More actions
No edit summary |
No edit summary |
||
| Line 19: | Line 19: | ||
}} | }} | ||
== History == | == History == | ||
[[Servers:SAD-AUTH01]] was built on 5/10/22 to replace a pre-documentation server SAD-SSO01, which ran [https://goauthentik.io/ Authentik]. Authentik was a very good free and open source SSO solution that enabled internal users to authenticate to several internal services, such as [[Development:Gitlab]] on [[Servers:SAD-GIT01]]. However, MandolinSara and I decided it would be a good idea to get our multi-factor authentication services off premises in the event of an outage, a security threat, streamlined management and most important of all: easy two factor authentication for Windows and Linux servers. In addition, this enables us to protect certain consoles such as [[Disaster Recovery: VEEAM Backup & Replication]], [[Microsoft System Center: Microsoft System Center]], and [[Virtualization: VMware vCenter Server Appliance]]. For Duo's price point and added benefit, it was a no brainer to migrate things to a proprietary external service. If Authentik ever receives this functionality, a test server should be spun up to determine if the business should migrate back. | [[Servers:SAD-AUTH01]] was built on 5/10/22 to replace a pre-documentation server SAD-SSO01, which ran [https://goauthentik.io/ Authentik]. Authentik was a very good free and open source SSO solution that enabled internal users to authenticate to several internal services, such as [[Development:Gitlab]] on [[Servers:SAD-GIT01]]. | ||
However, MandolinSara and I decided it would be a good idea to get our multi-factor authentication services off premises in the event of an outage, a security threat, streamlined management and most important of all: easy two factor authentication for Windows and Linux servers. In addition, this enables us to protect certain consoles such as [[Disaster Recovery: VEEAM Backup & Replication]], [[Microsoft System Center: Microsoft System Center]], and [[Virtualization: VMware vCenter Server Appliance]]. For Duo's price point and added benefit, it was a no brainer to migrate things to a proprietary external service. If Authentik ever receives this functionality, a test server should be spun up to determine if the business should migrate back. | |||
In addition to running [[Authentication: Cisco DUO Application Proxy]], [[Authentication: Microsoft Entra ID Connect]] is running on this server to enable syncing between on-prem [[Authentication: Microsoft Active Directory]] and [[Authentication: Microsoft Entra ID Connect]], a component of [[Cloud: Microsoft Azure]]. | In addition to running [[Authentication: Cisco DUO Application Proxy]], [[Authentication: Microsoft Entra ID Connect]] is running on this server to enable syncing between on-prem [[Authentication: Microsoft Active Directory]] and [[Authentication: Microsoft Entra ID Connect]], a component of [[Cloud: Microsoft Azure]]. | ||
Finally, the [[Authentication: Microsoft NPS]] server role is installed and setup to enable RADIUS authentication to [[Hardware: SAD-HME-FW01]] for [[Network: Road Warrior VPN]] to enable a secure connection back to sysadminafterdark networks. | |||
== Purpose == | == Purpose == | ||
Revision as of 23:41, 17 May 2024
History
Servers:SAD-AUTH01 was built on 5/10/22 to replace a pre-documentation server SAD-SSO01, which ran Authentik. Authentik was a very good free and open source SSO solution that enabled internal users to authenticate to several internal services, such as Development:Gitlab on Servers:SAD-GIT01.
However, MandolinSara and I decided it would be a good idea to get our multi-factor authentication services off premises in the event of an outage, a security threat, streamlined management and most important of all: easy two factor authentication for Windows and Linux servers. In addition, this enables us to protect certain consoles such as Disaster Recovery: VEEAM Backup & Replication, Microsoft System Center: Microsoft System Center, and Virtualization: VMware vCenter Server Appliance. For Duo's price point and added benefit, it was a no brainer to migrate things to a proprietary external service. If Authentik ever receives this functionality, a test server should be spun up to determine if the business should migrate back.
In addition to running Authentication: Cisco DUO Application Proxy, Authentication: Microsoft Entra ID Connect is running on this server to enable syncing between on-prem Authentication: Microsoft Active Directory and Authentication: Microsoft Entra ID Connect, a component of Cloud: Microsoft Azure.
Finally, the Authentication: Microsoft NPS server role is installed and setup to enable RADIUS authentication to Hardware: SAD-HME-FW01 for Network: Road Warrior VPN to enable a secure connection back to sysadminafterdark networks.
Purpose
The following roles and features are running on this server: