The basic server configuration is the minimum necessary set of components for the full functioning of the authentication server. This configuration does not involve the use of a load balancer and a standby server, and the database server is installed on the same physical server as the web application. The authentication server can be installed on a Windows or Linux server (physical or virtual). The Reverse Proxy Server accepts incoming HTTPS requests, decrypts them, and passes them to the Kestrel Web Server, which hosts the HES web application.
As a Reverse Proxy, you can use Nginx or Apache on a Linux server and IIS on a Windows server. This server must contain a domain certificate. To launch the HES web application, the AppSettings.json configuration file is used, which contains the database access settings and the SMTP mail server access settings. The remaining parameters are contained in the database.
MySQL or MS SQL server can be used as a database. Critical data in the database can be encrypted using the Data Protection mechanism. HES server contains a number of connectors and integrations with other servers:
Microsoft Active Directory - integration is performed using the LDAPS protocol.
Azure Active Directory - integration is done using the Graph API.
Mail server - access to the server is performed via the SMTP protocol.
Splunk or SIEM server - integration is based on the server's REST Web API.
Service providers - SAML 2.0 or OpenID Connect integration protocols.
A full server configuration includes two separate servers for the HES web application, as well as a separate server for the database. Reverse Proxy server with load balancer function is also installed on a separate physical server.
The two HES servers operate on a Primary-Standby basis. In the event of a failure on the primary server, the entire load is switched to the backup server. Servers cannot process requests at the same time, because one of the functions of HES is to route traffic between the Hideez Client desktop applications and the Hideez Authenticator mobile applications.
Any server compatible with MySQL or MSSQL can be used as a database server, such as MySQL Cluster, Amazon Aurora, MS SQL Datacenter, etc. The server must be configured with full data redundancy.