Scorpion Software Blog

We are pleased to report that today we released an update set of AuthAnvil Logon Agent MSI packages that will make deployment of our logon agent much easier. By adding a new INI switch within the MSI envelope, you can now push out the agents using a centralized INI file built with our INI Builder, just like you can already do using Active Directory Software Distribution policies. Syntax is really simple:

msiexec /q /i AAWinLogonCP.msi CMDLINE="INI=aalogon.ini"

By scripting the delivery of the MSI and INI file to a target system through Kaseya, you can silently install the agent in a matter of seconds.

We will be including a set of management scripts for Kaseya in the near future so you don't even have to worry about that. In the meantime, that simple line above can install the AuthAnvil Credential Provider to a Vista, Windows 7 or Windows Server 2008 system instantly, assuming all pre-requisites are already installed.

If you have any questions about using Kaseya to deploy AuthAnvil logon agents in this manner, please start a dialog with us by opening a case in the Customer Portal. If you are a Kaseya user evaluating AuthAnvil and didn't even know you could do this, let's talk. There is a whole bunch of things we should explore on how to take advantage of the "better together nature" of the two products. 

Cloud Services Depot (CSD) is a wholesale distributor of Managed Services software and private-label services for Managed Services Providers (MSP). It has a wide product portfolio from Hosted Kaseya software, private-label Help Desk, Project and NOC services. As you can imagine, there is a lot of sensitive information stored in the cloud using such services, and access to critical business resources across many different client networks becomes trivial if someone was able to share, steal or circumvent the portal password.

The team at CSD realize this, and have done something about it. They care about the security of their clients, and understand that to some of their partners, this risk is something that may need to be mitigated. Knowing that many of their clients already have our AuthAnvil Strong Authentication Server deployed in their organization, CSD has integrated AuthAnvil authentication right into their portal. And they did one better. Thinking through the typical business workflow of their clients, they architected it in a way to provide risk-based authentication decisions based on access needs.

What this means is that CSD clients can selectively decide WHO may need strong authentication, and who does not. Using AuthAnvil's web service API architecture they simply use secure SOAP/XML to communicate with their client's AuthAnvil server for accounts that have been configured in this manner. And because the authentication settings are applied on a per user basis, each user can authenticate to a DIFFERENT AuthAnvil server if necessary. This is important if you hire outside consultants from time to time and wish to have their CSD account to auth to their own AuthAnvil server. Of course, you can also use AuthAnvil's proxied delegation feature to do this, further giving you the flexibility to meet whatever security objectives you have in your organization.

The side benefit of this is CSD clients can keep their costs down with AuthAnvil, by only issuing tokens to those accounts that have privileges that may require the stronger authentication mechanism. This is a great usage of AuthAnvil, and one we are happy to see deployed in a cloud-based solution such as CSD. It applies strong two-factor authentication where appropriate, without burdening users who may not need it.

Here is what it looks like.

This new identity assurance component is included for all CSD customers absolutely free, and they now have integration guidance published here. This means you get to further leverage your existing investment in AuthAnvil without additional costs or requirements at CSD. By revoking a staff member's token in AuthAnvil at your office, you simultaneously revoke his access to CSD, eliminating any opportunity for an exiting employee from gaining access to all the sensitive information and client network access that CSD allows through its powerful cloud-based services. And of course, the risk of unauthorized capture and use of the critical portal password goes away, since without the unique one-time nature of an AuthAnvil passcode, an attacker cannot gain access.

Congratulations to Frank and his team at Cloud Services Depot. I am impressed that you have thought through you client's security needs, and adapted it to work directly with AuthAnvil. And as a thank you to all your clients, for the next month Scorpion Software will offer ANY CSD client that implements AuthAnvil in this way an additional three months of AuthAnvil subscription credit absolutely free.

Don't have AuthAnvil yet? Mention you are a CSD client when making your purchase and we will be pleased to offer you an installation session with one of our engineers absolutely FREE (a value of $150) that will not only install AuthAnvil for you, but also configure your CSD portal to take advantage of it. Need more information on how to get started? Let's Talk.

Technical support for AuthAnvil v1.x will continue through March 1, 2010, at which time all support for this version will be discontinued. In the meantime, Technical Support will continue to provide troubleshooting and workaround assistance, but resolution may be that the customer will need to migrate to a newer version of the product. In addition, Development/Engineering assistance may not be available for this version.

All customers with a current AuthAnvil subscription can request for help to upgrade/migrate to v3 free of charge. Simply open a case in the Customer Portal and make your request. We will be happy to help you.

NOTE: After March 1st, any Scorpion Software partner who has not yet upgraded from v1.x will lose their partner status. In accordance with the requirements of the Partner Program, your own deployment version must be within one release cycle of the current shipping build, which currently sits at v3.x. Your account will remain active as a customer, but you will no longer be able to take advantage of your partner benefits, including priority support and pricing discounts. If you have any questions, please let us know. 

An interesting feature in Windows Server 2008 R2is RD Web Access. Formally called TSWeb, this is Microsoft's web portal solution that allows you to publish application over the web using RD RemoteApp. Imagine when you have needed to open an Office document while at home, only to find you do not have the same version as you do at work. Or when you need to work on your Simply Accounting journal entries, but don't have time to drive into the office. With RD Web, that isn't a problem.

Obviously, this can be a great risk to your business. Allowing applications to run remotely from the web is only as secure as the password. Someone who is able to share, steal or circumvent a password can gain complete access to the application, and more importantly the data, pretending to be you.

One way to reduce this risk is to enforce a requirement for the user to prove their identity through strong two-factor authentication (2FA). And this is where AuthAnvil comes in.

Scorpion Software is pleased to announce that we now have support for integrated 2FA right in the RD Web logon page on Windows Server 2008 R2. When a user browses to the RD Web Portal, they are confronted with their typical domain credentials along with a request for their next AuthAnvil passcode. In this way, you can gain the benefit of identity assurance while at the same time using the same business workflow as you have before for RD Web Access. Below is a picture showing this in action:

Of course, our RDWeb Logon Agent also has the ability of using risk based authentication decisions. You can selectively decide if certain users can gain access without the need of an AuthAnvil credential. In this way, you have the fine grained control that you need to roll out strong authentication to your remote users in a staged manner.

If you are using RD Web Access and would like to add AuthAnvil authentication to it, please make a request by opening a case in the Customer Portal. This is a FREE agent available by request to any customer with a current AuthAnvil subscription. We would be happy to help you roll it out.