DCIM + 2FA - Panel Solutions

Started by Rimmon, Jun 24, 2022, 05:10 AM

Previous topic - Next topic

RimmonTopic starter

I have been searching for a solution to accommodate a larger customer's request for a more comprehensive panel that includes a 2FA protected location for accessing dedicated servers, PDU/KVM/IPMI ports, PXE, etc. The customer requires a heavily UI-driven experience for their less experienced staff and wants to offload as much management and organization as possible. After researching several products in this space, including EasyDCIM, MAAS, Foreman, DCIManager, SynergyCP, OpenDCIM, Device42, UberSmith, and RackN, EasyDCIM appeared to be the best option with its IPMI KVM/Reboots, PDU integration, built-in 2FA, and PXE installation system.

However, we discovered a significant issue after testing their demo: the design assumes one customer per bare metal server and doesn't accommodate customers with multiple administrators, users, and 2FA tokens accessing a dedicated server assigned to a company. Their developers confirmed that this feature is not up for discussion and suggested using WHMCS, which has integration with EasyDCIM through a compatible module.

While we didn't intend to use WHMCS for billing, domain registration, and deployment automation, we purchased it for our limited role. However, we found that many of its functions cannot be disabled, and it may not be suitable for our needs. Most of the DCIM solutions we reviewed did not have native MFA/2FA integration, which is a critical requirement for us.

Therefore, we are seeking recommendations for a better solution that integrates with EasyDCIM or a competing product that we may have overlooked. We need a solution that properly manages customers with more than one admin and incorporates MFA/2FA.
  •  

Sevad

EasyDCIM appears to be the best option despite the issue of not accommodating multiple administrators for a single dedicated server. It is unfortunate they won't build out this feature as it would be helpful for larger deployments.
If building something from scratch is not an option, using their solution will meet many of your requirements.
  •  
    The following users thanked this post: Rimmon

hieronymusf01

MultiOTP is a collection of php scripts and utilities that implement the OATH protocol for HOTP/TOTP, allowing for 2FA implementation in various applications using both Windows and RADIUS. After implementing multiOTP for user login, Windows will require an additional OTP that the user must receive from their mobile device via Microsoft application, Google Authenticator, or another OTP generator. This system can be set up for two-factor authentication when logging into Windows workstations or remote RDP access to RDS hosts on a Windows Server.

If you encounter errors in your Windows image, you can use the DISM (Deployment Image Servicing and Management) utility available in all versions of Windows since Vista. Running the DISM /Cleanup-image option can scan for errors and repair them. These commands can be executed from a command prompt with administrator rights.
  •  

alexamata

Based on your requirements, it seems like finding a DCIM solution that properly manages customers with multiple admins and incorporates MFA/2FA is critical for your needs. While EasyDCIM may not provide the necessary functionality, here are a few alternatives you can consider:

1. Device42: Although it does not have native MFA/2FA integration, Device42 offers extensive customer management features, including role-based access control, API integration, and LDAP/AD authentication.

2. RackTables: RackTables is an open-source DCIM solution that supports multiple admins with role-based access control. While it lacks built-in MFA/2FA capabilities, you may be able to implement this feature alongside RackTables using third-party solutions.

3. NetBox: NetBox is another open-source option that provides comprehensive IP address management and data center infrastructure management capabilities. While it does not natively incorporate MFA/2FA, you could potentially integrate it with external authentication systems that support those features, such as DUO Security or Google Authenticator.


more alternatives you can consider:

1. Device42: As mentioned earlier, Device42 offers extensive customer management features and API integration. It also provides LDAP/AD authentication, which can enhance security for managing multiple admins.

2. OpenDCIM: OpenDCIM is an open-source DCIM solution that focuses on data center inventory management. While it lacks native MFA/2FA integration, you could explore integrating it with external authentication systems.

3. DCImanager: DCImanager is a commercial DCIM solution that offers multi-tenant capabilities, allowing you to manage customers with multiple admins. It also provides role-based access control, but it does not have built-in MFA/2FA integration.

few more DCIM solutions that you can consider:

1. Nlyte: Nlyte is a popular commercial DCIM solution that offers comprehensive customer management features, including role-based access control and multi-tenant capabilities. While it may not have native MFA/2FA integration, you could explore integrating it with external authentication systems.

2. Sunbird DCIM: Sunbird DCIM is another commercial option that provides robust customer management functionalities. It supports multiple admins, role-based access control, and LDAP/AD authentication. While it does not have built-in MFA/2FA integration, you may be able to configure it using external authentication systems.

3. Device42 Enterprise+: If you require a more feature-rich version of Device42, you can consider Device42's Enterprise+ edition. It offers advanced customer management features, including LDAP/AD integration, API access, and role-based access control. However, MFA/2FA may still require external integration.
  •