1

Remote Access

July 10, 2007

2

What we’ll cover

Remote access to NCAR’s network Remote access to Servers, Routers,

Switches

3

Remote access to NCAR’s network – via dialup:

Primary Uses Outsource Provider Architecture Configuration

RADIUS Dialup Client

4

Primary Uses

Provide network connectivityWhen working from homeWhen traveling via 1-800When working from remote sitesAs a last resort when no other means of

connectivity is available For NCAR Airplanes

5

Outsource Provider

Level 3 – Managed Modem50 ports, burst up to 150 portsOne local number, one toll free number$30/port MRC + toll free usage

6

Architecture

Local Exchange

Carrier

Dial-up User

SS7 Network

NAS D A C S

NAS Router

Proxy RADIUS Server

Voice Router

L3 Gateway Site

SS7 Gateway

Soft Switch

Soft Switch

L3 Soft Switch Site NCAR Site

NCAR Router

NCAR’s Network

NCAR RADIUS Server

Level 3 Network

1

3

2

2

5 6

Internet

7

8 4

9

Internet

10

7

RADIUS Configuration

L3 does NOT maintain userid/password database. UCAS userid/passwords used for authentication Separate Authorization for Local and toll-free Called number used for authorization “Special” non UCAS users authenticated with <userid>@local Creates accounting records

NCAR’s Radius Proxy

NCAR’s Radius Server

UCASRADIUS requests from Level 3

Level 3’s Radius Proxy

8

Dialup Client Configuration

Local phone number: 720-259-1189 Toll Free Number: 866-450-6664 Authentication Protocol: PAP Userid/password: UCAS userids and

passwords will be used for authenticating calls to the local and toll-free phone numbers.

Networking Protocol: PPP Must use VPN to access NCAR’s network

9

Remote Access via Dialup Stats

Since moving to Level3 182 unique users Longest connected

Total minutes = 175190 Total sessions = 9

Most frequent caller Total session = 581 Total minutes = 9013

Peak simultaneous users, approx 15

10

Remote Access to Servers, Routers, Switches

Types of user interfaces KVM or Terminal Server? Types of remote access

11

Types of user interfaces GUI

windows/ linux servers, etc

Command Line routers, switches,

linux servers, etc

12

KVM or Terminal Server? KVM

Uses Keyboard, Video, and Mouse ports for GUI

Windows/ linux servers, etc

Terminal Server – Uses serial port Routers, switches,

linux servers, etc

13

Types of Remote Access

In Band

IP Network

Telnet or sshx

OOB (Out of Band)

IP Network

Telephone

Network

Console connection via modem

x

14

KVM

Setup & Configuration NCAR’s KVM equipment KVM configuration Server Side configuration Client Side configuration (KVM over IP only)

User Interface OSCAR KVM over IP

15

Setup & Configuration: NCAR’s KVM equipmentNCAR purchased Avocent’s DSView3 management

software, DSR2030, and DSR4030.

16

Setup & Configuration: NCAR’s KVM equipment (cont.)

DSR 2030 DSR 2030DSR 4030ML FL

DSView

DSView Client

Local KMM Local KMM Local KMM

Logical Connection

17

Setup & Configuration: KVM configuration Authentication – KVM over IP uses RADIUS

(token), then local. Local access uses nets/nets. Authorization – KVM over IP allows control of

access to ports/servers. Local access, access to all ports.

Encryption – keyboard, video, mouse from kvm to client

TCP Ports – Default ports are 1078, 3211, 3871, 8192, 2068.

Proxy all sessions through DSView.

18

Setup & Configuration: Server Side configuration

KVM terminator – max distance 150 ft. between DSR and KVM terminator.

Mouse - Mouse acceleration should be turned off and the motion speed should be set to medium.

19

Setup & Configuration: Server Side configuration (cont.)

Video - Supported Screen Resolutions and Refresh Rates640 x 480 @ 60 Hz800 x 600 @ 75 Hz960 x 700 @ 75 Hz1024 x 768 @ 75 Hz1280 x 1024 @ 75 Hz

20

Setup & Configuration: Client Side configuration The DSView 3 software supports the following browsers:

Microsoft Internet Explorer version 6.0 SP1 and later Mozilla version 1.7.3 and later Firefox version 1.0 and later; version 1.5 or later is required for

Macintosh operating systems Netscape version 7.2 and later NOTE: The Macintosh Safari browser is not supported by

DSView 3 software. On supported Macintosh system clients, you must use Firefox version 1.5 or later.

TCP ports 443 and 1078 are used to display the video feed over IP Requires jre version 1.5.0_02 to support the KVM viewer

21

User Interface

Local via the OSCAR (On-Screen Configuration and Activity Reporting) interface

KVM over IP using DSView3

22

User Interface: OSCAR

1) Open the rack mounted KMM (keyboard, mouse, monitor). Hit the “Print Screen” key. Use the password printed on the keyboard to login.

2) You will be presented with OSCAR’s main window . Local users have access to all ports. Use the UP/Down arrows to select a port and hit enter. The video feed from the selected port will appear.

3) To exit, the “Print Screen” key which will take you back to the Main Menu. Click on “Log out” to exit.

23

User Interface: OSCAR (cont.)

OSCAR Interface Navigation BasicsKeystroke Function Print Screen Opens the OSCAR interface. Press Print Screen twice to send the

Print Screen keystroke to the currently selected DSRIQ module. F1 Opens the Help screen for the current dialog box. Escape Closes the current dialog box without saving changes and returns to the

previous one. If the Main dialog box is displayed, pressing Escape closes the OSCAR interface and displays a status flag if status flags are enabled. See the Controlling the status flag section on page 30 for more information. In a message box, pressing Escape closes the pop-up box and returns to the current dialog box.

Enter Completes a switch operation in the Main dialog box and exits the OSCAR interface.

Up/Down Arrows Moves the cursor from line to line in lists. Right/Left Arrows Moves the cursor between columns. When editing a text box,

these keys move the cursor within the column. Page Up/Page Down Pages up and down through Name and Port lists and Help

pages.

24

User Interface: KVM over IP

Live DemoSingle Cursor ModeAuto Scale Mode

25

Terminal Server

NCAR’s equipment User Interface

26

Terminal Server – NCAR’s Equipment

32 port Async card

Cisco 3640

27

Terminal Server – NCAR’s Equipment (cont.)

Cisco 3640

ML

Routers/switches

Network connection

Modem

To Telco

Serial Connections to Console port

28

Terminal Server – User Interface

29

Coming Attractions

Remote access via dialup Cricket stats

KVM Virtual media OOB access via modem Integration with other CISL groups?

Terminal Server Migrate from 3600 to voip routers

30

Links

Remote Access via Dialuphttp://netserver.ucar.edu/nets/internal/docs/ras/index.html

Remote Access - KVMhttp://netserver.ucar.edu/nets/internal/devices/kvm/avocent_kvm.html

Remote Access - Terminal Servershttp://netserver.ucar.edu/nets/internal/devices/term-servers/index.html