CAD Agent Viewable Publishing Security Enhancements

Completely Agree.  Danny Poisson from my company has an idea about this for the past couple years. Remote CADWorker Communication Via HTTPS

SFTP or HTTPS communication between Windchill server and CAD Worker has been requested for several years to PTC. Security teams in my organization are not agreeing for extending the security exceptions to use FTP or FTPS any longer. We need a PTC solution enabling either SFTP or HTTPS in Windchill 11.

 It would be nice to hear a response from PTC on this.

 

Only having ftp/telnet support in today's age of security awareness/issues is a bit bewildering.

 

The hoops we have to jump through to get around this limitation are both painful and fragile. 

 

Plus, it had to be at least 3 years ago I heard https was coming...

The SFTP would solve many problems the currently supported mechanisms have: Naturally, the connection is encrypted. The firewall configuration is simple (one static TCP port, instead many ports and protocols, some of which are random) and quite often is already in place. The UID mapping vs. CIFS/NFS is simple and reliable. Authentication can be done with keys, which is way more secure than uid/pass auth. You can automate the setup (install cygwin sshd and distribute keys) with powershell. SFTP (like FTP) does not go stale like NFS/CIFS mounts tend to do. Considering the above, instead of trying to find further justification for supporting SFTP, I would say the absence is the fact that would seek justification. Yet the silence from PTC is so loud and deafening.

It has been more than a year since I've posted here on this requirement. Is there anyone from PTC looking at these posts?

Hello everyone,

 

If the functionality suggested in this idea is still pressing, make sure to encourage your peers to vote on the idea as the number of votes is one of the things PTC looks at when considering which ideas have the most community support.

 

 

I have passed the link to my colleagues for voting. As for the lack of more general interest, I guess that people have simply given up hope and gone to all kinds of 3rd party disk mirroring solutions to address the issue. I might be a victim of PTC sales dept, but it very much seems that PTC is more busy in chasing the next fad instead of introducing an actually useful functionality into their marvellous product. I freely admit that SFTP is not a latest hot buzzword for catching the attention of any non-technical people, but anyone tasked in making the system actually run reliably and securely, is definitely interested if they are worth their salt. As good as the SFTP would be, it still is a treatment for a symptom instead of a cure to the root problem. The ultimate fix would be a replacement of the current workeragent and objectadapter with a tomcat based solution like it is done for Arbortext PE. If done properly, this would produce a self-contained visualization server that could be clustered behind a loadbalancer and presented to the windchill as single url resource, where windchill will simply pass the conversion requests and wait for the response. All this without having to bother with any shared filesystem or any other internal workings of the visalization in the windchill side. A super-ultimate version would then be having all this running on RHEL: a headless capable Creo + tomcat based objectadapter. Meanwhile, the SFTP would be a welcome first-aid.

The discussionboard engine seems to have stripped all line changes from both of my posts. I am sorry for the legibility, but it looks like one can not win every time.

Dear PTCModerator, if the number of votes are important, then can you club the votes from this post : https://community.ptc.com/t5/Windchill-Ideas/Remote-CADWorker-Communication-Via-HTTPS/idi-p/464908 into this or vice versa as it is one and the same requirement. This post is asking for any secure solution while the other post is asking specifically for HTTPS. HTTPS will meet both requirements and so please add the 24 or more votes from that thread if possible. 

Hello @aaboobacker - Thanks for following up. I will surface this to the community team.

 

We've been wasting a lot of time with FTP issues on our publisher.  Yesterday, we performed testing and uncovered a new issue with FTP for a standard published assembly with a large amount of objects (example 349).  We receive a FTP error after creating the thumbnail process in the WVS Job Monitor logs.  Error is  "Problem transferring all files via FTP".  We have been working on a case with PTC for about 6 months now and have done many things to get FTP set up correctly.  What we found as the source of this NEW issue is that a large number of objects in the assembly being transferred will throw this error.  To prove this theory out, we started iterating the cad assembly to remove objects.  The assembly started out with 349.  At 326 it failed.  At 243 it failed.  At 144 we had success.  And than again at 74 success.

 

FTP is flaky, give us something better!

 

Note the Count on number of Objects in the assemblies in "( )".  All time values shown in Red represent failure on the publisher with FTP.  You can see Windows 7 machine didn't have FTP error, but Windows 10 tests did.

Hello,

We are archiving your idea as part of a general review. This action is based on the age of your idea and the total number of votes received, as per this announcement.

You can always post a new idea with all the details required in the form.

Thank you for your participation.