Tera Web Control

The new Tera Web Control expands IHSE’s KVM matrix series with a graphical user interface for intuitive connection of single- and multi-console workstations; as used in many control room applications. In addition to fast hotkey and OSD menu control, which are particularly popular with power users, the Tera Web Control now offers an HTML-based, graphical user interface.

In a similar manner to an external media controller, workstations are depicted on a layout that reflects the arrangement of the consoles with a visual indication of their current switching states. With just three clicks, individual consoles can be switched reliably from a browser application. 

Multiple console workstations can be reconfigured with a single click using predefined presets. All access restrictions directly follow the original administrative configuration for the matrix. The creation of individual layouts is straightforward and can be undertaken without programming knowledge. 

IHSE KVM technology for Italian Navy’s special ship project

Oberteuringen, January 16, 2024 – IHSE Draco tera KVM technology selected for use on Special & Diving Operations-Submarine Rescue Ship project

The Italian Navy’s program for the construction of a highly specialized multirole Special & Diving Operations-Submarine Rescue Ship (SDO-SuRS) will offer improved and highly capable facilities to the naval Underwater and Incursor Group Command.

The vessel is destined to fulfil a wide variety of tasks through extensive reconfiguration and flexible application and will support diving activities, sea-bed search and clearing, surveillance and control of critical underwater infrastructures, underwater inspection and submarine recovery amongst others. 

IHSE is operating in collaboration with Leonardo, a global high-technology company in Aerospace, Defense and Security, which is responsible for the vessel’s advanced command and control systems and main equipment. Draco tera KVM technology will provide data extension and switching capability for the extensive range of computer systems used in the project.  

According to Italian Defence Technologies: “The Unit will be equipped with highly reliable equipment and systems accompanied by adequate maintenance to guarantee the required readiness with high levels of operational availability.”

New firmware version 05.xx for Draco vario extender delivers numerous new features

The new firmware update offers advanced SNMP support for all extenders including advanced status telegram of the extender unit. It will introduce visual LED identification of individual units for all extenders to aid location of physical units. 

CON devices now support the combination of half-sided upgrade modules BGA and BGE2 with GPIO interface and USB2.0 or GPIO, RS232 and audio interfaces. 

For security-critical installations, USB2.0 access can be deactivated for individual consoles via API and Tera Tool. This helps to prevent malicious or unintentional injection of malware or data theft by operators. 

Redundant links ensure continuous operation over a secondary data path in the event of a component or link failure. A blue frame appears on the user screen whenever a redundant path has been activated. Redundancy frame colors, widths and duration can be individually configured for specific cases. 

cpmForum – Interview with IHSE CEO Enno Littmann

You are represented for the first time with the company IHSE in our cpmFORUM. However, the military environment is by no means new to your company. Could you give us a brief introduction to IHSE? 

Porträt von Enno Littmann, CEO IHSE
Dr. Enno Littmann, IHSE CEO

IHSE is a Hardware manufacturer of KVM technology which stands for Keyboard Video & Mouse and can trace our origins back to 1984 when the company was formed.

In layman’s terms we make transmitter boxes that plug into the Keyboard, Video & Mouse ports of a computer CPU and transcode those signals to transmit them via dedicated Cat X or Fiber optic cabling to one of our receiver boxes at an operator’s console desk which decodes the signal and has a Keyboard, Video and Mouse attached to it. 

The distance of this cabling can be many metres (or kilometres) but due to advanced, low-latency design the user experience is the same as if the computer is sitting under your desk, other than the experience with standard remote desktop protocols.

In addition, we manufacture KVM matrices with secure switching and these sit between the computers and the users. And again, in simple terms, this is a type of switchboard where many computers attached to our IHSE KVM matrices can be connected to many operator’s desks or MediaWalls in a Command & Control Room; all secured to a high level.

The benefit of this is that the computers are moved out from under the desks in the Command & Control Room and stored in secure data rooms, thus eliminating the noise & heat in the room and reducing the risk of unauthorised access whilst enabling easy sharing or collaboration.

Whilst historically our products have been designed for the industrial and commercial market there has always been a steady demand from the defence industry who appreciated the functionality and integration ease that our highly secure systems brought to their projects and more recently this has led us to produce a specific product line for the NATO Defence Market with EAL4+ certification called IHSE Secure. 

Data security is one of the most important topics of recent times in the field of critical infrastructures and military environments. To what extent do your products protect against internal and external attacks on highly sensitive data? 

IHSE is very much concerned with internal attacks or what we call ‘The Insider Threat’. We mitigate against the threat that someone who works within the premises or the Command & Control room and has access to sensitive data is a bad actor and is either intent on stealing secrets for our adversaries or trying to damage our systems.

Think of Edward Snowden or Chelsea Manning who used USB Sticks plugged into computers to download sensitive data or of all the others yet to be discovered and whose methods are evolving and becoming far more sophisticated.

Of course, we could simply lock all the computers down but in an evolving defence environment, operatives need to be able to share systems, information, and data in order to analyse situations and make rapid decisions.

A modern Command & Control room during a major event receives more and more video information & messaging streams (often from a coalition of allies). These are being added continually to give a broader view of the defence situation and to give an immediate update on any action taken. This is ‘instant situational awareness’.

All this data is live, highly confidential, and potentially at risk of theft or corruption. Complexity is added in mixed environments combining classified and unclassified areas.

 The IHSE KVM system only streams packets of pixels from the CPU to display the computer images. From the user desk, data transport is strictly limited to keyboard and mouse signals to control the CPU. All computer systems, their hard disks, USB ports and data are kept well away from the operatives and locked in a secure facility that can only be accessed by system managers with the highest of security vetting, processes, and procedures. 

 What certifications do your products have? 

IHSE Secure is a range of products that we designed in response to the needs of our existing defence and critical infrastructure customers who felt that the risk of espionage and damage to systems has increased. IHSE is taking a more proactive approach to the cyber security market in general. 

The first IHSE Secure products have the Common Criteria EAL4+ Certification for multi-class peripheral sharing, in accordance to NIAP PP4 standards; and these will be joined by other products for the Secure portfolio in future.

That sounds very exciting. When I think of the networking of many different systems on the battlefield, I also think of a wide variety of data packets with extreme amounts of data. Tamper-free data transmissions, even in real time, are particularly important for image evaluation. Does this pose a challenge for your products? 

All these systems stream many petabytes of data and there is sort of ‘Information Arms Race’ to achieve information superiority over our adversaries whilst also striving to adhere to good information assurance practice. 

These two necessities are clearly competing with each other and a further complication to all of this is that the operatives’ array of computers may be on classified and unclassified networks (or multi-class according to NATO Information Assurance Classifications). Good information assurance practice demands that there can be no possibility of data leakage from one network class to the other or indeed access of classified information from an unclassified network.

IHSE provides a solution whereby all of these operatives, needing immediate information in a rapidly evolving situation, have the facility to use and interact with these systems but without being able to take the data away or to corrupt them by injecting malicious software.

To mitigate against the constantly evolving tamper risk IHSE has developed a new Secure EAL4+ product line.

Are there already solutions from other manufacturers? If so, how does your approach differ? 

There is a large range of desktop switching products from other manufacturers. Some of the manufacturers produce multi-Class desktop switches which have the keyboard, video and mouse cables connected locally at the desktop where we believe they are vulnerable to attack. Our IHSE KVM system moves all these interfaces back into the Secure Data room.

A key difference with IHSE and other KVM is that we shield the keyboard, video and mouse interfaces behind  Data Isolators (Diodes). This provides end-to-end protection for all data streams delivered to the user desk, using an IHSE KVM matrix in between or not. To our knowledge, no other KVM manufacturers shield their extenders to the same degree as IHSE.

Our approach begins with the belief that the key risk is at the user and computer sides of the KVM system as this is where the interfaces are open standard, often physically exposed and generic. 

For example, the monitor video interface is usually bi-directional to feed EDID information back to the computer and this represents an attack opportunity for a bad actor to feed malicious code into the computer via the monitor back channel. 

IHSE Secure products have EAL4+ certified isolators built into the extender endpoints which prevent these bi-directional data flows but also mitigate against a range of far more sophisticated attack vectors which target the audio, keyboard and mouse interfaces.

Digital environments are subject to constant change. How does your company ensure future-proof use and to what extent can users cover all solutions across your portfolio? 

There are two sides to that question:

The first is that our CPU/Console extender endpoints connect with the keyboard/video/mouse interfaces and there has been change in these over the years particularly video which has developed from simple VGA to display port 1.4 and IHSE has steadily supported each new interface as soon as they became ubiquitous. 

The second part concerns the transmission cabling for the signals between the endpoints. For the KVM world this has taken the form of dedicated end-to-end cabling either via Cat X or fiber optic pairs and utilising a dedicated proprietary matrix or alternatively by utilising a TCP/IP Ethernet network with a standard network switch. 

The relative merits of each approach would take many pages to discuss but certainly creating a segregated space on an existing IP network with appropriate provisioning for bandwidth and security is challenging and adds to the existing network Information Assurance load exponentially due to the quantity of data that the video streams create.

IHSE’s Secure Products use dedicated end-to-end cabling via an IHSE matrix as we believe that this is quicker to build and is more able to handle the huge quantities of video data without difficulty and IHSE’s use of proprietary transmission protocols make it far harder to hack than the open standards of IP networking. 

However, in a legacy environment such as a retrofit to a Command & Control room there may not be full and unfettered access to completely re-cable and this is where the flexibility of the IHSE products show particular adaptability. 

We manufacture a large range of different transmitter/receiver endpoints with a variety of video interface options which include VGA, DVI, HDMI and DisplayPort so we have most of them catered for,

In addition, our matrix technology monitors and re-clocks incoming signals. This makes it possible to receive a signal on one type of cable or one video standard/resolution and to send that signal out on another, for example, DVI-in and DisplayPort-out.

Another example of this would be a C2 Room already cabled with Cat X and with a MediaWall of HD tiles and HD monitors, however, a coalition source computer configured with a 4K graphics card is fiber-optically connected to the matrix.

Thanks to the above features, our IHSE KVM matrix can still send it over legacy Cat X Cabling into the C2 room. 

So, all in all, IHSE is leading the KVM market in terms of latest interfaces and making integration into heterogenous or legacy environments, whilst optimizing compliance with Information Assurance!

 If a system fails due to a malfunction, what options do your products offer to return to safe operation as quickly as possible? 

IHSE endpoints can be specified with dual power supplies and redundant path where each unit has 2 network ports for primary and secondary operation, the secondary network is a backup network that is fully live and takes over immediately that there is a failure of the primary network. 

Our matrices also have redundant power supplies and can be specified with multiple controller cards where the secondary controller takes over if there is a failure (redundant matrices).

There are many additional design possibilities depending on how resilient a customer needs to be vs how layered and complex the system can be.

 The Command & Control environment is growing and becoming more complex, what are your future plans?

The required computing power and the number of systems to analyse these complex, evolving situations is constantly growing. More and more data streams need to be analyzed concurrently and a more collaborative effort is required.  

Meanwhile, the attack vectors of insider threat are also evolving and good Information Assurance practice has never been more important. 

The IHSE Secure range helps system managers resolve these complex, competing requirements both in new-build and in legacy environments and, as the threat evolves, the IHSE Secure product range will grow to help mitigate against these.

 

First published in cpmForum, Volume 4-2023
Copyright: cpm GmbH

USB 3.0 Switching via Draco tera flex KVM matrices

The new UNI board for compact matrices of the Draco tera flex series completes the portfolio of the series. All board variants are now available in a single chassis: Cat X, fiber, 3G, IP Gateway and UNI board.

The 1U-sized UNI board offers eight freely assignable universal ports for SDI and USB 3.0 (via ICRON Raven 3-2-1 fiber optic extender), depending on the SFP module (small form-factor pluggable) for KVM transmission via fiber or coax cable. All UNI ports can be used as inputs and outputs as usual. The UNI board also allows SDI media conversion from coax input signals to fiber output and vice versa. In mission-critical applications or fallback scenarios, the UNI board takes over the function of an electronic patch panel: Gigabit Ethernet can be switched in a fraction of a second.

With the UNI board and suitable SFPs integrated, a Draco tera flex KVM matrix can switch SDI, USB 3.0 and Gigabit Ethernet. This flexibility was previously reserved for its bigger brother model, the Draco tera enterprise. The UNI board allows smaller to medium-sized installations equipped with the more compact Draco tera flex KVM matrices to design the KVM system with even more flexibility and greater customization.

Tera Tool Customization

Since the last development update (release 5.3.0.0), the management and configuration program for Draco tera KVM matrix switches, Tera Tool offers the possibility for individual corporate brandings. The background can be custom replaced with your own logo or special company designs.

This allows IHSE customers to integrate Tera Tool into their corporate design to create a unified look and feel.

The setup is very simple: All you need is a logo file with the title logo.png for the central placement of the logo. For a wallpaper background, you need an image file with the title background.png. Place the selected file in the Tera Tool directory and you’re done.

From release 5.3.0.0 by default in Tera Tool.

5K video over DisplayPort1.1 extenders

Thanks to the further development of IHSE’s unique encoding technology, video resolution has been optimized. A new firmware allows the DP1.1 extenders to transmit keyboard, video and mouse signals with screen resolutions up to 5120×1440 in perfect 4:4:4 color space via only one extender pair.

With IHSE’s DisplayPort KVM extenders, workstations including keyboard, mouse and high-definition 5K monitors are physically separated from the source computers, which are usually located in remote server rooms. This is particularly useful in areas such as broadcast, post-production or esports. 

The transmission of 5K signals via a pair of extenders was previously only possible using DP1.2 extenders or the kvm-tec Scalableline and Media4Kconnect series. The DP1.1 devices transmit KVM signals over lower bandwidth (1G) and offer higher density mounting in addition to the cost advantage compared to the more powerful DP1.2 extenders. This advantage is appreciated by customers who install six extenders on the CPU side in space-saving 6-unit chassis.

The optional operation of dual-head monitors for the transmission of two video signals over one cable is also possible. The embedded audio transmission with a sample rate of up to 192 kHz can also be output as a separate stereo signal via an additional module. Versions with redundant data transmission are available for maximum fail-safety.

IHSE demos 5K KVM Extender systems

At IBC booth 7.A25, IHSE demonstrates various options for KVM extension with 5K video via just one extender pair. Visitors can experience the advantages of the different KVM extender systems in a direct comparison.

IHSE offers three different systems for this purpose: The proprietary DisplayPort1.2 extenders of the Draco vario series, which transmit and realize 5K resolutions at 60 Hz. Second is the IP-based kvm-tec Scalableline and Media4Kconnect series, which also achieves 5K/60. As a third comparison model, the proprietary DisplayPort1.1 extenders of the Draco vario series are available. 

Optimized firmware has made it possible to transmit 5K resolutions at 30 Hertz via the 1G models. Applications where frame rate is not of significant importance will benefit from these models, in addition to the cost advantage and lower heat generation, which allows six extender modules to be installed in space-saving 6-slot chassis with only 1 RU. 

Applications requiring increased performance of video transmission, e.g. in the field of esports, have the choice between the high-performance DP1.2 extenders, either over IP with the kvm-tec Scalableline/Media4Kconnect – or over highly secure proprietary networks with the IHSE Displayport1.2 extenders of the Draco vario series.

IHSE ASIA Expands Partnership Network with Spectrum Audio Visual Pte Ltd in Singapore

Oberteuringen/Singapore, July 24, 2023 – IHSE ASIA, a leading provider of advanced KVM (keyboard, video, mouse) solutions, is delighted to announce its strategic partnership with Spectrum Audio Visual Pte Ltd, a reputable audiovisual solutions provider based in Singapore. This collaboration marks an exciting milestone in IHSE ASIA’s efforts to strengthen its presence and expand its market reach in Singapore.

As a renowned manufacturer of high-performance KVM solutions, IHSE ASIA has been at the forefront of delivering cutting-edge technology to a wide range of industries. Their innovative KVM systems have revolutionized workflow efficiency, offering seamless control and instant access to multiple computer sources from a single workstation.

With this partnership, IHSE ASIA aims to leverage Spectrum Audio Visual’s extensive industry expertise, robust customer network, and strong market presence to better serve customers in Singapore. Spectrum Audio Visual’s commitment to delivering exceptional AV solutions aligns perfectly with IHSE ASIA’s vision to provide reliable, scalable, and future-proof KVM solutions to customers across various sectors.

“We are thrilled to join forces with Spectrum Audio Visual as our esteemed partner for the Singapore market,” said Mr. Terence Teng, CEO of IHSE ASIA. “Their deep understanding of the local AV industry, coupled with their reputation for excellence and customer-centric approach, makes them an ideal collaborator for IHSE ASIA. Together, we aim to provide unparalleled KVM solutions and exceptional customer support to businesses in Singapore.”

Spectrum Audio Visual, with its track record of delivering state-of-the-art audiovisual solutions and exceptional customer service, is excited about the possibilities that this partnership brings. “We are honoured to be selected as IHSE ASIA’s partner for Singapore,” said Mr. Vincent Chua, Managing Director of Spectrum Audio Visual. “The addition of IHSE ASIA’s innovative KVM solutions to our portfolio will enhance our ability to address the evolving needs of our customers and offer them advanced technology solutions that drive productivity and efficiency.”

Both IHSE ASIA and Spectrum Audio Visual are committed to delivering cutting-edge technology, customized solutions, and unparalleled customer service to their clients. Together, they will focus on providing comprehensive KVM solutions tailored to the unique requirements of businesses in Singapore.

 

About IHSE ASIA:

IHSE ASIA is a leading global provider of innovative KVM (keyboard, video, mouse) solutions for mission-critical and secure access to computers and servers. The company’s high-performance KVM products enable efficient workflow solutions in industries such as broadcasting, air traffic control, government, defence, medical, and many more.

 

About Spectrum Audio Visual Pte Ltd:

Established since 1999 with more than 70 staff, Spectrum Audio Visual Pte Ltd is the trusted leading regional AV System Integrator with offices in Singapore, Malaysia, and Sri Lanka. The company’s core expertise is in Design and Build for Professional Audio-Visual Solutions delivering cutting-edge AV technology, integration services, and exceptional customer support for Multinational Corporations, Government, Education and Entertainment.

Two Factor Authentication for switching via Draco tera KVM matrices

To increase access security, IHSE offers optional Two Factor Authentication (2FA) for switching via Draco tera KVM matrices. This allows a secure, user-specific login to the matrix.

Data security is one of the most important topics of recent times, especially in the field of critical infrastructures. As soon as workstations or consoles are equipped with access rights to various computers, there is a potential risk of unauthorized access, which in the worst case can lead to data theft or corruption.

In line with our strategy of maximum data security and by sharing with customers the need for maximum protection against unauthorized access and data leaks, we have integrated a two-factor login option for switching operations into our Draco tera KVM matrices.

Assigning access rights via the matrix

In addition to completely open KVM networks, IHSE provides the possibility to assign access rights to certain consoles for certain CPUs; or to secure switching operations via the matrix with a username and password entry. Password authentication can be set for each switching operation or for each new logon to the matrix. 

To ensure that only the authorized user enters his or her password, two factor authentication requires the entry of a 6-digit code after password entry. This code is generated via an authentication app on the smartphone and changes every 30 seconds. If the code matches against the matrix, the barrier opens: the user is logged in and can perform switching operations via the matrix.

As flexible as possible and as secure as necessary

The different and simultaneous requirements for a high-end KVM system lead to a paradoxical situation: IHSE KVM systems have to be as easy and flexible to use as possible with fast, uncomplicated access. At the same time, however, they have to offer the highest security standards and provide maximum protection against unauthorized access. With the right features, these competing requirements can be met in a customer- and application-specific manner. We have also succeeded in this balancing act with 2FA, and we continue to work on increasing data security without sacrificing flexibility. 

User-specific activation

The special feature of 2FA is its flexibility in use. Activation can be optionally set up for specific users, such as system administrators who potentially have access rights to all sources. 

The authentication system works completely autonomously, requiring no Internet connection – just a cell phone with an authentication app. 

In addition, no special IHSE tools are required. Common authentication apps (e.g. Google, Microsoft or LastPass Authenticator, Authy, etc.) make it easy to log in to the matrix.