Scorpion Softwares AuthAnvil provides for the basis of a strong authentication system (SAS) to offer two factor authentication (2FA) for computer access. AuthAnvil helps to drastically reduce, and in many cases completely remove, many security related risks that exist with the use of weak static reusable passwords. These risks include the usage of hostile malware such as keystroke loggers and other data mining applications which allow adversaries to easily collect password credentials to gain remote access to multiple systems in the business and ultimately gain access to protected resources and privileged information.
AuthAnvil is a combination of hardware or software authentication tokens and server software that can be installed and run on Microsoft Windows environments. To extend the value of AuthAnvil and expand the use of strong authentication in your business, Scorpion Software continues to develop strong authentication agents (SAE) that can communicate with AuthAnvil to provide strong authentication functionality. Through our extendable web services architecture, third parties can consume our services and add strong authentication to their own applications to further extend our reach into the business workflow.
An example of how AuthAnvil can be used is in the deployment of a line of business (LOB) web application that requires credentials to guarantee the identity of the user. Instead of the application requiring your users to know ANOTHER password that they may need to write down, (and which could easily be given out to another users), you can instead point the authentication process to our software and allow your users to take advantage of dynamic one time passwords that are generated with hardware authentication tokens. Once deployed, not only can your business guarantee that weak passwords wont be used, you can also verify the identity of the remote users trying to access the information that the application exposes.
Installation of the AuthAnvil Server
- Open a web browser to the address www.scorpionsoft.com/downloads.
- Click AuthAnvil Server Installer (4.0) under the Legacy Downloads category.
- Either click Open on the file download or launch the installer manually after downloading and saving it to disk.
- After agreeing to the licensing agreement, the installer will check for and install prerequisites as needed, then ask you what type of installation you would like to do. New Install: Install a new copy of AuthAnvil. New Install and Restore Data: Install a new copy of AuthAnvil and restore from an existing AuthAnvil database backup (bup) file. Upgrade: Upgrade an existing version of AuthAnvil 2.x or 3.x to 4.0. This type of installation requires no further intervention from the user until it is complete.
NOTE: The recommended best practice when running an upgrade is to use the aabackup.exe utility (located by default at C:Program FilesScorpion SoftwareAuthAnvil Database Managementaabackup.exe (AuthAnvil 2.x or 3.0) or C:Program FilesScorpion SoftwareAuthAnvilAuthAnvilToolsaabackup.exe (3.5)) to take a backup of the AuthAnvil database before running the upgrade. This will allow a restore to the previous version. As a failsafe, if the upgrade fails for any reason, the installer will leave the IntermediateBackup.bup that it creates at C:Program FilesScorpion SoftwareAuthAnvil Setup 4.0IntermediateBackup.bup.NOTE: If migrating an AuthAnvil 3.5 (or earlier) server to v4.0 using New install and Restore Data, make sure that you back up your AuthAnvil database using the latest version of aabackup.exe, available here, then uninstall your old version of AuthAnvil, ensure that the AuthAnvil sites have been completely removed from IIS, and run the AuthAnvil 4.0 Installer, choosing the New Install and Restore Data option. When asked, provide the the bup file that you just created with aabackup.exe.
NOTE: The upgrade process does not support upgrading servers that use wildcard SSL certificates. To upgrade these servers, back up your AuthAnvil database using the latest version of aabackup.exe, available here, then uninstall your old version of AuthAnvil, ensure that the AuthAnvil sites have been completely removed from IIS, and run the AuthAnvil 4.0 Installer, choosing the New Install and Restore Data option. When asked, provide the the bup file that you just created with aabackup.exe. After the install completes, run the AAWebConfigEditor tool to change the SAS and Admin URLs so that they match the FQDN of your server, following the instructions in Appendix C of this document.
NOTE: On 64-bit systems, upgrades are supported from AuthAnvil 3.5 only. AuthAnvil 2.1 and 3.0 need to be uninstalled before running the AuthAnvil 4.0 installer, and you need to run a New Install and Restore Data using your backup file.
NOTE: If you are running AuthAnvil in multi-tenant mode (multiple AuthAnvil sites), please contact customer service using the form at www.scorpionsoft.com/help before performing the upgrade to make sure that multi-tenancy continues to function correctly.
- The installer will then ask whether you want to use a new or existing SQL installation.Note regarding non domain joined machine setup: If the SQL instance is not on the same server as the AuthAnvil SAS, then both will need the database user account to exist locally for impersonation to function correctly. Contact customer support for assistance if you intend to deploy following this scenario.
- If you chose Install to an existing SQL Server, the installer will next ask you for the location of your SQL Server instance. Enter this in the form of SQLSERVERNAMEINSTANCENAME or SQLSERVERNAME if the server does not use a named instance. NOTE: You will need to have administrative permissions on the SQL server instance that you select.
- If you chose New Install and Restore Data, the installer will ask you for the location of the AuthAnvil Database Backup (bup) file to restore from.
- AuthAnvil requires an active subscription account with a valid subscription username and password, and the installer will validate it before allowing you to continue. If you dont have an account, you can set one up a https://customer.scorpionsoft.com, and if youve forgotten your subscription password, you can change it using the form at https://customer.scorpionsoft.com/subscriptionsettings.aspx.
- Next, if you chose New Install, the install will ask for your Company Name and get you to set a Master Admin Password. The company name is used to identify this server in your billing statements, and the master admin password is used to manage system-level functions for this AuthAnvil server from the AuthAnvil Management Console. This password is difficult to reset, so should be strong and not well-known within the organization.
- If New Install is chosen, the installer will ask you for your email server settings. The email server defines where AuthAnvil will send email messages for alerts and enrollment requests. This should be a resolvable name or IP address to a working SMTP (mail) server that will allow the AuthAnvil server to relay messages. The From Address field defines who the email will be sent from, such as firstname.lastname@example.org. NOTE: This email address is also the email address that the server will send any administrative emails to, so make sure that it is a mailbox that is checked regularly. If you email server requires authentication, you can also configure that here.
- Next, the installer will ask you to pick which website in IIS you want AuthAnvil to be installed to. If you are unsure, select Default Web Site or the first item in the list. Scorpion Software recommends that you use a website that has an SSL certificate assigned to it. A certificate can be assigned after the installation. (See Configuring secure communications with SSL later in this document for more information). Note for SBS 2008 installs: You should install AuthAnvil into the SBS Web Applicationssite on an SBS 2008 server. SBS 2003 and 2011 use Default Web Site
- If you are doing a new install, the installer will next ask you to set up your first user, including username, first name, last name, email address, and to set up a temporary password so that the user can log on to the AuthAnvil Manager and begin assigning tokens.
- Finally, if AuthAnvil is being installed on a domain controller, the installer will offer to install the ADUS client on the machine and configure the ADUS Web Service
- After confirming your selection, setup will complete a few final tasks and display a Setup Complete message. Click Finish to complete the install and launch the AuthAnvil Manager.Note for SBS 2003 installs: AuthAnvil authentications from computers outside of the network will not be possible until the IIS settings are properly configured as per Appendix D. Note for installs on servers that use wildcard SSL certificates: After installation, the server will need to be configured with the correct FQDN using the AAWebConfigEditor, as described in Appendix C of this document.
If you have any questions or need some help, we would be happy to assist. Open a case at kaseya.zendesk.com .