SmartLink authentication server

  • 1
  • Question
  • Updated 2 years ago
  • Answered
So, I'm on the waiting list for the Flex 6400 that I intend to place at our local radio club since I cannot have an antenna at my current location.  I've read that SmartLink requires an authentication server, but nowhere can I find any requirements for this server. 

I suppose it can be a local Windows machine?  Possibly even a the same machine that would be used for PowerSDR for local use of the radio?  It does need to be local to the radio correct?  

Can it run on Linux? I'm guessing not since there is no PowerSDR client for Linux.

Thanks,
David ~ K1SZ)
Photo of K1SZO

K1SZO

  • 36 Posts
  • 0 Reply Likes

Posted 2 years ago

  • 1
Photo of Mark - WS7M

Mark - WS7M

  • 1335 Posts
  • 501 Reply Likes
I could be mistaken but I think the authentication server is provided by Flex?
Photo of Chris Tate  - N6WM

Chris Tate - N6WM, Elmer

  • 942 Posts
  • 268 Reply Likes
Smartink does not require its users to install any servers or additional infrastructure.  Its designed to be easy to use.  All authorization servers are managed by FRS.
Photo of Tim - W4TME

Tim - W4TME, Customer Experience Manager

  • 9186 Posts
  • 3550 Reply Likes
Official Response
The SmartLink remote session initiation / authentication server is provided by FlexRadio Systems and is accessible via the Internet.  
Photo of PA2TA

PA2TA

  • 17 Posts
  • 1 Reply Like
This raises a few questions:

Am i right to assume that when - for any reason - the authentication server is down, it is impossible to make a remote connection to my (all) Flexradio servers?
If so, is it also possible to set up your own authentication server?
If this is not possible, would there still be an advantage (especially regarding bandwith) in using V2 over V1 when i keep on using my own VPN?

73, PA2TA
Photo of Gerald - K5SDR

Gerald - K5SDR, Employee

  • 830 Posts
  • 1514 Reply Likes
The authentication server runs on the Azure cloud and is much more reliable that any you or we could provide.  It is not possible to set up your own server.
Photo of Ria - N2RJ

Ria - N2RJ, Elmer

  • 2314 Posts
  • 956 Reply Likes
Also with the VPN option, even if SmartLink goes down for whatever reason you can still use it to connect. V2 doesn't disable your VPN. I still use mine because I have other machines to connect to for other remote control functions. 
(Edited)
Photo of K1SZO

K1SZO

  • 36 Posts
  • 0 Reply Likes
Thank you.

Is there any documentation anywhere as to exactly how it works?  Specifically, I would register my radio ID or something with my account?  That would allow me to allow or deny access to other users who also have a account to my or say a specific radio under my control?
Photo of Tim - W4TME

Tim - W4TME, Customer Experience Manager

  • 9186 Posts
  • 3550 Reply Likes
Its operation is completely transparent to the user.

You will have to create a SmartLink account and the "link" a radio to your account.  We'll have documentation describing how that is done available shortly.
Photo of Ria - N2RJ

Ria - N2RJ, Elmer

  • 2314 Posts
  • 956 Reply Likes
That would allow me to allow or deny access to other users who also have a account to my or say a specific radio under my control?
This isn't a current feature but I would love to see this in a future version. It has been discussed, this much I know. I can't say for implementation timeline though, only Flex can decide that. Anyway, I do support this as I've "lent out" my radio to a couple of people and I would have liked the ability to restrict things like:

Frequency bands/segments
Power (to not damage equipment)
Enforce time/date restrictions - eg if the remote is only available to other user X days and time
Restrict certain users to certain radios, OR allow users to set up their own account and I grant them access

and

The ability to have a superuser to kick off a user and take priority without them being able to kick me back off. 

Bear in mind that SmartLink is a .0 product right now so it will definitely evolve and grow. 
(Edited)
Photo of AA0KM

AA0KM

  • 356 Posts
  • 65 Reply Likes
What does Facebook and Google Logins have to do with it all?
Photo of Doug Hall

Doug Hall

  • 215 Posts
  • 60 Reply Likes
SmartLink allows you to authenticate with a username and password that you create, or you can also use the authentication services provided by Facebook or Google. The idea is that you already know the username and password, so it's one less thing to remember and keep track of. But if you'd rather not do that, just create a SmartLink username and password. Either method works fine.
73,
Doug K4DSP
(Edited)
Photo of Tim - W4TME

Tim - W4TME, Customer Experience Manager

  • 9186 Posts
  • 3550 Reply Likes
Also, the Google and Facebook log in facilities allow for two factor authentication (TFA) for a higher level of access security.
Photo of Mark Erbaugh

Mark Erbaugh

  • 510 Posts
  • 43 Reply Likes
Are there redundant SmartLink authentication servers to handle high demand or an internet failure at one location?
Photo of Peter K1PGV

Peter K1PGV, Elmer

  • 551 Posts
  • 321 Reply Likes
Unless I am mistaken, authorization is handled by a third party named Auth0. This is an exceptionally well provisioned and highly respected provider of "authz"... they have an SLA guaranteeing 99.95% uptime, and do authz for lots of big services.

TL;DR We're good to go. Plenty of bandwidth, plenty of redundancy, and a well respected and secure service.

Peter
K1PGV
Photo of KY6LA - Howard

KY6LA - Howard, Elmer

  • 3762 Posts
  • 1621 Reply Likes
Peter is correct
Photo of David Decoons wo2x

David Decoons wo2x, Elmer

  • 1445 Posts
  • 309 Reply Likes
The hook for me is being able to have multiple Flex 6500s available in the radio chooser. I have my home 6500 and a remote 6500 I use for 6 meters and 160 meters. Once my friend in Hawaii gets his Flex we are going to share radios. He can work the EU stations and I can work the Asia/PAC.

Obviously doesn't count for my home DXCC but I already have a KH6/wo2x LoTW account.

Dave wo2x
Photo of Steve Bunting

Steve Bunting

  • 24 Posts
  • 0 Reply Likes
I have bought SSSDR v2 and have it working on my Lan, but can not get Smartlink to work as it fails the self test.

I do NOT control the LAN and therefore port forwarding on my remote site, but have been allocated a block of IP addresses and ports by the sysadmin. These work perfectly with a Remoterig (www.remoterig.com) setup so TCP and UDP are being forwarded to the IP address used by my radio.

BUT - the network policy blocks VPN servers. I was not able to set up VPN to use SSDR v1 remotely.

I wonder if SmartLink uses a VPN-like protocol to phone home? That could explain why traffic is being blocked even though the ports are open. Thoughts?

Thanks for your advice!
73
Steve, M0BPQ
Photo of Ken - NM9P

Ken - NM9P

  • 4239 Posts
  • 1351 Reply Likes
Perhaps you can ask your sysadmin to set up the proper pair of port forwards to the IP address you have assigned to your rig. Once you have it done once correctly, you won't need to mess with it again.
(Edited)
Photo of Eric - KE5DTO

Eric - KE5DTO, Official Rep

  • 887 Posts
  • 339 Reply Likes
No VPN protocols are used in native SmartLink.  We do use TLS (SSL) type connections for command/status info.  I agree with Ken's suggestion -- if you can get your admin to port forward 2 ports (1 TCP, 1 UDP), that should be enough to make it work.
Photo of Steve Bunting

Steve Bunting

  • 24 Posts
  • 0 Reply Likes
Thanks everyone - I think I have misunderstood the port set up screen in smartlink. I thought i was changing the ports that the radio was listening on and I think I am wrong.

Can I confirm the the rig has fixed UDP/TCP ports - 4994 and 4993. The smart link manual port forwarding screen simply tells the auth server which port to look at  (in my case 5007 and 5006) over the internet. My port forwarding table currently forwards  5006 and 5007 to the flex radio IP address, but maps to ports like for like on the lan (and therefore 5006 and 5007 go to the flex). I think I need to modify the port forwarding table so that external 5006-7 map to 4994 and 4993 on the flex LAN IP address

Is that correct?
Thanks again for your time.
Steve
 
PS the radio is running at a commercial site and I have a deal to use a number of IP addresses on the company Lan. I don't want to use up the good will that I have from the network team by submitting multiple requests for changes!
Photo of Eric - KE5DTO

Eric - KE5DTO, Official Rep

  • 887 Posts
  • 338 Reply Likes
Correct.  The ports the radio is looking at don't change.  The ones you are setting are the ones that are mapped from the WAN side of the router TO the radios ports.