White Papers
PAGE 23 OF 24
Managed Node
Web Server
Console
Redirection
Server
Management Station
Client
Console
Redirection
Client
SSL Channel
Connection Request
CR Info with Authentication Key
SSL Channel
Open session request
(Authentication Key)
Session established
Keyboard/Mouse pipe
SSL Channel
If video encryption enabled
SSL Channel
Video pipe
Authentication
Key
Authentication
Key
Figure 5: Console Redirection Architecture
User Session Privacy
User session privacy is a security concern in the console redirection feature in DRAC 5.
DRAC 5 supports the following techniques to maintain user session privacy and prevent user
sessions from being hijacked:
• The default maximum number of console redirection sessions is limited to two.
Administrators can configure the maximum number of console redirection sessions to one
to avoid another remote user taking control of your console redirection session.
Dell strongly recommends setting the maximum number of console redirection sessions to one
if additional simultaneous remote access is not required.
• Remote users can use the Blank Local Video feature to prevent a local user from viewing
the remote session.
Dell strongly recommends using the Blank Local Video feature if local access is not required
during remote console redirection.
NOTE: Requires DRAC 5 version 1.20 firmware or later.
• Local users can use the Local RACADM CLI utility to disable console redirection when
they log into the server and want to keep a session private. Users can re-enable console
redirection after the remote session is over.
Dell strongly recommends disabling console redirection during local RACADM usage if
simultaneous remote access is not required.
• In addition to DRAC 5 console redirection, users can use Remote Desktop on the
Windows operating system and VNC Console redirection on a Linux-based operating
system to perform post-operating system console redirection. For additional information,
refer to the Remote Desktop documentation.