White Papers
PAGE 16 OF 17
Figure 3: Virtual Media Architecture
Console Redirection Security
Authentication and Encryption
DRAC 4 can continuously redirect the managed system’s KVM to the management station. It
is a very powerful feature, is very easy to use, and does not require any software installation
on the managed system. A user can access this feature to remotely manage the system.
A security authentication and encryption protocol has been implemented in console redirection
to help prevent a hostile, rogue client from breaking into the console redirect path without
authenticating though the web server. 128-bit RC4 encryption secures the keyboard
keystrokes during the remote console redirection and therefore does not allow unauthorized
“snooping” of the network traffic.
When a user logs into the main web GUI and clicks the Open Consoles tab, the following
security protocol operations occur:
The web GUI sends a pre-authentication request to the DRAC 4 web server through the
HTTPS channel (SSL encrypted).
The DRAC 4 web server returns a set of secret data (including authentication and
encryption keys) using the SSL channel. The console redirection authentication key (16
bytes long) is dynamically generated to prevent replay attack.
The console redirection client sends a login command with an authentication key to a
console redirection server for authentication.
If authentication is successful, a console redirection session and two console redirection
pipes (one for keyboard/mouse and one for video) are established. The keyboard/mouse
pipe is always 128-bit RC4 encrypted. The video pipe encryption is optional.
Note: Users can choose to encrypt or not to encrypt the video pipe before they start their
console redirection session.