• No results found

Hosting topology SMS PASSCODE 2015

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Hosting topology SMS PASSCODE 2015"

Copied!
10
0
0

Loading.... (view fulltext now)

Download now ( 10 Page )

Full text

(1)

Hosting topology

© SMS PASSCODE® 2015

(2)

Hosting Topology

In a hosting environment, you have a backend and a several front end (clients).

In the example below, there is a backend at the right side. At the left side you have the

clients in the customer domain. Each client must be able to communicate with the

backend.

The backend must be able to communicate with the customer´s Active Directory for

collecting the users to the SMS PASSCODE Database (LDAP(s)).

(3)

The Hosted Backend services

prerequisites are:

Component

Requirement

Database Service

Supported operating systems:

Windows Server 2003 (x86/x64)

Windows Server 2008 (x86/x64)

Windows Server 2008 R2 (x64)

Windows Server 2012 (x64)

Windows Server 2012 R2 (x64)

Web Administration Interface

Supported operating systems:

Windows Server 2003 (x86/x64)

Windows Server 2008 (x86/x64)

Windows Server 2008 R2 (x64)

Windows Server 2012 (x64)

Windows Server 2012 R2 (x64)

IIS 6.0+ required

(4)

same server as the Database Service component.

Transmitter Service

Supported operating systems:

Windows Server 2003 (x86/x64)

Windows Server 2008 (x86/x64)

Windows Server 2008 R2 (x64)

Windows Server 2012 (x64)

Windows Server 2012 R2 (x64)

An unused serial port (COM port) for each

GSM/CDMA modem or a Moxa box for

each modem (serial to Ethernet converter).

An active SIM card for each GSM modem

in use.

Load Balancing Service

Supported operating systems:

Windows Server 2003 (x86/x64)

Windows Server 2008 (x86/x64)

Windows Server 2008 R2 (x64)

Windows Server 2012 (x64)

In addition you need Microsoft .Net version 3.1 SP1 installed (feature in

2008R2/2012/2012R2).

Best practice is to use two (v)CPU kernels and have SMS PASSCODE Database as a

dedicated (virtual) server. Please make sure to add 256 MB of RAM, 100 MB of hard disk

and an additional 100 MB of hard disk space per 1000 users over the Microsoft

recommendation for the OS type chosen for the server.

For the servers having the Load Balancing/Transmitter services installed please make sure

to add 128 MB of RAM, 100 MB of hard disk and an additional 50 MB of hard disk space

per 1000 users over the Microsoft recommendation for the OS type chosen for the server.

(5)

Client Components

SMS PASSCODE

®

is composed of the following software components:

SMS PASSCODE

®

Core Components

Authentication Clients

Add-on modules

[1]

 Database Service  Web Administration

Interface

 Transmitter Service  Load Balancing Service  Self Service Web Site

 Citrix Web Interface Protection

 RADIUS Protection

 Cloud Application Protection  IIS Web Site Protection  ISA/TMG Web Site

Protection

 Windows Logon Protection  Secure Device Provisioning

(for ActiveSync devices)

Password Reset Module

Component Description

Database Service Database for storing all SMS PASSCODE® user data and

configuration data.

Web Administration Interface Web site for maintaining SMS PASSCODE® user data and

configuration data.

Transmitter Service Service responsible for dispatching messages and validation of SMS PASSCODE® logons. Handles load balancing and

failover between all GSM modems connected to the service.

(6)

Component Description

Load Balancing Service Service responsible for handling load balancing and failover between all Transmitter services.

This optional service is recommended for enterprise installations where multiple Transmitter services are present. It should be installed in the following cases:

1) Advanced failover and load balancing of SMS messages between all Transmitter services is required, or

2) The usage of Load Balancing Policies is required. Self Service Web Site Web site that allows end-users to maintain some of their

personal SMS PASSCODE® account settings themselves.

Citrix Web Interface Protection Integrates SMS PASSCODE® with Citrix Web Interface

providing SMS PASSCODE® authentication for Citrix Web

Interface users. It is optionally possible to run the Citrix Web Interface protection side-by-side with hardware-token based two-factor authentication systems, e.g. RSA SecurID® or

SafeWord®.

Both AD and NDS authentication is supported. RADIUS Protection Integrates with RADIUS systems providing SMS

PASSCODE® authentication for RADIUS clients. It is

optionally possible to run this integration side-by-side with other RADIUS authentication systems, e.g. hardware-token based two-factor authentication systems.

When using Windows Server 2003, RADIUS protection is provided by means of an extension for the Microsoft Internet Authentication Service (IAS).

When using Windows Server 2008 or 2012, RADIUS protection is provided by means of an extension for the Microsoft Network Policy Server (NPS).

Besides VPN systems the RADIUS protection component is also useful for protecting access to Microsoft SharePoint Portal servers using application gateways, e.g. using Microsoft Intelligent Application Gateway, Microsoft Unified Access Gateway, Citrix Access Gateway Enterprise Edition or Juniper SA.

(7)

Component Description

Cloud Application Protection Integrates with Microsoft Active Directory Federation Services (AD FS) 2.0 providing SMS PASSCODE® authentication for

cloud applications protected by AD FS 2.0.

Cloud applications are supported that use form-based authentication, and use any of the following protocols for authentication:

 SAML 2.0

 WS-Federation

 WS-Trust

ISA/TMG Web Site Protection Integrates SMS PASSCODE® with Microsoft ISA/TMG

Server, providing SMS PASSCODE® authentication for web

sites directly on an ISA/TMG Server. The web sites are required to be published through the ISA/TMG server using a Web Listener.

Currently the following types of web sites are supported:

 Microsoft Outlook Web Access

 Microsoft Terminal Service Web Access (TS Web Access)

 Microsoft SharePoint Portal Server

 IIS web sites using authentication delegation

 Any web site not requiring any pass-through authentication (authentication delegation) SMS PASSCODE® authentication can be enabled and

disabled for each specific Web Listener in the ISA/TMG server.

ISA/TMG Web Site protection is provided by means of an ISA/TMG filter.

(8)

Component Description

IIS Web Site Protection Integrates SMS PASSCODE® with Microsoft Internet

Information Server (IIS) providing SMS PASSCODE®

authentication for IIS Web Sites. Currently the following types of Web Sites are supported:

 Microsoft Outlook Web Access 2007, 2010 and 2013[2]

 IIS Web Sites using Basic or Integrated Windows Authentication5

 Microsoft Terminal Service Web Access (TS Web Access), Windows Server 2008 only.

 Microsoft Remote Desktop Web Access

(RD Web Access), Windows Server 2008 R2 only.

SMS PASSCODE® authentication can be enabled/disabled

for each specific IIS web site – it is even possible to

configure different settings for specific URL’s and/or specific client IP addresses.

IIS Web Site protection is provided by means of an ISAPI filter.

Windows Logon Protection Integrates SMS PASSCODE® with Windows Logon, thereby

providing SMS PASSCODE® authentication for users logging

on Windows. This is for example useful for protecting Microsoft Terminal Service / Remote Desktop server environments, or VMware View virtual clients.

It is possible to enable and disable SMS PASSCODE®

authentication for each specific RDP Listener.

Windows Logon integration is provided by means of a custom GINA (Windows XP and Windows Server 2003) and a custom Credential Provider (Windows Vista, Windows 7, Windows 8, Windows 8.1, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012 and Windows Server 2012 R2).

(9)

Component Description

Secure Device Provisioning (for ActiveSync devices)

Integrates SMS PASSCODE® with Microsoft Exchange

Server’s built-in functionality for provisioning of ActiveSync Devices, thereby providing secure, multi-factor authentication based self-provisioning of such devices.

The integration is provided by means of two components:

 The SMS PASSCODE® Monitoring Module, which is

an HTTP Module that monitors the ActiveSync traffic on each server with the Exchange CAS role.

 The SMS PASSCODE® Secure Device Provisioning

Web Site, to which users will be redirected for performing secure self-provisioning of new ActiveSync devices.

Password Reset Module  Password Reset Web Site  Password Reset Backend

Service

Add-on module providing a web site where SMS

PASSCODE® users that have forgotten their AD password

can reset this password in a secure way.

The module consists of two components. Install the

components on separate servers or on the same server: The SMS PASSCODE® Password Reset Web Site and the SMS

PASSCODE® Password Reset Backend Service.

The Password Reset Web Site provides the user interface of the Password Reset module. It acts as a proxy for the actual Password Reset logic, which is performed by the Password Reset Backend Service.

The components Database Service, Web Administration Interface and Transmitter Service

are

required

components – i.e. they must always be present in an SMS PASSCODE

®

installation. The remaining components are optional.

The term

SMS PASSCODE

®

core component

is used in the subsequent sections of

this documentation to denote one of the components: Database Service, Web

Administration Interface, Transmitter Service, Load Balancing Service or Self Service

Web Site.

The term

SMS PASSCODE

®

Authentication client

is used in the subsequent sections of

this documentation to denote one of the components: Citrix Web Interface Protection,

RADIUS Protection, Cloud Application Protection, ISA/TMG Web Site Protection, IIS

Web Site Protection, Windows Logon Protection or Secure Device Provisioning

(10)

Page 10 of 10

About SMS PASSCODE®

SMS PASSCODE is the leading technology in two- and multi-factor authentication using your mobile phone. To protect against the rise in internet based identity theft hitting both consumers and corporate employees, SMS PASSCODE offers a stronger authentication via the mobile phone SMS service compared to traditional alternatives. SMS PASSCODE installs in minutes and is much easier to implement and administer with the added benefit that users find it an intuitively smart way to gain better protection. The solution offers out-of-the-box protection of standard login systems such as Citrix, Cisco, Microsoft, VMware View, Juniper and other IPsec and SSL VPN systems as well as web sites. Installed at thousands of sites, this is a proven patent pending technology. In the last years, SMS PASSCODE has been named to the Gartner Group Magic Quadrant on User Authentication, awarded twice to the prestigious Red Herring 100 most interesting tech companies list, a Secure Computing Magazine Top 5 Security Innovator, InfoSecurity Guide Best two-factor authentication, a Citrix Solution of the Year Finalist, White Bull top 30 EMEA companies, a Gazelle 2010, 2011, 2012 and 2013 Fast Growth firm and a ComOn most promising IT company Award. For more information visit: www.smspasscode.com or our blog at blog.smspasscode.com.

References

Download now ( PDF - 10 Page - 889.26 KB )

Related documents

Management Authentication using Windows IAS as a Radius Server

Choose the Server Group you created above -> on the RHS click on new button choose the radius server from the drop down menu -> Add Server -> Apply... As to check whether

Edinburgh Research Explorer

The possibility that MeCP2 affects the initiation rate by binding to promoters was rejected because it would imply a stronger correlation between gene expression and in promoters

A VAR Evaluation of Classical Growth Theory

To this end, a simple VAR estimation provided a way to establish evidence of the suggested classical causalities by employing cumulative impulse response functions derived from

SECURED TRANSACTIONS AND COLLATERAL REGISTRIES

The Mövenpick Ambassador Hotel Accra is conveniently located in the central business district of downtown Accra close to ministries, major financial institutions

The Effects of Cdx-2 Polymorphism in the Promoter Region of the Vitamin D Receptor Gene on Bone Mineral Density in Postmenopausal Korean Women

The Effects of Cdx-2 Polymorphism in the Promoter Region of the Vitamin D Receptor Gene on Bone Mineral Density in Postmenopausal Korean Women.. Se Hwa Kim, Yumie Rhee, So Young

ANDREW T. HANSON, Ph.D.

Management including admission and financial aid counseling, enrollment management, career assessment, recruiting, marketing, market analysis, academic advising, enrollment and

Integration of transcriptomic and genomic data suggests candidate mechanisms for APOE4-mediated pathogenic action in Alzheimer’s disease

To investigate the presence of a genetic interaction between APOE and the SNPs in genes corresponding to proteins identified in the APOE44 network we used two datasets of genotype

Energy performance of an exhibition hall in a life cycle perspective: embodied energy, operational energy and retrofit strategies

After that, the energy impacts of the retrofit strategies during the life cycle were assessed and compared with the energy savings in the use phase, allowing to calculate the