Secure, compact PC stack arranges to meet government needs
- By John Breeden II
- Nov 12, 2013
Security is often the prime consideration in a government IT purchase. Sometimes, it’s even the reason a product is invented.
SecureView software, for example, was created to give analysts simultaneous access to multiple networks with different security classifications. With 17 such networks within government, analysts were being overwhelmed with hardware: computers, monitors, keyboards and mice were crowding the desk and heating the room. SecureView helps by isolating the network signals while collapsing all those computers down into fewer units.
But what if even that is not enough?
Some agencies may still require that certain networks be physically separated from all others. So are we back to hot rooms full of hardware? Not necessarily.
The Stratus MCS (multiple client system) from NCS Technologies can give users the best of both worlds. It's an innovative product aimed directly at fulfilling a government need.
The Stratus is about two feet high, and our review unit contained three complete systems along with a KVM (keyboard, video, mouse) control module. NCS designed the computers so that they could stack on top of each other into a neat little block. Hidden from view are the power cables, running in a vertical channel inside the case. That allows all three units within the Stratus to share a single power supply, which cuts down on noise and space at the same time.
The Stratus units can contain three systems, each of which is a complete entity with its own network cable ports, disk drives, CPUs and storage media. The secure KVM module at the bottom of the stack lets users securely switch between computers. And because each module is separate, it also supports widely varying configurations, so if one network requires a more robust graphics card to support video functions, that's not a problem.
One of the strengths of Stratus is that it can be used in conjunction with a software solution such as SecureView to help meet all of an agency's security mandates. That kind of setup would allow multiple network feeds coming into the MCS, all separated and protected by the SecureView software. Then if a system requires a totally separate physical machine, it could take up another bay in the Stratus. The feeds from all the machines would appear seamless to a user, yet one or more of them could be physically separated from the rest. And the analyst still only has one block of computers on, or under, the desk.
Some agencies require that computers plugged into certain networks need to be up to three feet away from anything else. The Stratus supports this, though it does break up the ergonomics and some of the space-saving advantages of the system to configure it that way.
Different hardware configurations are available in the Stratus bays. In our test unit, two of the systems were typical, run-of-the-mill desktops with Intel Core i5 chips and integrated Intel graphics. One system, however, had an i7 processor and an Nvidia Quadro 310 graphics card. So power can be applied where needed within a secure setup, without buying hardware that isn't needed for most of the tasks a computer performs.
The Stratus comes with a remote KVM control panel that is not much bigger than a mouse. It attaches to the Stratus using a single cable and controls of all the PCs in their MCS stack without having to actually touch them. We've never seen any KVM with a remote control, but after spending a few weeks with the Stratus, we can say that we really like it. Not only is the Stratus remote responsive and intuitive, but it saves a great deal of space on any desktop.
Significantly, each remote is paired with an individual Stratus system, so it can’t be used as a point of attack. If a remote unit is removed and a second one is added, it won't function. And the KVM switch has built-in intrusion prevention so that if it's ever opened up, it will cease to work. Similarly, the computers will trigger an alert and refuse to work if they are opened up, but unlike the KVM unit, they can be returned to working order by clearing the alarm code from the BIOS.
As another nod to government users, a smart ID card reader can be added to any of the systems in the Stratus stack. Admins can allow a single authentication for the whole MCS, or they can set up each system with a separate card reader.
When we initially saw three systems sitting in a stack like that, we thought that we were about to fire up a wind tunnel. But NCS has put a lot of engineering work into refining the airflow channels within each system of the Stratus stack. Each system has a single pass-through ventilation path and a low speed fan. This keeps the systems cool, and also whisper quiet. So these systems not only reduce physical clutter and heat generation, but they also cut noise pollution, which can get to be quite high in other multi-system setups.
The Stratus also supports multi-monitor setups. The company even fixed a problem that happens with multi-monitor systems when used with a KVM, where switching to another computer collapses the second window. A third-party program running on each of the systems will remember and hold the data firmly in the second window even if the user switches away. It's an optional program but we highly recommend it.
Our test unit was surprisingly inexpensive given how secure it was. As configured for our testing, the Stratus was $6,427, a price that included all three PCs, the keyboard and mouse, the KVM console with remote and two 24-inch LCD displays. But the Stratus is highly configurable, and NCS will work with agencies to design an MCS that meets their exact needs.
With space savings, cooler running PC modules, a functional remote KVM switch and that all-important security component, the Stratus MCS is a solid solution for government users who need security but who could also stand to experience a little user-friendly convenience for once. The product is designed for government service, and should fit right in wherever it's needed.
John Breeden II is a freelance technology writer for GCN.