Hosting topology SMS PASSCODE 2015

Similar documents
VMware Horizon View for SMS PASSCODE SMS PASSCODE 2014

SMSEagle with SMS PASSCODE 8.0 SMS PASSCODE 2015

Citrix Netscaler Advanced guide for SMS PASSCODE SMS PASSCODE 2014

Configuring Moxa Nport SMS PASSCODE 2014

Using a Web Service Dispatcher with SMS PASSCODE version 7.2 SMS PASSCODE 2014

Cisco ASA configuration for SMS PASSCODE SMS PASSCODE 2014

SMS PASSCODE 7.2 ADMINISTRATOR S GUIDE REV. 1.0 (JUNE 2014)

ADVANCED TWO-FACTOR AUTHENTICATION VIA YOUR MOBILE PHONE

MODERN THREATS DRIVE DEMAND FOR NEW GENERATION MULTI-FACTOR AUTHENTICATION

SMS PASSCODE CONFIGURATION FOR CISCO ASA / RADIUS AUTHENTICATION SMS PASSCODE 2011

TECHNOLOGY LEADER IN GLOBAL REAL-TIME TWO-FACTOR AUTHENTICATION

TECHNOLOGY LEADER IN GLOBAL REAL-TIME TWO-FACTOR AUTHENTICATION

Whitepaper MODERN THREATS DRIVE DEMAND FOR NEW GENERATION TWO-FACTOR AUTHENTICATION

Palo Alto Networks GlobalProtect VPN configuration for SMS PASSCODE SMS PASSCODE 2015

ADAPTIVE USER AUTHENTICATION

Out-of-Band Multi-Factor Authentication Cloud Services Whitepaper

Adaptive User Authentication

ZyWALL OTPv2 Support Notes

OVERVIEW. DIGIPASS Authentication for Office 365

External authentication with Astaro AG Astaro Security Gateway UTM appliances Authenticating Users Using SecurAccess Server by SecurEnvoy

RSA SecurID Ready Implementation Guide

Millbeck Communications. Secure Remote Access Service. Internet VPN Access to N3. VPN Client Set Up Guide Version 6.0

A Guide to New Features in Propalms OneGate 4.0

Cisco ASA Adaptive Security Appliance Single Sign-On: Solution Brief

Quest vworkspace. System Requirements. Version 7.2 MR1

DIGIPASS Authentication for Citrix Access Gateway VPN Connections

Guide to Deploying Microsoft Exchange 2013 with Citrix NetScaler

Microsoft Office365 with Active Directory Federated Services (ADFS) Authenticating Users Using SecurAccess Server by SecurEnvoy

HOTPin Integration Guide: Microsoft Office 365 with Active Directory Federated Services

DIGIPASS Authentication for GajShield GS Series

External Authentication with Cisco VPN 3000 Concentrator Authenticating Users Using SecurAccess Server by SecurEnvoy

Keeping your VPN protected

BlackShield ID Best Practice

REMOTE ACCESS USER GUIDE

IIS SECURE ACCESS FILTER 1.3

External Authentication with Citrix Secure Gateway - Presentation server Authenticating Users Using SecurAccess Server by SecurEnvoy

Requirements Collax Security Gateway Collax Business Server or Collax Platform Server including Collax SSL VPN module

External Authentication with Juniper SSL VPN appliance Authenticating Users Using SecurAccess Server by SecurEnvoy

TMS 5.1 OTP Planning Guide. Version 2

Deploying RSA ClearTrust with the FirePass controller

DIGIPASS Authentication for Sonicwall Aventail SSL VPN

"Charting the Course... Implementing Citrix NetScaler 11 for App and Desktop Solutions CNS-207 Course Summary

ipad or iphone with Junos Pulse and Juniper SSL VPN appliance Authenticating Users Using SecurAccess Server by SecurEnvoy

SafeWord 2008 Customer Release Notes

Security. TestOut Modules

VMware Identity Manager Administration

MANAGE SECURE ACCESS TO APPLICATIONS BASED ON USER IDENTITY. EMEA Webinar July 2013

Cloud Authentication. Getting Started Guide. Version

External Authentication with Windows 2003 Server with Routing and Remote Access service Authenticating Users Using SecurAccess Server by SecurEnvoy

ProtectID. for Financial Services

icrosoft TMG Replacement with NetScaler

The SSL device also supports the 64-bit Internet Explorer with new ActiveX loaders for Assessment, Abolishment, and the Access Client.

An Introduction to RSA Authentication Manager Express. Helmut Wahrmann

CNS-207 Implementing Citrix NetScaler 10.5 for App and Desktop Solutions

DualShield. for. Microsoft TMG. Implementation Guide. (Version 5.2) Copyright 2011 Deepnet Security Limited

BlackBerry Enterprise Service 10. Version: Configuration Guide

Workspot, Inc. RSA SecurID Ready Implementation Guide. Partner Information. Last Modified: September 16, Product Information Partner Name

Authentication. Authentication in FortiOS. Single Sign-On (SSO)

Deploying F5 with VMware View and Horizon View

Campus VPN. Version 1.0 September 22, 2008

Step by step guide to implement SMS authentication to Cisco ASA Clientless SSL VPN and Cisco VPN

Juniper SSL VPN Authentication QUICKStart Guide

redcoal SMS for MS Outlook and Lotus Notes

Administering Windows Server 2012

SCENARIO EXAMPLE. Case study of an implementation of Swiss SafeLab M.ID with Citrix. Redundancy and Scalability

SAML-Based SSO Solution

External Authentication with Windows 2012 R2 Server with Remote Desktop Web Gateway Authenticating Users Using SecurAccess Server by SecurEnvoy

Compiled By: Chris Presland v th September. Revision History Phil Underwood v1.1

How To Use Netscaler As An Afs Proxy

Quick Start Guide for Parallels Virtuozzo

StoneGate Administrator's Guide SSL VPN 1.1

This document details the procedure for installing Layer8 software agents and reporting dashboards.

WatchGuard SSL v3.2 Update 1 Release Notes. Introduction. Windows 8 and 64-bit Internet Explorer Support. Supported Devices SSL 100 and 560

RSA Authentication Manager 8.1 Planning Guide. Revision 1

RSA Authentication Agent 7.1 for Microsoft Windows Installation and Administration Guide

Application Note. Intelligent Application Gateway with SA server using AD password and OTP

2 factor + 2. Authentication. way

How To Integrate Watchguard Xtm With Secur Access With Watchguard And Safepower 2Factor Authentication On A Watchguard 2T (V2) On A 2Tv 2Tm (V1.2) With A 2F

Single Sign On for ShareFile with NetScaler. Deployment Guide

Configuring and Troubleshooting Windows Server 2008 Application Infrastructure

Swivel Multi-factor Authentication

Maximize your Remote Desktop Services

Access Your Cisco Smart Storage Remotely Via WebDAV

Application Note. Citrix Presentation Server through a Citrix Web Interface with OTP only

Citrix XenApp 6 Fundamentals Edition for Windows Server 2008 R2 Administrator's Guide

Implementing PCoIP Proxy as a Security Server/Access Point Alternative

Remote Vendor Monitoring

Entrust IdentityGuard Comprehensive

Password Management Buyer s Guide. FastPass Password Manager V 3.3 Enterprise & Service Provider Editions

HOTPin Integration Guide: Salesforce SSO with Active Directory Federated Services

Training Name Installing and Configuring Windows Server 2012

Enterprise Solution for Remote Desktop Services System Administration Server Management Server Management (Continued)...

IDENTIKEY Product Family

Flexible Identity Federation

Deploying NetScaler Gateway in ICA Proxy Mode

Transcription:

Hosting topology SMS PASSCODE 2015

Hosting Topology In a hosting environment, you have a backend and a several front end (clients). In the example below, there is a backend at the right side. At the left side you have the clients in the customer domain. Each client must be able to communicate with the backend. The backend must be able to communicate with the customer s Active Directory for collecting the users to the SMS PASSCODE Database (LDAP(s)). Page 2 of 10

The Hosted Backend services prerequisites are: Database Service Requirement Supported operating systems: Windows Server 2003 (x86/x64) Windows Server 2008 (x86/x64) Windows Server 2008 R2 (x64) Windows Server 2012 (x64) Windows Server 2012 R2 (x64) Web Administration Interface Supported operating systems: Windows Server 2003 (x86/x64) Windows Server 2008 (x86/x64) Windows Server 2008 R2 (x64) Windows Server 2012 (x64) Windows Server 2012 R2 (x64) IIS 6.0+ required Page 3 of 10

Best practice is to install this component on the same server as the Database Service component. Transmitter Service Supported operating systems: Windows Server 2003 (x86/x64) Windows Server 2008 (x86/x64) Windows Server 2008 R2 (x64) Windows Server 2012 (x64) Windows Server 2012 R2 (x64) An unused serial port (COM port) for each GSM/CDMA modem or a Moxa box for each modem (serial to Ethernet converter). An active SIM card for each GSM modem in use. Load Balancing Service Supported operating systems: Windows Server 2003 (x86/x64) Windows Server 2008 (x86/x64) Windows Server 2008 R2 (x64) Windows Server 2012 (x64) In addition you need Microsoft.Net version 3.1 SP1 installed (feature in 2008R2/2012/2012R2). Best practice is to use two (v)cpu kernels and have SMS PASSCODE Database as a dedicated (virtual) server. Please make sure to add 256 MB of RAM, 100 MB of hard disk and an additional 100 MB of hard disk space per 1000 users over the Microsoft recommendation for the OS type chosen for the server. For the servers having the Load Balancing/Transmitter services installed please make sure to add 128 MB of RAM, 100 MB of hard disk and an additional 50 MB of hard disk space per 1000 users over the Microsoft recommendation for the OS type chosen for the server. Page 4 of 10

Client s SMS PASSCODE is composed of the following software components: SMS PASSCODE Core s Authentication Clients Add-on modules [1] Database Service Web Administration Interface Transmitter Service Load Balancing Service Self Service Web Site Citrix Web Interface Protection RADIUS Protection Cloud Application Protection IIS Web Site Protection ISA/TMG Web Site Protection Windows Logon Protection Secure Device Provisioning (for ActiveSync devices) Password Reset Module Database Service Web Administration Interface Transmitter Service Description Database for storing all SMS PASSCODE user data and configuration data. Web site for maintaining SMS PASSCODE user data and configuration data. Service responsible for dispatching messages and validation of SMS PASSCODE logons. Handles load balancing and failover between all GSM modems connected to the service. [1] Please note that separate CALs are required to gain access to add-on modules Page 5 of 10

Load Balancing Service Description Service responsible for handling load balancing and failover between all Transmitter services. This optional service is recommended for enterprise installations where multiple Transmitter services are present. It should be installed in the following cases: 1) Advanced failover and load balancing of SMS messages between all Transmitter services is required, or 2) The usage of Load Balancing Policies is required. Self Service Web Site Citrix Web Interface Protection Web site that allows end-users to maintain some of their personal SMS PASSCODE account settings themselves. Integrates SMS PASSCODE with Citrix Web Interface providing SMS PASSCODE authentication for Citrix Web Interface users. It is optionally possible to run the Citrix Web Interface protection side-by-side with hardware-token based two-factor authentication systems, e.g. RSA SecurID or SafeWord. Both AD and NDS authentication is supported. RADIUS Protection Integrates with RADIUS systems providing SMS PASSCODE authentication for RADIUS clients. It is optionally possible to run this integration side-by-side with other RADIUS authentication systems, e.g. hardware-token based two-factor authentication systems. When using Windows Server 2003, RADIUS protection is provided by means of an extension for the Microsoft Internet Authentication Service (IAS). When using Windows Server 2008 or 2012, RADIUS protection is provided by means of an extension for the Microsoft Network Policy Server (NPS). Besides VPN systems the RADIUS protection component is also useful for protecting access to Microsoft SharePoint Portal servers using application gateways, e.g. using Microsoft Intelligent Application Gateway, Microsoft Unified Access Gateway, Citrix Access Gateway Enterprise Edition or Juniper SA. Page 6 of 10

Cloud Application Protection Description Integrates with Microsoft Active Directory Federation Services (AD FS) 2.0 providing SMS PASSCODE authentication for cloud applications protected by AD FS 2.0. Cloud applications are supported that use form-based authentication, and use any of the following protocols for authentication: SAML 2.0 WS-Federation WS-Trust ISA/TMG Web Site Protection Integrates SMS PASSCODE with Microsoft ISA/TMG Server, providing SMS PASSCODE authentication for web sites directly on an ISA/TMG Server. The web sites are required to be published through the ISA/TMG server using a Web Listener. Currently the following types of web sites are supported: Microsoft Outlook Web Access Microsoft Terminal Service Web Access (TS Web Access) Microsoft SharePoint Portal Server IIS web sites using authentication delegation Any web site not requiring any pass-through authentication (authentication delegation) SMS PASSCODE authentication can be enabled and disabled for each specific Web Listener in the ISA/TMG server. ISA/TMG Web Site protection is provided by means of an ISA/TMG filter. Page 7 of 10

IIS Web Site Protection Description Integrates SMS PASSCODE with Microsoft Internet Information Server (IIS) providing SMS PASSCODE authentication for IIS Web Sites. Currently the following types of Web Sites are supported: Microsoft Outlook Web Access 2007, 2010 and 2013 [2] IIS Web Sites using Basic or Integrated Windows Authentication 5 Microsoft Terminal Service Web Access (TS Web Access), Windows Server 2008 only. Microsoft Remote Desktop Web Access (RD Web Access), Windows Server 2008 R2 only. SMS PASSCODE authentication can be enabled/disabled for each specific IIS web site it is even possible to configure different settings for specific URL s and/or specific client IP addresses. IIS Web Site protection is provided by means of an ISAPI filter. Windows Logon Protection Integrates SMS PASSCODE with Windows Logon, thereby providing SMS PASSCODE authentication for users logging on Windows. This is for example useful for protecting Microsoft Terminal Service / Remote Desktop server environments, or VMware View virtual clients. It is possible to enable and disable SMS PASSCODE authentication for each specific RDP Listener. Windows Logon integration is provided by means of a custom GINA (Windows XP and Windows Server 2003) and a custom Credential Provider (Windows Vista, Windows 7, Windows 8, Windows 8.1, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012 and Windows Server 2012 R2). [2] Please note that when protecting an OWA 2013 site, only form-based authentication is supported Page 8 of 10

Secure Device Provisioning (for ActiveSync devices) Description Integrates SMS PASSCODE with Microsoft Exchange Server s built-in functionality for provisioning of ActiveSync Devices, thereby providing secure, multi-factor authentication based self-provisioning of such devices. The integration is provided by means of two components: The SMS PASSCODE Monitoring Module, which is an HTTP Module that monitors the ActiveSync traffic on each server with the Exchange CAS role. The SMS PASSCODE Secure Device Provisioning Web Site, to which users will be redirected for performing secure self-provisioning of new ActiveSync devices. Password Reset Module Password Reset Web Site Password Reset Backend Service Add-on module providing a web site where SMS PASSCODE users that have forgotten their AD password can reset this password in a secure way. The module consists of two components. Install the components on separate servers or on the same server: The SMS PASSCODE Password Reset Web Site and the SMS PASSCODE Password Reset Backend Service. The Password Reset Web Site provides the user interface of the Password Reset module. It acts as a proxy for the actual Password Reset logic, which is performed by the Password Reset Backend Service. The components Database Service, Web Administration Interface and Transmitter Service are required components i.e. they must always be present in an SMS PASSCODE installation. The remaining components are optional. The term SMS PASSCODE core component is used in the subsequent sections of this documentation to denote one of the components: Database Service, Web Administration Interface, Transmitter Service, Load Balancing Service or Self Service Web Site. The term SMS PASSCODE Authentication client is used in the subsequent sections of this documentation to denote one of the components: Citrix Web Interface Protection, RADIUS Protection, Cloud Application Protection, ISA/TMG Web Site Protection, IIS Web Site Protection, Windows Logon Protection or Secure Device Provisioning Page 9 of 10

About SMS PASSCODE SMS PASSCODE is the leading technology in two- and multi-factor authentication using your mobile phone. To protect against the rise in internet based identity theft hitting both consumers and corporate employees, SMS PASSCODE offers a stronger authentication via the mobile phone SMS service compared to traditional alternatives. SMS PASSCODE installs in minutes and is much easier to implement and administer with the added benefit that users find it an intuitively smart way to gain better protection. The solution offers out-of-the-box protection of standard login systems such as Citrix, Cisco, Microsoft, VMware View, Juniper and other IPsec and SSL VPN systems as well as web sites. Installed at thousands of sites, this is a proven patent pending technology. In the last years, SMS PASSCODE has been named to the Gartner Group Magic Quadrant on User Authentication, awarded twice to the prestigious Red Herring 100 most interesting tech companies list, a Secure Computing Magazine Top 5 Security Innovator, InfoSecurity Guide Best two-factor authentication, a Citrix Solution of the Year Finalist, White Bull top 30 EMEA companies, a Gazelle 2010, 2011, 2012 and 2013 Fast Growth firm and a ComOn most promising IT company Award. For more information visit: www.smspasscode.com or our blog at blog.smspasscode.com. Page 10 of 10

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information