A Paragon of Security, Raritan's System Provides Remote Access From a Tiny Place

Raritan's Paragon family of matrix-switching KVMs is a modular solution. The UMT1664 sits between Raritan computer interface modules (CIMs) and the user stations (USTs). A variety of CIMs supports different types of equipment, including PS/2 devices, ASCII/serial devices, Sun Microsystems systems and USB connections. The UST connects to a user port on the UMT1664 matrix switch and provides connectors for a local keyboard, mouse and monitor. Or, the UST plugs into one of the ports on a TeleReach interface unit to provide remote access via the Internet or dial-up line. Raritan representatives told me that the next version of the TeleReach will include built-in USTs. The three components are connected with Cat5 UTP cables that can go up to 500 feet, giving you a theoretical reach of 1,000 feet between the server and the keyboard, mouse and monitor.

Because the UMT1664 is a multiuser device, you must mediate usage for any particular server. Paragon gives you three options to control contention for the same systems: private, public view and PC share. Private mode gives one user exclusive access to a system. Public view mode lets a user see the screen of a system controlled by another user. PC share mode, the solution I selected for my tests, lets two users alternately control a system, with that control being shifted based on a time-out schedule set by the admin.

As the UMT1664 administrator, you assign user IDs and passwords and define access rules that go into effect as soon as the user is logged in. You can use a RADIUS server for authentication. Maybe Raritan's group ID scheme is intuitive to someone in some universe, but my jaw dropped when I began to explore the access settings. Users and computers can each be assigned nonexclusive group IDs from 00 to 99, with 00 as the default. Computers with an ID of 00 can be accessed by anyone. Users with a group ID of 00 can access any system. Simple enough. Now let's say you assign a user to a group ID of 05. That user can access systems with group IDs of 00, 05 and 50-59. Why not 15 and 25 and 35 and so on? Assign a user a group ID of 98, and they can access systems with group IDs of 00, 09 and 98. Why 09? After you figure that out, you can assign users to five different group IDs, and systems to eight different group IDs. The system is flexible if incomprehensible--Raritan devotes an entire appendix in the manual to setting access via group IDs.

TeleReach is nearly two years old, but Raritan's April upgrade, at $7,895, includes connectivity via any IE 4.x or later browser, in addition to the 32-bit Windows application. TeleReach Web access requires ActiveX, hence the IE-only limitation. The Web interface is almost identical to the Microsoft Windows application interface--the two schemes share a considerable amount of common code. The Web interface provides from one to four separate remote sessions to whatever you have connected to TeleReach.Remote access to the corporate jewels always carries security concerns. So you'll be happy to hear that the TeleReach offers 128-bit SSL authentication and data encryption both for the Windows access client and for Web access. Couple this encrypted security with TeleReach's IP address restrictions, Paragon's user ID/password security, the access controls and automatic time-outs, and even the most paranoid security admin should be satisfied that Raritan takes security seriously.

The experience you'll have with most remote-control software, like Symantec pcAnywhere and Microsoft's Terminal Services, is better in many ways than you'll have with TeleReach. I use Terminal Services daily and rarely even notice that I'm working with remote-control software because it's so speedy. Conversely, while testing TeleReach via cable modem from home, I noticed significant delays in screen redraw, mouse movement and character echo. I was also disappointed with the lack of support for high screen resolutions. Raritan's 32-bit Windows remote client is faster and supports higher resolution.

So why invest the time and money in TeleReach? First, other remote-control applications are dependent on a particular OS, and the mix of supported OSs you're hoping to support may require multiple packages. Second, remote-control applications don't give you access to your system's BIOS on reboot. You need to wait for the OS and the remote-control application to load. If you want BIOS access and all you have is remote control, then get in the car or on the plane because you'll need physical access. In contrast, Raritan's solution is OS- and hardware-independent and gives you complete access, locally and remotely, as soon as the first character hits the screen.

Ron Anderson is Network Computing's lab director. Before joining the staff, he managed IT in various capacities at Syracuse University and for the Veteran's Administration. Send your comments on this article to him at [email protected].