SolarWinds Features Needing Updates After Hardening

With the new rules from DHS Emergency Directive 21-01 that at least Federal agencies must follow, I wanted that I to start a thread where we can consolidate feature upgrades needed to maintain functionality. If you find something, post it here. If someone creates a feature request to remedy functionality lost due to the required hardening, post a link here so the Federal & Government community can know about it and vote.

One that I noted is the requirement that, "The SolarWinds Orion server, the web server, and the database server instances must be installed on separate and dedicated hosts."  That would seem to preclude using the website on the main Orion® server to run a centralized upgrade. I submitted a feature request to support running centralized upgrades from an AWS.

  • It depends on how you interpret this.   You shouldn't be able to access the web service on the main server from outside the subnet that server resides on.   You could potentially log in to that server and http to localhost to do it though.   That being said, you'll need to download the installation package to somewhere else and transfer it to the main server since it shouldn't have access to the Internet.   I believe that makes it so you will have to run the installation package itself, and not use the web-based install, although I haven't done that in a while to check.   I don't think you can use the web based installation with the downloaded installation package though.

  • I thought the "separate and dedicated hosts" line was clear: The main Orion server must not house the Orion Web Console or run a website. Since logging into the OWC is required to perform a centralized upgrade, that means logging in to the OWC via an Alternate Web Server.

    As I posted here, I tried using the offline installer to pre-stage files, then logging into the Orion Web Console via an AWS to run the upgrade. It partially worked. The upgrade kicked off and ran fine. Percentages of completion for each server continued updating throughout the upgrade.Once the main server was upgraded (the centralized upgrade finishes the main server, then pushes to the other servers and installs there), I had an error on screen.

  • I don't know if it is possible to install the primary polling engine without the web site, but this could potentially be mitigated by only allowing your Orion users to reach the additional web server (by using network and Windows firewall rules, and/or IP restrictions in IIS). I wonder if this would satisfy the directive for agencies.