Dominion® KX II - Frequently Asked Questions
Dominion® KX II
General Questions
Questions
Answers
General Questions
What is Dominion KX II?
How does Dominion KX II
differ from remote control
software?
How do the new features of
the Dominion KX II compare
to the KX I?
How do I migrate from the
Dominion KX I to Dominion
KX II?
©Copyright Raritan, Inc. 2007
Dominion KX II is a second generation digital KVM (keyboard / video /
mouse) switch that enables IT administrators to access and control 16,
32 or 64* servers over the network with BIOS-level functionality.
Dominion KX II is completely hardware and OS-independent; users
can troubleshoot and reconfigure servers even when servers are
down.
At the rack, Dominion KX II provides the same functionality,
convenience, space savings and cost savings as traditional analog
KVM switches. However, Dominion KX II also integrates the industry’s
highest-performing KVM-over-IP technology, allowing multiple
administrators to access server KVM consoles from any networked
workstation.
When using Dominion KX II remotely, the interface, at first glance, may
seem similar to remote control software such as pcAnywhereTM,
Windows® Terminal Services / Remote Desktop, VNC, etc. However,
because Dominion KX II is not a software but a hardware solution, it’s
much more powerful:
• OS- and hardware-independent – Dominion KX II can be used
to manage servers running many popular OS, including Intel®,
Sun®, PowerPC running Windows, Linux®, SolarisTM, etc.
• State-independent / Agentless – Dominion KX II does not
require the managed server OS to be up and running, nor
does it require any special software to be installed on the
managed server.
• Out-of-Band – Even if the managed server’s own network
connection is unavailable, it can still be managed through
Dominion KX II.
• BIOS-level access – Even if the server is hung at boot up,
requires booting to safe mode, or requires system BIOS
parameters to be altered, Dominion KX II still works flawlessly
to enable these configurations to be made.
Dominion KX II has many new and exciting features, including virtual
media, dual power, dual gigabit Ethernet, common Web-based user
interfaces, next generation local port, etc. See the “Features and
Benefits” tab on the KX II Web pages on Raritan.com/KXII.
In general, KX I customers can continue to use their existing switches
for many years. As their data centers expand, customers can
purchase and use the new KX II models. Raritan’s centralized
management appliance, CommandCenter® Secure Gateway, and the
Multiplatform Client both support KX I and KX II switches seamlessly.
Page 1 of 11
Rev. May 2007
Dominion® KX II - Frequently Asked Questions
Questions
Answers
Will my existing KX I CIMs
work with the Dominion KX II
switch?
Yes, existing KX I CIMs will work with the Dominion KX II switch. In
addition, select Paragon CIMs will work with the KX II. This provides
an easy migration to KX II from Paragon I customers who wish to
switch to KVM-over-IP.
Yes. The Dominion KX II ships standard with 19" rack mount brackets.
It can also be reverse rack mounted so the server ports face forward.
Dominion KX II is only 1U high (except KX2-464, which is 2U), fits in a
standard 19" rack mount, and is only 11.4" (29 cm) deep.
Can the Dominion KX II be
rack mounted?
How large is the Dominion
KX II?
Remote Access
How many users can
remotely access servers on
each Dominion KX II?
Dominion KX II models offer remote connections for up to eight users
per user channel to simultaneously access and control a unique target
server. For one-channel devices like the DKX2-116, up to eight
remote users can access and control a single target server. For twochannel devices, like the DKX2-216, up to eight users can access and
control the server on channel one and up to another eight users on
channel two. For four-channel devices, up to eight users per channel,
for a total of 32 (8 x 4) users, can access and control four servers in a
similar fashion.
Can two people look at the
same server at the same
time?
Can two people access the
same server, one remotely
and one from the local port?
In order to access Dominion
KX II from a client, what
hardware, software or
network configuration is
required?
Yes, actually up to eight people can access and control any single
server at the same time.
©Copyright Raritan, Inc. 2007
Yes, the local port is completely independent of the remote “ports.”
The local port can access the same server using the PC-Share
feature.
Because Dominion KX II is completely Web-accessible, it doesn’t
require customers to install proprietary software on clients used for
access. (An optional installed client is available on Raritan.com for the
purposes of accessing Dominion KX II via modem).
Dominion KX II can be accessed through major Web browsers
including: Internet Explorer, MozillaTM and Firefox. Dominion KX II can
now be accessed on Windows, Linux, Sun Solaris and Macintosh®
desktops, via Raritan’s Java-based Multiplatform Client (MPC) and the
new Virtual KVM Client™.
Dominion KX II administrators can also perform remote management
(set passwords and security, rename servers, change IP address, etc.)
using a convenient browser-based interface.
Page 2 of 11
Rev. May 2007
Dominion® KX II - Frequently Asked Questions
What is the file size of the
applet that’s used to access
Dominion KX II? How long
does it take to retrieve?
The Virtual KVM Client applet used to access Dominion KX II is
approximately 500KB in size. The following chart describes the time
required to retrieve Dominion KX II’s applet at different network
speeds:
Theoretical 100Mbit
0.05
100Mbps
network speed
seconds
60Mbps
Likely practical
100Mbit network
speed
0.08
seconds
10Mbps
Theoretical 10Mbit
network speed
.4
seconds
6Mbps
Likely practical 10Mbit
network speed
.8
seconds
Cable modem
8
download speed
seconds
(typical)
Dominion KX II offers a dedicated modem port for attaching an
external modem. With an externally-connected modem, servers can
still be remotely accessed in the event of a network emergency.
Furthermore, Dominion KX II’s local ports always allow access to
servers from the rack, no matter the network condition.
512Kbps
How do I access servers
connected to Dominion KX II
if the network ever becomes
unavailable?
Do you have a non-Windows
client?
Yes. Both the Virtual KVM Client and the Multiplatform Client (MPC),
allow non-Windows users to connect to target servers through the
Dominion KX I and KX II switches. MPC can be run via Web browsers
and standalone. Please refer to Raritan’s Dominion KX II and MPC
User Guides for more information.
My modem connection
dropped and I got the error
message “There was an
unexpected communications
error – connection
terminated.” What should I
do?
This might have happened based on the frequency with which the user
tried to connect via modem. Reboot the KX unit and modem, and for
future connections, wait at least two (2) minutes between attempts.
Universal Virtual Media
What Dominion KX II models
support virtual media?
What types of virtual media
does the Dominion KX II
support?
What is required for virtual
media?
Is virtual media secure?
©Copyright Raritan, Inc. 2007
All Dominion KX II models support virtual media. It is available
standalone and through CommandCenter Secure Gateway, a
centralized management appliance.
Dominion KX II supports the following types of media: internal and
USB-connected CD/DVD drives, USB mass storage devices, PC hard
drives and remote drives.
The new D2CIM-VUSB CIM is required for virtual media. It supports
virtual media sessions to target servers supporting the USB 2.0
interface. Available in economical 32 and 64 quantity CIM packages,
this new CIM supports Absolute Mouse Synchronization as well as
remote firmware update.
Yes. Virtual media sessions are secured using 128 bit AES or RC4
encryption.
Page 3 of 11
Rev. May 2007
Dominion® KX II - Frequently Asked Questions
Ethernet and IP Networking
Does the Dominion KX II
offer dual gigabit Ethernet
ports to provide redundant
fail-over, or load balancing?
How much bandwidth does
Dominion KX II require?
What is the slowest
connection (lowest
bandwidth) over which
Dominion KX II can operate?
What is the speed of
Dominion KX II’s Ethernet
interfaces?
Can I access Dominion KX II
over a wireless connection?
Can Dominion KX II be used
over the WAN (Internet), or
just over the corporate LAN?
©Copyright Raritan, Inc. 2007
Yes. Dominion KX II features dual gigabit Ethernet ports to provide
redundant failover capabilities. Should the primary Ethernet port (or
the switch/router to which it is connected) fail, Dominion KX II will
failover to the secondary network port with the same IP address –
ensuring that server operations are not disrupted. Note that automatic
failover must be enabled by the administrator.
Dominion KX II offers next generation KVM-over-IP technology – the
very best video compression available. Raritan has received
numerous technical awards confirming its high video quality
transmissions and the low bandwidth utilization.
Raritan pioneered the KVM-over-IP functionality that allows users to
tailor their video parameters to conserve network bandwidth. For
instance, when connecting to Dominion KX II through a dial-up modem
connection, video transmissions can be scaled to grayscale – allowing
users to be fully productive while ensuring high performance.
With that in mind, the following data refers to Dominion KX II at its
default video settings – again, these settings can be tailored to a
specific environment. They can be increased to provide even higher
quality video (color depth), or decreased to optimize for low-speed
connections.
As a general rule, a conservative estimate for bandwidth utilization (at
Dominion KX II’s default settings) is approximately 0.5Mbit/seconds
per active KVM user (connected to and using a server), with very
occasional spikes up to 2MBit/seconds. This is a very conservative
estimate because bandwidth utilization will typically be even lower.
Bandwidth required by each video transmission depends on what task
is being performed on the managed server. The more the screen
changes, the more bandwidth is utilized. The table below summarizes
some use cases and the required bandwidth utilization at Dominion KX
II’s default settings on a 10Mbit/s network:
Idle Windows Desktop
0 Mbps
Move Cursor Around Desktop
0.18Mbps
Move Static 400x600
0.35Mbps
Window/Dialog Box
Navigate Start Menu
0.49Mbps
Scroll an Entire Page of Text
1.23Mbps
Run 3D Maze Screensaver
1.55Mbps
33Kbps or above is recommended for acceptable KX performance
over a modem connection.
Dominion KX II supports Gigabit as well as 10/100 Ethernet. KX II
supports two 10/100/1000 speed Ethernet interfaces, with configurable
speed and duplex settings (either auto-detected or manually set).
Yes. Dominion KX II not only uses standard Ethernet, but also very
conservative bandwidth with very high quality video. Thus, if a
wireless client has network connectivity to a Dominion KX II, servers
can be configured and managed at BIOS-level wirelessly.
Whether via a fast corporate LAN, the less predictable WAN (Internet),
cable modem or dial-up modem, Dominion KX II’s KVM-over-IP
technology can accommodate the connection
Page 4 of 11
Rev. May 2007
Dominion® KX II - Frequently Asked Questions
Can I use Dominion KX II
with a VPN?
How many TCP ports must
be open on my firewall in
order to enable network
access to Dominion KX II?
Are these ports configurable?
Does Dominion KX II require
an external authentication
server to operate?
Can Dominion KX II be used
with CITRIX?
Can the Dominion KX II use
DHCP?
I’m having problems
connecting to the Dominion
KX II over my IP network.
What could be the problem?
©Copyright Raritan, Inc. 2007
Yes. Dominion KX II uses standard Internet Protocol (IP) technologies
from Layer 1 through Layer 4. Traffic can be easily tunneled through
standard VPNs.
Only one. Dominion KX II protects network security by only requiring
access to a single TCP port to operate. This port is completely
configurable for additional security.
Note that, of course, to use Dominion KX II’s optional Web browser
capability, the standard HTTPS port 443 must also be open.
No. Dominion KX II is a completely self-sufficient appliance. After
assigning an IP address to a Dominion KX II, it is ready to use – with
Web browser and authentication capabilities completely built-in.
If an external authentication server (such as LDAP, Active Directory®,
RADIUS, etc.) is used, Dominion KX II allows this as well, and will
even failover to its own internal authentication should the external
authentication server become unavailable. In this way, Dominion KX
II’s design philosophy is optimized to provide ease of installation,
complete independence from any external server and maximum
flexibility.
Dominion KX II may work with remote access products like CITRIX if
configured appropriately, but Raritan cannot guarantee it will work with
acceptable performance. Customers should realize that products like
CITRIX utilize video redirection technologies similar in concept to
digital KVM switches so that two KVM-over-IP technologies are being
used simultaneously.
DHCP addressing can be used, however, Raritan recommends fixed
addressing since the Dominion KX II is an infrastructure device and
can be accessed and administered more effectively with a fixed IP
address.
The Dominion KX II relies on the customer’s LAN/WAN network.
Some possible problems include:
• Ethernet auto negotiation. On some networks, 10/100 auto
negotiation does not work properly and the KX II unit must be
set to 100MB/full duplex or the appropriate choice for its
network.
• Duplicate IP Address. If the IP Address of the KX II is the
same as another device, network connectivity may be
inconsistent.
• Port 5000 conflicts. If another device is using port 5000, the
KX II default port must be changed (or the other device must
be changed).
• When changing the IP Address of a KX II, or swapping in a
new KX II, sufficient time must be allowed for its IP and Mac
addresses to be known throughout the Layer 2 and Layer 3
networks.
Page 5 of 11
Rev. May 2007
Dominion® KX II - Frequently Asked Questions
Servers
Does Dominion KX II depend
on a Windows server to
operate?
Do I need to install a Web
server such as Microsoft
Internet Information Services
(IIS) in order to use Dominion
KX II’s Web browser
capability?
What software do I have to
install in order to access
Dominion KX II from a
particular workstation?
What should I do to prepare a
server for connection to
Dominion KX II?
What comes in the Dominion
KX II box?
Absolutely not. Because users depend on the KVM infrastructure to
always be available in any scenario whatsoever (as they will likely
need to use the KVM infrastructure to fix problems), Dominion KX II is
designed to be completely independent from any external server.
For example, should the data center come under attack from a
malicious Windows worm or virus, administrators will need to use the
KVM solution to resolve the situation. Therefore, it is imperative that
the KVM solution, in turn, must not rely on these same Windows
servers (or any server, for that matter) to be operational in order for the
KVM solution to function.
To this end, Dominion KX II is completely independent. Even if a user
chooses to configure the Dominion KX II to authenticate against an
Active Directory server – if that Active Directory server becomes
unavailable, Dominion KX II’s own authentication will be activated and
fully functional.
No. Dominion KX II is a completely self-sufficient appliance. After
assigning an IP address to Dominion KX II, it’s ready to use – with
Web browser and authentication capabilities completely built-in.
None. Dominion KX II can be accessed completely via a Web browser
(although an optional installed client is provided on Raritan’s Web site
Raritan.com for the purpose of accessing Dominion KX II via modem).
A Java-based client is now available for non-Windows users.
Simply set the mouse parameters in order to provide users with the
best mouse synchronization during remote connections, as well as
turning off the power management features that effect screen display.
However, if the Absolute Mouse Synchronization™ is supported
through the new D2CIM-VUSB adapter, then manually setting the
mouse parameters isn’t necessary.
The following is included: (a) Dominion KX II unit; (b) Quick Setup
Guide; (c) standard 19" rack mount brackets; (d) User manual CDROM; (e) Network cable; (f) Crossover cable; (g) Localized AC Line
Cord; (h) Warranty certificate and other documentation.
Installation
Besides the unit itself, what
do I need to order from
Raritan to install Dominion
KX II?
What kind of Cat5 cabling
should be used in my
installation?
What types of servers can be
connected to Dominion KX
II?
How do I connect servers to
Dominion KX II?
©Copyright Raritan, Inc. 2007
Each server that connects to Dominion KX II requires a Dominion or
Paragon Computer Interface Module (CIM), an adapter that connects
directly to the keyboard, video and mouse ports of the server.
Dominion KX II can use any standard UTP (unshielded twisted pair)
cabling, whether Cat5, Cat5e, or Cat6. Often in our manuals and
marketing literature, Raritan will simply say “Cat5” cabling for short. In
actuality, any brand UTP cable will suffice for Dominion KX II.
Dominion KX II is completely vendor independent. Any server with
standard-compliant keyboard, video, and mouse ports can be
connected.
Servers that connect to the Dominion KX II require a Dominion or
Paragon CIM, which connects directly to the keyboard, video, and
mouse ports of the server. Then, connect each CIM to Dominion KX II
using standard UTP (twisted pair) cable such as Cat5, Cat5e, or Cat6.
Page 6 of 11
Rev. May 2007
Dominion® KX II - Frequently Asked Questions
How far can my servers be
from Dominion KX II?
Some operating systems lock
up when I disconnect a
keyboard or mouse during
operation. What prevents
servers connected to
Dominion KX II from locking
up when I switch away from
them?
Are there any agents that
must be installed on servers
connected to Dominion KX
II?
How many servers can be
connected to each Dominion
KX II unit?
What happens if I disconnect
a server from Dominion KX II
and reconnect it to another
Dominion KX II unit, or
connect it to a different port
on the same Dominion KX II
unit?
How do I connect a serially
controlled (RS-232) device to
Dominion KX II, such as a
Cisco router/switch or a
headless Sun server?
In general servers can be up to 150 feet (45 m) away from Dominion
KX II depending on the type of server. (See user manual printed or on
Web site). For the new D2CIM-VUSB CIM that supports virtual media
and Absolute Mouse Synchronization, a 100 foot range is
recommended.
Each Dominion computer interface module (DCIM) dongle acts as a
virtual keyboard and mouse to the server to which it is connected. This
technology is called KME (keyboard/mouse emulation). Raritan’s KME
technology is data center grade, battle-tested and far more reliable
than that found in lower-end KVM switches: it incorporates more than
15 years of experience and has been deployed to millions of servers
worldwide.
Servers connected to Dominion KX II do not require any software
agents to be installed, because Dominion KX II connects directly via
hardware to servers’ keyboard, video and mouse ports.
Dominion KX II models range from 16 or 32 server ports in a 1U
chassis to 64 server ports in a 2U chassis. This is the industry’s
highest digital KVM switch port density.
Dominion KX II will automatically update the server port names when
servers are moved from port to port. Furthermore, this automatic
update does not just affect the local access port, but propagates to all
remote clients and the optional CommandCenter® Secure Gateway
management appliance.
If there are only a few serially-controlled devices, they may be
connected to a Dominion KX II using Raritan’s serial adapter, AUATC,
or the new P2CIM-SER serial converter.
However, if there are four or more serially-controlled devices, we
recommend the use of Raritan’s Dominion SX line of secure console
servers. For multiple serial devices, Dominion SX offers more serial
functionality at a better price point than Dominion KX II. This SX is
easy to use, configure and manage, and can be completely integrated
with a Dominion Series deployment. In particular, many UNIX and
networking administrators appreciate the ability to directly SSH to a
Dominion SX unit.
Local Port
Can I access my servers
directly from the rack?
When I am using the local
port, do I prevent other users
from accessing servers
remotely?
Can I use a USB keyboard or
mouse at the local port?
Is there an On-Screen
Display (OSD) for local, atthe-rack access?
©Copyright Raritan, Inc. 2007
Yes. At the rack, Dominion KX II functions just like a traditional KVM
switch – allowing control of up to 64 servers using a single keyboard,
monitor and mouse.
No. The Dominion KX II local port has a completely independent
access path to the servers. This means a user can access servers
locally at the rack – without compromising the number of users that
access the rack remotely at the same time.
Yes. Dominion KX II offers both PS/2® and USB keyboard and mouse
ports on the local port. Note that the USB ports are USB v1.1, and
support keyboards and mice only – not USB devices such as scanners
or printers.
Yes, but Dominion KX II’s at-the-rack access goes way beyond
conventional OSD’s. Featuring the industry’s first browser-based
interface for at-the-rack access, KX II’s local port uses the same
interface for local and remote access. Moreover, most administrative
functions are available at-the-rack.
Page 7 of 11
Rev. May 2007
Dominion® KX II - Frequently Asked Questions
How do I select between
servers while using the local
port?
How do I ensure that only
authorized users can access
servers from the local port?
If I use the local port to
change the name of a
connected server, does this
change propagate to remote
access clients as well? Does
it propagate to the optional
CommandCenter appliance?
If I use Dominion KX II’s
remote administration tools to
change the name of a
connected server, does that
change propagate to the local
port OSD as well?
The local port displays the connected servers using the same user
interface as the remote client. Users connect to a server with a simple
click of the mouse.
Users attempting to use the local port must pass the same level of
authentication as those accessing remotely. This means that:
• If the Dominion KX II is configured to interact with an external
RADIUS, LDAP or Active Directory server, users attempting to
access the local port will authenticate against the same server.
• If the external authentication servers are unavailable,
Dominion KX II fails-over to its own internal authentication
database.
Dominion KX II has its own standalone authentication, enabling
instant, out-of-the-box installation.
Yes. The local port presentation is identical and completely in sync
with remote access clients, as well as Raritan’s optional
CommandCenter Secure Gateway management appliance. To be
clear, if the name of a server via the Dominion KX II on-screen display
is changed, this updates all remote clients and external management
servers in real-time.
Yes. If the name of a server is changed remotely, or via Raritan’s
optional CommandCenter Secure Gateway management appliance,
this update immediately affects Dominion KX II’s on-screen display.
Power Control
Does Dominion KX II have a
dual power option?
Does the power supply used
by Dominion KX II
automatically detect voltage
settings?
If a power supply or input
fails, will I be notified?
What type of power control
capabilities does Dominion
KX II offer?
Does Dominion KX II support
servers with multiple power
supplies? What if each
power supply is connected to
a different power strip?
Does remote power control
require any special server
configuration?
©Copyright Raritan, Inc. 2007
All KX II models come equipped with dual AC inputs and power
supplies with automatic fail-over. Should one of the power inputs or
power supplies fail, then the KX will automatically switch to the other.
Yes. Dominion KX II’s power supply can be used in AC voltage ranges
from 100-240 volts, at 50-60 Hz.
The KX II front panel LED will notify the user of a power failure. An
entry will also be sent to the Audit Log and displayed on the KX
Remote Client User Interface. If configured by the administrator, then
SNMP or Syslog events will be generated.
Raritan’s Remote Power Control power strips can be connected to the
Dominion KX II to provide power control of the target servers. After a
simple one-time configuration step, just right click on the server name
to power on, off or recycle a hung server. Note that a hard reboot
provides the physical equivalent of unplugging the server from the AC
power line, and reinserting the plug.
Yes. Dominion KX II can be easily configured to support multiple
power supplies connected to multiple power strips. Up to eight (8)
power strips can be connected to a KX II device. Four power supplies
can be connected per target server to multiple power strips.
Some servers ship with default BIOS settings such that the server
does not automatically restart after losing and regaining power. See
the server user manual for more details.
Page 8 of 11
Rev. May 2007
Dominion® KX II - Frequently Asked Questions
What type of power strips
does Dominion KX II
support?
To take advantage of Dominion KX II’s integrated power control user
interface, and more importantly, integrated security, use Raritan’s
Remote Power Control (RPC) power strips. RPCs come in many
outlet, connector and amp variations. The D2CIM-PWR must be
purchased to connect the RPC to the KX II.
Scalability
How do I connect multiple
Dominion KX II devices
together into one solution?
Can I connect an existing
analog KVM switch to
Dominion KX II?
Multiple Dominion KX II units do not need to be physically connected
together. Instead, each Dominion KX II unit connects to the network,
and they automatically work together as a single solution if deployed
with Raritan’s optional CommandCenter Secure Gateway (CC-SG)
management appliance. CC-SG acts as a single access point for
remote access and management. CC-SG offers a significant set of
convenient tools, such as consolidated configuration, consolidated
firmware update and a single authentication and authorization
database.
In addition, CC-SG enables sophisticated server sorting, permissions,
and access. If deployment of Raritan’s CC-SG management appliance
isn’t an option, multiple Dominion KX II units still interoperate and scale
automatically: The KX II’s remote user interface and the Multiplatform
Client will automatically discover Dominion KX II units. Nondiscovered Dominion KX II units can be accessed via a user-created
profile.
Yes. Analog KVM switches can be connected to one of Dominion KX
II’s server ports. Simply use a PS/2 Computer Interface Module (CIM),
and attach it to the user ports of the existing analog KVM switch.
Please note that analog KVM switches vary in their specifications and
Raritan cannot guarantee the interoperability of any particular thirdparty analog KVM switch. Contact Raritan technical support for further
information. Raritan’s Paragon® and Paragon II analog switches are IP
enabled by the IP-Reach® family of remote access products.
Computer Interface Modules (CIMs)
Can I use Computer Interface
Modules (CIMs) from
Raritan’s analog matrix KVM
switch, Paragon, with
Dominion KX II?
Can I use Dominion KX II
Computer Interface Modules
(CIMs) with Raritan’s analog
matrix KVM switch, Paragon?
©Copyright Raritan, Inc. 2007
Yes. Certain Paragon computer interface modules (CIMs) may work
with Dominion KX II (please check the Raritan Dominion KX II release
notes on the web site for the latest list of certified CIMs).
However, because Paragon CIMs cost more than Dominion KX II CIMs
(as they incorporate technology for video transmission of up to 1000
feet [300 meters]), it is not generally advisable to purchase Paragon
CIMs for use with Dominion KX II. Also note that when connected to
Dominion KX II, Paragon CIMs transmit video at a distance of up to
150 feet, the same as Dominion KX II CIMs – not at 1000 feet [300
meters], as they do when connected to Paragon.
No. Dominion KX II computer interface modules (CIMs) transmit video
at ranges of 50 to 150 feet (15 – 45 m) and thus do not work with
Paragon, which requires CIMs that transmit video at a range of 1000
feet (300 meters). To ensure that all Raritan’s customers experience
the very best quality video available in the industry – a consistent
Raritan characteristic – Dominion Series CIMs do not interoperate with
Paragon.
Page 9 of 11
Rev. May 2007
Dominion® KX II - Frequently Asked Questions
Security
What kind of encryption does
Dominion KX II use?
Does Dominion KX II support
AES encryption as
recommended by the US
Government’s NIST and FIPs
standards?
Does Dominion KX II allow
encryption of video data? Or
does it only encrypt keyboard
and mouse data?
How does Dominion KX II
integrate with external
authentication servers such
as Active Directory®,
RADIUS, or LDAP?
How are usernames and
passwords stored?
Does Dominion KX II support
strong password?
Dominion KX II uses industry-standard (and extremely secure) 128-bit
RC4 or AES encryption, both in its SSL communications as well as its
own data stream. Literally no data is transmitted between remote
clients and Dominion KX II that is not completely secured by
encryption.
The Dominion KX II utilizes the Advanced Encryption Standard (AES)
encryption for added security.
AES is a US government approved cryptographic algorithm that is
recommended by the National Institute of Standards and Technology
(NIST) in the FIPS Standard 197.
Unlike competing solutions, which only encrypt keyboard and mouse
data, Dominion KX II does not compromise security - it allows
encryption of keyboard, mouse and video data.
Through a very simple configuration, Dominion KX II can be set to
forward all authentication requests to an external server such as
LDAP, Active Directory or RADIUS. For each authenticated user,
Dominion KX II receives from the authentication server the user group
to which that user belongs. Dominion KX II then determines the user’s
access permissions depending on what user group to which he or she
belongs.
Should Dominion KX II’s internal authentication capabilities be used,
all sensitive information such as usernames and passwords are stored
in an encrypted format. Literally no one, including Raritan technical
support or Product Engineering departments, can retrieve those
usernames and passwords.
Yes. The Dominion KX II has administrator-configurable, strong
password checking to ensure that user created passwords meet
corporate and/or government standards and are resistant to brute
force hacking.
Manageability
Can Dominion KX II be
remotely managed and
configured via Web browser?
Can I backup and restore
Dominion KX II’s
configuration?
What auditing or logging
does Dominion KX II offer?
Can Dominion KX II integrate
with syslog?
©Copyright Raritan, Inc. 2007
Yes. Dominion KX II can be completely configured remotely via Web
browser. Note that this does require that the workstation have an
appropriate Java Runtime Environment J.R.E version installed.
Besides the initial setting of Dominion KX II’s IP address, everything
about the solution can be completely set up over the network. (In fact,
using a crossover Ethernet cable and Dominion KX II’s default IP
address, you can even configure the initial settings via Web browser.)
Yes. Dominion KX II’s device and user configurations can be
completely backed up for later restoration in the event of a
catastrophe.
Dominion KX II’s backup and restore functionality can be used
remotely over the network, or through a Web browser.
For complete accountability, Dominion KX II logs all major user events
with a date and time stamp. For instance, reported events include (but
are not limited to): user login, user logout, user access of a particular
server, unsuccessful login, configuration changes, etc.
Yes. In addition to Dominion KX II’s own internal logging capabilities,
Dominion KX II can send all logged events to a centralized syslog
server.
Page 10 of 11
Rev. May 2007
Dominion® KX II - Frequently Asked Questions
Can Dominion KX II integrate
with SNMP?
Can Dominion KX II’s internal
clock be synchronized with a
timeserver?
Yes. In addition to Dominion KX II’s own internal logging capabilities,
Dominion KX II can send SNMP tracks to SNMP management
systems like HP Openview and Raritan’s CC-NOC.
Yes. Dominion KX II supports the industry-standard NTP protocol for
synchronization with either a corporate timeserver, or with any public
time server [assuming that outbound NTP requests are allowed
through the corporate firewall].
Miscellaneous
What is Dominion KX II’s
default IP address?
What is Dominion KX II’s
default username and
password?
I changed and subsequently
forgot Dominion KX II’s
administrative password; can
you retrieve it for me?
192.168.0.192
The KX II’s default username and password are admin/raritan [all
lower case]. However, for the highest level of security, the KX II forces
the administrator to change the Dominion KX II default administrative
username and password when the unit is first booted up.
KX II contains a hardware reset button that can be used to factory
reset the device, which will reset the administrative password on the
device.
* KX2-464 available 3Q07.
©Copyright Raritan, Inc. 2007
Page 11 of 11
Rev. May 2007