As security administrators, we often find ourselves installing multiple OS platforms just to be able to use particular tools. For example, UNIX provides a few best-of-breed security tools not available on Windows, and Windows hosts wide-ranging business tools in Microsoft Office not available on native Linux. You can find many solutions that let you take software based on one platform and run it on a different platform. For example, emulation products such as Cygwin (a Windows-based environment for running particular Linux applications) or virtual machine (VM) software such as
VMware Server or Microsoft Virtual Server let you essentially build multiple separate computers on one physical host. Sometimes, however, you want the speed, compatibility, or redundancy of running various platforms on physically separate computers. In this situation, a useful tool called Synergy can help you control multiple computers and monitors from a single keyboard and mouse.
How Synergy Works
A traditional KVM switch requires a keystroke or activation of a physical switch to shift keyboard and mouse input and video from one computer to another. Similar in concept, the Synergy software lets you share a keyboard and mouse among two or more computer systems and monitors. However, Synergy requires that each computer be connected to its own monitor. What this means is that you can place your Windows laptop beside the monitor connected to your Linux or Macintosh (or another Windows) computer, start the Synergy software, and control both systems with just one keyboard and mouse. You simply drag your mouse from one monitor to the other and the keyboard input switches to the other computer. This setup can be very efficient for security administrators who run predominately UNIX systems but also need to keep an eye on Microsoft Outlook running on a Windows system or perform Windows administrative tasks.
Synergy is a client/server tool that basically works like this: The computer whose keyboard and mouse you’ll use acts as the primary computer, or server. Synergy uses the TCP/IP network to send the keyboard/mouse commands entered at that primary computer to the secondary computer, or client.
Synergy does a remarkable job of capturing the keyboard and mouse input—sometimes you even forget that you’re using multiple platforms. You can share clipboards between your server and client, and even across different platforms. For example, you could copy text from Safari on a Mac and paste it into an Outlook email message on a Windows machine. Let’s walk through how to download and install Synergy on the client and server, edit a configuration file, and start the service.
Download Synergy at http://synergy2.sourceforge.net. The latest version (1.3.1), runs on Windows 95 and later, Mac OS X 10.2 and later, and most versions of UNIX that run X Window version 11 revision 4 or later. Extract the latest version of Synergy to each of the systems you wish to control. On the Windows platform, run the program SynergyInstaller-1.3.1.exe to install the application. On UNIX systems, you’ll edit a configuration file contained in the extracted Synergy package. Although Synergy works as a client/server application, you actually install the same package on each computer. The computer with the keyboard and mouse physically connected will be your server and all other systems will be clients. (Synergy refers to the server and client computers as “screens.”) Next, we’ll define the physical relationships between these screens.
Configuring a Windows Server
After you’ve installed Synergy on each computer that you wish to control, you need to configure it. I’ll first describe how to configure Synergy for a Windows server screen, then for a UNIX server screen, and finally for client screens.
On a Windows-based server, click Start, All Programs, Synergy to launch the Synergy program. Click Share this computer’s keyboard and mouse (server). Next, in the Screens & Links dialog box, click Configure and add each of the computers, or screens, you wish to share. At a minimum, you must use two screens—the server and a client—but you can add multiple clients if you physically have the computers. Click the plus (+) button and enter your server computer’s host name in the Screen Name text field. Click the + button again and enter the host name of the computer that you want to share the server’s keyboard and mouse—this will be your client. As aliases, you can enter alternate names of the computers; for example, you could enter the NetBIOS name as the screen name and then enter the fully qualified domain name (FQDN) of the computer, or even an IP address, as an alias.
Next, specify the physical relationship, or link, between the computers. The configuration fields for links might be confusing at first. Think about how your computer monitor screens are placed in relation to each other, not from your point of view as you face the computers. If your server computer is physically situated to your client computer’s right, you would configure the relationship like this:
0 to 100% of the left of
serverMachine goes to
0 to 100% of clientMachine
then click Links + to add the link. This configuration means that if you drag your mouse across any portion (0 to 100 percent) of the left edge of the server’s screen, Synergy will transfer keyboard and mouse control to the client computer.
It’s important that you also define a reciprocal link to return the mouse and keyboard control to the server. Enter
0 to 100% of the right of
clientMachine goes to
0 to 100% of serverMachine
and click Links + to add the reciprocal link.
Under Links you should see a translation of your entries that looks something like this: <serverMachine> is left of <clientMachine> and <client-Machine> is right of <serverMachine>. Click OK. Usually this minimalist configuration is sufficient to set up mouse and keyboard controls, but if you have problems using special keys such as Caps Lock, Num Lock, and Scroll Lock, you can change their behavior from this configuration dialog box as well. (I haven’t encountered problems with these keys when working with Windows and Mac OS X computers.)
Additionally, you can configure other settings of the program, such as whether it should wait a small amount of time before it switches to the other screen, by clicking the Options button. Synergy uses TCP port 24800 to transmit the keys and mouse movements between the client and server computer, so be sure to configure any intermediary firewalls to allow this network traffic. Click the Advanced button to change the port or to specify an interface for Synergy to listen on—for example, if you have a laptop with both a wireless and a LAN interface and you want Synergy to use a particular interface.
When you’re ready, click the Test button. You’ll see the Synergy program confirm that it has started.
Configuring the Server for UNIX
In concept, you configure a Synergy server on UNIX and Mac much like you do on Windows—essentially, you edit a text file. Within the Synergy-extracted folders, you edit the synergy.conf file, which contains all the configuration options for either a primary or secondary screen configuration.
Figure 1 shows a simple configuration file that mimics the setup I discussed in the previous section. The first section, titled section: screens, lists each of the screens identified by its host name. The second section, titled section: links, defines the characteristics of the screens, such as their position relative to the other screens. ServerMachine and clientMachine represent the host names of the two systems that will share the keyboard and mouse. The third section, titled section: aliases, defines aliases for the computers. You can configure an alias for either the server or the client depending on your particular environment.
After you’ve edited the synergy .conf file, type the following on a command line
synergys -f --config synergy.conf
to start the Synergy program on the server. The -f parameter tells the program to run in the foreground. When you’re satisfied with the configuration, omit the -f and the program will run in the background.
Configuring the Clients
Next, configure all the client screens. On a Windows computer, run the same Synergy program described previously in the server setup, but instead of specifying this computer as a server, click Use another Computer’s shared keyboard and mouse (client), as Figure 2 shows. On a UNIX or Mac computer, enter
synergyc -f <serverMachine>
at the command line. The client should connect to the server. If any warnings occur, you’ll see them on both the client and server Synergy status screens. One example of an error-causing condition is an incorrectly or inadequately identified host name. To fix this problem, you might add the FQDN or IP address as an alias to help Synergy find the computer.
If you’re successful, you’ll see a connected status message. In Windows, Synergy displays an icon showing the connected state.
Running with the -f parameter is useful. In this test mode, Synergy shows status and log messages to help troubleshoot any connection problems. If your systems won’t connect, check whether a host firewall is blocking the Synergy traffic. Also check that you set up the screen relationships properly and that your screen names are correctly recognized by Synergy. For example, your host name might be serverMachine, but Synergy recognizes it as serverMachine .domain.local.
Synergy provides a lightweight method of sharing a keyboard and mouse among different platforms and computers. However, you should be aware of some caveats: Synergy doesn’t perform authentication when a client connects to a server, and Synergy doesn’t encrypt the data transmitted from a server’s keyboard when it’s sent to a client. The Synergy Web site offers a step-by-step solution for using Secure Shell (SSH) to perform both functions, which you’ll want to investigate if you’re using Synergy in an untrusted network.