To setup a redundant AuthAnvil Server we will need at least three separate servers.
- Dedicated server for the SQL Database.
- Web server 1. Example domain auth1.scorpionlabs.com
- Web server 2. Example domain auth2.scorpionlabs.com
Web Server 1 & 2 will need to be configured with the system requirements per - https://helpdesk.kaseya.com/entries/25881456 including a unique third party trusted SSL certificate.
This web server is built using the latest installers for 2FA/SSO/PWS.
Note: At the time of this article these are the latest versions.
Two-Factor Auth v5.5
Single Sign On v4.5
Password Server v2.7
Once Server 1 is configured we create a CLu file following this guide.
We copy the .CLU file from Server 1 to Server 2 and use the latest installers for Two-Factor Auth & Password Server. During the install there will an option to install to an existing cluster. Using this install option Server 2 is configured automatically to work with the same Database as Server 1.
You will now have two unique SAS URL's that will look something like this.
https://auth1.scorpionlabs.com/AuthAnvil/SAS.asmx & https://auth2.scorpionlabs.com/AuthAnvil/SAS.asmx
You can configure a Windows Credential Provider or RADIUS server with these two unique URL's to automatically fail-over.
To take this one step further you may also want to configure a Network Load Balancer (NLB) with a unique SSL certificate.
Server 1: auth.scorpionlabs.com
Server 2: auth.scorpionlabs.com
This would allow you to navigate to your SSO portal as https://auth.scorpionlabs.com/sso/ and have it fail-over automatically between Server 1 & Server 2.