0333 123 1240 info@pro2colgroup.com

Solarwinds Serv-U MFT Server review

SolarWinds Serv-U MFT Server Review

March 2021

At Pro2col, we regularly review the managed file transfer market place. This means we can give the most up-to-date advice to our customers. Reviews might be prompted by an acquisition or merger, as well as ongoing monitoring of customer support, product updates and roadmaps. Recently, a company alerted us to an issue with SolarWinds Serv-U MFT, which our experts swiftly looked into.

This particular Serv-U customer is a well-known global enterprise who – unfortunately – was given poor advice by the SolarWinds support team. It related to running a simple update to patch some bugs and provide some much-needed security enhancements. The customer’s technical team even took the opportunity to call the SolarWinds support team to double-check that users would be able to log in as stated below once the update had been run.

serv-u

However, upon running the update, upwards of 5,000 trading partners’ passwords were corrupted, resulting in mission-critical transfers failing. A quick glance at the SolarWinds Serv-U message board shows that many users have been having the same issues since September 2020, but there has been no official response from the Serv-U team, despite repeated requests for an update.

The company’s frustrated technical team, backed by the board’s financial approval, engaged Pro2col to be their trusted advisors in finding an alternative platform.

Is it really managed file transfer?

Pro2col defines managed file transfer as needing to cover three key areas:

  • The secure gateway or proxy
  • The file transfer server
  • The workflow automation engine

There are frequently other elements to a solution but the above three are the basics. Gartner’s definition is slightly different but covers the same core features.

“MFT on-premises offerings usually comprise four discrete functionalities that organisations can deploy separately. However, organisations often deploy them as a suite. The functionalities basic to MFT are server, client/agent, proxy and plug-in for ad hoc transfers.”

Gartner – January 2021.

Solarwinds only offers two of the three basics – the proxy and the server – meaning that by our definition, and that of Gartner, it isn’t a managed file transfer solution at all. It falls short on the most important element; the one which provides the most significant value to an organization. The workflow automation.

Let’s take a deeper dive into what you don’t get when investing in Serv-U MFT Server.

Serv-U MFT product analysis

As mentioned before, the basic building blocks of a managed file transfer solution comprise of the proxy, server and automation. We’re going to take a look at some of the limitations.

Forward and reverse proxy

The proxy is the simplest element of any managed file transfer solution. It acts as perimeter security, providing two functions:

  • To allow incoming file transfers when agreed by the file transfer server (reverse proxy)
  • To route outgoing transfers sent by the file transfer server’s workflow component (forward proxy)

Serv-U has a reverse proxy that positively differentiates it from other inexpensive file transfer servers. Where a proxy isn’t available it is necessary to rely on the firewall to provide port forwarding. For example, SFTP traffic hitting the firewall on port 22 is forwarded to the file transfer server. Many ‘SFTP servers’ are still being deployed in the DMZ, rather than sitting behind a proxy. This is not considered best practice.

Serv-U does not have a forward proxy to route outgoing transfers, however. So whilst it is competitively priced at £804, it is missing this key feature that you’ll see in products from the market leaders. You can find out more about forward and reverse proxy in our blog, The Advantages of Using a Forward and Reverse Proxy.

Serv-U MFT Server

Serv-U is essentially a solid SFTP/FTPS server.

Solarwinds website states it’s possible to “upload and download files quickly and easily”, and that “ad-hoc file sharing is easy”. However, almost all file transfer vendors made the shift to using HTML5 to govern file uploads/downloads in the web browser between 3-5 years ago, but not Solarwinds. This places it at a disadvantage compared to almost all the solutions we work with.

serv-u key features

Serv-U’s standard option only allows single file upload and download so, in order to upload larger files, users are required to install a Java client into the web browser. This technology is old, insecure and most modern web browsers flag up security warnings when it loads. You risk damage to your company reputation if a trading partner attempts to upload a file, and receives a security warning that is prompted by the web browser – something you as a Serv-U user would have no control over.

To give this some context, Solarwinds’ competitors, Progress, replaced Java applets with HTML5 in 2017 and Globalscape completed the switch in 2018.

The management console interface isn’t a great deal better. The website claims to have a new GUI. It was delivered pre-2019, and clearly frames the previous application interface in a modern browser and menu system:

Automation

Serv-U MFT’s claims of providing automation are, in our opinion, overstated. In fact, what they offer is the ability to execute an event based upon certain server events and criteria filters. The server events are limited to:

  • Send an email notification
  • Show a balloon tip in the system tray
  • Write to a Windows event log
  • Execute a command

This is an extremely limited feature set compared to best in breed manage file transfer solutions. The ability to execute an external script or programme does add some value, but there is no further control over the failure of that script to execute, thus failing to provide the visibility and control that are the key drivers behind implementing managed file transfer.

Standard automation features you’d expect from any basic managed file transfer solution, such as folder monitors or timer/scheduled events, are missing. In fact, I would go as far as to say that any workflow automation would need to be driven from outside of Serv-U, begging the question: When a standard SFTP server is half the price, why would you purchase SolarWinds?

 

Development

I spoke with a previous Serv-U product manager back in 2019 and his response was pretty conclusive:

“Serv-U is not scheduled for anything but maintenance as far as I know. It received an administration facelift but that was just about it; since we added the MFT proxy and there was no appetite to pursue scheduled transfers in a meaningful way, the product is essentially complete.”
Past Serv-U Product Manager

The limited progress Serv-U is making is made worse by irregular software release cadence and the lack of any new features. The release notes clearly show that updates are delivering security enhancements and patches. The Serv-U community board shows an increasing frustration by existing customers wanting answers, specifically to the Java issues, but getting no feedback.

 

Reviews

Review websites are becoming an increasingly valid way to gain an understanding of how well a product or company is performing. There are lots to choose from, but in the software marketplace G2 and Capterra are two of the best.

Upon checking G2, we found it has five four-star Serv-U reviews, but even those provided the following feedback:

  • The software depends on Java to run so, if you do not have it installed, Serv-U will not go anywhere
  • Support level could have been improved
  • The user interface can take some time to realise all the features it offers
  • UI is kind of outdated and not responsive – and quite expensive

There have been no positive reviews since 2019.

Most interesting was Solarwinds’ extensive catalogue of product reviews on Capterra. In total, 32 products are listed, and interestingly Serv-U was not among them.

Solarwinds uses a number of reviews on its Serv-U website claiming it’s the best solution. However, what it fails to tell you is that the research firm, Techvalidate, which they used to capture the reviews, was engaged in 2015.

 

Conclusions

Given both ours and Gartner’s definition of managed file transfer, in my opinion, Serv-U is not MFT. It doesn’t have the requisite basic features and has largely remained the same since it was acquired from the previous vendor in 2012.

If you’re looking for a no-frills, file transfer server, and don’t need a modern interface and the use of a Java applet is acceptable to you and your business partners, then you can still include Serv-U in your shortlist. For most organisations though, for most, that isn’t practical.

    Serv-U MFT Alternatives

    Serv-U is inexpensive in managed file transfer software terms, but the implication of implementing it might cost significantly more further down the road.

    As the independent experts, our team can help you determine which features you’ll need, both now and into the future, based on the challenges you’re likely to experience. Additionally, we’re best placed to help you find the right solution to meet your infrastructure, compliance, security and budgetary needs.

    If you’re considering Serv-U for your project or would like assistance implementing an alternative to replace it, we’re here to help. You can either speak to a technical consultant about your requirements or visit our comparison questionnaire below to get a bespoke recommendation report.

      Solution comparison tool

      Take the risk out of selecting an MFT solution with our free, independent comparison service!

      Our comparison report identifies the right solution for your needs and budget. Complete a series of questions and receive a bespoke product recommendation from our technical experts.

      Gartner on government digital transformation

      Gartner on government digital transformation

      Tackling crisis recovery, data standardisation, governance and security

      Digital transformation, crisis recovery and data standardisation were important themes discussed at the Government ICT conference last week. Pro2col’s Ailsa Gibbs considers these against Gartner advice, and offers pragmatic solutions to some seemingly insurmountable challenges. This information from Gartner comes from the Government Digital Transformation and Innovation Primer for 2021, which was published on 5th January this year.

      “Data is at the heart of the digital transformation of government.” Gartner

      This was the overarching message of the presentations during the GOV-ICT event last week.  As an attendee, I found it particularly helpful to get such a wide range of perspectives on the challenges surrounding data usage and the modernisation of government infrastructure to enable new ways of working.

      “Communities in crisis, or recovering from crisis, expect their governments to be agile, proactive, connected, informed and outcome focused.” 

      Gartner

      Government Digital Transformation and Innovation Primer for 2021, 5 Jan 2021

      There were several examples of this agile approach over the course of the day, from the DVLA enabling quick access to data for approving grants, to the changes at the DWP to get staff working from home.  Clearly the planned digital transformation agenda for 2020 adapted to address the urgent need to enable remote working and digital delivery of services.  This year’s digital transformation agenda therefore starts from a place where “The digital, business and social ecosystems in which governments operate are looking to the government to share and facilitate the movement of data to help drive their recovery.” This will require a continued focus on data sharing, legacy modernisation and enabling staff to deliver services from wherever they are.

      Data standardisation

      Data standardisation was a theme that linked many of the presentations as the ultimate solution for simplifying data sharing across departments and silos.  This is a mammoth task. In the meantime, pragmatic solutions will be required to classify and govern data sharing so that the right information is shared with the right departments and systems.  Unstructured data in particular will be need to be assessed and granular tags applied to enable accurate file sharing; much more useful than just marking it as confidential.  As outlined in the opening remarks, these conditions for success will enable data sharing around a common purpose with urgency and accountability.

      “CIOs are still tackling the challenges associated with managing largely untapped content and data, identifying and managing new data sources, and improving data quality.” Gartner

      In addition to data standardisation, accountability and governance was a common theme.  We heard examples including tracking what information is being shared and why, auditing to ensure legal compliance and to raise public confidence, and even clinical protection.  The benefits of being able to share data today – securely and strategically – were best demonstrated by the presentation on the Shielded Patient list.  The more we know, the more targeted help we can provide.

      Our own experience of working with government clients in recent months includes projects to secure transfers of genome data between network zones and partners, local councils moving data between schools and partners, automating and securing the data transfers from councils to central government for juror selection, housing associations receiving data from DWP, NHS units consolidating legacy systems and migrating to cloud and more.

      File transfer

      File transfer plays a key role in enabling data sharing and acts as the stepping stone between the future cloud first strategy and the reality of today’s legacy systems.  For assistance with data sharing, control and moving to cloud, please get in touch.

      We’ve created a checklist of our top things to consider before reviewing and comparing solutions. We are happy to share this with you – just email sales@pro2colgroup.com.

      Alternatively, our free comparison service provides an independent assessment of the best secure managed file transfer solution for your organisation. Answer a series of questions and our technical experts will match your security, compliance, automation and integration requirements against the leading products on the market. It’s what we do every day so we can help to cut through the noise, shortcut the process and get to the right decision with more accuracy.

      Solution comparison tool

      Take the risk out of selecting an MFT solution with our free, independent comparison service!

      Our comparison report identifies the right solution for your needs and budget. Complete a series of questions and receive a bespoke product recommendation from our technical experts.

      Hybrid Managed File Transfer: Its Strategic Importance in a Hybrid Enterprise

      Hybrid Managed File Transfer: Its Strategic Importance in a Hybrid Enterprise

      Pro2col finally saw the anticipated increase in demand for hybrid managed file transfer (MFT) solutions in 2020. The jump in interest was significant, with demand increasing by more than 400% from 2019, largely being driven by Enterprises and Public Sector entities. Will 2021 be its coming of age?

      What is Hybrid MFT and how does it fit with today’s modern hybrid Enterprise?

      For many years organisations have invested in MFT solutions to replace in house developed scripts for the movement of files into, out of and around organisations. Out of the box it provides extensive functionality for file based workflows. It’s therefore become a traditional mainstay of enterprise architecture.
      Organisations have accelerated their ‘digital transformation’ journey with a relentless march to a cloud first infrastructure. As a result, business workflows are being re-architected for the cloud, or being natively built for the first time. It would be safe to say, once built and saving the business from disaster, they’re not likely to move elsewhere any time soon.
      Enterprise architects are presented with the need to address a problem they’ve solved before, albeit in a different environment: which is the best way of getting files to my business process?

      Innovation

      Platform innovation is something the majority of MFT vendors tended to shy away from leading up to 2018. Every one of them knew they needed to be ready for the cloud. But with significant revenues coming from on-premise, perpetual or subscription licenses, the risk of canibalisation led to many becoming stuck staring into the headlights of the onrushing customer demand.

      Fast forward to 2021 and managed file transfer has become an even more crucial component of enterprise architecture. On-premise software estates have continued to grow. Single server installations are being upgraded to highly available infrastructure, which is fast becoming the norm. Deployments frequently span multiple geographically dispersed data centres to deliver business continuity.
      The conundrum MFT vendors expected the cloud to present hasn’t materialised. Rather than replacing on-premises MFT solutions with cloud based alternatives, pretty much the opposite is true. Organisations are enabling their hybrid infrastructure with hybrid MFT, a combination of cloud and on-premise platforms to meet their evolving requirements.
      This proves to be a really interesting time in the evolution of the MFT industry, as enterprises are thinking about their solution of choice for the cloud. It also brings on-premise solutions into focus. It raises the question: should the solution of choice be standardised across cloud and on-premise to provide common interfaces and functionality for those responsible for supporting and maintaining them?

      What is Managed File Transfer as a Service (MFTaaS)?

      MFTaaS, is the cloud hosted component of hybrid MFT. The technology is still rapidly evolving, but with the global marketplace worth a billion dollars or more, we’ll likely see further innovation with new entrants shaking up the landscape as the marketplace matures.
      Currently it’s contested by the main vendors of on-premise, enterprise MFT software. Their focus is predominately on medium to large enterprises and the offerings and prices reflect that.
      The challenge for MFT vendors over the past three years has been to work out how their feature-rich software might become a viable and profitable cloud offering. The resulting solutions are largely either multi-tenant or single tenant deployments of the same software, or subset of the original code base, with varying platform options. As software vendors, understandably there is little in the way of professional services, the focus being to deliver the platform rather than building large service teams. Thankfully, that’s where a consultancy like Pro2col steps in.
      Of course, we shouldn’t forget there are cloud native offerings. However, there are none currently, that I’m aware of, that deliver the level of functionality offered by the main MFT vendors – specifically when a hybrid approach is required. This really calls into focus the functionality of on-premise solutions. However, the marketplace is changing rapidly.

      Comparing Hybrid MFT Solutions

      Choosing the right MFTaaS platform to become the ‘file transfer gateway’ to an enterprise’s cloud infrastructure. It’s an important decision to get right, to support digital transformation strategies. With the marketplace still fairly new, this decision is made more challenging by the different delivery mechanisms, pricing models and the frequent consideration given to standardising platforms.
      It’s certainly a complex challenge for enterprise architects and other IT personnel to get to grips with, amongst all the other projects likely being undertaken simultaneously.

      In order to make your Hybrid MFT project a little easier to knock into shape, we’ve created a checklist of our top things to consider before reviewing and comparing solutions. We are happy to share this with you – just email sales@pro2colgroup.com.

      Alternatively, our free comparison service provides an independent assessment of the best secure managed file transfer solution for your organisation. Answer a series of questions and our technical experts will match your security, compliance, automation and integration requirements against the leading products on the market. It’s what we do every day so we can help to cut through the noise, shortcut the process and get to the right decision with more accuracy.

      Solution comparison tool

      Take the risk out of selecting an MFT solution with our free, independent comparison service!

      Our comparison report identifies the right solution for your needs and budget. Complete a series of questions and receive a bespoke product recommendation from our technical experts.

      Local Authorities Secure Forms Use Case

      Use Case: Secure Forms for Local Authorities

      Local authorities need information from their residents, staff and suppliers all the time, and these records are highly likely to include personal or sensitive information.

      It is definitely not appropriate to ask users to share this information over email, but it’s still common practice. Email is not secure, which means risking a GDPR breach, plus there is no guarantee of delivery. Furthermore, email cannot support the transfer of large files.

      Online forms provide a secure, customisable mechanism for users to submit information. They are a popular feature of managed file transfer systems, because they can capture any type of information, including files of any size. Fields can also be configured to trigger onward processes, or integrate with other systems.

      To demonstrate the versatility and functionality of secure online forms with automation, let’s look at some use cases.

      Use case #1: Reporting incidents

      When a local resident wants to report an incident such as potholes, vandalism, litter, or drug use, secure forms can be used to capture the data and automate onward processing.

      To begin with, the secure form is capable of matching the location of the incident to the local authority’s jurisdiction. The form can also capture images, of any file size, and then automatically move them to a defined file location.

      Integration with other in-house systems also allows incidents to be assigned to the relevant team, or for automated responses about the progression of the report to be sent.

      Use case #2: Adult and child social care – reporting concerns

      In this scenario, any data relating to the reporter, or the subject, is highly sensitive so security is critical.

      Capturing this data in a secure form enables it to be automatically and securely moved to the correct file location. In addition, alerts could be set to notify the relevant team member based on keywords in the submission.

      A human action can be inserted at any point in the automation sequence. For example, once the form has been submitted and data distributed to the correct file locations, a human action can be set for an employee to review the submission and categorise the report in terms of urgency, refined locality, or severity.

      Alternatively, or once this human action is complete, the report can be automatically assigned to a case handler, or a call out can be automatically set up.

      Use case #3: Community transport and parking permits

      A secure form can automate the booking process for community transport by capturing user data and matching it against a database. This ensures that bookings are recorded and remaining spaces are updated accordingly in real time, maintaining accuracy of availability information. Users’ eligibility can also be checked by validating a postcode against a database of accepted locations.

      In the case of parking permits, uploaded files of car ownership and insurance documentation can be submitted and matched against each other. When a match is identified, an action to grant the permit can be automatically triggered, freeing up employees’ time to focus on other tasks.

      How could this work for your organisation?

      All of these processes take place without human intervention, demonstrating how much more efficient these time-consuming tasks could be. Similar examples are also applicable to other industries, such as mortgage brokers, doctors and private healthcare providers, or any outsourced business service, such as HR or payroll.

      These are fairly simple use-cases, but there’s no end to the automation capabilities that can be applied. We recently customised secure online forms for a company sequencing hundreds of thousands of anonymised records of biological data. Customised logic built around metadata in mandatory fields in the form triggered the next step in the process.

      Can you see how your organisation could benefit from adding secure online forms to your infrastructure? Get in touch for a chat now. Alternatively, complete our Managed File Transfer (MFT) comparison – answer a series of questions about business requirements and our technical experts will recommend the best solution.

      Little John’s House Donation

      Essential items delivered to Little John’s House in Romania

      Throughout the Christmas season Pro2col have been collecting donations of items which are desperately needed by Little John’s House, a charity based in Romania providing care for children and young adults with special needs.

      The organisation is in need of basic items such as toiletries, sweets, second hand clothes, toys, tooth brushes, colouring pens and pads for Christmas parcels for deprived families. The donations will be made into parcels for families with children with special needs, who still get very little support from the state or their local community. This appeal for donations is made more urgent by the rapid spread of COVID-19 across Romania and the vulnerability of those who rely on Little John’s House.

      About Little John’s House

       

      Little John’s House is a product of Mags Zahariah who travelled to Romania in the early 90s. She had planned to help care for children living in poor conditions in orphanages across the country, but ended up staying for ten years to set up the charity.

      Situated in the heart of Transylvania, Little John’s House was established in 1993 as a secure and safe home for children and adults with special needs. Originally the property was purchased for Ionut Balan (Little John) who suffered from hydrocephalus, a condition causing excess fluids to increase pressure on the brain. He sadly passed away in 1997 but he was an inspiration to everyone who met him and his memory lives on at Little John’s house.

      Six young people currently live happily full time at Little John’s house. Alongside that the charity runs outreach programmes to support children from the surrounding areas, the Romanian state-run orphanages and those in psychiatric homes.

       

      This is a truly special place which inspired numerous volunteers over the years and helped many children and their families. This is also a cause especially close to Pro2col’s Ailsa Gibbs who knows Mags personally. 

      “My amazing friends Mags and Liviu set up Little John’s House in Romania over 25 years ago and I have had the privilege of seeing their work in person over a couple of freezing Christmas visits.  Nobody leaves Little John’s House untouched by the love and kindness shown to children and young people who have had the toughest of starts.  Like so many charities, they have really struggled with fundraising this year so I am delighted by the response from the Pro2col team and our local community”. 

      At such a difficult time for many, the Pro2col team wanted to make this donation as easy as possible and thanks to a generous discount from FAR logistics, the palette of donations (pictured) will soon be arriving at Little John’s House.

      Team Willow

      Virtual Marathon 2020 raises £1,893 for the Willow Foundation

      On a very windy and rainy Sunday in October Pro2col MD James ran the London marathon for the Willow Foundation, although the race was very different this year due to COVID-19 restrictions. Participants were invited to run, jog or walk from anywhere in the UK and record their times virtually having 24 hours to race the 26.2 miles.

      This year has been tough for many people, but particularly for charities who have seen repeated disruption to their normal schedule of fundraising, having a knock-on effect for those who rely on them. This makes the amazing total of £1,893 raised by James especially important.

      About the Willow Foundation

      The Willow Foundation is the only national charity who have been working with seriously ill 16-40-year olds to provide uplifting Special Days. Since 1999 Willow have facilitated more than 17,000 of these special days which include day trips to the zoo, hotels, rugby matches and afternoon tea in London.

      Often it is not the activity itself which makes these days so memorable, it is a chance to return to normal life, even if it’s just for a day, and for others it is their last chance to fulfil a dream. No matter the person’s condition special days aim to lift the spirits of ill young people and their loved ones, and be a source of much-needed strength in difficult times.

      However due to the pandemic and related restrictions, over 700 young people have had their special days postponed. However, in the meantime special positivity packs have been given to those who missed out, providing a source of happiness even in such uncertain times. That is why the fundraising gained through the marathon is especially needed now to keep putting a smile on the faces of people who have had it particularly tough this year.

       

      Additionally, we would like to say a huge thank you to our friends at Flat White, Tuckton. Their coffee and cake morning has raised £674.18 for Team Willow.

      [^s@]
      [^s@]
      [ 'me', 'mac', 'icloud', 'gmail', 'googlemail', 'hotmail', 'live', 'msn', 'outlook', 'yahoo', 'ymail', 'aol', ]
      [ 'me', 'mac', 'icloud', 'gmail', 'googlemail', 'hotmail', 'live', 'msn', 'outlook', 'yahoo', 'ymail', 'aol', ]
      [a-z]
      [a-z]
      [i]
      [i]
      [^s@]
      [^s@]
      [ 'me', 'mac', 'icloud', 'gmail', 'googlemail', 'hotmail', 'live', 'msn', 'outlook', 'yahoo', 'ymail', 'aol', ]
      [ 'me', 'mac', 'icloud', 'gmail', 'googlemail', 'hotmail', 'live', 'msn', 'outlook', 'yahoo', 'ymail', 'aol', ]
      [a-z]
      [a-z]
      [i]
      [i]