Raritan Dominion KX 1.4 Setup guide

Dominion KX Frequently Asked Questions (FAQ)
General Questions
Q. What is Dominion KX?
A. Dominion KX is a digital KVM (keyboard / video / mouse) switch that enables IT
administrators to access and control 16 or 32 servers over the network with BIOS-level
functionality. Dominion KX is completely hardware and OS-independent; users can
troubleshoot and reconfigure servers even when servers are down.
At the rack, Dominion KX provides the same functionality, convenience, space savings,
and cost savings as do traditional analog KVM switches. However, Dominion KX also
integrates the industry’s highest-performing KVM Over IP technology, thereby allowing
multiple administrators to access server KVM consoles from any networked workstation in
the world.
Q. How does Dominion KX
differ from remote control
A. When using Dominion KX remotely, the interface, at first glance, may seem similar to
remote control software such as PC Anywhere, Windows Terminal Services / Remote
Desktop, VNC, etc. However, because Dominion KX is not a software but a hardware
solution, it is much more powerful:
OS and hardware independent – Dominion KX can be used to manage
any type of server running any OS, whether Intel, Sun, PowerPC running
Windows, Linux, Solaris, Novell, etc.
State-independent / Agent-less – Dominion KX does not require the
managed server OS to be up and running, nor does it require any special
software to be installed on the managed server.
Out-of-Band – Even if the managed server’s own network connection is
unavailable, it can still be managed through Dominion KX.
BIOS-level access – Even if the server is hung at boot up, requires
booting to safe mode, or requires system BIOS parameters to be altered,
Dominion KX still works flawlessly to enable these configurations to be
Remote Access
Q. How many users can
remotely access servers on
each Dominion KX?
Q. Can two people look at the
same server at the same time?
A. Currently, Dominion KX models offer concurrent transmissions of up to two
unique servers at any time. Dominion KX can, thereby, provide any of the following
1 User, viewing two unique servers simultaneously
2 Users, each viewing unique servers simultaneously
8 Users – four viewing one server; four viewing a different server
Any other permutations of up to 8 users, viewing up to 2 unique servers
A. Yes, up to eight people can look at the same server at the same time.
Q. In order to access Dominion
KX from a client, what
hardware, software, or network
configuration is required?
A. Because Dominion KX is completely Web-accessible; it does not require
proprietary software to be installed on clients used for access. (Although an optional
installed client is provided in the box for the purposes of accessing Dominion KX via
Dominion KX can be accessed through any major Web browser including: Internet
Explorer, Netscape, and Mozilla. Currently, Dominion KX requires that the Web
browser run on a Win32 platform with permissions to launch and execute an ActiveX
Dominion KX administrators can also perform remote management (set passwords
and security, rename servers, change IP address, etc.). To perform remote
management from a given workstation, you must also have Java Runtime
Environment of v1.4.x or later installed.
Q. What is the file size of the
applet used to access
Dominion KX? How long does
it take to retrieve?
Q. How do I access servers
connected to Dominion KX if
the network ever becomes
A. The applet used to accessed Dominion KX is approximately 1.4MB in size. The
following chart describes the time required to retrieve Dominion KX’s applet at
different network speeds:
Theoretical 100Mbit
network speed
0.1 seconds
Likely practical
100Mbit network
0.2 seconds
Theoretical 10Mbit
network speed
1.1 seconds
Likely practical
10Mbit network
2 seconds
Cable modem
download speed
22 seconds
Dial-up modem
theoretical speed
3 minutes
Likely practical dialup modem speed
5 minutes
A. Dominion KX offers a dedicated modem port for attaching an external modem. With
this dedicated modem, your servers can still be remotely accessed in the event of a
network emergency. Furthermore, Dominion KX’s local ports always allow access to your
servers from the rack, no matter the network condition.
Ethernet Networking
Q. How much bandwidth does
Dominion KX require?
A. Dominion KX offers integrated IP-Reach™ technology – the very best video
compression available. Raritan has received numerous technical awards confirming its
high video quality transmissions and the low bandwidth utilization.
Raritan pioneered the KVM Over IP functionality that allows users to tailor their video
parameters to conserve network bandwidth. For instance, when connecting to Dominion
KX through a dial-up modem connection, video transmissions can be scaled to grayscale
– allowing you to be fully productive while ensuring high performance.
With that in mind, the following data refers to Dominion KX at its default video settings –
again, these settings can be tailored to your environment. They can be increased to
provide even higher quality video (color depth), or decreased to optimize for low-speed
As a general rule, a conservative estimate for bandwidth utilization (at Dominion KX’s
default settings) is approximately 0.5Mbit/seconds per active KVM user (connected to and
using a server), with very occasional spikes up to 2MBit/seconds. This is a very
conservative estimate because bandwidth utilization will typically be even lower.
Bandwidth required by each video transmission depends on what task is being performed
on the managed server. The more the screen changes, the more bandwidth is utilized.
The table below summarizes some use cases and the required bandwidth utilization at
Dominion KX’s default settings on a 10Mbit/s network:
Idle Windows Desktop
0 Mbit/s
Move Cursor Around Desktop
400x600 0.35Mbit/s
Window/Dialog Box
Q, What is the slowest
connection (lowest bandwidth)
over which Dominion KX can
Navigate Start Menu
Scroll an Entire Page of Text
Run 3D Maze Screensaver
A. The slowest connection is 20kbits per second (a slow dial-up modem).
Q. What is the speed of
Dominion KX’s Ethernet
A. Dominion KX offers two 10/100 speed Ethernet interfaces, with configurable speed
and duplex settings (either auto-detected or manually set). Dominion KX does not require
a gigabit Ethernet interface because its output (see above question) would never even
come close to exceeding the 100Mbit/sec limit of 10/100 Ethernet networking.
Q. Can I access Dominion KX
over a wireless connection?
A. Yes. Dominion KX not only utilizes standard Ethernet, but also uses very conservative
bandwidth with very high quality video. Thus, if you have a wireless client with network
connectivity to Dominion KX, you can configure and manage your servers at BIOS-level
Q. Can Dominion KX used
over the WAN (Internet), or
just over the corporate LAN?
A. Yes. Whether via a fast corporate LAN, the less predictable WAN (Internet), a cable
modem, or dial-up modem, Dominion KX’s KVM Over IP technology can accommodate
your connection. Raritan’s IP-Reach KVM Over IP technology is integrated into every
Dominion KX unit. Raritan pioneered configurable video compression technology,
leading the industry by years, as evidenced by its awards.
Q. Can I use Dominion KX with
a VPN?
Q. How many TCP ports must
be open on my firewall in order
to enable network access to
Dominion KX? Are these ports
Q. Does the secondary
network port provide
redundant fail-over, or load
Q. Can Dominion KX
be rack mounted?
Q. How large is Dominion KX?
Q. Does Dominion KX require
an external authentication
server to operate?
A. Yes. Dominion KX uses standard Internet technologies from Layer 1 through Layer 4.
Traffic can be easily tunneled through any standard VPN.
A. Only one. Dominion KX protects your network security by only requiring access to a
single TCP port to operate. This port is completely configurable for additional security.
Note that, of course, to utilize Dominion KX’s optional Web browser capability, the
standard HTTPS port 443 must also be open.
A. Currently the secondary network port provides redundant fail-over capabilities: should
the primary Ethernet port (or the switch/router to which it is connected) fail, Dominion KX
will fail-over to the secondary network port with the same IP address – ensuring that your
server operations are not disrupted.
A. Yes, Dominion KX ships standard with 19” rack mount brackets. It can also be reverse
rack mounted such that the server ports face forward.
A. Dominion KX is only 1U in height, fits in a standard 19” rack mount, and occupies only
11.4” (29 cm) in depth
A. No. Dominion KX is a completely self-sufficient appliance. After assigning an IP
address to Dominion KX, it is ready to use – with web browser and authentication
capabilities completely built-in.
Of course, should you desire to use an external authentication server (such as LDAP,
Active Directory, RADIUS, etc.), Dominion KX allows you to, and will even fail-over to its
own internal authentication should your external authentication server become
unavailable. In this way, Dominion KX’s design philosophy is optimized to provide ease of
installation, complete independence from any external server, and maximum flexibility.
Q. Does Dominion KX depend
on a Windows server to
A. Absolutely not. Because you depend on your KVM infrastructure to always be
available in any scenario whatsoever (as you will likely need to use your KVM
infrastructure to fix problems), Dominion KX is designed to be completely independent
from any external server.
For example, should your data center come under attack from a malicious Windows worm
or virus, you will need to use your KVM solution to resolve the situation. Therefore, it is
imperative that your KVM solution, in turn, must not rely on these same Windows servers
(or any server, for that matter) to be operational in order for the KVM solution to function.
To this end, Dominion KX is completely independent. Even if you choose to configure
your Dominion KX to authenticate against an Active Directory server – if that Active
Directory server becomes unavailable, Dominion KX’s own authentication will be
activated and fully functional.
Q. Do I need to install a Web
server such as Microsoft
Internet Information Services
(IIS) in order to utilize
Dominion KX’s Web browser
A. No. Dominion KX is a completely self-sufficient appliance. After assigning an IP
address to Dominion KX, it is ready to use – with Web browser and authentication
capabilities completely built-in.
Q. What software do I have to
install in order to access
Dominion KX from a particular
Q. What should I do to prepare
a server for connection to
Dominion KX?
Q. What comes in the
Dominion KX box?
A. None. Dominion KX can be accessed completely via a Web browser. (Although an
optional installed client is provided in the box for the purpose of accessing Dominion KX
via modem.)
A. Servers connected to Dominion KX do not require any software agents to be installed,
because Dominion KX connects directly via hardware to servers’ keyboard, video, and
mouse ports. In order to provide users with the best mouse synchronization during
remote connections, however, you must configure your managed servers’ mouse settings
(principally, the “acceleration” setting) as instructed in the Dominion KX Quick Setup
Guide and Manual.
A. (a) Dominion KX unit; (b) Quick Setup Guide; (c) standard 19” rack mount brackets; (d)
User manual CD-ROM; (e) Network cable; (f) Crossover cable; (g) Localized AC Line
Cord; (h) Warranty certificate and other documentation.
Q. Besides the unit itself, what
do I need to order from Raritan
to install Dominion KX?
Q. What kind of Cat5 cabling
should be used in my
A. For each server that you wish to connect to Dominion KX, you will require a computer
interface module (CIM), a very small dongle that connects directly to the keyboard, video,
and mouse ports of your server.
A. Dominion KX can use any standard UTP (twisted pair) cabling, whether Cat5, Cat5e,
or Cat6. Often in our manuals and marketing literature, Raritan will simply say “Cat5”
cabling for short. In actuality, any brand UTP cable will suffice for Dominion KX.
Q. What types of servers can
be connected to Dominion KX?
A. Dominion KX is completely vendor independent. Any server with keyboard, video, and
mouse ports can be connected.
Q. How do I connect servers to
Dominion KX?
A. For each server that you wish to connect to Dominion KX, you will require a computer
interface module (CIM), a very small dongle that connects directly to the keyboard, video,
and mouse ports of your server. Then, connect each dongle to Dominion KX using
standard UTP (twisted pair) cable such as Cat5, Cat5e, or Cat6.
Q. How far can my servers be
from Dominion KX?
Q. Some operating systems
“lock up” if you disconnect a
keyboard or mouse during
operation. What prevents
servers connected to Dominion
KX from “locking up” when
users switch away from them?
A. Servers can be up to 50 feet (15 meters) away from Dominion KX.
A. Each computer interface module (CIM) dongle acts as a virtual keyboard and mouse to
the server to which it is connected. This technology is called KME (keyboard/mouse
emulation). Raritan’s KME technology is data center grade, battle-tested, and far more
reliable than that found in lower end KVM switches: it incorporates more than 15-years of
experience, has been deployed to millions of servers worldwide.
Q. Are there any agents that
must be installed on servers
connected to Dominion KX?
Q. How many servers can be
connected to each Dominion
KX unit?
Q. What happens if I
disconnect a server from
Dominion KX and reconnect it
to another Dominion KX unit,
or connect it to a different port
on the same Dominion KX
Q. How do I connect a serially
controlled (RS-232) device to
Dominion KX, such as a Cisco
router/switch or a headless
Sun server?
A. Servers connected to Dominion KX do not require any software agents to be installed,
because Dominion KX connects directly via hardware to servers’ keyboard, video, and
mouse ports.
A. Dominion KX models range, offering up to 32 server ports per unit – in a 1U chassis,
this is the industry’s highest digital KVM switch port density.
A. Dominion KX will automatically update the server port names when servers are moved
from port to port. Furthermore, this automatic update does not just affect the local access
port, but it propagates to all remote clients and the optional CommandCenter
management appliance.
A. If you only have a few serially-controlled devices, you may connect them to Dominion
KX using Raritan’s serial computer interface module (CIM).
However, if you have four or more serially controlled devices, we recommend the use of
Raritan’s Dominion SX model line of secure console servers. For multiple serial devices,
Dominion SX offers more functionality at a better price point than Dominion KX, while
being just as easy to use, configure and manage, and can be completely integrated with
your Dominion Series deployment. In particular, many UNIX and networking
administrators appreciate the ability to directly SSH to a Dominion SX unit (which
Dominion KX, a digital KVM switch, does not offer).
Local Port
Q. Can I access my servers
directly from the rack?
Q. When I am using the local
port, do I prevent other users
from accessing servers
Q. Can I use a USB keyboard
or mouse at the local port?
Q. How do I select between
servers while using the local
port? Is there an On-Screen
Display (OSD)?
A. Yes, at the rack Dominion KX functions just like a traditional KVM switch – allowing
you to control up to 32 servers using a single keyboard, mouse, and monitor.
A. No. The Dominion KX local port has a completely independent access path to the
servers. This means a user can access servers locally at the rack – without compromising
the number of users that access the rack remotely at the same time.
A. Yes. Dominion KX offers both PS/2 and USB keyboard and mouse ports on the local
rack. Note that the USB ports are USB v1.1, and support keyboards and mice only – not
USB devices such as scanners or printers.
A. Yes. Dominion KX’s local access port displays an on-screen display interface that
presents a list of all servers connected to the Dominion KX unit. Users interact with this
convenient on-screen display interface to select a connected server.
Q. How do I ensure that only
authorized users can access
servers from the local port?
Q. If I use the local port to
change the name of a connect
server, does this change
propagate to remote access
clients as well? Does it
propagate to the optional
CommandCenter appliance?
Q. If I use Dominion KX’s
remote administration tools to
change the name of a
connected server, does that
change propagate to the local
port OSD as well?
A. Dominion KX offers the very best local port authentication scheme available on the
market: users attempting to use the local port must pass the same level of authentication
as those accessing remotely. This means that:
If you have configured Dominion KX to interact with an external RADIUS,
LDAP, or Active Directory server, users attempting to access the local port
will authenticate against the same server.
If you have configured Dominion KX to be managed by Raritan’s
CommandCenter management appliance, users attempting to access the
local port will authenticate against CommandCenter (which in turn can
also integrate with RADIUS, LDAP, Active Directory, or TACACS [see
CommandCenter data sheet and FAQ for more details]).
In either of the above scenarios, if the external authentication servers are
unavailable, Dominion KX fails-over to its own internal authentication
Dominion KX has its own standalone authentication, enabling instant on,
out-of-the-box installation.
A. Yes. The local port presentation is identical and completely in sync with remote access
clients, as well as Raritan’s optional CommandCenter management appliance. To be
clear, if you change the name of a server via the Dominion KX on-screen display, this
updates all remote clients and external management servers in real-time.
A. Yes, if you change the name of a server remotely, or via Raritan’s optional
CommandCenter management appliance, this update immediately affects Dominion KX’s
on-screen display.
Power Control
Q. What type of power control
capabilities does Dominion KX
A. Because Dominion KX enables you to remotely manage servers; it also incorporates
the critical functionality of hard power control to servers. Instead of using a third-party tool
for power control (likely with lower security and fail-safe capabilities as Dominion KX), you
can use Dominion KX’s fully integrated remote power control.
When remotely connected to an appropriately configured Dominion KX, simply select the
power control options to hard reboot a hung server. Note that a hard reboot provides the
physical equivalent of unplugging the server from the AC power line, and re-inserting the
Q. Does Dominion KX support
servers with multiple power
supplies? What if each power
supply is connected to a
different power strip?
Q. Does remote power control
require any special server
A. Yes. Dominion KX can be easily configured to support multiple power supplies
connected to multiple power strips.
A. Some servers ship with default BIOS settings such that the server does not restart
after losing and regaining power. See your server user manual for more details.
Q. What type of power strips
does Dominion KX support?
A. Dominion KX can support any serially controlled power strips supplied by any vendor,
by using our Serial (RS-232) computer interface module.
However, to take advantage of Dominion KX’s integrated power control user interface,
and more importantly, integrated security, you must use Raritan’s power strips (“remote
power control units”). These power strips come in many outlet, connector, and amp
variations – simply order any Raritan power strip whose part number ends in the “-PK”
designation. The most popular units are:
8 receptacle, 110V, 15A, NEMA 5-15P, NEMA 5-15R, 1U
8 receptacle, 220V, 10A, IEC320 C14 P, IEC320 C13 R, 1U
12 receptacle, 110V, 20A, NEMA L5-20P, NEMA 5-15R, "zero-U"
12 receptacle, 110V, 20A, NEMA 5-20P, NEMA 5-15R, "zero-U"
12 receptacle, 220V, 10A, IEC320 C14 P, IEC320 C13 R, "zero-U"
20 receptacle, 110V, 20A, NEMA L5-20P, NEMA 5-15R, "zero-U"
20 receptacle, 110V, 20A, NEMA 5-20P, NEMA 5-15R, "zero-U"
20 receptacle, 220V, 16A, IEC320 C20 P, IEC320 C13 R, "zero-U"
20 receptacle, -48VDC, 60A, DC Terminal P, DC Terminal R, "zero-U“
Q. How do I connect multiple
Dominion KX devices together
into one solution?
A. Multiple Dominion KX units do not need to be physically connected together. Instead,
each Dominion KX unit connects to the network, and they automatically work together as
a single solution:
If you deploy Raritan’s optional CommandCenter management appliance,
CommandCenter acts as a single access point for remote access and
management. CommandCenter offers a significant set of convenient tools,
such as consolidated configuration, consolidated firmware update, and a
single authentication and authorization database.
In addition, CommandCenter enables sophisticated server sorting,
permissions, and access functionality – for instance, you can create an
attribute called “Operating System”, and in one step enable only the Active
Directory group “SYSADMINS” to access those servers whose “Operating
System” attribute is set to “Windows”. See CommandCenter data sheet
and FAQ for more details.
Q. Can I connect an existing
analog KVM switch to
Dominion KX?
If you do not take advantage of Raritan’s optional CommandCenter
management appliance, multiple Dominion KX units still interoperate and
scale automatically: Dominion KX’s remote access applet automatically
discovers all Dominion KX units in your network.
A. Yes. If you would like to add remote access capabilities to your existing analog KVM
switch, you can connect your KVM switch to one of Dominion KX’s server ports. Simply
use a PS/2 Computer Interface Module (CIM), and attach it to the user ports of your
existing analog KVM switch.
Please note, however, that KVM switches from most other manufacturers do not have as
reliable keyboard and mouse emulation technologies as do Raritan KVM switches.
Therefore, if your existing analog KVM switch is not a Raritan brand switch, you may
occasionally encounter keyboard or mouse aberrations, and as such Raritan cannot
certify the use of any particular third-party analog KVM switch.
Computer Interface Modules (CIMs)
Q. Can I use Computer
Interface Modules (CIMs) from
Raritan’s analog matrix KVM
switch, Paragon, with
Dominion KX?
Q. Can I use Z-Series “daisychaining” Computer Interface
Modules (CIMs) with Dominion
Q. Can I use Dominion KX
Computer Interface Modules
(CIMs) with Raritan’s analog
matrix KVM switch, Paragon?
A. Yes. For complete interoperability, certain Paragon computer interface modules (CIMs)
do work with Dominion KX (please check the Raritan web site for the latest list of certified
However, because Paragon CIMs cost more than Dominion KX CIMs (as they incorporate
technology for video transmission of up to 1000 feet [300 meters]), it is not generally
advisable to purchase Paragon CIMs for use with Dominion KX. Also note that when
connected to Dominion KX, Paragon CIMs transmit video at a distance of 50feet [15
meters], the same as Dominion KX CIMs – not at 1000 feet [300 meters], as they do
when connected to Paragon.
A. At the present time, Raritan’s Z-Series “daisy-chaining” computer interface modules do
not work with Dominion KX. This capability will be incorporated in future releases –
requiring only a firmware upgrade.
A. No. Dominion KX computer interface modules (CIMs) transmit video at a range of
50feet (15 meters) and thus do not work with Paragon, which requires CIMs that transmit
video at a range of 1000 feet (300 meters). To ensure that all Raritan’s customers
experience the very best quality video available in the industry – a consistent Raritan
characteristic – Dominion Series CIMs do not interoperate with Paragon.
Q. What kind of encryption
does Dominion KX use?
Q. Does Dominion KX allow
encryption of video data? Or
does it only encrypt keyboard
and mouse data?
Q. How does Dominion KX
integrate with external
authentication servers such as
Active Directory, RADIUS, or
Q. How are usernames and
passwords stored?
A. Dominion KX utilizes industry-standard (and extremely secure) 128-bit RC4
encryption, both in its SSL communications as well as its own data stream. Literally no
data is transmitted between remote clients and Dominion KX that is not completely
secured by encryption.
A. Unlike competing solutions, which only encrypt keyboard and mouse data, Dominion
KX does not compromise your security - it allows encryption of keyboard, mouse and
video data.
A. Through a very simple configuration, Dominion KX can be set to forward all
authentication requests to an external server such as LDAP, Active Directory, or RADIUS.
For each authenticated user, Dominion KX receives from the authentication server the
user group to which that user belongs. Dominion KX then determines the user’s access
permissions depending on what user group to which he belongs.
A. Should you use Dominion KX’s internal authentication capabilities, all sensitive
information such as usernames and passwords are stored in a hashed format. Literally no
one, including Raritan technical support or Product Engineering departments, can retrieve
those usernames and passwords.
Q. Can Dominion KX be
remotely managed and
configured via web browser?
A. Yes. Dominion KX can be completely configured remotely via Web browser. Note that
this does require that your workstation have Java Runtime Environment 1.4.x (or later)
Besides the initial setting of Dominion KX’s IP address, everything about the solution can
be completely set up over the network. (In fact, using a crossover Ethernet cable and
Dominion KX’s can configure even the initial settings configured via Web browser.)
Q. Can I backup and restore
Dominion KX’s configuration?
A. Yes, Dominion KX’s configuration can be completely backed up for later restoration in
the event of a catastrophe. More commonly, this functionality is also very useful for
configuring multiple Dominion KX units if you have not deployed Raritan’s
CommandCenter centralized management appliance (i.e., configure one unit completely,
back up its configuration, and then “restore” it to all remaining units).
Dominion KX’s backup and restore functionality can be utilized remotely over the network;
in fact, via a Web browser.
Q. What auditing or logging
does Dominion KX offer?
Q. Can Dominion KX integrate
with syslog?
Q. Can Dominion KX’s internal
clock be synchronized with a
Q. Does the power supply
used by Dominion KX
automatically detect voltage
A. For complete accountability, Dominion KX logs all major user events with a date and
time stamp. For instance, reported events include (but are not limited to): user login, user
logout, user access of a particular server, unsuccessful login, configuration changes, etc
A. Yes, for your convenience, in addition to Dominion KX’s own internal logging
capabilities, Dominion KX can also send all logged events to a centralized syslog server.
A. Yes, Dominion KX supports the industry-standard NTP protocol for synchronization
with either your corporate timeserver, or with any public time server [assuming that
outbound NTP requests are allowed through your corporate firewall].
A. Yes, Dominion KX’s power supply can be used in any AC voltage ranges from 88–264
volts, at 47–63 Hz.
Q. What is Dominion KX’s
default IP address?
Q. What is Dominion KX’s
default username and
Q. I changed and
subsequently forgot Dominion
KX’s administrative password;
can you retrieve it for me?
Q. Is 24/7 Technical Support
available for Dominion KX?
A. For the highest level of security, Raritan highly recommends that users reconfigure
their Dominion KX default administrative username and password of ( admin / raritan [all
lower case]) as soon as the unit is connected to the network.
A. For the highest level of security, literally nobody can retrieve lost administrative
passwords. Contact your regional Raritan technical support department for instructions on
how to completely reset your unit to factory default settings.
A. Yes.
