At Pro2col, we regularly review the managed file transfer market place. This means we can give the most up-to-date advice to our customers. Reviews might be prompted by an acquisition or merger, as well as ongoing monitoring of customer support, product updates and roadmaps.
The latest Solarwinds Serv-U MFT server review, September 2023
Serv-U has continued to pop up on my Google Alerts radar over the past two years, since my previous review in July 2021.
In my post below I bemoaned the lack of a modern HTML5 web interface for drag and drop of files into the web browser, something that most other file transfer solutions had benefited from for years. SolarWinds added this feature in version 15.3 some six short months after my review, in January 2022, maybe they were listening, who knows. The UI was the only change though, all other improvements were as a consequence to the move from Java.
However, development has been somewhat limited since with most of the focus to make the new web interface stable and fixing bugs.
There have been another four CVE’s, or publicly disclosed security flaws since my last report. This now brings their total to sixty five listings for Serv-U on the CVE database since the product was first launched. To put this into context, this is more than double all of our core vendors products combined. There is a marked increase in them following the purchase of Serv-U from Rhinosoft, the original software vendor. In my opinion it shows a wilful disregard for their customers security, poorly tested software effectively being beta tested on Serv-U customers environments.
I’ve said it before and I will continue to bang this drum, Serv-U whilst cheap is not a credible file transfer solution. In using it within your business you are putting your data, your customers data and your trading partners data at risk.
If you have Serv-U and would like to move, speak to our team. We have a complete range of services to include helping you find the right alternative for your budget, including helping you migrate your trading partners to the selected platform.
Previous Solarwinds Serv-U MFT server review, July 2021
The latest SolarWinds security vulnerability finds the much maligned Serv-U product line under the spotlight. Microsoft discovered the vulnerabilities and reported them privately, explains SolarWinds in its published advisory notice.
James Lewis, Managing Director of Pro2col commented, “Pro2col has helped many users to migrate off the SolarWinds Serv-U product line, largely due to the lack of support and product development. Personally, I believe calling it an MFT tool is misleading, it doesn’t meet with the market definition for MFT, which is further validated by its exclusion from Gartner’s MFT Market Snapshot 2021. As independent experts in secure, managed file transfer we strongly advise against running Solarwinds Serv-U MFT and Serv-U Secure FTP.”
If you’re a Serv-U user, it would be worthwhile to read the rest of this review, the advisory and apply the hot fixes. Our expert MFT comparision service is designed to help you find the right MFT soultion to fit your business needs.
If you’d like independent, expert advice on your options, contact our expert team who will walk you through the process of migrating to an actively developed/supported MFT platform, fit for the modern enterprise.
Examining Solarwinds Serv-U MFT server, March 2021
Recently, a company alerted us to an issue with SolarWinds Serv-U MFT, which our experts swiftly looked into.This particular Serv-U customer is a well-known global enterprise who – unfortunately – was given poor advice by the SolarWinds support team. It related to running a simple update to patch some bugs and provide some much-needed security enhancements. The customer’s technical team even took the opportunity to call the SolarWinds support team to double-check that users would be able to log in as stated below once the update had been run.
However, upon running the update, upwards of 5,000 trading partners’ passwords were corrupted, resulting in mission-critical transfers failing. A quick glance at the SolarWinds Serv-U message board shows that many users have been having the same issues since September 2020, but there has been no official response from the Serv-U team, despite repeated requests for an update.
The company’s frustrated technical team, backed by the board’s financial approval, engaged Pro2col to be their trusted advisors in finding an alternative platform.
Is it really managed file transfer?
Pro2col defines managed file transfer as needing to cover three key areas:
- The secure gateway or proxy
- The file transfer server
- The workflow automation engine
There are frequently other elements to a solution but the above three are the basics. Gartner’s definition is slightly different but covers the same core features.
“MFT on-premises offerings usually comprise four discrete functionalities that organisations can deploy separately. However, organisations often deploy them as a suite. The functionalities basic to MFT are server, client/agent, proxy and plug-in for ad hoc transfers.”
Gartner – January 2021.
Solarwinds only offers two of the three basics – the proxy and the server – meaning that by our definition, and that of Gartner, it isn’t a managed file transfer solution at all. It falls short on the most important element; the one which provides the most significant value to an organization. The workflow automation.
Let’s take a deeper dive into what you don’t get when investing in Serv-U MFT Server.
Serv-U MFT product analysis
As mentioned before, the basic building blocks of a managed file transfer solution comprise of the proxy, server and automation. We’re going to take a look at some of the limitations.
The proxy is the simplest element of any managed file transfer solution. It acts as perimeter security, providing two functions:
- To allow incoming file transfers when agreed by the file transfer server (reverse proxy)
- To route outgoing transfers sent by the file transfer server’s workflow component (forward proxy)
Serv-U has a reverse proxy that positively differentiates it from other inexpensive file transfer servers. Where a proxy isn’t available it is necessary to rely on the firewall to provide port forwarding. For example, SFTP traffic hitting the firewall on port 22 is forwarded to the file transfer server. Many ‘SFTP servers’ are still being deployed in the DMZ, rather than sitting behind a proxy. This is not considered best practice.
Serv-U does not have a forward proxy to route outgoing transfers, however. So whilst it is competitively priced at £804, it is missing this key feature that you’ll see in products from the market leaders. You can find out more about forward and reverse proxy in our blog, The Advantages of Using a Forward and Reverse Proxy.
Serv-U MFT Server
Serv-U is essentially a solid SFTP/FTPS server.
Solarwinds website states it’s possible to “upload and download files quickly and easily”, and that “ad-hoc file sharing is easy”. However, almost all file transfer vendors made the shift to using HTML5 to govern file uploads/downloads in the web browser between 3-5 years ago, but not Solarwinds. This places it at a disadvantage compared to almost all the solutions we work with.
Serv-U’s standard option only allows single file upload and download so, in order to upload larger files, users are required to install a Java client into the web browser. This technology is old, insecure and most modern web browsers flag up security warnings when it loads. You risk damage to your company reputation if a trading partner attempts to upload a file, and receives a security warning that is prompted by the web browser – something you as a Serv-U user would have no control over.
To give this some context, Solarwinds’ competitors, Progress, replaced Java applets with HTML5 in 2017 and Globalscape completed the switch in 2018.
The management console interface isn’t a great deal better. The website claims to have a new GUI. It was delivered pre-2019, and cleardfdfddsfsly frames the previous application interface in a modern browser and menu system:
Serv-U MFT’s claims of providing automation are, in our opinion, overstated. In fact, what they offer is the ability to execute an event based upon certain server events and criteria filters. The server events are limited to:
- Send an email notification
- Show a balloon tip in the system tray
- Write to a Windows event log
- Execute a command
This is an extremely limited feature set compared to best in breed manage file transfer solutions. The ability to execute an external script or programme does add some value, but there is no further control over the failure of that script to execute, thus failing to provide the visibility and control that are the key drivers behind implementing managed file transfer.
Standard automation features you’d expect from any basic managed file transfer solution, such as folder monitors or timer/scheduled events, are missing. In fact, I would go as far as to say that any workflow automation would need to be driven from outside of Serv-U, begging the question: When a standard SFTP server is half the price, why would you purchase SolarWinds?
- Source – Serv-U File Server Administrator Guide 15.2.1
I spoke with a previous Serv-U product manager back in 2019 and his response was pretty conclusive:
“Serv-U is not scheduled for anything but maintenance as far as I know. It received an administration facelift but that was just about it; since we added the MFT proxy and there was no appetite to pursue scheduled transfers in a meaningful way, the product is essentially complete.”
Past Serv-U Product Manager
The limited progress Serv-U is making is made worse by irregular software release cadence and the lack of any new features. The release notes clearly show that updates are delivering security enhancements and patches. The Serv-U community board shows an increasing frustration by existing customers wanting answers, specifically to the Java issues, but getting no feedback.
Review websites are becoming an increasingly valid way to gain an understanding of how well a product or company is performing. There are lots to choose from, but in the software marketplace G2 and Capterra are two of the best.
Upon checking G2, we found it has five four-star Serv-U reviews, but even those provided the following feedback:
- The software depends on Java to run so, if you do not have it installed, Serv-U will not go anywhere
- Support level could have been improved
- The user interface can take some time to realise all the features it offers
- UI is kind of outdated and not responsive – and quite expensive
There have been no positive reviews since 2019.
Most interesting was Solarwinds’ extensive catalogue of product reviews on Capterra. In total, 32 products are listed, and interestingly Serv-U was not among them.
Solarwinds uses a number of reviews on its Serv-U website claiming it’s the best solution. However, what it fails to tell you is that the research firm, Techvalidate, which they used to capture the reviews, was engaged in 2015.
Given both ours and Gartner’s definition of managed file transfer, in my opinion, Serv-U is not MFT. It doesn’t have the requisite basic features and has largely remained the same since it was acquired from the previous vendor in 2012.
If you’re looking for a no-frills, file transfer server, and don’t need a modern interface and the use of a Java applet is acceptable to you and your business partners, then you can still include Serv-U in your shortlist. For most organisations though, for most, that isn’t practical.
Serv-U MFT Alternatives
Serv-U is inexpensive in managed file transfer software terms, but the implication of implementing it might cost significantly more further down the road.
As the independent experts, our team can help you determine which features you’ll need, both now and into the future, based on the challenges you’re likely to experience. Additionally, we’re best placed to help you find the right solution to meet your infrastructure, compliance, security and budgetary needs.
If you’re considering Serv-U for your project or would like assistance implementing an alternative to replace it, we’re here to help. You can either speak to a technical consultant about your requirements or visit our comparison questionnaire below to get a bespoke recommendation report.
About the Author:
Take the risk out of selecting an MFT solution with our free, independent comparison service!
Our comparison report identifies the right solution for your needs and budget. Complete a series of questions and receive a bespoke product recommendation from our technical experts.