Why mission-critical control rooms can’t share KVM infrastructure with the rest of the building
Mission-Critical KVM Infrastructure: Why Segregation Matters
Control rooms managing critical operations—data centres, power grids, emergency services—face unique demands that standard IT infrastructure cannot meet. Sharing KVM systems between mission-critical environments and general building operations introduces unacceptable risks to availability, security, and operational continuity.
Dedicated mission-critical KVM infrastructure delivers the redundancy, failover capabilities, and uptime guarantees required for high-stakes environments. G&D and Enova Technologies provide enterprise-grade KVM matrix solutions engineered for multiple “nines” availability—ensuring operators maintain uninterrupted access to critical systems when downtime could have catastrophic consequences.
Enova Technologies | G&D KVM
Why mission-critical control rooms can’t share KVM infrastructure with the rest of the building
KVM matrix availability (definition)
A KVM (Keyboard, Video, Mouse) matrix switch connects operators to multiple computers or sources across a control room. Availability refers to the percentage of time the system is operational, typically expressed as “nines”: 99.9% (three nines) allows 8 hours 45 minutes of downtime per year; 99.9999% (six nines) allows 30 seconds. Mission-critical environments require six nines or better because any interruption has direct operational consequences.
When Thales modernised the French Air Traffic Management system in the 4-Flight project, the DSNA needed KVM infrastructure for their control rooms. The selection criteria were not standard IT procurement. Availability was measured in seconds of downtime per year, not hours. Security certifications had to satisfy aviation authorities. A firmware update that rebooted the switch was not an acceptable maintenance procedure.
Guntermann & Drunck (G&D) was chosen. Their KVM matrix systems are now deployed in French and German air traffic control environments, and in broadcast and critical production facilities worldwide. The specification that drove that decision applies to any control room where a failure has operational consequences: live broadcast, emergency operations, traffic management, government command.
The Availability Gap: Control Room vs Enterprise IT
Permitted downtime per year at each availability tier
Downtime figures are annual totals. Bars are proportional. Aviation and safety-critical control room environments typically require six nines or better. Enterprise IT infrastructure typically operates to three or four nines.
The gap between 99.9% and 99.9999% is not a rounding error. It is the difference between 8 hours and 45 minutes of downtime per year and 30 seconds. A KVM switch designed for the enterprise tier will not meet the control room tier. Sharing the same infrastructure means accepting the same maintenance windows, the same firmware update procedures, and the same availability ceiling.
Shared vs Dedicated KVM Architecture
Why control room and enterprise IT must be separated at the KVM layer
Shared KVM Matrix
Dedicated G&D KVM
What G&D builds differently
Five capabilities that define the mission-critical tier
| # | Capability | Why it matters |
| [1] | DirectRedundancyShield | Component failure triggers instant switchover to backup. No reconnection wait. No dropped operator session. |
| [2] | SecureCert: CC EAL2+ / DoDIN APL / FIPS 140-3 | G&D’s SecureCert feature delivers all three certifications. Required for defence and government environments; increasingly expected in critical broadcast infrastructure. |
| [3] | Physical isolation | G&D is designed to run as a dedicated matrix for the control room. Maintenance on adjacent IT infrastructure does not affect it. |
| [4] | ATC-grade redundancy design | Redundant power supplies, screen-freeze on connection failure, SNMP health monitoring, and multiple failover paths. Built for environments where “the switch will be back shortly” is not acceptable. |
| [5] | 40 years in mission-critical environments | G&D has been building KVM since 1985. Deployed in ATC centres, broadcast production facilities, and government control rooms across Europe and Asia-Pacific. |
The availability requirement for a control room and an IT office is not a rounding error apart. It is a categorical difference. Infrastructure built for one category will not meet the other. The architecture decision has to be made at the KVM layer, not patched on top of it.
Frequently asked questions
Why can’t a mission-critical control room share KVM infrastructure with enterprise IT?
A control room that shares a KVM matrix with enterprise IT inherits the same maintenance windows, firmware update reboots, and availability ceiling. Enterprise KVM typically operates to 99.9% to 99.99% uptime, which allows 52 minutes to 8 hours and 45 minutes of downtime per year. ATC and critical production control rooms require 99.9999% uptime, which is 30 seconds per year. The only way to meet that is a dedicated, isolated KVM architecture.
What is DirectRedundancyShield in G&D KVM systems?
DirectRedundancyShield is G&D’s redundancy feature for KVM-over-IP matrix systems. In the event of a component failure, the system switches to its backup path without requiring the operator to reconnect. There is no dropped session and no wait time. It is designed for environments where any interruption to the operator’s view has direct operational consequences.
What security certifications does G&D KVM hold?
G&D’s SecureCert feature provides Common Criteria EAL2+, DoDIN APL, and FIPS 140-3 certifications across its KVM-over-IP matrix product families including ControlCenter-IP, VisionXS-IP, and RemoteAccess-IP-CPU. Common Criteria EAL2+ was evaluated under the Italian IT security certification authority (OSCI). These certifications are required for defence and government environments and are increasingly expected in critical broadcast and production facilities.
Is G&D KVM used in air traffic control?
Yes. G&D KVM matrix systems are deployed in air traffic control environments across Europe and internationally. Notable deployments include the French Air Traffic Management modernisation (DSNA 4-Flight project, in partnership with Thales) and German air traffic control provider DFS (Deutsche Flugsicherung). G&D has been supplying ATC-grade KVM since the 1980s.
How does 99.9999% availability differ from 99.9% in practice?
99.9% uptime allows 8 hours and 45 minutes of downtime per year. 99.9999% uptime (six nines) allows 30 seconds per year. Moving from 99.9% to 99.9999% requires active-active redundancy, zero-downtime maintenance procedures, and KVM infrastructure that is physically isolated from general IT systems. Each additional nine requires an order-of-magnitude increase in architectural complexity and cost.
What is the difference between a mission-critical KVM and an enterprise KVM?
Enterprise KVM systems are designed for IT management use cases where brief downtime during maintenance is acceptable. Mission-critical KVM systems such as G&D are designed for control rooms where any interruption is operationally unacceptable. The differences include redundant power supplies, zero-reconnection-wait failover, security certifications for government and defence use, and physical architecture that isolates the control room from shared IT infrastructure.
Enova is an authorised G&D partner in Singapore. We can walk through how G&D’s architecture applies to your control room environment.
Ask about G&D for your control room
