Network Infrastructure

The following image provides an overview of the AAA Server solution:

 

The AAA Authentication Server:

  • Checks the existence of users, validates passwords, and grants user access.
  • Applies authorization profiles.
  • Tracks user activity.
  • Maintains user activity and usage log files.

Mandatory Components

The following ActivID components work in concert with your LDAP server to provide strong user authentication:

  • The AAA Server Administration Console and the AAA Server Administration Database
  • The AAA Server(s) (TACACS+ or RADIUS) and the AAA Server(s) Authentication Database
  • The ActivID Credential Management System (CMS).
  • The ActivID SKI Connector, which allows a second application to communicate with the AAA Administration Server. This is automatically installed on the same machine as the administration console.

You can install the AAA Server Administration Console and AAA Servers, AND both the administration and authentication databases on the same or different machines (and in any combination).

Maintain the administration and authentication databases from the Administration Console. Manage your users from your LDAP directory.

Optional Components

The following components can be installed according to your deployment requirements.

Web Help Desk and Self Help Desk

The AAA Server Web Help Desk is an add-on component to the AAA Server. This component makes the Administration Console Help Desk functions available to multiple Help Desk operators through a web interface.

The AAA Server Web Self Help Desk makes key device management functions available to end users through a web interface.

This component requires that the ActivID SKI Connector (part of the AAA Server setup process) communicate (using SSL) with the AAA Server. For more information, see Installing the AAA Server for Remote Access.

Soft Token Solution

The AAA Soft Token Solution leverages the Web Help Desk and Self Help Desk to provide soft token assignment and management functions.

Soft tokens issued by Soft Token Solution can be used seamlessly with the AAA Server. For further information, see Deploying the Soft Token Solution.

Web Access Agent for IIS

The Web Access Agent is an add-on component to the AAA Server. This component provides strong browser authentication for the Internet and for intranets (including ASP/ASP.NET pages). The solution is based on the Microsoft Internet Information Services (IIS) Web Server.

Web Access Agent extends the Microsoft Windows NTFS authentication utility by using the AAA Server for authentication and accounting.

Kerberos Agent for Microsoft IIS and Windows Server

The Kerberos Agent interacts with the AAA Server to protect web resources running on Microsoft Internet Information Services (IIS) web servers, using secure OTP synchronous authentication.

By leveraging the Kerberos authentication protocol, the Agent removes the need for the user to provide their Microsoft Windows password in addition to the username/OTP combination.

Agent for Citrix and Microsoft Terminal Services

The Agent for Citrix and Microsoft Terminal Services is designed to allow end users to log on to remote services (either Citrix Presentation Server or Microsoft Terminal Server) with an OTP generated by an ActivID token.