0333 123 1240 info@pro2colgroup.com

Solarwinds Serv-U MFT Server review

SolarWinds Serv-U MFT Server Review

March 2021

At Pro2col, we regularly review the managed file transfer market place. This means we can give the most up-to-date advice to our customers. Reviews might be prompted by an acquisition or merger, as well as ongoing monitoring of customer support, product updates and roadmaps. Recently, a company alerted us to an issue with SolarWinds Serv-U MFT, which our experts swiftly looked into.

This particular Serv-U customer is a well-known global enterprise who – unfortunately – was given poor advice by the SolarWinds support team. It related to running a simple update to patch some bugs and provide some much-needed security enhancements. The customer’s technical team even took the opportunity to call the SolarWinds support team to double-check that users would be able to log in as stated below once the update had been run.

serv-u

However, upon running the update, upwards of 5,000 trading partners’ passwords were corrupted, resulting in mission-critical transfers failing. A quick glance at the SolarWinds Serv-U message board shows that many users have been having the same issues since September 2020, but there has been no official response from the Serv-U team, despite repeated requests for an update.

The company’s frustrated technical team, backed by the board’s financial approval, engaged Pro2col to be their trusted advisors in finding an alternative platform.

Is it really managed file transfer?

Pro2col defines managed file transfer as needing to cover three key areas:

  • The secure gateway or proxy
  • The file transfer server
  • The workflow automation engine

There are frequently other elements to a solution but the above three are the basics. Gartner’s definition is slightly different but covers the same core features.

“MFT on-premises offerings usually comprise four discrete functionalities that organisations can deploy separately. However, organisations often deploy them as a suite. The functionalities basic to MFT are server, client/agent, proxy and plug-in for ad hoc transfers.”

Gartner – January 2021.

Solarwinds only offers two of the three basics – the proxy and the server – meaning that by our definition, and that of Gartner, it isn’t a managed file transfer solution at all. It falls short on the most important element; the one which provides the most significant value to an organization. The workflow automation.

Let’s take a deeper dive into what you don’t get when investing in Serv-U MFT Server.

Serv-U MFT product analysis

As mentioned before, the basic building blocks of a managed file transfer solution comprise of the proxy, server and automation. We’re going to take a look at some of the limitations.

Forward and reverse proxy

The proxy is the simplest element of any managed file transfer solution. It acts as perimeter security, providing two functions:

  • To allow incoming file transfers when agreed by the file transfer server (reverse proxy)
  • To route outgoing transfers sent by the file transfer server’s workflow component (forward proxy)

Serv-U has a reverse proxy that positively differentiates it from other inexpensive file transfer servers. Where a proxy isn’t available it is necessary to rely on the firewall to provide port forwarding. For example, SFTP traffic hitting the firewall on port 22 is forwarded to the file transfer server. Many ‘SFTP servers’ are still being deployed in the DMZ, rather than sitting behind a proxy. This is not considered best practice.

Serv-U does not have a forward proxy to route outgoing transfers, however. So whilst it is competitively priced at £804, it is missing this key feature that you’ll see in products from the market leaders. You can find out more about forward and reverse proxy in our blog, The Advantages of Using a Forward and Reverse Proxy.

Serv-U MFT Server

Serv-U is essentially a solid SFTP/FTPS server.

Solarwinds website states it’s possible to “upload and download files quickly and easily”, and that “ad-hoc file sharing is easy”. However, almost all file transfer vendors made the shift to using HTML5 to govern file uploads/downloads in the web browser between 3-5 years ago, but not Solarwinds. This places it at a disadvantage compared to almost all the solutions we work with.

serv-u key features

Serv-U’s standard option only allows single file upload and download so, in order to upload larger files, users are required to install a Java client into the web browser. This technology is old, insecure and most modern web browsers flag up security warnings when it loads. You risk damage to your company reputation if a trading partner attempts to upload a file, and receives a security warning that is prompted by the web browser – something you as a Serv-U user would have no control over.

To give this some context, Solarwinds’ competitors, Progress, replaced Java applets with HTML5 in 2017 and Globalscape completed the switch in 2018.

The management console interface isn’t a great deal better. The website claims to have a new GUI. It was delivered pre-2019, and clearly frames the previous application interface in a modern browser and menu system:

Automation

Serv-U MFT’s claims of providing automation are, in our opinion, overstated. In fact, what they offer is the ability to execute an event based upon certain server events and criteria filters. The server events are limited to:

  • Send an email notification
  • Show a balloon tip in the system tray
  • Write to a Windows event log
  • Execute a command

This is an extremely limited feature set compared to best in breed manage file transfer solutions. The ability to execute an external script or programme does add some value, but there is no further control over the failure of that script to execute, thus failing to provide the visibility and control that are the key drivers behind implementing managed file transfer.

Standard automation features you’d expect from any basic managed file transfer solution, such as folder monitors or timer/scheduled events, are missing. In fact, I would go as far as to say that any workflow automation would need to be driven from outside of Serv-U, begging the question: When a standard SFTP server is half the price, why would you purchase SolarWinds?

 

Development

I spoke with a previous Serv-U product manager back in 2019 and his response was pretty conclusive:

“Serv-U is not scheduled for anything but maintenance as far as I know. It received an administration facelift but that was just about it; since we added the MFT proxy and there was no appetite to pursue scheduled transfers in a meaningful way, the product is essentially complete.”
Past Serv-U Product Manager

The limited progress Serv-U is making is made worse by irregular software release cadence and the lack of any new features. The release notes clearly show that updates are delivering security enhancements and patches. The Serv-U community board shows an increasing frustration by existing customers wanting answers, specifically to the Java issues, but getting no feedback.

 

Reviews

Review websites are becoming an increasingly valid way to gain an understanding of how well a product or company is performing. There are lots to choose from, but in the software marketplace G2 and Capterra are two of the best.

Upon checking G2, we found it has five four-star Serv-U reviews, but even those provided the following feedback:

  • The software depends on Java to run so, if you do not have it installed, Serv-U will not go anywhere
  • Support level could have been improved
  • The user interface can take some time to realise all the features it offers
  • UI is kind of outdated and not responsive – and quite expensive

There have been no positive reviews since 2019.

Most interesting was Solarwinds’ extensive catalogue of product reviews on Capterra. In total, 32 products are listed, and interestingly Serv-U was not among them.

Solarwinds uses a number of reviews on its Serv-U website claiming it’s the best solution. However, what it fails to tell you is that the research firm, Techvalidate, which they used to capture the reviews, was engaged in 2015.

 

Conclusions

Given both ours and Gartner’s definition of managed file transfer, in my opinion, Serv-U is not MFT. It doesn’t have the requisite basic features and has largely remained the same since it was acquired from the previous vendor in 2012.

If you’re looking for a no-frills, file transfer server, and don’t need a modern interface and the use of a Java applet is acceptable to you and your business partners, then you can still include Serv-U in your shortlist. For most organisations though, for most, that isn’t practical.

    Serv-U MFT Alternatives

    Serv-U is inexpensive in managed file transfer software terms, but the implication of implementing it might cost significantly more further down the road.

    As the independent experts, our team can help you determine which features you’ll need, both now and into the future, based on the challenges you’re likely to experience. Additionally, we’re best placed to help you find the right solution to meet your infrastructure, compliance, security and budgetary needs.

    If you’re considering Serv-U for your project or would like assistance implementing an alternative to replace it, we’re here to help. You can either speak to a technical consultant about your requirements or visit our comparison questionnaire below to get a bespoke recommendation report.

      Solution comparison tool

      Take the risk out of selecting an MFT solution with our free, independent comparison service!

      Our comparison report identifies the right solution for your needs and budget. Complete a series of questions and receive a bespoke product recommendation from our technical experts.

      The ROI of Managed File Transfer

      The ROI of Managed File Transfer

      If you are considering this technology, you need to estimate how quickly you will see a return on investment. After all, it needs to be worth it.

      Your return on investment will depend on the unique set of circumstances in your organisation and how far along you are in your digital transformation journey. For example, a large organisation will have many more processes that could be automated, compared to a small one.

      A good estimate is to calculate the number of hours spent each year on the manual processes and multiply that figure by the average hourly staff cost. Some of the cost savings to consider include:

      • Automating manual processes involving data, such as data re-entry into other systems, or moving files to a new location or team.
      • Time saved on help desk support relating to these tasks.
      • Time spent by technical experts maintaining home-grown scripts and legacy systems.
      • The risk of a data breach is greatly reduced, along with the associated costs from fines and reputational damage.

      You might also want to look at how vendors calculate ROI for their products. This infographic includes some examples, but never base your investment purely on these estimates. It is not always clear which parameters they are working from when they create a ‘typical organisation’. It could be very different from yours.

      References:

      Gartner on government digital transformation

      Gartner on government digital transformation

      Tackling crisis recovery, data standardisation, governance and security

      Digital transformation, crisis recovery and data standardisation were important themes discussed at the Government ICT conference last week. Pro2col’s Ailsa Gibbs considers these against Gartner advice, and offers pragmatic solutions to some seemingly insurmountable challenges. This information from Gartner comes from the Government Digital Transformation and Innovation Primer for 2021, which was published on 5th January this year.

      “Data is at the heart of the digital transformation of government.” Gartner

      This was the overarching message of the presentations during the GOV-ICT event last week.  As an attendee, I found it particularly helpful to get such a wide range of perspectives on the challenges surrounding data usage and the modernisation of government infrastructure to enable new ways of working.

      “Communities in crisis, or recovering from crisis, expect their governments to be agile, proactive, connected, informed and outcome focused.” 

      Gartner

      Government Digital Transformation and Innovation Primer for 2021, 5 Jan 2021

      There were several examples of this agile approach over the course of the day, from the DVLA enabling quick access to data for approving grants, to the changes at the DWP to get staff working from home.  Clearly the planned digital transformation agenda for 2020 adapted to address the urgent need to enable remote working and digital delivery of services.  This year’s digital transformation agenda therefore starts from a place where “The digital, business and social ecosystems in which governments operate are looking to the government to share and facilitate the movement of data to help drive their recovery.” This will require a continued focus on data sharing, legacy modernisation and enabling staff to deliver services from wherever they are.

      Data standardisation

      Data standardisation was a theme that linked many of the presentations as the ultimate solution for simplifying data sharing across departments and silos.  This is a mammoth task. In the meantime, pragmatic solutions will be required to classify and govern data sharing so that the right information is shared with the right departments and systems.  Unstructured data in particular will be need to be assessed and granular tags applied to enable accurate file sharing; much more useful than just marking it as confidential.  As outlined in the opening remarks, these conditions for success will enable data sharing around a common purpose with urgency and accountability.

      “CIOs are still tackling the challenges associated with managing largely untapped content and data, identifying and managing new data sources, and improving data quality.” Gartner

      In addition to data standardisation, accountability and governance was a common theme.  We heard examples including tracking what information is being shared and why, auditing to ensure legal compliance and to raise public confidence, and even clinical protection.  The benefits of being able to share data today – securely and strategically – were best demonstrated by the presentation on the Shielded Patient list.  The more we know, the more targeted help we can provide.

      Our own experience of working with government clients in recent months includes projects to secure transfers of genome data between network zones and partners, local councils moving data between schools and partners, automating and securing the data transfers from councils to central government for juror selection, housing associations receiving data from DWP, NHS units consolidating legacy systems and migrating to cloud and more.

      File transfer

      File transfer plays a key role in enabling data sharing and acts as the stepping stone between the future cloud first strategy and the reality of today’s legacy systems.  For assistance with data sharing, control and moving to cloud, please get in touch.

      We’ve created a checklist of our top things to consider before reviewing and comparing solutions. We are happy to share this with you – just email sales@pro2colgroup.com.

      Alternatively, our free comparison service provides an independent assessment of the best secure managed file transfer solution for your organisation. Answer a series of questions and our technical experts will match your security, compliance, automation and integration requirements against the leading products on the market. It’s what we do every day so we can help to cut through the noise, shortcut the process and get to the right decision with more accuracy.

      Solution comparison tool

      Take the risk out of selecting an MFT solution with our free, independent comparison service!

      Our comparison report identifies the right solution for your needs and budget. Complete a series of questions and receive a bespoke product recommendation from our technical experts.

      Hybrid Managed File Transfer: Its Strategic Importance in a Hybrid Enterprise

      Hybrid Managed File Transfer: Its Strategic Importance in a Hybrid Enterprise

      Pro2col finally saw the anticipated increase in demand for hybrid managed file transfer (MFT) solutions in 2020. The jump in interest was significant, with demand increasing by more than 400% from 2019, largely being driven by Enterprises and Public Sector entities. Will 2021 be its coming of age?

      What is Hybrid MFT and how does it fit with today’s modern hybrid Enterprise?

      For many years organisations have invested in MFT solutions to replace in house developed scripts for the movement of files into, out of and around organisations. Out of the box it provides extensive functionality for file based workflows. It’s therefore become a traditional mainstay of enterprise architecture.
      Organisations have accelerated their ‘digital transformation’ journey with a relentless march to a cloud first infrastructure. As a result, business workflows are being re-architected for the cloud, or being natively built for the first time. It would be safe to say, once built and saving the business from disaster, they’re not likely to move elsewhere any time soon.
      Enterprise architects are presented with the need to address a problem they’ve solved before, albeit in a different environment: which is the best way of getting files to my business process?

      Innovation

      Platform innovation is something the majority of MFT vendors tended to shy away from leading up to 2018. Every one of them knew they needed to be ready for the cloud. But with significant revenues coming from on-premise, perpetual or subscription licenses, the risk of canibalisation led to many becoming stuck staring into the headlights of the onrushing customer demand.

      Fast forward to 2021 and managed file transfer has become an even more crucial component of enterprise architecture. On-premise software estates have continued to grow. Single server installations are being upgraded to highly available infrastructure, which is fast becoming the norm. Deployments frequently span multiple geographically dispersed data centres to deliver business continuity.
      The conundrum MFT vendors expected the cloud to present hasn’t materialised. Rather than replacing on-premises MFT solutions with cloud based alternatives, pretty much the opposite is true. Organisations are enabling their hybrid infrastructure with hybrid MFT, a combination of cloud and on-premise platforms to meet their evolving requirements.
      This proves to be a really interesting time in the evolution of the MFT industry, as enterprises are thinking about their solution of choice for the cloud. It also brings on-premise solutions into focus. It raises the question: should the solution of choice be standardised across cloud and on-premise to provide common interfaces and functionality for those responsible for supporting and maintaining them?

      What is Managed File Transfer as a Service (MFTaaS)?

      MFTaaS, is the cloud hosted component of hybrid MFT. The technology is still rapidly evolving, but with the global marketplace worth a billion dollars or more, we’ll likely see further innovation with new entrants shaking up the landscape as the marketplace matures.
      Currently it’s contested by the main vendors of on-premise, enterprise MFT software. Their focus is predominately on medium to large enterprises and the offerings and prices reflect that.
      The challenge for MFT vendors over the past three years has been to work out how their feature-rich software might become a viable and profitable cloud offering. The resulting solutions are largely either multi-tenant or single tenant deployments of the same software, or subset of the original code base, with varying platform options. As software vendors, understandably there is little in the way of professional services, the focus being to deliver the platform rather than building large service teams. Thankfully, that’s where a consultancy like Pro2col steps in.
      Of course, we shouldn’t forget there are cloud native offerings. However, there are none currently, that I’m aware of, that deliver the level of functionality offered by the main MFT vendors – specifically when a hybrid approach is required. This really calls into focus the functionality of on-premise solutions. However, the marketplace is changing rapidly.

      Comparing Hybrid MFT Solutions

      Choosing the right MFTaaS platform to become the ‘file transfer gateway’ to an enterprise’s cloud infrastructure. It’s an important decision to get right, to support digital transformation strategies. With the marketplace still fairly new, this decision is made more challenging by the different delivery mechanisms, pricing models and the frequent consideration given to standardising platforms.
      It’s certainly a complex challenge for enterprise architects and other IT personnel to get to grips with, amongst all the other projects likely being undertaken simultaneously.

      In order to make your Hybrid MFT project a little easier to knock into shape, we’ve created a checklist of our top things to consider before reviewing and comparing solutions. We are happy to share this with you – just email sales@pro2colgroup.com.

      Alternatively, our free comparison service provides an independent assessment of the best secure managed file transfer solution for your organisation. Answer a series of questions and our technical experts will match your security, compliance, automation and integration requirements against the leading products on the market. It’s what we do every day so we can help to cut through the noise, shortcut the process and get to the right decision with more accuracy.

      Solution comparison tool

      Take the risk out of selecting an MFT solution with our free, independent comparison service!

      Our comparison report identifies the right solution for your needs and budget. Complete a series of questions and receive a bespoke product recommendation from our technical experts.

      Pro2col 2020 Charity Round Up

      Pro2col 2020 Charity Round Up

      At Pro2col we’ve worked hard to give back to our community, despite the challenges of the COVID-19 pandemic. The team have taken part in local, national and international charity initiatives. Find out what we’ve been up to in our 2020 charity round up video.

      Local Authorities Secure Forms Use Case

      Use Case: Secure Forms for Local Authorities

      Local authorities need information from their residents, staff and suppliers all the time, and these records are highly likely to include personal or sensitive information.

      It is definitely not appropriate to ask users to share this information over email, but it’s still common practice. Email is not secure, which means risking a GDPR breach, plus there is no guarantee of delivery. Furthermore, email cannot support the transfer of large files.

      Online forms provide a secure, customisable mechanism for users to submit information. They are a popular feature of managed file transfer systems, because they can capture any type of information, including files of any size. Fields can also be configured to trigger onward processes, or integrate with other systems.

      To demonstrate the versatility and functionality of secure online forms with automation, let’s look at some use cases.

      Use case #1: Reporting incidents

      When a local resident wants to report an incident such as potholes, vandalism, litter, or drug use, secure forms can be used to capture the data and automate onward processing.

      To begin with, the secure form is capable of matching the location of the incident to the local authority’s jurisdiction. The form can also capture images, of any file size, and then automatically move them to a defined file location.

      Integration with other in-house systems also allows incidents to be assigned to the relevant team, or for automated responses about the progression of the report to be sent.

      Use case #2: Adult and child social care – reporting concerns

      In this scenario, any data relating to the reporter, or the subject, is highly sensitive so security is critical.

      Capturing this data in a secure form enables it to be automatically and securely moved to the correct file location. In addition, alerts could be set to notify the relevant team member based on keywords in the submission.

      A human action can be inserted at any point in the automation sequence. For example, once the form has been submitted and data distributed to the correct file locations, a human action can be set for an employee to review the submission and categorise the report in terms of urgency, refined locality, or severity.

      Alternatively, or once this human action is complete, the report can be automatically assigned to a case handler, or a call out can be automatically set up.

      Use case #3: Community transport and parking permits

      A secure form can automate the booking process for community transport by capturing user data and matching it against a database. This ensures that bookings are recorded and remaining spaces are updated accordingly in real time, maintaining accuracy of availability information. Users’ eligibility can also be checked by validating a postcode against a database of accepted locations.

      In the case of parking permits, uploaded files of car ownership and insurance documentation can be submitted and matched against each other. When a match is identified, an action to grant the permit can be automatically triggered, freeing up employees’ time to focus on other tasks.

      How could this work for your organisation?

      All of these processes take place without human intervention, demonstrating how much more efficient these time-consuming tasks could be. Similar examples are also applicable to other industries, such as mortgage brokers, doctors and private healthcare providers, or any outsourced business service, such as HR or payroll.

      These are fairly simple use-cases, but there’s no end to the automation capabilities that can be applied. We recently customised secure online forms for a company sequencing hundreds of thousands of anonymised records of biological data. Customised logic built around metadata in mandatory fields in the form triggered the next step in the process.

      Can you see how your organisation could benefit from adding secure online forms to your infrastructure? Get in touch for a chat now. Alternatively, complete our Managed File Transfer (MFT) comparison – answer a series of questions about business requirements and our technical experts will recommend the best solution.

      [^s@]
      [^s@]
      [ 'me', 'mac', 'icloud', 'gmail', 'googlemail', 'hotmail', 'live', 'msn', 'outlook', 'yahoo', 'ymail', 'aol', ]
      [ 'me', 'mac', 'icloud', 'gmail', 'googlemail', 'hotmail', 'live', 'msn', 'outlook', 'yahoo', 'ymail', 'aol', ]
      [a-z]
      [a-z]
      [i]
      [i]
      [^s@]
      [^s@]
      [ 'me', 'mac', 'icloud', 'gmail', 'googlemail', 'hotmail', 'live', 'msn', 'outlook', 'yahoo', 'ymail', 'aol', ]
      [ 'me', 'mac', 'icloud', 'gmail', 'googlemail', 'hotmail', 'live', 'msn', 'outlook', 'yahoo', 'ymail', 'aol', ]
      [a-z]
      [a-z]
      [i]
      [i]