DRAC 5 console with Firefox 3.0.5 on Red Hat
adam.nielsen at uq.edu.au
Thu Mar 18 00:48:13 CDT 2010
> I meant this to kinda address your very good question. ISTM that
> there's been a lot of fragmentation between VNC clients. If AT&T Labs
> hadn't closed at the time they had, maybe they would have released
> fully-open and GPL VNC server and clients. If that had happened,
> surely everyone would have worked off this same codebase. As it was,
> development by 3rd-parties happened at a non-optimal time for
> compatibility of this feature they all needed. I'm not going to get
> into a detailed history or comparison, but I believe there are
> incompatibilities even between the fully-open softwares.
Sorry you're right, I just looked at the spec again and I was thinking
of authentication (which can be encrypted using a variety of methods)
but yes, there's no encryption for the rest of the data. I'm surprised
nobody has agreed on an extension to implement this.
> My Blackbox KV9308 KVM offers VNC over ssh port-forwarding. It's
> utterly lush. It even implements a menu displayed inside the VNC
> framebuffer, so that you can switch the KVM to view different managed
> servers (resync the mouse, virtual keyboard, adjust video quality and
> settings) from within the standard VNC client. I'll have to post
> screenshots if anyone is interested.
Wow that sounds really nice. I wouldn't mind seeing a screenshot or two...
> The browser plug-ins do offer the virtual-media facilities, but they
> operate on a separate port. So why couldn't the screen viewer (server
> and browser-launched viewer) be completely VNC based?
That's the only thing I could think of too, but you're right, they could
be separate plugins. There are even Flash based VNC viewers, so it's
not like Dell would've had to sacrifice the in-browser console by using
VNC instead. I still think SSH'ing into the DRAC and mounting something
over the network would be a much nicer way of using virtual media anyway.
> Dell are not unique in doing this, mind you - my last KVM-IP was just
> the same. Actually, that was rebadged by several companies (including
> Avocent) and the software was based, I believe, on a reference
> implementation by the Tawianese manufacturer of the framegrabber chip.
I know what you mean, I still don't understand why they all persist with
these unreliable methods. People like us who don't use a 10 year old
version of IE must really be in the minority...
> Like I say, I have to wonder if any kind of encrypted VNC standard or
> well-enough developed open client/server was available at the time
> that the DRAC was first developed. I don't think there was.
Perhaps not, but SSH and port forwarding were certainly around. You
could argue that encryption like this doesn't really belong in the
protocol itself, after all, why reimplement something like this and risk
making a mistake (leading to a security flaw) when you could make use of
the very well tested SSH encryption scheme instead?
Maybe that argument was precisely why they went with the rebranding
approach - they assumed the other guys knew what they were doing...
More information about the Linux-PowerEdge