aliebrahimy opened a new issue, #13652: URL: https://github.com/apache/skywalking/issues/13652
### Search before asking - [x] I had searched in the [issues](https://github.com/apache/skywalking/issues?q=is%3Aissue) and found no similar feature requirement. ### Description Hello SkyWalking team 👋, First of all, thank you for the great work on Apache SkyWalking. We are currently evaluating SkyWalking as the main APM and observability platform in our organization, but we have encountered a critical blocker related to authentication and authorization. Background We are a large-scale banking organization with approximately 2000 servers and strict security and compliance requirements. Due to the lack of built-in authentication and authorization mechanisms in SkyWalking (especially for UI and query access), our security team does not allow us to expose or adopt SkyWalking directly in our monitoring stack. As a result, the migration of our enterprise monitoring system to SkyWalking is currently blocked. Current Idea / Workaround One workaround we are considering is: Do NOT expose SkyWalking UI Use Grafana as the only published UI Rely on Grafana’s authentication & authorization mechanisms (LDAP / SSO / RBAC) Connect Grafana to SkyWalking as a data source This approach is more acceptable to our security team. Problem with Tracing While metrics and dashboards can be handled via Grafana, distributed tracing is a major concern: As far as we know, Grafana does not fully support SkyWalking tracing features We are especially concerned about TraceQL / trace querying / trace exploration It is unclear whether: Grafana currently supports SkyWalking tracing at all TraceQL (or an equivalent) is supported or planned There is a recommended way to visualize and query traces from SkyWalking inside Grafana Questions Is there an official or recommended way to visualize SkyWalking traces in Grafana? Does Grafana support TraceQL (or SkyWalking trace query capabilities) today? If not: Is this support planned on the SkyWalking side or Grafana side? Is there any ETA or roadmap? Are there other recommended solutions or patterns for: Securing SkyWalking in enterprise / banking environments Providing authentication & authorization without exposing SkyWalking UI directly Why this matters SkyWalking fits our technical needs very well, but security compliance is mandatory in our environment. Without a clear solution for authentication or a Grafana-based tracing strategy, it is difficult for us to move forward with SkyWalking adoption at enterprise scale. Any guidance, best practices, or roadmap insights would be greatly appreciated 🙏 Thank you for your time and support. ### Use case _No response_ ### Related issues _No response_ ### Are you willing to submit a pull request to implement this on your own? - [ ] Yes I am willing to submit a pull request on my own! ### Code of Conduct - [x] I agree to follow this project's [Code of Conduct](https://www.apache.org/foundation/policies/conduct) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
