Sitting relaxed by the sea at a beach bar, enjoying a cool drink and watching the European Championship games live on a huge screen in top resolution – sounds like a summer dream but it’s reality at the Croatian beach bar “Latino” Beach in Mali Losinj.
Using an 8-port Draco tera flex KVM matrix switch, the operator is showing all Euro 2024 matches on five screens with screen diagonals of 50 – 90 inches. In the case of parallel games, guests can watch the desired game on different displays.
Management and control take place centrally inside the building, protected from unauthorized access and environmental influences, while the large screens in the outdoor area ensure the right Euros 2024 atmosphere. Very important for live matches: Despite the distance between source and display, there is no loss of quality or time latency during transmission – because nobody wants to hear their neighbors cheering before a goal is scored.
Thanks to the KVM solution, visitors can enjoy the “most important of unimportant things” (Jürgen Klopp) under ideal conditions in a perfect Mediterranean ambience.
The new graphical user interface for IHSE KVM matrix switches adds intuitive user control to single and multi-console workstations.
What advantages does Tera Web Control offer?
Tera Web Control is a media control application for Draco tera matrix systems. It supplements the normal keyboard-based connection selection methods with a graphical user interface. Using their own mouse, operators can select and switch individual source connections to their personal workspace or select from a range of predefined connection configurations.
The Tera Web Control application depicts the arrangement of consoles and monitors as connection layouts. Creating and changing individual layouts is intuitive and can be undertaken without programming knowledge.
What is the difference to external media controls?
The Tera Web Control is a license-based software module that runs via a normal web browser without the need for an additional external media control computer. It is specifically developed for controlling and switching Draco tera KVM matrices and is integrated into the matrix architecture. All access rights previously assigned in the matrix configuration are carried forward to the Tera Web Control; making setup extremely simple whilst providing optimal access security.
In addition, the Tera Web Control interface displays the current switching status of the selected layout in real time.
Which requirements must be met?
Tera Web Control runs on all KVM matrices of the Draco tera flex and Draco tera enterprise series (Revision 1 or later), from firmware version 5.04. Each active workstation requires a license and network connection to access the browser-based application.
Who is Tera Web Control useful for?
Any application that uses an IHSE matrix system will benefit from the user-friendly graphical interface provided by Tera Web Control. It is particularly suited to security and control centers and other facilities with multiple screens, as well as conference room applications, allowing work processes to be optimized for greater efficiency and to create a more comfortable environment for operators. Also for system administrators and supervisors, Tera Web Control enables effective interconnection control.
When will Tera Web Control be available?
The new tool is now available. Licenses can be purchased for existing Matrix installations (firmware update required) or with new systems.
Our order processing team ensures that all orders for KVM products are fulfilled with the utmost speed and precision. The team handles all aspects of supply from the processing and acknowledgment of the original order, through manufacture, shipment and invoicing, and if necessary, product repair processes. All customs and export requirements are managed so that final delivery is made with the minimum of bureaucratic delay.
Gözde Sar (left) joined IHSE in 2021 and is responsible for our partners in Asia, the USA and Scandinavia. She previously worked as a clerk and project manager in the logistics industry and is very familiar with delivery and transportation management.
Benamar Djabou (center) is the IHSE contact person responsible for OEM customers and customs issues. He is a finance graduate and an IHSE veteran with over 25 years’ experience within the company.
Silke Kramer (right) is responsible for our partners in the DACH region and the UK. She also manages product repairs and loans. Silke is also a long-standing IHSE native. She was the first IHSE apprentice to graduate as an office administrator at IHSE and has been an integral part of the IHSE family since 2000.
We are usually the first point of contact for our partners when orders are placed. As the link between sales, production, dispatch and our customers, we ensure that all orders are processed quickly and as smoothly as possible. We benefit from the fact that we are an extremely experienced, close-knit team and can rely on each other.
Oberteuringen, January 16, 2024 – IHSE Draco tera KVM technology selected for use on Special & Diving Operations-Submarine Rescue Ship project
The Italian Navy’s program for the construction of a highly specialized multirole Special & Diving Operations-Submarine Rescue Ship (SDO-SuRS) will offer improved and highly capable facilities to the naval Underwater and Incursor Group Command.
The vessel is destined to fulfil a wide variety of tasks through extensive reconfiguration and flexible application and will support diving activities, sea-bed search and clearing, surveillance and control of critical underwater infrastructures, underwater inspection and submarine recovery amongst others.
IHSE is operating in collaboration with Leonardo, a global high-technology company in Aerospace, Defense and Security, which is responsible for the vessel’s advanced command and control systems and main equipment. Draco tera KVM technology will provide data extension and switching capability for the extensive range of computer systems used in the project.
According to Italian Defence Technologies: “The Unit will be equipped with highly reliable equipment and systems accompanied by adequate maintenance to guarantee the required readiness with high levels of operational availability.”
The new firmware update offers advanced SNMP support for all extenders including advanced status telegram of the extender unit. It will introduce visual LED identification of individual units for all extenders to aid location of physical units.
CON devices now support the combination of half-sided upgrade modules BGA and BGE2 with GPIO interface and USB2.0 or GPIO, RS232 and audio interfaces.
For security-critical installations, USB2.0 access can be deactivated for individual consoles via API and Tera Tool. This helps to prevent malicious or unintentional injection of malware or data theft by operators.
Redundant links ensure continuous operation over a secondary data path in the event of a component or link failure. A blue frame appears on the user screen whenever a redundant path has been activated. Redundancy frame colors, widths and duration can be individually configured for specific cases.
Daniel Berkemer joined our sales team in May 2023. As a Sales Engineer, and together with Andreas Wuth-Rausch, he supports our customers and partners in the northern DACH region.
Daniel Berkemer brings many years of experience in sales, account management, consulting and service for KVM and ProAV technology. Having a background as a service engineer, he is familiar with the challenges faced by customers on site and is an excellent point of contact for our customers and partners in the western, eastern and northern regions of Germany.
From the very first day, my decision to join IHSE proved to be right. The products are great – the colleagues are friendly, supportive and motivated. It’s great to have joined the leading manufacturer of KVM made in Germany.
You are represented for the first time with the company IHSE in our cpmFORUM. However, the military environment is by no means new to your company. Could you give us a brief introduction to IHSE?
Dr. Enno Littmann, IHSE CEO
IHSE is a Hardware manufacturer of KVM technology which stands for Keyboard Video & Mouse and can trace our origins back to 1984 when the company was formed.
In layman’s terms we make transmitter boxes that plug into the Keyboard, Video & Mouse ports of a computer CPU and transcode those signals to transmit them via dedicated Cat X or Fiber optic cabling to one of our receiver boxes at an operator’s console desk which decodes the signal and has a Keyboard, Video and Mouse attached to it.
The distance of this cabling can be many metres (or kilometres) but due to advanced, low-latency design the user experience is the same as if the computer is sitting under your desk, other than the experience with standard remote desktop protocols.
In addition, we manufacture KVM matrices with secure switching and these sit between the computers and the users. And again, in simple terms, this is a type of switchboard where many computers attached to our IHSE KVM matrices can be connected to many operator’s desks or MediaWalls in a Command & Control Room; all secured to a high level.
The benefit of this is that the computers are moved out from under the desks in the Command & Control Room and stored in secure data rooms, thus eliminating the noise & heat in the room and reducing the risk of unauthorised access whilst enabling easy sharing or collaboration.
Whilst historically our products have been designed for the industrial and commercial market there has always been a steady demand from the defence industry who appreciated the functionality and integration ease that our highly secure systems brought to their projects and more recently this has led us to produce a specific product line for the NATO Defence Market with EAL4+ certification called IHSE Secure.
Data security is one of the most important topics of recent times in the field of critical infrastructures and military environments. To what extent do your products protect against internal and external attacks on highly sensitive data?
IHSE is very much concerned with internal attacks or what we call ‘The Insider Threat’. We mitigate against the threat that someone who works within the premises or the Command & Control room and has access to sensitive data is a bad actor and is either intent on stealing secrets for our adversaries or trying to damage our systems.
Think of Edward Snowden or Chelsea Manning who used USB Sticks plugged into computers to download sensitive data or of all the others yet to be discovered and whose methods are evolving and becoming far more sophisticated.
Of course, we could simply lock all the computers down but in an evolving defence environment, operatives need to be able to share systems, information, and data in order to analyse situations and make rapid decisions.
A modern Command & Control room during a major event receives more and more video information & messaging streams (often from a coalition of allies). These are being added continually to give a broader view of the defence situation and to give an immediate update on any action taken. This is ‘instant situational awareness’.
All this data is live, highly confidential, and potentially at risk of theft or corruption. Complexity is added in mixed environments combining classified and unclassified areas.
The IHSE KVM system only streams packets of pixels from the CPU to display the computer images. From the user desk, data transport is strictly limited to keyboard and mouse signals to control the CPU. All computer systems, their hard disks, USB ports and data are kept well away from the operatives and locked in a secure facility that can only be accessed by system managers with the highest of security vetting, processes, and procedures.
What certifications do your products have?
IHSE Secure is a range of products that we designed in response to the needs of our existing defence and critical infrastructure customers who felt that the risk of espionage and damage to systems has increased. IHSE is taking a more proactive approach to the cyber security market in general.
The first IHSE Secure products have the Common Criteria EAL4+ Certification for multi-class peripheral sharing; and this will be joined by other products for the Secure portfolio in future.
That sounds very exciting. When I think of the networking of many different systems on the battlefield, I also think of a wide variety of data packets with extreme amounts of data. Tamper-free data transmissions, even in real time, are particularly important for image evaluation. Does this pose a challenge for your products?
All these systems stream many petabytes of data and there is sort of ‘Information Arms Race’ to achieve information superiority over our adversaries whilst also striving to adhere to good information assurance practice.
These two necessities are clearly competing with each other and a further complication to all of this is that the operatives’ array of computers may be on classified and unclassified networks (or multi-class according to NATO Information Assurance Classifications). Good information assurance practice demands that there can be no possibility of data leakage from one network class to the other or indeed access of classified information from an unclassified network.
IHSE provides a solution whereby all of these operatives, needing immediate information in a rapidly evolving situation, have the facility to use and interact with these systems but without being able to take the data away or to corrupt them by injecting malicious software.
To mitigate against the constantly evolving tamper risk IHSE has developed a new Secure EAL4+ product line.
Are there already solutions from other manufacturers? If so, how does your approach differ?
There is a large range of desktop switching products from other manufacturers. Some of the manufacturers produce multi-Class desktop switches which have the keyboard, video and mouse cables connected locally at the desktop where we believe they are vulnerable to attack. Our IHSE KVM system moves all these interfaces back into the Secure Data room.
A key difference with IHSE and other KVM is that we shield the keyboard, video and mouse interfaces behind Data Isolators (Diodes). This provides end-to-end protection for all data streams delivered to the user desk, using an IHSE KVM matrix in between or not. To our knowledge, no other KVM manufacturers shield their extenders to the same degree as IHSE.
Our approach begins with the belief that the key risk is at the user and computer sides of the KVM system as this is where the interfaces are open standard, often physically exposed and generic.
For example, the monitor video interface is usually bi-directional to feed EDID information back to the computer and this represents an attack opportunity for a bad actor to feed malicious code into the computer via the monitor back channel.
IHSE Secure products have EAL4+ certified isolators built into the extender endpoints which prevent these bi-directional data flows but also mitigate against a range of far more sophisticated attack vectors which target the audio, keyboard and mouse interfaces.
Digital environments are subject to constant change. How does your company ensure future-proof use and to what extent can users cover all solutions across your portfolio?
There are two sides to that question:
The first is that our CPU/Console extender endpoints connect with the keyboard/video/mouse interfaces and there has been change in these over the years particularly video which has developed from simple VGA to display port 1.4 and IHSE has steadily supported each new interface as soon as they became ubiquitous.
The second part concerns the transmission cabling for the signals between the endpoints. For the KVM world this has taken the form of dedicated end-to-end cabling either via Cat X or fiber optic pairs and utilising a dedicated proprietary matrix or alternatively by utilising a TCP/IP Ethernet network with a standard network switch.
The relative merits of each approach would take many pages to discuss but certainly creating a segregated space on an existing IP network with appropriate provisioning for bandwidth and security is challenging and adds to the existing network Information Assurance load exponentially due to the quantity of data that the video streams create.
IHSE’s Secure Products use dedicated end-to-end cabling via an IHSE matrix as we believe that this is quicker to build and is more able to handle the huge quantities of video data without difficulty and IHSE’s use of proprietary transmission protocols make it far harder to hack than the open standards of IP networking.
However, in a legacy environment such as a retrofit to a Command & Control room there may not be full and unfettered access to completely re-cable and this is where the flexibility of the IHSE products show particular adaptability.
We manufacture a large range of different transmitter/receiver endpoints with a variety of video interface options which include VGA, DVI, HDMI and DisplayPort so we have most of them catered for,
In addition, our matrix technology monitors and re-clocks incoming signals. This makes it possible to receive a signal on one type of cable or one video standard/resolution and to send that signal out on another, for example, DVI-in and DisplayPort-out.
Another example of this would be a C2 Room already cabled with Cat X and with a MediaWall of HD tiles and HD monitors, however, a coalition source computer configured with a 4K graphics card is fiber-optically connected to the matrix.
Thanks to the above features, our IHSE KVM matrix can still send it over legacy Cat X Cabling into the C2 room.
So, all in all, IHSE is leading the KVM market in terms of latest interfaces and making integration into heterogenous or legacy environments, whilst optimizing compliance with Information Assurance!
If a system fails due to a malfunction, what options do your products offer to return to safe operation as quickly as possible?
IHSE endpoints can be specified with dual power supplies and redundant path where each unit has 2 network ports for primary and secondary operation, the secondary network is a backup network that is fully live and takes over immediately that there is a failure of the primary network.
Our matrices also have redundant power supplies and can be specified with multiple controller cards where the secondary controller takes over if there is a failure (redundant matrices).
There are many additional design possibilities depending on how resilient a customer needs to be vs how layered and complex the system can be.
The Command & Control environment is growing and becoming more complex, what are your future plans?
The required computing power and the number of systems to analyse these complex, evolving situations is constantly growing. More and more data streams need to be analyzed concurrently and a more collaborative effort is required.
Meanwhile, the attack vectors of insider threat are also evolving and good Information Assurance practice has never been more important.
The IHSE Secure range helps system managers resolve these complex, competing requirements both in new-build and in legacy environments and, as the threat evolves, the IHSE Secure product range will grow to help mitigate against these.
First published in cpmForum, Volume 4-2023 Copyright: cpm GmbH
The new UNI board for compact matrices of the Draco tera flex series completes the portfolio of the series. All board variants are now available in a single chassis: Cat X, fiber, 3G, IP Gateway and UNI board.
The 1U-sized UNI board offers eight freely assignable universal ports for SDI and USB 3.0 (via ICRON Raven 3-2-1 fiber optic extender), depending on the SFP module (small form-factor pluggable) for KVM transmission via fiber or coax cable. All UNI ports can be used as inputs and outputs as usual. The UNI board also allows SDI media conversion from coax input signals to fiber output and vice versa. In mission-critical applications or fallback scenarios, the UNI board takes over the function of an electronic patch panel: Gigabit Ethernet can be switched in a fraction of a second.
With the UNI board and suitable SFPs integrated, a Draco tera flex KVM matrix can switch SDI, USB 3.0 and Gigabit Ethernet. This flexibility was previously reserved for its bigger brother model, the Draco tera enterprise. The UNI board allows smaller to medium-sized installations equipped with the more compact Draco tera flex KVM matrices to design the KVM system with even more flexibility and greater customization.
Since the last development update (release 5.3.0.0), the management and configuration program for Draco tera KVM matrix switches, Tera Tool offers the possibility for individual corporate brandings. The background can be custom replaced with your own logo or special company designs.
This allows IHSE customers to integrate Tera Tool into their corporate design to create a unified look and feel.
The setup is very simple: All you need is a logo file with the title logo.png for the central placement of the logo. For a wallpaper background, you need an image file with the title background.png. Place the selected file in the Tera Tool directory and you’re done.
Thanks to the further development of IHSE’s unique encoding technology, video resolution has been optimized. A new firmware allows the DP1.1 extenders to transmit keyboard, video and mouse signals with screen resolutions up to 5120×1440 in perfect 4:4:4 color space via only one extender pair.
With IHSE’s DisplayPort KVM extenders, workstations including keyboard, mouse and high-definition 5K monitors are physically separated from the source computers, which are usually located in remote server rooms. This is particularly useful in areas such as broadcast, post-production or esports.
The transmission of 5K signals via a pair of extenders was previously only possible using DP1.2 extenders or the kvm-tec Scalableline and Media4Kconnect series. The DP1.1 devices transmit KVM signals over lower bandwidth (1G) and offer higher density mounting in addition to the cost advantage compared to the more powerful DP1.2 extenders. This advantage is appreciated by customers who install six extenders on the CPU side in space-saving 6-unit chassis.
The optional operation of dual-head monitors for the transmission of two video signals over one cable is also possible. The embedded audio transmission with a sample rate of up to 192 kHz can also be output as a separate stereo signal via an additional module. Versions with redundant data transmission are available for maximum fail-safety.
