Mi-Token Prerequisites for Windows 2003

Mi-Token Enterprise Edition leverages several key Microsoft Windows components. These include the Internet Authentication Service (IAS) as its RADIUS server, Internet Information Services (IIS) to serve the centralized reporting website and the soft token provisioning website, and Active Directory Application Mode (ADAM) as a database for metadata and token seed storage.

 

Note: (1) Mi-Token Enterprise Edition does not modify the Active Directory schema.

(2) Mi-Token does not require a 'dedicated' server, unlike most other vendors.

As such, the typical Mi-Token installation solution will require the following components:

 

Basic Server Requirements for Mi-Token RADIUS

  • Windows 2003 R2 (32bit or 64bit) software requirements
  • Internet Authentication Service (all components via Add/Remove Programs)
  • .NET 3.5 SP1
  • Active Directory Application Mode (ADAM)
  • Same forest as the user accounts
  • Domain Administrator Rights
  • Administration Tools (for non-domain controllers – Mi-Token, when installed, provides a link)
  • Minimum hardware requirements:
  • 1.4 GHz CPU
  • 512 MB RAM
  • 15 GB hard disk space
  • Mi-Token supports the use of virtualization.
  • Firewall Configuration Considerations
  • RADIUS Authentication (UDP 1812)
  • Between management PCs and RADIUS servers:
  • ADAM/LDS LDAP ports (TCP 5000 by default)
  • Between replicating RADIUS servers:
  • ADAM/LDS LDAP ports (TCP 5000 by default)
  • RPC endpoint mapper (TCP 135)
  • A set of replication ports (2 configurable ports, TCP)
  • Just some of the myriad devices and situations which can be secured with Mi-Token
  • SSL VPN / Firewall devices (Juniper, Cisco, etc)
  • Outlook Web Access (via Internet Security and Acceleration Server (ISA) / TMG (Threat Management Gateway))
  • Windows Domain Login (via GINA / Credential Provider)
  • Linux Login (via PAM-RADIUS)

 

Actual performance will depend greatly on your environment. For example, on how many users are authenticating concurrently, network/disk performance and Domain Controller performance. Mi-Token recommends benchmarking and stress testing the entire system to gauge more precise requirements.

 

Optional Requirements for Reporting and Soft-Token Deployment

  • SQL Server: 2005, 2008, 2008R2 OR Oracle: 10g or newer
  • IIS 6, 7 or 7.5
  • Asp.net
  • Windows Authentication
  • IIS 6 Management Compatibility
  • SMTP service to provision soft-tokens