Configuring Redundant Web Servers
If you wish to use AuthAnvil Two Factor Auth in a redundant failover scenario you will need to ensure that you transfer the encryption keys from the primary (first) SAS to all other web servers that you configure in the farm. Failing to do so will prevent secondary IIS servers from properly deciphering the key data stored in the SQL database, preventing authentication.
These guides do not cover SQL redundancy. They allow for multiple redundant web servers which point to a single SQL endpoint. You are able to configure SQL replication or clustering at your preference.
AuthAnvil Two Factor Auth (2FA)
This guide details the redundancy configuration for AuthAnvil Two Factor Auth v5.0.
(Click here for AuthAnvil v4.1 and v3.5)
SRV1 will be the primary server installation (a new or existing installation will work) and SRV2represents any additional web servers to be configured for redundancy.
Note:: When converting an existing AuthAnvil Two Factor Auth deployment to handle redundancy, always take a backup of your existing database first. Instructions for backing up an AuthAnvil Two Factor Auth Database can be found in the Backing up the AuthAnvil Two Factor Auth Database section of the AuthAnvil Two Factor Auth Installation Guide.
- Install AuthAnvil Two Factor Auth on SRV1 using the instructions in the Installation Guide.
- On SRV1, open the redundancy tool at C:\Program Files\Scorpion Software\AuthAnvil\AuthAnvilTools\TFA_ServerRedundancyTool.exe
- Select the button to create a server redundancy file (*.tfr) and click Create File
Note: This .TFR file includes sensitive information about the SQL connection and encryption keys. Make sure to keep this file secure and to completely delete it after you have verified that redundancy has been configured correctly. You can always regenerate it if needed.
- Install AuthAnvil Two Factor Auth on SRV2 using a different SQL instance than SRV1. You can either allow the installer to create a SQL Server instance for you, or you can install to an existing SQL server. This dummy SQL instance / database can be uninstalled after the procedure is complete.
Important: If you are going to be configuring AuthAnvil Single Sign On for redundancy, please scroll down to the SSO redundancy steps now. Since SSO will assume the same database as 2FA, these changes need to be made while 2FA is still pointing at a dummy SQL database.
- Copy the redundnacy file TFA_RedundantInfo.tfr from SRV1 to SRV2
- On SRV2, open the redundancy tool at C:\Program Files\Scorpion Software\AuthAnvil\AuthAnvilTools\TFA_ServerRedundancyTool.exe
- Select the button to import a redundancy file and select the location of the file you copied over
- Run an IISReset on both SRV1 and SRV2 to reload the configurations
- Test a login to the AuthAnvil Manager on both servers using the same token and username. If they both succeed, youre finished!
At this point, you can configure AuthAnvil Two Factor Auth agents to use either servers web service URLs. In an environment with a load balancer this will be taken care of automatically. With the proper encryption keys on all front end servers, AuthAnvil Two Factor Auth should be able to authenticate to the database(s) on the backend from any point.
If you have any questions or need some help, we would be happy to assist. Open a case at kaseya.zendesk.com .