As security administrators, we often find ourselves installing multiple OS platforms just to be able to use particular tools. For example, UNIX provides a few best-of-breed security tools not available on Windows, and Windows hosts wide-ranging business tools in Microsoft Office not available on native Linux. You can find many solutions that let you take software based on one platform and run it on a different platform. For example, emulation products such as Cygwin (a Windows-based environment for running particular Linux applications) or virtual machine (VM) software such as
VMware Server or Microsoft Virtual Server let you essentially build multiple separate computers on one physical host. Sometimes, however, you want the speed, compatibility, or redundancy of running various platforms on physically separate computers. In this situation, a useful tool called Synergy can help you control multiple computers and monitors from a single keyboard and mouse.
How Synergy Works
A traditional KVM switch requires a
keystroke or activation of a physical
switch to shift keyboard and mouse
input and video from one computer
to another. Similar in concept, the
Synergy software lets you share a keyboard and mouse among two or more
computer systems and monitors.
However, Synergy requires that each
computer be connected to its own
monitor. What this means is that you
can place your Windows laptop beside
the monitor connected to your Linux
or Macintosh (or another Windows)
computer, start the Synergy software,
and control both systems with just
one keyboard and mouse. You simply
drag your mouse from one monitor to
the other and the keyboard input
switches to the other computer. This
setup can be very efficient for security
administrators who run predominately UNIX systems but also need to
keep an eye on Microsoft Outlook
running on a Windows system or perform Windows administrative tasks.
Synergy is a client/server tool that basically works like this: The computer whose keyboard and mouse you’ll use acts as the primary computer, or server. Synergy uses the TCP/IP network to send the keyboard/mouse commands entered at that primary computer to the secondary computer, or client.
Synergy does a remarkable job of capturing the keyboard and mouse input—sometimes you even forget that you’re using multiple platforms. You can share clipboards between your server and client, and even across different platforms. For example, you could copy text from Safari on a Mac and paste it into an Outlook email message on a Windows machine. Let’s walk through how to download and install Synergy on the client and server, edit a configuration file, and start the service.
Installing Synergy
Download Synergy at http://synergy2.sourceforge.net. The latest version
(1.3.1), runs on Windows 95 and later,
Mac OS X 10.2 and later, and most versions of UNIX that run X Window version 11 revision 4 or later. Extract the
latest version of Synergy to each of the
systems you wish to control. On the
Windows platform, run the program
SynergyInstaller-1.3.1.exe to install the
application. On UNIX systems, you’ll
edit a configuration file contained in
the extracted Synergy package.
Although Synergy works as a
client/server application, you actually
install the same package on each
computer. The computer with the
keyboard and mouse physically connected will be your server and all
other systems will be clients. (Synergy
refers to the server and client computers as “screens.”) Next, we’ll define
the physical relationships between
these screens.
Configuring a Windows Server
After you’ve installed Synergy on each computer that you wish to control,
you need to configure it. I’ll first
describe how to configure Synergy for
a Windows server screen, then for a
UNIX server screen, and finally for
client screens.
On a Windows-based server, click Start, All Programs, Synergy to launch the Synergy program. Click Share this computer’s keyboard and mouse (server). Next, in the Screens & Links dialog box, click Configure and add each of the computers, or screens, you wish to share. At a minimum, you must use two screens—the server and a client—but you can add multiple clients if you physically have the computers. Click the plus (+) button and enter your server computer’s host name in the Screen Name text field. Click the + button again and enter the host name of the computer that you want to share the server’s keyboard and mouse—this will be your client. As aliases, you can enter alternate names of the computers; for example, you could enter the NetBIOS name as the screen name and then enter the fully qualified domain name (FQDN) of the computer, or even an IP address, as an alias.
Next, specify the physical relationship, or link, between the computers. The configuration fields for links might be confusing at first. Think about how your computer monitor screens are placed in relation to each other, not from your point of view as you face the computers. If your server computer is physically situated to your client computer’s right, you would configure the relationship like this:
0 to 100% of the left of
serverMachine goes to
0 to 100% of clientMachine
then click Links + to add the link. This configuration means that if you drag your mouse across any portion (0 to 100 percent) of the left edge of the server’s screen, Synergy will transfer keyboard and mouse control to the client computer.
It’s important that you also define a reciprocal link to return the mouse and keyboard control to the server. Enter
0 to 100% of the right of
clientMachine goes to
0 to 100% of serverMachine
and click Links + to add the reciprocal link.
Under Links you should see a translation of your entries that looks something like this: <serverMachine> is left of <clientMachine> and <client-Machine> is right of <serverMachine>. Click OK. Usually this minimalist configuration is sufficient to set up mouse and keyboard controls, but if you have problems using special keys such as Caps Lock, Num Lock, and Scroll Lock, you can change their behavior from this configuration dialog box as well. (I haven’t encountered problems with these keys when working with Windows and Mac OS X computers.)
Additionally, you can configure other settings of the program, such as whether it should wait a small amount of time before it switches to the other screen, by clicking the Options button. Synergy uses TCP port 24800 to transmit the keys and mouse movements between the client and server computer, so be sure to configure any intermediary firewalls to allow this network traffic. Click the Advanced button to change the port or to specify an interface for Synergy to listen on—for example, if you have a laptop with both a wireless and a LAN interface and you want Synergy to use a particular interface.
When you’re ready, click the Test button. You’ll see the Synergy program confirm that it has started.
Configuring the Server for UNIX
In concept, you configure a Synergy
server on UNIX and Mac much like you
do on Windows—essentially, you edit
a text file. Within the Synergy-extracted folders, you edit the synergy.conf file,
which contains all the configuration
options for either a primary or secondary screen configuration.
Figure 1 shows a simple configuration file that mimics the setup I discussed in the previous section. The first section, titled section: screens, lists each of the screens identified by its host name. The second section, titled section: links, defines the characteristics of the screens, such as their position relative to the other screens. ServerMachine and clientMachine represent the host names of the two systems that will share the keyboard and mouse. The third section, titled section: aliases, defines aliases for the computers. You can configure an alias for either the server or the client depending on your particular environment.
After you’ve edited the synergy .conf file, type the following on a command line
synergys -f --config synergy.conf
to start the Synergy program on the server. The -f parameter tells the program to run in the foreground. When you’re satisfied with the configuration, omit the -f and the program will run in the background.
Configuring the Clients
Next, configure all the client screens.
On a Windows computer, run the
same Synergy program described previously in the server setup, but instead
of specifying this computer as a
server, click Use another Computer’s
shared keyboard and mouse (client), as Figure 2 shows. On a UNIX or Mac
computer, enter
synergyc -f <serverMachine>
at the command line. The client should connect to the server. If any warnings occur, you’ll see them on both the client and server Synergy status screens. One example of an error-causing condition is an incorrectly or inadequately identified host name. To fix this problem, you might add the FQDN or IP address as an alias to help Synergy find the computer.
If you’re successful, you’ll see a connected status message. In Windows, Synergy displays an icon showing the connected state.
Running with the -f parameter is useful. In this test mode, Synergy shows status and log messages to help troubleshoot any connection problems. If your systems won’t connect, check whether a host firewall is blocking the Synergy traffic. Also check that you set up the screen relationships properly and that your screen names are correctly recognized by Synergy. For example, your host name might be serverMachine, but Synergy recognizes it as serverMachine .domain.local.
Final Caveats
Synergy provides a lightweight
method of sharing a keyboard and
mouse among different platforms and
computers. However, you should be
aware of some caveats: Synergy
doesn’t perform authentication when
a client connects to a server, and Synergy doesn’t encrypt the data transmitted from a server’s keyboard when
it’s sent to a client. The Synergy Web
site offers a step-by-step solution for
using Secure Shell (SSH) to perform
both functions, which you’ll want to
investigate if you’re using Synergy in
an untrusted network.