Go to main content

Oracle® ILOM Security Guide For Firmware Releases 3.x and 4.x

Exit Print View

Updated: May 2019
 
 

Protect Against Remote KVMS Shared Access

A remote KVMS video console redirects what you would see if you were looking at a physical monitor connected to that server. While it is possible to have multiple remote clients with KVMS sessions to Oracle ILOM, each session will display the exact same video since there is typically only one video output for a single server.

Likewise, anything that you type on the screen from one Remote KVMS session will be visible to other KVMS users connected to the same machine. Most importantly, if one user logs in to the host operating system inside of the Oracle ILOM Remote Console, Remote Console Plus, or CLI Storage Redirection application as a privileged user, all other KVMS users will be able to share that authenticated session. Therefore, it is important to understand that the Remote KVMS feature allows for shared connections.

To protect against authenticated operating system sessions that are left idle after terminating a remote KVMS redirection session, you should:

  • Configure Oracle ILOM to automatically lock the host operating system upon terminating a remote KVMS redirection session.

    For instructions, see Lock Host Access Upon Exiting a KVMS Session.

  • Set a time-out interval in the host operating system to automatically close unattended authenticated user sessions.

    For instructions, refer to the user documentation for your host operating system.

If you are an Oracle ILOM Remote System Console Plus user and need to limit the number of viewable KVMS sessions launched from Oracle ILOM, see Limit Viewable KVMS Sessions for Remote System Console Plus (3.2.4 or later).