In the network diagram below you can see a minimal setup for SMSPassword.
You can click on the network drawing to see a larger version.
Here the logon process in detail. First the home user launches his browser and enters the URL of the netscaler of his company. The user is then presented with a username password dialog where he enters his regular active directory username and password. The netscaler sends the username and password using radius to the SMSPassword server. The SMSPassword server then check with active directory to check if the credentials match. If the credentials match, SMSPassword contacts active directory again to get the mobile number of the user. SMSPassword now generates a one time password. Send the one time password to users mobile device. And sends a message to the user to ask for additional information in the user’s web browser. The user then enters the one time password into the browser, and is sent to the SMSPassword server via the netscaler. If the password entered by the user is valid, SMSPassword sends a signal to the netscaler. And the netscaler allows the user access to his applications or documents.
The redundant setup works the same as the minimal setup, to guarantee uptime some changes are made. First of all, in this setup we use more than one server as a SMSPassword server. In this example we use two SMSPassword servers. But in theory this can be any number. Three, four as much as you need. In the load balancing device, a virtual server is created. In our example we use a netscaler as load balancer, but other load balancers are also supported. In the load balancer you also configure a monitor, to see if the nodes are working. The load balancer will send a heart-beat check to every node. If for example the network to one of the nodes is down, or if the SMSPassword service is stopped, or if the server is being rebooted, the node will not respond to the heart-beat. The load balancer will skip this node, and will resume normal operation using the other available nodes. As soon as the node will become available again, the load balancer will start using that node again. The manual of SMSPassword contains detailed description on how to configure a load balanced setup.
Below a detailed diagram of the load balancing part.
Key part of the load balancing is that the load balancing device monitors both the SMSPassword servers and the SMS dispatch modems. If for example Modem B becomes unavailable, SMSPassword server B is skipped too.
More questions?, see the FAQ’s, or contact us.