configuration utility. Otherwise (if you don’t reboot it), although the new settings will be remembered, they will not be applied (until a reboot).

At this point, the consideration of the configuration utility can be considered complete (another aspect will be discussed in the section about the Java client).

Let's move on to the web interface.

Configuration via WEB interface

In order to get to the device’s web interface, just enter the IP address that is installed on the CN-6000 in any browser.

It is noteworthy that the browser immediately redirects the client to the connection via HTTPS://, i.e. all further work occurs through a secure SSL connection.

After entering your login and password, the icons on the left and top of the web interface become active (you can click on them).

The top icons open sections related to configuring the CN-6000. For the most part, all the options there repeat the options in the Windows utility interface Admin Tool, but there are some differences. For example, in this window (configuring network addresses) we can only set the device’s IP address, but we cannot specify the subnet mask and gateway. In addition, setting the IP address works somewhat crookedly - I was never able to change the device’s IP address from the web interface (it was changed without problems using the Admin Tools utility).

This is what you can observe in the Admin Tool utility when you try to change the address through the web interface from 10.0.0.9 to 192.168.0.1. For some reason, the subnet mask changed from the standard 255.255.255.0 to 10.0.0.9, and the device (after a reboot) responds to the address 192.168.0.1 for 5 seconds, and then starts responding to 10.0.0.9 (it completely forgets about 192.168.0.1). This may be a bug in the current firmware version (1.5.141), but this version, at the time of testing, was the newest that could be found on the company's website.

No more bugs related to the web interface were found during testing.

Chapter Security repeats a similar section in the Admin Tool utility.

A similar situation with the section User Manager

...and section Customization.

Icon Log, located on the left side of the web interface, allows you to view the events that occurred during the operation of the device. In this case, the screenshot reflects the logs that appeared when the device was tested by the Nessus program.

As mentioned above, logs can be dumped to an external log server (but with certain restrictions on its location).


2024 gtavrl.ru.