More actions
No edit summary |
No edit summary |
||
| Line 41: | Line 41: | ||
== Network Diagram == | == Network Diagram == | ||
== Status == | |||
This server has been staged and placed into sysadminafterdark production. There are no plans to replace or upgrade this server until Windows Server 2022 goes end of life on October 14, 2031. | |||
Revision as of 23:51, 17 May 2024
History
Servers:SAD-AUTH01 was built on 5/10/22 to replace a pre-documentation server SAD-SSO01, which ran Authentik. Authentik was a very good free and open source SSO solution that enabled internal users to authenticate to several internal services, such as Development:Gitlab on Servers:SAD-GIT01.
However, MandolinSara and I decided it would be a good idea to get our multi-factor authentication services off premises in the event of an outage, a security threat, streamlined management and most important of all: easy two factor authentication for Windows and Linux servers. In addition, this enables us to protect certain consoles such as Disaster Recovery: VEEAM Backup & Replication, Microsoft System Center: Microsoft System Center, and Virtualization: VMware vCenter Server Appliance. For Duo's price point and added benefit, it was a no brainer to migrate things to a proprietary external service. If Authentik ever receives this functionality, a test server should be spun up to determine if the business should migrate back.
In addition to running Authentication: Cisco DUO Application Proxy, Authentication: Microsoft Entra ID Connect is running on this server to enable syncing between on-prem Authentication: Microsoft Active Directory and Authentication: Microsoft Entra ID Connect, a component of Cloud: Microsoft Azure.
Finally, the Authentication: Microsoft NPS server role is installed and setup to enable RADIUS authentication to Hardware: SAD-HME-FW01 for Network: Road Warrior VPN to enable a secure connection back to sysadminafterdark networks.
Purpose
Windows Server Desktop was chosen because Authentication: Microsoft Entra ID Connect and Authentication: Microsoft NPS does not support Linux or Windows Server Core. It was easier to run these services from one device and have one point of authentication services in addition to Authentication: Microsoft Active Directory. The following roles and features are running on this server:
Network Diagram
Status
This server has been staged and placed into sysadminafterdark production. There are no plans to replace or upgrade this server until Windows Server 2022 goes end of life on October 14, 2031.