What is the best practice for selecting where to install AuthAnvil Two-Factor Auth (2FA) on the network?


Today an interesting question was brought to Customer Service, which was then forwarded to me. It boiled down to an extension from a previous best practice Brent wrote about on what platform to install AuthAnvil on.

The question really was asking "which" server inside the office AuthAnvil should be installed to. If you ensure it meets the base requirements, it can pretty much go anywhere. However, some thought should go into how you use AuthAnvil, to help make that decision more clear.

First, are you going to require agents running external to your office to connect to AuthAnvil? If so, then you will want to make sure the server can be accessed from the Internet. It will also require a valid SSL certificate from a trusted CA. Even something as simple as a GoDaddy certificate on a typical IIS web server will do. Just make sure that it can be reached.

Now, if you want to put it on a different server then the one you may be directing SSL traffic to already, that is OK. If you are using a NAT device, simply do port redirection. This might mean you map port 4443 to 443 on the second server. Or you can configure IIS on the second server to bind SSL to 4443 to begin with. You will need that if you are using those inexpensive LinkSys or DLink devices.

After you have thought about connectivity issues with SSL, you should consider work loads. AuthAnvil itself uses very little resources. It was designed to work in resource starved environments like Small Business Server. However, the SQL database is always overhead. You may decide to install AuthAnvil itself on an edge device, but use the company SQL server elsewhere. That is an acceptable scenario which is available in the installer. If you have SQL anywhere in your network, we can use it. Splitting it like this helps to offload resources, while leveraging your existing investment in IT like SQL.

After considering your workloads with SQL, think about the fact that AuthAnvil can run on a domain joined server, or on a standalone system. If you want to take advantage of the ease of use in our Configuration Wizard to import domain users, you will want to consider putting it on the domain joined system. However, it is perfectly acceptable to install it on the standalone system, and enter the users manually. It is really up to you. 

Finally, there is nothing wrong with installing AuthAnvil on the domain controller itself. I know that may surprise many of you, but AuthAnvil was designed to work on a DC, if required. Mostly because our history starts with building AuthAnvil to run on Small Business Server, where that is the case already. It has been extended as we moved beyond that platform because we have found so many competitors CAN'T run on a domain controller, and want a dedicated server anyways. Not so with AuthAnvil.

Ultimately, you can install AuthAnvil on ANY server in your organization, as long as it is running Windows Server 2008R2 or newer,  and a 64bit environments. It needs to have IIS installed with ASP.NET 2.0, with access to SQL somewhere on the network. If you don't have SQL, then the installer will have SQL Express installed and secured for you... to make it all neat and tidy.

Just remember that if you want to access AuthAnvil from your notebooks while in the field, or from client networks outside the office, it needs to be exposed to the Internet. 


If you have any questions or need some help, we would be happy to assist. Open a case at help.scorpionsoft.com or send an email to support@scorpionsoft.com.

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Contact us