cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Showing results for 
Search instead for 
Did you mean: 

CAD Agent Viewable Publishing Security Enhancements

CAD Agent Viewable Publishing Security Enhancements

This is something I am actually surprised has not gotten more attention in the past.  Today the file transfer mechanism between an application server and CAD agent is via FTP or FTPS, neither of which is all that secure.  A move towards SFTP or HTTPS would be a great security enhancement.

10 Comments
Contributor

Completely Agree.  Danny Poisson from my company has an idea about this for the past couple years. Remote CADWorker Communication Via HTTPS

Regular Member

SFTP or HTTPS communication between Windchill server and CAD Worker has been requested for several years to PTC. Security teams in my organization are not agreeing for extending the security exceptions to use FTP or FTPS any longer. We need a PTC solution enabling either SFTP or HTTPS in Windchill 11.

Contributor

 It would be nice to hear a response from PTC on this.

 

Only having ftp/telnet support in today's age of security awareness/issues is a bit bewildering.

 

The hoops we have to jump through to get around this limitation are both painful and fragile. 

 

Plus, it had to be at least 3 years ago I heard https was coming...

Visitor
The SFTP would solve many problems the currently supported mechanisms have: Naturally, the connection is encrypted. The firewall configuration is simple (one static TCP port, instead many ports and protocols, some of which are random) and quite often is already in place. The UID mapping vs. CIFS/NFS is simple and reliable. Authentication can be done with keys, which is way more secure than uid/pass auth. You can automate the setup (install cygwin sshd and distribute keys) with powershell. SFTP (like FTP) does not go stale like NFS/CIFS mounts tend to do. Considering the above, instead of trying to find further justification for supporting SFTP, I would say the absence is the fact that would seek justification. Yet the silence from PTC is so loud and deafening.
Regular Member

It has been more than a year since I've posted here on this requirement. Is there anyone from PTC looking at these posts?

Community Manager

Hello everyone,

 

If the functionality suggested in this idea is still pressing, make sure to encourage your peers to vote on the idea as the number of votes is one of the things PTC looks at when considering which ideas have the most community support.

 

 

Visitor
I have passed the link to my colleagues for voting. As for the lack of more general interest, I guess that people have simply given up hope and gone to all kinds of 3rd party disk mirroring solutions to address the issue. I might be a victim of PTC sales dept, but it very much seems that PTC is more busy in chasing the next fad instead of introducing an actually useful functionality into their marvellous product. I freely admit that SFTP is not a latest hot buzzword for catching the attention of any non-technical people, but anyone tasked in making the system actually run reliably and securely, is definitely interested if they are worth their salt. As good as the SFTP would be, it still is a treatment for a symptom instead of a cure to the root problem. The ultimate fix would be a replacement of the current workeragent and objectadapter with a tomcat based solution like it is done for Arbortext PE. If done properly, this would produce a self-contained visualization server that could be clustered behind a loadbalancer and presented to the windchill as single url resource, where windchill will simply pass the conversion requests and wait for the response. All this without having to bother with any shared filesystem or any other internal workings of the visalization in the windchill side. A super-ultimate version would then be having all this running on RHEL: a headless capable Creo + tomcat based objectadapter. Meanwhile, the SFTP would be a welcome first-aid.
Visitor
The discussionboard engine seems to have stripped all line changes from both of my posts. I am sorry for the legibility, but it looks like one can not win every time.
Regular Member

Dear PTCModerator, if the number of votes are important, then can you club the votes from this post : https://community.ptc.com/t5/Windchill-Ideas/Remote-CADWorker-Communication-Via-HTTPS/idi-p/464908 into this or vice versa as it is one and the same requirement. This post is asking for any secure solution while the other post is asking specifically for HTTPS. HTTPS will meet both requirements and so please add the 24 or more votes from that thread if possible. 

Community Manager

Hello @aaboobacker - Thanks for following up. I will surface this to the community team.