The Raritan Blog

What to Look for in a Smart Card-Enabled KVM Solution

September 13, 2010

With the release of the U.S. federal government’s HSPD-12 directive a few years ago, many CIO’s and IT managers found themselves with a key issue to address: how to authenticate both local and remote IT personnel as they access government servers and networks. HSPD-12 mandates secure, authenticated access to all federal information systems and buildings. While smart cards were already in use in several industries worldwide, their use really exploded when the U.S. Department of Defense responded to HSPD-12 by utilizing smart card technology as the basis for implementing its Common Access Card program (CAC). More recently, the DoD introduced a new type of smart card known as a Personal Identity Verification card (PIV), which must conform to the FIPS-201 standard.

Using a smart card to access a PC or server that’s within arm’s reach is easy. However, a major challenge is to support this directive in the data center or any application in which users must access multiple servers or PCs that are often located in a separate room, let alone several feet away. It’s inefficient to connect a smart card reader to each device and insert the card each time access is needed. In fact, it’s usually not possible to do so. In many cases, users need to access servers in inaccessible rooms – and with different security levels.

To meet this need, several smart card-enabled KVM solutions have been introduced by the industry’s primary vendors. Of course, no two are exactly alike, so what do you need to look for? It’s important to choose not only a solution that fulfills the basic requirement of supporting smart card authentication to multiple servers from a single location, but also one that makes the necessary feature adjustments that meet and exceed the highly secure operation requirements inherent of a smart card environment.

Here are some key factors to consider:

• The integration with the smart card reader should be plug & play. Smart card readers, their middleware, and the authentication server that manages user credentials each strictly follow industry specifications. The goal of a smart card-enabled KVM switching solution is to extend card access to the user, no matter their location. Implementation should be easy and straightforward.

• The solution must not store or cache smart card data. A KVM system could be a major security risk if it performs data caching of any kind. It’s critical that the KVM system does not store or cache the card data. It should only transmit data to a single server at a time upon request, and only from a card that is physically present in the reader. By implication, the following behavior should occur:

• Automatic Log Out: The card reader (and thus the KVM system) should support the automatic loss of authentication to the server upon removal of the card. Also, switching away from a server should essentially be considered the same behavior as removing the smart card. And because the card data is not being stored or cached, users will automatically be required to re-authenticate when switching between servers. As a result, the card can conveniently remain in the reader during the user’s session.

• The solution should automatically enter “private mode.” A common feature of most KVM platforms is to allow multiple users to simultaneously access a particular server. When smart cards are in use, the solution should automatically enter in to “private mode,” allowing only one user at a time to access servers connected to the KVM switch.

• The solution should adapt its core features for a favorable user experience. Some standard KVM features will need to be modified or disabled to avoid interference with the functionality of the card reader. For example, many KVM systems provide a scan feature, which automatically searches for the next available channel. Use of automatic scan with a card reader is inconvenient and the system should deactivate this feature whenever a smart card is in use.

Implementing an efficient KVM system with smart card features should not compromise security in any way. An ideal solution supports the use of smart cards and integrates their functionality exactly as if directly connected to the target servers.

Other Blog Posts

The Rapid Growth of AI and the Use of Raritan PDUs to Meet Higher Power Demands
Posted on October 11, 2023
Data Center Report Fewer Outages, But Downtime Still Costly
Posted on September 20, 2023
Survey: Energy Usage and Staffing Shortages Challenge Data Centers
Posted on September 20, 2023
Raritan Secure Switch: Secure NIAP 4.0 Compliant Desktop KVM
Posted on September 20, 2023
The Midwest is a Hot Market for Data Centers: How the New Generation of Intelligent Rack PDUs Can Save Cloud Giants Uptime and Money
Posted on September 7, 2023

View all Blog Posts

Subscribe


Upcoming Events

Advancing Data Center Construction West 2024
May 6 – 8  •  Salt Lake City, UT
Net Zero Data Center
May 16 – 17  •  Dallas, TX
7x24 Exchange Spring
June 9th  •  JW Marriott Orlando Grande Lakes

View all Events

Latest Raritan News

Legrand Certifications and Process Controls Provide Confidence in Information Security for Network-Connected Devices in Data-Related Applications
Posted on April 1, 2024
Legrand Releases Version 4.0 of Raritan’s Industry-Leading Secure KVM Switches, Raising Bar for Secure Desktop Access
Posted on July 31, 2023
Legrand Revitalizes Data Center Sector with Two Revolutionary Intelligent Rack PDUs
Posted on May 1, 2023
Raritan Reveals The MasterConsole® Digital Dual KVM Switch
Posted on February 18, 2021
Legrand Data, Power and Control Division Announced as Finalist in Six Categories at DCS Awards 2020
Posted on November 9, 2020

View all news