At Pro2col, we regularly review the managed file transfer market place. This means we can give the most up-to-date advice to our customers. Reviews might be prompted by an acquisition or merger, as well as ongoing monitoring of customer support, product updates and roadmaps.
The latest Solarwinds Serv-U MFT server review, December 2024
When SolarWinds bought the Serv-U SFTP & MFT product range from Rhinosoft in 2012, it appeared to offer the budget software vendor the opportunity to kick on and continue to develop the platform into a solution to compete with then market leaders, EFT Server and MOVEit. Fast forward 12 years and that couldn’t be further from the truth.
Seeing three more Serv-U CVE’s this Summer, I thought it's time to take a more hands on approach to reviewing Solarwinds MFT solution. In the past, I’d appraised it from afar, taking on-board first-hand feedback from users of the solution we’d helped replace it with something else, whilst delving into the considerable online content to piece together the story. This time we downloaded the software and got stuck in.
In specialising in managed file transfer solutions since 1999, I’ve got a pretty decent idea of what a company would need from a solution. We’ve been ever-present in the market throughout the ‘era’ the software has existed, helping to define what constitutes an MFT solution. To paraphrase it here, for the context of reviewing Serv-U, an MFT solution consists of at least three components, these are:
- A file transfer server, somewhere to host files for collection or to be uploaded to.
- A workflow engine, a tool that enables the pushing and pulling of files to files stores, internal and external to the business using it.
- A gateway, also known as a proxy, for securing the incoming and outgoing connections to either the file transfer server or the workflow engine.
Other components regularly included are file collaboration, remote agents, email integration, dashboarding and more.
MFT Server Architecture
With the above definition provided, the first point to note is the architecture of their MFT solution.
File Transfer Server | Workflow Engine | Proxy |
The main component of Serv-U MFT is their file transfer server. It’s a reasonably functional server component supporting various files transfer protocols including SFTP, FTPS, HTTPS & less secure versions. | This sadly is not just lacking but more or less non-existent. I often refer to the workflow engine as the ‘brains’ of an MFT solution but in SolarWinds Serv-U solution any offered capability counters the purpose of having an MFT solution. We’ll dig into that later. | Serv-U MFT does have a proxy but it only does half the job. It does have a reverse proxy which is used to secure inbound connections to an MFT server. It doesn’t have an outbound proxy. In Serv-U’s case this isn’t a problem as it doesn’t support outbound connections due to no Workflow Engine. |
Serv-U Functionality or Lack Thereof
Serv-U MFT is so far behind other more complete managed file transfer solutions it's hard to know where to start when looking at capability and functionality. With that in mind, I’m going to focus in on the last few releases of new functionality. Spoiler alert – new functionality doesn’t appear high on the SolarWinds agenda.
In October, SolarWinds released v15.5, a significant point release with enhancements trumpeted including MFA, more secure custom branding and support for new ciphers.
In April, with the release or 15.4.2, the top improvement touted was the support of Windows Server 2022, three years after its launch in 2021. At the time or writing, Microsoft Windows Server 2025 is not supported.
I could fill pages of content comparing and contrasting other solutions with Serv-U, but ultimately it wouldn’t achieve anything. None of the functionality added above screams that it is a product trying to catch up with the competition, it signposts a tool that it is in maintenance mode and delivering the minimum it can to maintain any relevance.
Workflow Engine – What Workflow Engine?
The workflow engine is the key component to an MFT solution, the brains of the operation. The purpose of a workflow engine is to provide file transfer automation by way of a low-code / no-code application to replace home grown scripts, providing a tool which at least provides the basics for file movement, audit and reporting. There are often times where the last mile of integration requires some custom coding and scripting but those scripts are then ‘managed’ inside the workflow engine providing scheduling, restart and other functionality to ensure the script does what it was built to do, also meaning the amount of scripting required is kept to a minimum.
Serv-U MFT doesn’t seem to grasp this principle. It takes the approach that it will execute a script but without any additional fail-safes to retry on failure and report or notify on failed attempts to complete an action.
In painting the picture that Serv-U is a MFT solution, it offers the following limited and in ‘Balloon Tip’ unusual ‘Common Events Actions’. The below screenshot is the entire list of automation events offered.
Pricing Comparison
With the price of the file transfer server at nearly £3,000, I have to recommend caution. This does not represent good value for the file transfer server component, especially given its extremely limited functionality and the vast history of CVE’s; frankly it is my opinion that you’ll likely be putting your infrastructure at risk by implementing Serv-U MFT.
Summary
A majority of the products that label themselves ‘MFT’ solutions, fit the definition by having all the components required. Serv-U struggles to offer a complete file transfer server, and with no workflow engine, an organisation has little potential to maximise the value of the investment. By this I mean, if you purchase a file transfer server from another vendor which has the other components e.g. workflow engine or remote agents, other use cases can be added to the platform at a later date, allowing you to benefit from the centralisation and governance of file transfers.
Commonly the file transfer server is implemented as a drop-off or collection point for external organisations, whereas the workflow engine allows for the movement of data on to the next step of the business process, push files to external suppliers systems, push to cloud storage or SaaS platforms, all the time extending and centralising file transfer activities and governance. Serv-U offers none of this. Serv-U has questionable quality controls in place to check the software code for security flaws. Personally, I’d give it a miss.
Previous Solarwinds Serv-U MFT server review, September 2023
Serv-U has continued to pop up on my Google Alerts radar over the past two years, since my previous review in July 2021.
In my post below I bemoaned the lack of a modern HTML5 web interface for drag and drop of files into the web browser, something that most other file transfer solutions had benefited from for years. SolarWinds added this feature in version 15.3 some six short months after my review, in January 2022, maybe they were listening, who knows. The UI was the only change though, all other improvements were as a consequence to the move from Java.
However, development has been somewhat limited since with most of the focus to make the new web interface stable and fixing bugs.
There have been another four CVE’s, or publicly disclosed security flaws since my last report. This now brings their total to sixty five listings for Serv-U on the CVE database since the product was first launched. To put this into context, this is more than double all of our core vendors products combined. There is a marked increase in them following the purchase of Serv-U from Rhinosoft, the original software vendor. In my opinion it shows a wilful disregard for their customers security, poorly tested software effectively being beta tested on Serv-U customers environments.
I’ve said it before and I will continue to bang this drum, Serv-U whilst cheap is not a credible file transfer solution. In using it within your business you are putting your data, your customers data and your trading partners data at risk.
If you have Serv-U and would like to move, speak to our team. We have a complete range of services to include helping you find the right alternative for your budget, including helping you migrate your trading partners to the selected platform.
Previous Solarwinds Serv-U MFT server review, July 2021
The latest SolarWinds security vulnerability finds the much maligned Serv-U product line under the spotlight. Microsoft discovered the vulnerabilities and reported them privately, explains SolarWinds in its published advisory notice.
James Lewis, Managing Director of Pro2col commented, “Pro2col has helped many users to migrate off the SolarWinds Serv-U product line, largely due to the lack of support and product development. Personally, I believe calling it an MFT tool is misleading, it doesn’t meet with the market definition for MFT, which is further validated by its exclusion from Gartner’s MFT Market Snapshot 2021. As independent experts in secure, managed file transfer we strongly advise against running Solarwinds Serv-U MFT and Serv-U Secure FTP.”
If you’re a Serv-U user, it would be worthwhile to read the rest of this review, the advisory and apply the hot fixes. Our expert MFT comparision service is designed to help you find the right MFT soultion to fit your business needs.
If you’d like independent, expert advice on your options, contact our expert team who will walk you through the process of migrating to an actively developed/supported MFT platform, fit for the modern enterprise.
Examining Solarwinds Serv-U MFT server, March 2021
Recently, a company alerted us to an issue with SolarWinds Serv-U MFT, which our experts swiftly looked into.This particular Serv-U customer is a well-known global enterprise who – unfortunately – was given poor advice by the SolarWinds support team. It related to running a simple update to patch some bugs and provide some much-needed security enhancements. The customer’s technical team even took the opportunity to call the SolarWinds support team to double-check that users would be able to log in as stated below once the update had been run.
However, upon running the update, upwards of 5,000 trading partners’ passwords were corrupted, resulting in mission-critical transfers failing. A quick glance at the SolarWinds Serv-U message board shows that many users have been having the same issues since September 2020, but there has been no official response from the Serv-U team, despite repeated requests for an update.
The company’s frustrated technical team, backed by the board’s financial approval, engaged Pro2col to be their trusted advisors in finding an alternative platform.
Is it really managed file transfer?
Pro2col defines managed file transfer as needing to cover three key areas:
- The secure gateway or proxy
- The file transfer server
- The workflow automation engine
There are frequently other elements to a solution but the above three are the basics. Gartner’s definition is slightly different but covers the same core features.
“MFT on-premises offerings usually comprise four discrete functionalities that organisations can deploy separately. However, organisations often deploy them as a suite. The functionalities basic to MFT are server, client/agent, proxy and plug-in for ad hoc transfers.”
Gartner – January 2021.
Solarwinds only offers two of the three basics – the proxy and the server – meaning that by our definition, and that of Gartner, it isn’t a managed file transfer solution at all. It falls short on the most important element; the one which provides the most significant value to an organization. The workflow automation.
Let’s take a deeper dive into what you don’t get when investing in Serv-U MFT Server.
Serv-U MFT product analysis
As mentioned before, the basic building blocks of a managed file transfer solution comprise of the proxy, server and automation. We’re going to take a look at some of the limitations.
The proxy is the simplest element of any managed file transfer solution. It acts as perimeter security, providing two functions:
- To allow incoming file transfers when agreed by the file transfer server (reverse proxy)
- To route outgoing transfers sent by the file transfer server’s workflow component (forward proxy)
Serv-U has a reverse proxy that positively differentiates it from other inexpensive file transfer servers. Where a proxy isn’t available it is necessary to rely on the firewall to provide port forwarding. For example, SFTP traffic hitting the firewall on port 22 is forwarded to the file transfer server. Many ‘SFTP servers’ are still being deployed in the DMZ, rather than sitting behind a proxy. This is not considered best practice.
Serv-U does not have a forward proxy to route outgoing transfers, however. So whilst it is competitively priced at £804, it is missing this key feature that you’ll see in products from the market leaders. You can find out more about forward and reverse proxy in our blog, The Advantages of Using a Forward and Reverse Proxy.
Serv-U MFT Server
Serv-U is essentially a solid SFTP/FTPS server.
Solarwinds website states it’s possible to “upload and download files quickly and easily”, and that “ad-hoc file sharing is easy”. However, almost all file transfer vendors made the shift to using HTML5 to govern file uploads/downloads in the web browser between 3-5 years ago, but not Solarwinds. This places it at a disadvantage compared to almost all the solutions we work with.
Serv-U’s standard option only allows single file upload and download so, in order to upload larger files, users are required to install a Java client into the web browser. This technology is old, insecure and most modern web browsers flag up security warnings when it loads. You risk damage to your company reputation if a trading partner attempts to upload a file, and receives a security warning that is prompted by the web browser – something you as a Serv-U user would have no control over.
To give this some context, Solarwinds’ competitors, Progress, replaced Java applets with HTML5 in 2017 and Globalscape completed the switch in 2018.
The management console interface isn’t a great deal better. The website claims to have a new GUI. It was delivered pre-2019, and cleardfdfddsfsly frames the previous application interface in a modern browser and menu system:
- https://www.serv-u.com/serv-u-managed-file-transfer-server
- https://www.serv-u.com/web-client
Automation
Serv-U MFT’s claims of providing automation are, in our opinion, overstated. In fact, what they offer is the ability to execute an event based upon certain server events and criteria filters. The server events are limited to:
- Send an email notification
- Show a balloon tip in the system tray
- Write to a Windows event log
- Execute a command
This is an extremely limited feature set compared to best in breed manage file transfer solutions. The ability to execute an external script or programme does add some value, but there is no further control over the failure of that script to execute, thus failing to provide the visibility and control that are the key drivers behind implementing managed file transfer.
Standard automation features you’d expect from any basic managed file transfer solution, such as folder monitors or timer/scheduled events, are missing. In fact, I would go as far as to say that any workflow automation would need to be driven from outside of Serv-U, begging the question: When a standard SFTP server is half the price, why would you purchase SolarWinds?
- https://www.serv-u.com/automated-file-transfer
- Source – Serv-U File Server Administrator Guide 15.2.1
Development
I spoke with a previous Serv-U product manager back in 2019 and his response was pretty conclusive:
“Serv-U is not scheduled for anything but maintenance as far as I know. It received an administration facelift but that was just about it; since we added the MFT proxy and there was no appetite to pursue scheduled transfers in a meaningful way, the product is essentially complete.”
Past Serv-U Product Manager
The limited progress Serv-U is making is made worse by irregular software release cadence and the lack of any new features. The release notes clearly show that updates are delivering security enhancements and patches. The Serv-U community board shows an increasing frustration by existing customers wanting answers, specifically to the Java issues, but getting no feedback.
Reviews
Review websites are becoming an increasingly valid way to gain an understanding of how well a product or company is performing. There are lots to choose from, but in the software marketplace G2 and Capterra are two of the best.
Upon checking G2, we found it has five four-star Serv-U reviews, but even those provided the following feedback:
- The software depends on Java to run so, if you do not have it installed, Serv-U will not go anywhere
- Support level could have been improved
- The user interface can take some time to realise all the features it offers
- UI is kind of outdated and not responsive – and quite expensive
There have been no positive reviews since 2019.
Most interesting was Solarwinds’ extensive catalogue of product reviews on Capterra. In total, 32 products are listed, and interestingly Serv-U was not among them.
Solarwinds uses a number of reviews on its Serv-U website claiming it’s the best solution. However, what it fails to tell you is that the research firm, Techvalidate, which they used to capture the reviews, was engaged in 2015.
Conclusions
Given both ours and Gartner’s definition of managed file transfer, in my opinion, Serv-U is not MFT. It doesn’t have the requisite basic features and has largely remained the same since it was acquired from the previous vendor in 2012.
If you’re looking for a no-frills, file transfer server, and don’t need a modern interface and the use of a Java applet is acceptable to you and your business partners, then you can still include Serv-U in your shortlist. For most organisations though, for most, that isn’t practical.
Serv-U MFT Alternatives
Serv-U is inexpensive in managed file transfer software terms, but the implication of implementing it might cost significantly more further down the road.
As the independent experts, our team can help you determine which features you’ll need, both now and into the future, based on the challenges you’re likely to experience. Additionally, we’re best placed to help you find the right solution to meet your infrastructure, compliance, security and budgetary needs.
If you’re considering Serv-U for your project or would like assistance implementing an alternative to replace it, we’re here to help. You can either speak to a technical consultant about your requirements or visit our comparison questionnaire below to get a bespoke recommendation report.
About the Author:
|
Further Reading:
Take the risk out of selecting an MFT solution with our free, independent comparison service!
Our comparison report identifies the right solution for your needs and budget. Complete a series of questions and receive a bespoke product recommendation from our technical experts.