SmartLink authentication server

K1SZO

So, I'm on the waiting list for the Flex 6400 that I intend to place at our local radio club since I cannot have an antenna at my current location.  I've read that SmartLink requires an authentication server, but nowhere can I find any requirements for this server. 

I suppose it can be a local Windows machine?  Possibly even a the same machine that would be used for PowerSDR for local use of the radio?  It does need to be local to the radio correct?  

Can it run on Linux? I'm guessing not since there is no PowerSDR client for Linux.

Thanks,
David ~ K1SZ)

Mark_WS7M

I could be mistaken but I think the authentication server is provided by Flex?

ctate243

Smartink does not require its users to install any servers or additional infrastructure.  Its designed to be easy to use.  All authorization servers are managed by FRS.

Tim - W4TME

The SmartLink remote session initiation / authentication server is provided by FlexRadio Systems and is accessible via the Internet.  

K1SZO

Thank you.

Is there any documentation anywhere as to exactly how it works?  Specifically, I would register my radio ID or something with my account?  That would allow me to allow or deny access to other users who also have a account to my or say a specific radio under my control?

Tim - W4TME

Its operation is completely transparent to the user.

You will have to create a SmartLink account and the "link" a radio to your account.  We'll have documentation describing how that is done available shortly.

AA0KM

What does Facebook and Google Logins have to do with it all?

Doug Hall

SmartLink allows you to authenticate with a username and password that you create, or you can also use the authentication services provided by Facebook or Google. The idea is that you already know the username and password, so it's one less thing to remember and keep track of. But if you'd rather not do that, just create a SmartLink username and password. Either method works fine.
73,
Doug K4DSP

Tim - W4TME

Also, the Google and Facebook log in facilities allow for two factor authentication (TFA) for a higher level of access security.

PA2TA

This raises a few questions:

Am i right to assume that when - for any reason - the authentication server is down, it is impossible to make a remote connection to my (all) Flexradio servers?
If so, is it also possible to set up your own authentication server?
If this is not possible, would there still be an advantage (especially regarding bandwith) in using V2 over V1 when i keep on using my own VPN?

73, PA2TA

Mark Erbaugh

Are there redundant SmartLink authentication servers to handle high demand or an internet failure at one location?

Peter K1PGV

Unless I am mistaken, authorization is handled by a third party named Auth0. This is an exceptionally well provisioned and highly respected provider of "authz"... they have an SLA guaranteeing 99.95% uptime, and do authz for lots of big services. TL;DR We're good to go. Plenty of bandwidth, plenty of redundancy, and a well respected and secure service. Peter K1PGV

KY6LA_Howard

Peter is correct

Eric-KE5DTO

The SmartLink Quick Start Guide is a good resource: 
SmartSDR: http://www.flexradio.com/downloads/smartlink-quick-start-guide-for-smartsdr-pdf/
Maestro: http://www.flexradio.com/downloads/smartlink-quick-start-guide-for-maestro-pdf/

Ria

Two advantages I can think of:

Maestro remote access is now fully integrated.
Letting others remote into your radio doesn't involve VPN access into your entire network.

Ria

ctate243

Paul,  If you stay on V1 you are essentially feature locked.  this may be totally OK for you, and your situation.  New features, not considered bug fixes,  and one can expect that there will be many, will be deployed under the 2.0 codebase.  So if you want to fully realize the power of SDR and the ability to get entirely new radio features via software updates, 2.0 Is for you.

Gerald-K5SDR

The authentication server runs on the Azure cloud and is much more reliable that any you or we could provide.  It is not possible to set up your own server.

Peter K1PGV

Well, I haven't installed V2 yet (maybe today!), but can tell you a few things about this topic: Authentication and Authorization (what we refer to as "authz" in the biz) is trickier than it might first appear. Getting the "over the wire" security correct isn't difficult, of course, there's very standard stuff for that.  But there are other issues ranging from security of storage, world-wide accessibility, schemes to decrease the significance of the inevitable Denial of Service attacks, scale-up for volume, and interoperability with established 3rd party Identity Providers (like Google or Facebook or Twitter or whatever).

So, Flex using Auth0 for this shows extremely good engineering judgement.  It also shows a dedication to a positive customer experience and customer security, because Auth0 is *far* from the least-expensive provider.  I'm not surprised by any of this, because, in my experience, Flex's software engineering for the past several years has been pretty much top notch (not something I say lightly, BTW).

I hope that's helpful.

Peter
K1PGV

Ken - NM9P

Paul,  If your shack's UPLOAD speed is marginal, i.e. less than about 1.5 Mb, then there is some bandwidth reduction when using SmartLink via V.2.0 as compared to using a VPN connection and V.1.10.16 because SmartLink does not encrypt the audio going to and from the radio (why would it need to encrypt something that is live over the shortwave radio?).

It also has a "Low Bandwidth" connection button that makes the initial connection with certain parameters set for lower bandwidth consumption. (i.e. FPS at 5 and waterfall rate at 60)

This extra bandwidth reduction has made my remote connection much more reliable in Alpha testing from my office to my home.  I am able to run reliably with an Upload speed from the shack of between 500-650 Kb if I manage those two parameters.

Last night I even ran two panadapters and two slices for a while without a hitch.

Also, the connection is seamless with SmartLink...no need to start and stop VPN services on my office desktop.  I just open SSDR and click connect to my rig and I am on the air.......

Ken - NM9P

KY6LA_Howard

@paul You can run V2 without a computer at your base station. VPN needs either a VPN ROUTER OR COMPUTER

David Decoons, wo2x

The hook for me is being able to have multiple Flex 6500s available in the radio chooser. I have my home 6500 and a remote 6500 I use for 6 meters and 160 meters. Once my friend in Hawaii gets his Flex we are going to share radios. He can work the EU stations and I can work the Asia/PAC. Obviously doesn't count for my home DXCC but I already have a KH6/wo2x LoTW account. Dave wo2x

Ken - NM9P

Peter, for me the real hooks, V.2.0 aside, are:

1) the quality of the Panadapter, which is superior to anything I have seen elsewhere.  It is like driving a high performance sportscar with a convertible top, after only driving a standard sedan with small windows.

2) The ease of use - SSDR has the simplest, most intuitive, least cluttered, and easiest to operate GUI in the business.

3) Outstanding SSB/AM audio on both receive and transmit.  The Speech processor in the Flex is innovative and adds almost 3 dB of talk power with little or NO distortion.

4) The Mic Profiles make fine-tuning your transmit audio easier than any other rig I have used. Saving multiple Mic Profiles for different mics or different purposes is a cinch.  (I have also had a Flex-1500 and ran PowerSDR.  Most of the other rigs use software based upon that platform, which is not as easy as SSDR).

5) Easy LAN access for other computers in your home -- easily run your rig from a laptop in the den, your iPad or iPhone in the back yard, etc.  (On top of that there is WAN access with V.2.0....)

6) CAT and DAX make running digital modes extremely easy.  much easier than using some other rigs and setting up VAC and other 3rd party virtual serial and audio cables.

7) Receive brick-wall filters that are unparalleled.  There is even a function to reduce the sharpness in order to reduce latency if you need to.)

8) top of the chart IMD, and other receiver stats.

9) If you are into contesting... The 6600 and 6600M will have 2 SCU's (receiving units) and Contest grade bandpass filtering for each SCU that will allow true SO2R out of the box, (depending upon your antenna isolation at your station).

10) Customer Service that is unmatched in the industry.  The president, customer service reps, engineers, programmers, and many others on the FRS staff regularly read and respond to posts on this forum....  Repair turn-around (rarely needed) is usually very quick with excellent communication with the customer.  And at a reasonable rate for such high-tech equipment.  

I could go on....but there are some of the key features that continue to sell me on my 6500.  (And I hope soon upgraded to a 6600)

Ken - NM9P

David Decoons, wo2x

What other radio are you considering? Best thing is make a list of features that you want in a radio. Keep in mind possible changes to your operating style in the future. Ken pointed out some of the benefits of the Flex over a traditional button & knob YaeKenXom radio. For me it is about station automation and the Flex integrates with my other station hardware very nicely. Dave wo2x

Ken - NM9P

Paul, I fully understand.... Back in 1992-3, i took about a year and a half making up my mind between the Kenwood TS850SAT, the Yaesu FT-990, and the Icom IC-761 (I think that was the competing model)  I stopped in to the R&L branch in Indianapolis every time I came through town to visit family and played with all three rigs, deciding not only which had the better performance, but which one had the layout most suited to my operating style.

I finally decided on the 850SAT and plunked down $1850 US Dollars (over $3100 in today's Dollars).  I later added another CW filter for $100.  The total spent was almost the price of a new Flex-6600.

It must have been a good decision, because I kept that rig for 20 years until I bought the 6500.  Then I sold the Kenwood to a friend down the street for $650.

I have owned and horse-traded a great deal of used and new low to mid level rigs over the past 43 years.  The Flex is clearly the best I have ever had.  And yes, I am a happy customer!  hi hi.

Take your time and decide well.  Just be aware that the community will naturally have a higher percentage of problem and complaint reports than is experienced in the total user population, because one of the main purposes of the Flex Community forum is so FRS staff and other helpful users can help solve problems.

Any way I can be helpful, please contact me.

Ken - NM9P

Steve Bunting

I have bought SSSDR v2 and have it working on my Lan, but can not get Smartlink to work as it fails the self test.

I do NOT control the LAN and therefore port forwarding on my remote site, but have been allocated a block of IP addresses and ports by the sysadmin. These work perfectly with a Remoterig (www.remoterig.com) setup so TCP and UDP are being forwarded to the IP address used by my radio.

BUT - the network policy blocks VPN servers. I was not able to set up VPN to use SSDR v1 remotely.

I wonder if SmartLink uses a VPN-like protocol to phone home? That could explain why traffic is being blocked even though the ports are open. Thoughts?

Thanks for your advice!
73
Steve, M0BPQ

Ken - NM9P

Perhaps you can ask your sysadmin to set up the proper pair of port forwards to the IP address you have assigned to your rig. Once you have it done once correctly, you won't need to mess with it again.

Ria

Also with the VPN option, even if SmartLink goes down for whatever reason you can still use it to connect. V2 doesn't disable your VPN. I still use mine because I have other machines to connect to for other remote control functions. 

Ria

That would allow me to allow or deny access to other users who also have a account to my or say a specific radio under my control?

This isn't a current feature but I would love to see this in a future version. It has been discussed, this much I know. I can't say for implementation timeline though, only Flex can decide that. Anyway, I do support this as I've "lent out" my radio to a couple of people and I would have liked the ability to restrict things like:

Frequency bands/segments
Power (to not damage equipment)
Enforce time/date restrictions - eg if the remote is only available to other user X days and time
Restrict certain users to certain radios, OR allow users to set up their own account and I grant them access

and

The ability to have a superuser to kick off a user and take priority without them being able to kick me back off. 

Bear in mind that SmartLink is a .0 product right now so it will definitely evolve and grow. 

Eric-KE5DTO

No VPN protocols are used in native SmartLink.  We do use TLS (SSL) type connections for command/status info.  I agree with Ken's suggestion -- if you can get your admin to port forward 2 ports (1 TCP, 1 UDP), that should be enough to make it work.

Steve Bunting

Thanks everyone - I think I have misunderstood the port set up screen in smartlink. I thought i was changing the ports that the radio was listening on and I think I am wrong.

Can I confirm the the rig has fixed UDP/TCP ports - 4994 and 4993. The smart link manual port forwarding screen simply tells the auth server which port to look at  (in my case 5007 and 5006) over the internet. My port forwarding table currently forwards  5006 and 5007 to the flex radio IP address, but maps to ports like for like on the lan (and therefore 5006 and 5007 go to the flex). I think I need to modify the port forwarding table so that external 5006-7 map to 4994 and 4993 on the flex LAN IP address

Is that correct?
Thanks again for your time.
Steve
 
PS the radio is running at a commercial site and I have a deal to use a number of IP addresses on the company Lan. I don't want to use up the good will that I have from the network team by submitting multiple requests for changes!

Eric-KE5DTO

Correct.  The ports the radio is looking at don't change.  The ones you are setting are the ones that are mapped from the WAN side of the router TO the radios ports.