It’s staggering how frequently product integrations fail given how critically important they are in the modern IT setup.

Smart product integration is fundamental to ensuring your IT infrastructure is optimised and working to the benefit of your customers and your staff. However, a smooth integration isn’t simply plugging and playing with a new product. It requires planning and cohesion between the vendor and the customer. Sometimes it can be human error or just a poor choice of product but for the most businesses, it’s the lack of due diligence in product integration that ultimately costs time, frustration and money.

I recently helped a customer solve a significant Remote Desktop (RD) Gateway integration problem with RSA and Microsoft that had been lagging for weeks. The failed integration was reflective of the common missteps that many companies make with new products.

The Integration

The customer was looking to implement RSA Multi-Factor Authentication (MFA) functionality to its RD Gateway servers. These servers essentially provided a jump host into different networks with the RD gateways acting as terminal servers. The task was relatively straightforward and by using RSA, as well as other security products, it would be near impossible for a bad actor to impersonate a user on the customer’s system.

RSA is one of the most outstanding MFA products on the market so it’s easy to see why the customer selected it for the deployment. It can integrate with more than 400 partner solutions and delivers centralised management of authentication methods, agents and policy across multiple sites.

Unfortunately, the customer had misdiagnosed the integration as being much simpler than it actually was. The exhaustive feature set of the product had contributed to this oversimplified view and subsequently caused the customer to skip key due diligence for the integration. This lapse in judgement led to two weeks of continuous problems, multiple rebuilds and mounting frustration from all sides.

Reviewing this failed integration highlighted the importance of following the three key steps in systems integration.

Step 1: Analyse your current and planned infrastructure

 This would seem like a no-brainer however it’s routinely overlooked in place of adopting an off the shelf implementation guide or reference architecture from the vendor. This is the first critical error many companies make in due diligence.

In this case, the customer held an oversimplified view of the MFA integration. As a result, no end-to-end design of the MFA infrastructure had been created. It was simply considered a small piece of a larger scope of work. MFA integration is often regarded as an easy implementation for most I.T departments or integrators but it still requires the same amount of due diligence as much larger projects.

Conducting an internal workshop and creating a detailed design of the solution infrastructure will often reveal major problems that would be overlooked during deployment.

Key components of this phase should include:

Re-examine your infrastructure – Ensure you’re up to speed with what will and won’t integrate with your proposed and existing infrastructure. This is critical to avoiding headaches after the decision-making process.

Identify the clearly supported options – Select and document options of the product that will be utilised and ensure they are supported in the design that you’ve created. This ensures you can avoid delays due to guess work and retrofitting throughout the integration. If you’re not sure, contact the vendor and let them review your design.

Use cases – follow a use case that suits your ideal setup. If the use case isn’t clear, or references a different product, research further until you are confident that the solution can be deployed.

Step 2: Evaluate your resourcing capability

This initial lack of analysis meant the intricacies of the client’s system had not been fully communicated to RSA and resulted in an integration guide that was for the wrong third-party products. This had the flow on effect of the customer underestimating its resourcing requirement for the integration.

Integration with RD Gateway in the customer’s environment would usually require an integrator or senior admin to work with RSA’s architects and plan out deployment. The customer’s team had skills in the Microsoft platform but unfortunately, no dedicated Microsoft specialist with enough experience in the specific windows server components. This is not an uncommon problem. Very few IT departments in the SME sector have the resources to support specialists with every certification across every platform they support. While this is usually workable, the lack of initial end-to-end design work increased the potential for running into unforeseen problems without adequate resourcing. Doing an internal design would have highlighted knowledge and resourcing gaps for the integration.

Skipping Phase 1 had also resulted in the customer having inaccurate product integration documents and the mistaken impression that this guidance was all that was required to deploy the solution. The problem was the client was using RD-Gateway as a terminal server Jump Host rather than RD Web Access. This was another problem that would have been identified in the infrastructure analysis and design phase.

Step 3: Checking the fine print

Taking a detailed look at the vendor’s deployment guide or reference architecture is the third critical step for a smooth process.  Key questions you should ask to prepare for this phase include:

• How simple is the integration to deploy?
• Does the product seem straight forward to use and manage?
• What do support forums say about the product?
• What types of responses are being posted in the forums?
• Does this seem complete or correct?

Using the wrong implementation instructions for a security element like MFA puts a business at risk of security breaches and removes crucial vendor support in the event of outages or interruptions.

It was in this step that communication between the customer and RSA had taken a wrong turn. RSA supports integration with quite a few Microsoft products but had misunderstood that the deployment was RD Web Access and RD Gateway server rather than just a terminal server.

This was additionally confusing as NPS is actually a part of RD-Gateway but is not used in the way the customer had expected. Again, this is an issue that needed diagnosis in the analysis phase.

The Fallout

This all resulted in:

• Repeated failure of the MFA deployment
• Inability to diagnose the root cause of the failure and total confusion with the documentation
• Two weeks of meetings and consultation between all parties
• Incorrect diagnosis of the problem as being in the configuration of the RSA Authentication Manager or with Radius
• Repeated dismantling and attempted rebuilding of components of the solution

Studying the vendor’s supported product integration guides, understanding the processes and follow the guidance specific to the use case was the key to avoiding these problems. Initial failures should have led the customer to further study and visualisation of the how the solution would work.

Overlooking these steps in deployment of the solution ultimately cost the customer two weeks of productivity from a significant number of internal stakeholders. This was compounded by the subsequent requirement to contract external consultants to diagnose and solve the problem before the integration could be completed.

Successful integration always starts with analysis and stakeholder engagement. Skipping due diligence in this phase is a costly error that’s made all too frequently by IT stakeholders. Often, this is simply due to underestimating the difficulty of a product integration or overestimating the skill set of the stakeholders. Alleviating the impact of these two missteps requires a disciplined approach to integration. An approach that’s centred on the three key steps for smooth integration.

Clint Walters has held a range of specialist roles in IT integration and solutions architecture for more than 15 years. He is currently a Senior Solutions Architect at Digital Sense.

DSCloud drives business faster with agile, scalable, and simple cloud solutions. Designed to align perfectly with your business needs and infrastructure, this secure cloud system creates the ultimate virtual environment for your workload. Find out more about our cloud products at digitalsense.com.au/our-difference/#cloud-difference