Showing results for 
Search instead for 
Did you mean: 
Create Post

Federal Security and SolarWinds product installs - what are your Top 3 problems

Happy New Year to all.  And let's try something new.

Many Fed customers (especially DOD) have to document exceptions made to their security settings in order for various SolarWinds products to be installed and configured to work.  Can you tell us your top 2 or 3 items that cause this type of "friction" during the installation of SolarWinds products?

For example: before NCM version 7.2.0 many DOD customers had to document and get approval for a DISA STIG Category 1 vulnerability exception in order to run automated jobs - even the critical daily config backup.  The root cause was that NCM (before V7.2.0) used Windows Task Scheduler for automated jobs; and Windows Task Scheduler required the storing of a user name and password in a way that apparently is not very secure.  So disabling the Microsoft Windows Task Scheduler on the NCM server disabled the automated backup of configurations.  If you use NCM then you know the automated daily/weekly backups is likely the key reason to use it, so clearly this was really bad for NCM customers.

Several customers reached out to SolarWinds to ask us to fix this security vulnerability to "reduce friction" during the installation / implementation process.  With the release of NCM 7.2 last summer this problem was resolved.

Another recent example is the type of DB connection caused "friction" for a DOD customer.  Apparently connecting to SQL Server via "Windows Authentication mode" is a compliance requirement, while NCM requires the use of "mixed mode authentication".  So the customer has to document the exception, get it approved, etc...

This might open a big can of worms, but for those of you that are Federal IT professionals, what are the top 2 or 3 issues that cause friction when installing SolarWinds products?

Feel free to send me a private message if you don't want to make your issues public.