Please review the following information to see if you meet minimum system requirements to use AuthAnvil Two Factor Auth. AuthAnvil Two Factor Auth has been tested on Windows Server 2008 (SP2), Essential Business Server 2008 and Small Business Server 2008, Windows Server 2008 R2, Small Business Server 2011, Windows Server 2012 and Windows Server 2012 Essentials. It supports both 32 and 64 bit versions of Windows.
Supported Operating Systems
- Windows Server 2008 (requires SP2)
- Windows Server 2008 R2
- Small Business Server 2008
- Small Business Server 2011
- Windows Server 2012
- Windows Server 2012 R2
- Microsoft Internet Explorer 9.0 or later
- Microsoft Installer Services (MSI) 3.0
- Web Server Role / Internet Information Services (IIS) 7.0 or later with the ASP.NET role service enabled
- Application Server role with HTTP Activation and Web Server (IIS) Support role services enabled
- (Server 2012) Windows Identity Foundation 3.5 must be installed as a server Feature
- (Server 2012) HTTP Activation server Feature under .NET Framework 4.5 Features -> WCF Services
Prerequisites Installed by the Installer
- Microsoft .NET Framework 4.0
- Windows Identity Foundation (NOTE: Server 2012 will require this to be installed through the Server Manager)
- Microsoft Visual C++ 2010 Service Pack 1
- Microsoft SQL Server Native Client
- Microsoft SQL Server System CLR Types
- Microsoft SQL Server Management Objects
- Microsoft SQL Server Express 2008 (if requested by the user)
- The server must have a working internet connection in order to download AuthAnvil components and prerequisites.
- Installation requires that the user installing must have administrative privileges on the domain (or local machine if server is not domain joined).
- If migrating an existing installation of AuthAnvil Two Factor Auth, or upgrading from AuthAnvil 3.0 or earlier, a backup file (bup) of your existing install will be needed. A bup file can be created with the Database Management Tool (AuthAnvil 3.0 and earlier) or directly with aabackup.exe. Upgrade instructions can be found at the AuthAnvil upgrade center.
- If you are installing AuthAnvil Two Factor Auth on a separate server from the SQL server, impersonation is supported on either domain joined servers or servers that are members of the same workgroup.
- AuthAnvil Two Factor Auth is officially supported on servers and workstations where the base OS was installed in English (CA/US/UK/AU). Scorpion Software cannot make guarantees to successful operation on other international languages that have not officially been tested.
- We strongly recommend that the web site that AuthAnvil Two Factor Auth is deployed to has an SSL certificate installed. HTTP connections are recommended for testing purposes only.
- Kaseya Users: AuthAnvil Two Factor Auth 5.0 CAN NOT be installed on the same web site as Kaseya. It needs to be installed on a separate IIS web site located either on the same server or on a completely different server.
What you need to begin
To begin your deployment of AuthAnvil Two Factor Auth, we recommend you collect and prepare the following items before installation:
- Download the latest installer files from the AuthAnvil 2FA Downloads website at https://help.scorpionsoft.com/hc/en-us/sections/203999247.
- The AuthAnvil Installation Guide. Consider printing out this guide or having it available during your installation session.
- Token import file. A file will have been added to your Customer Portal account under the Tokens page. This file is used to automate the importation of the token data into the AuthAnvil database and will be named <your-order-number>.tok.
- Administrative access to a supported operating system on which you wish to install AuthAnvil. It is strongly recommended that during evaluation you test AuthAnvil in a non-production environment.
- An AuthAnvil subscription key configured for your account in the Customer Portal at https://customer.scorpionsoft.com/accounts.aspx.
Installation of the AuthAnvil Two Factor Auth Server
- Open a web browser to the address https://help.scorpionsoft.com/hc/en-us/sections/203999247
- Download the most recent installer.
- Either click Open on the file download or launch the installer manually after downloading and saving it to disk.
- After you agree to the licensing agreement, the installer will check for and install prerequisites as needed, then ask you what type of installation you would like to do.
New Install: Install a new copy of AuthAnvil Two Factor Auth.
New Install and Restore Data: Install a new copy of AuthAnvil Two Factor Auth and restore from an existing AuthAnvil database backup (bup) file.
Upgrade: Upgrade an existing version of AuthAnvil 3.5 or later to 5.0. This type of installation will require only your Subscription Key from the Customer Portal. Everything else will be automated.
Note: The recommended best practice when running an upgrade is to use the aabackup.exe utility (located by default at C:\Program Files\Scorpion Software\AuthAnvil Database\ Management\aabackup.exe (AuthAnvil 2.x or 3.0) or C:\Program Files\Scorpion Software\AuthAnvil\AuthAnvilTools\aabackup.exe (3.5 and later)) to take a backup of the AuthAnvil database before running the upgrade. This will allow a restore to the previous version. As a failsafe, if the upgrade fails for any reason, the installer will leave the IntermediateBackup.bup that it creates at C:\Program Files\Scorpion Software\AuthAnvil Setup V5.0 IntermediateBackup.bup.
Note: If migrating an AuthAnvil 3.5 (or earlier) server to v5.0 using “New install and Restore Data,” make sure that you back up your AuthAnvil database using the latest version of aabackup.exe available here. Next, uninstall your old version of AuthAnvil and ensure that the AuthAnvil sites have been completely removed from IIS, then run the AuthAnvil Two Factor Auth 5.0 Installer, choosing the “New Install and Restore Data” option. When asked, provide the the bup file that you just created with aabackup.exe.
NOTE: The upgrade process does not support upgrading servers that use wildcard SSL certificates. To upgrade these servers, back up your AuthAnvil database using the latest version of aabackup.exe, available here, then uninstall your old version of AuthAnvil, ensure that the AuthAnvil sites have been completely removed from IIS, and run the AuthAnvil Two Factor Auth 5.0 Installer, choosing the “New Install and Restore Data” option. When asked, provide the the bup file that you just created with aabackup.exe. After the install completes, run the AAWebConfigEditor tool to change the SAS and Admin URLs so that they match the FQDN of your server, following the instructions in Appendix C of this document.
NOTE: Upgrades are supported from AuthAnvil 3.5 and later only. AuthAnvil 2.1 and 3.0 need to be uninstalled before running the AuthAnvil Two Factor Auth 5.0 installer, and you need to run a “New Install and Restore Data” using your backup file.
- AuthAnvil Two Factor Auth requires an active subscription account. Collect your Administrative Contact and Subscription Key from the Customer Portal, which the installer will validate before allowing you to continue. If you don’t have an account, please contact your account manager or email email@example.com. You can retrieve your subscription key from https://customer.scorpionsoft.com.
- The installer will then ask whether you want to use a new or existing SQL installation.
Note regarding non domain-joined machine setup: If the SQL instance is not on the same server as the AuthAnvil SAS, then both will need the database user account to exist locally for impersonation to function correctly. Contact customer support for assistance if you intend to deploy following this scenario.
- If you chose “Install to an existing SQL Server”, the installer will next ask you for the location of SQL Server instance. Enter this in the form of SQLSERVERNAMEINSTANCENAME or SQLSERVERNAME if the server does not use a named instance.
NOTE: You will need to have administrative permissions on the SQL server instance that you select.
- If you chose “New Install and Restore Data”, the installer will ask you for the location of the AuthAnvil Database Backup (bup) file to restore from.
- Next, if you chose “New Install”, the install will ask for your Company Name and get you to set a Master Admin Password. The company name is used to identify this server in your billing statements, and the master admin password is used to manage system-level functions for this AuthAnvil Two Factor Auth server from the AuthAnvil Management Console. This password is difficult to reset, so should be strong and not well-known within the organization.
- If “New Install” is chosen, the installer will ask you for your email server settings. The email server defines where AuthAnvil Two Factor Auth will send email messages for alerts and enrollment requests. This should be a resolvable name or IP address to a working SMTP (mail) server that will allow the AuthAnvil Two Factor Auth server to relay messages. The From Address field defines who the email will be sent from, such as ‘firstname.lastname@example.org’. NOTE: This email address is also the email address that the server will send any administrative emails to, so make sure that it is a mailbox that is checked regularly. If you email server requires authentication, you can also configure that here.
- Next, the installer will ask you to pick which website in IIS you want AuthAnvil Two Factor Auth to be installed to. If you are unsure, select “Default Web Site” or the first item in the list. Scorpion Software recommends that you use a website that has an SSL certificate assigned to it. A certificate can be assigned after the installation. (See Configuring Secure Communications With SSL later in this document for more information).
Note for SBS 2008 installs: You should install AuthAnvil Two Factor Auth into the SBS Web Applications site on an SBS 2008 server. SBS 2011 will use an existing site, usually “Default Web Site”.
- If you are doing a new install, the installer will next ask you to set up your first user, including username, first name, last name, email address, and to set up a temporary password so that the user can log on to the AuthAnvil Manager and begin assigning tokens.
- Finally, if AuthAnvil Two Factor Auth is being installed on a domain controller, the installer will offer to install the ADUS client on the machine and configure the ADUS Web Service.
- After confirming your selection, setup will complete a few final tasks and display a “Setup Complete” message. Click Finish to complete the install and launch the AuthAnvil Manager.
Note for installs on servers that use wildcard SSL certificates: After installation, the server will need to be configured with the correct FQDN using the AAWebConfigEditor, as described in Appendix C of this document.