Software Install advantages and disadvantages

From Swivel Knowledgebase
Jump to: navigation, search

Overview

This documents outlines the benefits and downsides of a PINsafe Software Only Installation.

For comparison of the VM Installation see VM advantages and disadvantages

For comparison of the Hardware Installation see Hardware advantages and disadvantages


Advantages

Hardware type may be part of organisation standard

OS may be part of organisation standard


Disadvantages

OS platform and Tomcat not supported by Swivel

Upgrades, patches and bug fixes must be manually applied

For scalability and resilience external database must be supplied and maintained

No VIP to allow failover

Session sharing of graphical Single Channel image between a pair of PINsafe servers on the same IP multicast network, manual configuration only

Replacement hardware required in event of hardware failure

OS backups, and PINsafe backups must be maintained

No Proxy Port for external access

No separation of management port from external access could be a security risk

To backup the PINsafe server Tomcat must be stopped, unless an external database is used

Firewall must be configured to allow access on required ports


Deployment Considerations

High Availability

To use HA with a PINsafe software installation requires the use of an external database. This can be MySQL, MSSQL, Oracle or Postgres. This database should itself be resilient so that it is not a single point of failure.


Single Channel Session Sharing

When a single Channel Image request is made, the RADIUS or Agent-XML authentication needs to be made against the same PINsafe server. To allow authentication on a second PINsafe server then session sharing needs to be enabled. This requires that the PINsafe servers are allowed to communicate using multicast.


Backups

When using the internal PINsafe database, Tomcat needs to be stopped to backup the database. This process should be added to any backup scripts.


Administration Console Security

On a Software only installation, the Single Channel Images are served from the same port as the PINsafe administration console. To prevent unauthorised access attempts, the IP address range filter should be used. See Filter IP How to Guide


Next Step

See Getting Started Software Installation

Retrieved from "https://kb.swivelsecure.com/w/index.php?title=Software_Install_advantages_and_disadvantages&oldid=2905"