Sometimes I am amazed at how our customers use our products. Eventus, one of our partners in Hong Kong recently came to us with a unique challenge. They have roaming monitoring stations to which they need to remotely connect to using GotoMyPC Professional. They wanted to use the AuthAnvil RADIUS Server to add two-factor authentication when logging in, but had a blocking issue in that RADIUS provides a one-to-one shared secret for client authentication, which means we need to know the IP address of the client. This just wasn't always possible on some of their client networks, which means we couldn't directly make this happen for them.
But that did not deter the guys over at Eventus. They found an interesting configuration that works extremely well, and which eluded us. In hindsight though, it makes total sense. Since the AuthAnvil RADIUS server is an extremely lightweight component running as a Windows Service, they simply installed the RADIUS agent on each monitoring station. Then by setting GotoMyPC Pro to authenticate via RADIUS to localhost (127.0.0.1), they can always connect properly with the one-to-one shared secret, and then let our RADIUS server translate the request into an AuthAnvil web service request that authenticates their staff to their NOC in the cloud.
The benefit is a centrally controlled authentication service providing identity assurance for all their staff to these remote systems. By disabling a token in their AuthAnvil server at the NOC, they simultaneously revoke access to these systems across all client networks instantly.
And you know how much this cost them? Nothing. The RADIUS Server agent is part of their AuthAnvil subscription, and allows them to install on as many systems as they like free of charge. So they are able to use their existing investment in both Citrix's GotoMyPC Pro and AuthAnvil to add strong two-factor authentication to all of their remote systems that are monitoring their client networks.
Many thanks to the crew at Eventus for letting us know about this use case. An excellent approach that we never thought of before. And thank you for letting us share this experience with the AuthAnvil community. I know of several other partners that will be able to leverage this approach themselves.
Comments