1 Reply Latest reply on Jul 19, 2017 4:10 PM by tdanner

    Connect-Swis Authentication Issues

    willelfakir

      Hello,

       

      My company does not allow for the Orion SDK to be installed on the same server as the SQL database is on.

       

      We are also not allowed to hard code any username or passwords into our scripts.

       

      The admin does not want to enter their username or password using the get-credential call either.

       

      That leaves me with two options when using connect-swis:

       

      -Trusted and -Certificate

       

      I have already tried both of these options remotely but have no success, I believe there is a firewall blocking my access.

       

      How have you guys overcome this security issue?

       

      Also what exactly are these calls?

       

      Thanks,

       

      Will.

        • Re: Connect-Swis Authentication Issues
          tdanner

          I don't know why you would install the Orion SDK on the SQL Server. Installing it on the Orion server is common, but certainly not required.

           

          The "-Trusted" option will authenticate with Orion using the Windows token of the user running PowerShell. This means that the Orion server must be in the same domain as you, or at least it must trust your domain. Are you able to log in to the Orion web console using your Windows identity (the same one you are running PowerShell as)? If so then you should be able to use -Trusted.

           

          The "-Certificate" option will authenticate with Orion using the public/private key auth. There's only one certificate that Orion will accept: the "SolarWinds-Orion" certificate. You can find this in the Local Machine certificate store on the Orion server. If you want to use it from another system, you will need to export it from the Orion server and import it on the other server.

           

          There is an option to use username+password authentication without putting the credentials in the script and without typing them in interactively every time: put them in an encrypted file. PowerShell actually makes it pretty easy to do the right thing here: Handling Secrets and Credentials - PowerShell - Stack Overflow