DCIM + 2FA - Overall Panel Solutions

Started by Rimmon, Jun 24, 2022, 05:10 AM

Previous topic - Next topic

RimmonTopic starter

I figured I'd ask here, as I've been digging for awhile, but haven't found anything fantastic:

We've had a larger customer express the desire for a more comprehensive panel, namely in terms of a 2FA protected location to access an index of their dedicated servers, PDU/KVM/IPMI ports, PXE, etc. They have some less adept staff who would like this to be a heavily UI driven experience, and basically want to off-load as much management/organization as possible. After doing a bunch of digging, we found a number of products that seemed to occupy this general space, and investigated the following ones to some depth:
- EasyDCIM
- MAAS
- Foreman
- DCIManager
- SynergyCP
- OpenDCIM
- Device42
- UberSmith
- RackN

After a more in-depth review of the options, EasyDCIM looked like a shoe-in. They have IPMI KVM/Reboots, PDU integration, a PXE installation system, built in 2FA, etc.

That said, we found a blocker issue after testing out their demo: The entire design assumes one customer per bare metal server (IE: one single user/login), and no way to accommodate for a customer with multiple administrators, multiple user/passwords/2FA tokens accessing a dedicated server (IE: the servers should be assigned to a "company", and then users within that company granted access. Instead the servers are assigned straight to the user, with no company considerations present).

After some back/forth with their developers, it looks like this isn't a feature up for discussion (it was inferred this was not necessary, as nobody had asked for it before), and they pointed us to either writing a front-end from scratch (not a realistic option), or using WHMCS where they already have integration in terms of a compatible module.

At this point, I figured "eh, fair enough", and picked up/did a test build of WHMCS. The problem is, we're not particularly after a billing, domain registration, and deployment automation solution, and it looks like WHMCS is pretty heavily centred around being just that. After a cursory search, many of these functions can't be disabled (just to "mask"ed). I'm questioning whether WHMCS is actually reasonable for the limited role we're trying to show-horn it into.



Most of the DCIM solutions above had no native MFA/2FA integration which is a blocker for our use case.

That said, is anyone aware of a better solution out there (IE: something else EasyDCIM integrates with to properly manage customers with > 1 admin), or a competing product I've missed/overlooked?
  •  

Sevad

Most likely EasyDCIM would be the best option. Sad they are not wanting to build out something such as that as it would be helpful with larger deployments.
If you don't want to build something yourself their option meets a lot of the things you want.
  •  
    The following users thanked this post: Rimmon

hieronymusf01

MultiOTP is a set of php scripts and utilities that implements the OATH protocol for HOTP/TOTP (Time-based One Time Password). It is possible to use both in Windows and via RADIUS to implement 2FA in almost anything.

After the implementation of multiOTP for user login, Windows will request an additional one-time password (OTP - one time password), which the user must receive from his mobile device (Microsoft application or Google Authenticator, or other OTP generator). You could set up two-factor authentication for logging into Windows workstations, or for remote RDP access to RDS hosts on a Windows Server.

The DISM (Deployment Image Servicing and Management) utility is available in all versions of Windows since Vista.
Use the DISM /Cleanup-image option to scan the Windows image for errors and fix them. DISM commands could be run from a command prompt with administrator rights.
  •