7 Replies Latest reply on Dec 4, 2009 9:06 AM by irishjd

    Please, Please We need secure login

    Ciag

      Hi


      I know I have mentioned this before but for us the need for this feature is becoming more and more urgent. We need a secure authentication process login, something along the lines of SSL/Tacacs/Radius. I am currently trying to get other teams in our organisation to start untilising Orion but one of the resounding critisisms and reasons for resistance is the lack of a secure login.


      I know it's on the "road map" but can you give any idea of when it will be here, it's one of the last few enterprise level features to be added which is surprising specially with the new integration with NCM. It would be one of the finishing touches to an already superb application.


       Cheers


       Ciag

        • Re: Please, Please We need secure login
          denny.lecompte

          I can tell you we're working on authentication, but I can't give you a timeframe.

          • Re: Please, Please We need secure login
            pserwe

             As a workaround, I simply created an ASP redirect to push the http requests over to https after applying the necessary SSL cert to the IIS server.

             

            The only problem with this, is that it broke the SP1 upgrade process, and had to be disabled, then re-enabled after the upgrade succeeded.

             

            I'm not thrilled with it, but it is functional, if obnoxiously manual when it comes to SW software upgrades.

             

            Peter

            • Re: Please, Please We need secure login
              Miron

              Hi,


               As a rather expensive workaround is to use an SSL Offloader. We currently used F5 BIG as the front end to at least offer some protection in the absence of alternate authentication system. Probably best longer term anyway as all our webserver that use SSL would be offloaded to dedicated appliances although the integration with radius/tacacs/ad would be great.


               Regards


               


              Miron

                • Re: Please, Please We need secure login
                  pserwe


                  Hi,

                   As a rather expensive workaround is to use an SSL Offloader. We currently used F5 BIG as the front end to at least offer some protection in the absence of alternate authentication system. Probably best longer term anyway as all our webserver that use SSL would be offloaded to dedicated appliances although the integration with radius/tacacs/ad would be great.

                   Regards

                   

                  Miron

                   



                   

                  That is a rather expensive workaround.  If I had a business requirement to justify SSL offload in the first place, I would probably have one lying around, albiet
                  being used for other things, presumptively, my SSL load wouldn't be an issue, and I could certainly move another app under it.

                  Being that I don't, it's a ridiculous idea to solve an small development issue with a hardware solution.  Merely make the installation routine (is it 5 or 25 minutes
                  worth of development?) functional for either http or https, and connect however it was initially referenced.  Even smarter, detect the redirect or force-https from
                  the IIS configuration and put the redirect in the installation package so it can be run and installed over the top of by SW code.

                  We're not talking astrophysics, or even chemistry, I'd even argue we're not talking fine woodworking, we're talking about flipping burgers - development wise,
                  and while SW is not Burger King, I doubt that SW's product group would argue that this would not benefit literally every single customer, and that I probably can
                  after some amount of time, have it "my way".

                  Peter

                    • Re: Please, Please We need secure login
                      Miron

                       Peter,

                       I believe you have misconstrued the essence of my reply,(mostly meant to be lighthearted) yes a HW solution is not appropriate for the majority of solarwinds users. However for larger organisations that may have the capability or the unit running already for their existing webservers this is a potential solution so that the implementation and take up of solarwinds is not hampered by not having a secure enough interface. Also it lowers the processor overhead on the system if you are running it for a large number of viewers.

                       

                      :-)

                       

                      Miron

                        • Re: Please, Please We need secure login
                          pserwe


                           Peter,

                           I believe you have misconstrued the essence of my reply,(mostly meant to be lighthearted) yes a HW solution is not appropriate for the majority of solarwinds users. However for larger organisations that may have the capability or the unit running already for their existing webservers this is a potential solution so that the implementation and take up of solarwinds is not hampered by not having a secure enough interface. Also it lowers the processor overhead on the system if you are running it for a large number of viewers.

                           

                          :-)

                           

                          Miron

                           

                           

                           

                          No worries, it's partially sour grapes just because being that I don't have a business case for SSL offload at the moment, it's likely to be some time before I have one, so the solution doesn't do anything for ME!

                           ;)

                          Peter "Only Child" Serwe