Solved

Multi Factor Authentication for Terminal Server

Posted on 2016-10-05
6
19 Views
Last Modified: 2016-10-26
Who has successfully implemented multifactor authentication on there terminal servers?

What solution do you use? What do you like about it? hate about it? cost?


Has any found a way to use client certificates as two factor authentication?
In an ideal world I would love to build a certificate authority and just issue a self signed cert to my company owned machines. If you don't have the cert, you can't login!  I just wish it was that easy...
0
Comment
Question by:PerimeterIT
6 Comments
 
LVL 24

Assisted Solution

by:Coralon
Coralon earned 250 total points (awarded by participants)
ID: 41832513
I've done 2-factor with Citrix (a while back).. We used RSA and it gets implemented at the Web Interface server.  It worked great; the only significant issue was the cost, but going with soft tokens cut the cost in half (~$30/token).

Management was pretty good, although as the hardware tokens began to expire it was some effort to get new ones rolled out to replace the expiring ones.  RSA did have the web facilities to make it easier to roll, but non-IT people had some trouble following directions (reading them back to the user made them 'magically' understand it.  This was a while back, and I know a lot of their stuff has changed since then.

I have not done the client certificates, but I have seen other Citrix implementations where it has been done.  It works pretty well, but the clients have to be managed very carefully to not break the Citrix/card software link.  It's supposed to be very easy to fix.. but can be fairly easily broken.

Coralon
0
 
LVL 42

Expert Comment

by:kevinhsieh
ID: 41832573
I use Microsoft Azure Multifactor Authentication (phonefactor) . Used it before Microsoft bought it several years ago. It ties into the Remote Desktop Gateway as a RADIUS proxy. We pay per use, not per user, so we don't have to worry which fraction of our users actually use it. The hardest part is figuring out how to buy and consume Azure services. We don't need to provision any tokens (hard or soft), so it's really easy for our users.
0
 
LVL 42

Expert Comment

by:Amit
ID: 41832587
RSA is the answer for your query.
0
NAS Cloud Backup Strategies

This article explains backup scenarios when using network storage. We review the so-called “3-2-1 strategy” and summarize the methods you can use to send NAS data to the cloud

 
LVL 1

Author Comment

by:PerimeterIT
ID: 41832739
Amit can you be more specific? link?
0
 
LVL 42

Accepted Solution

by:
Amit earned 250 total points (awarded by participants)
ID: 41833583
There is the product from EMC.
https://www.rsa.com/en-us
https://www.rsa.com/en-us/products-services/identity-access-management/securid/authentication-agents/authentication-agent-for-microsoft-windows

Which is normally used for 2 factor authentication. I am using it currently, however not deployed it. Check with vendor for more detail.
0
 
LVL 42

Expert Comment

by:Amit
ID: 41859960
Best answer given.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

In my previous Experts Exchange Articles (http://www.experts-exchange.com/ARTH_1864316.html?arthOrderBy=3&arthSort=1#arth), most have featured Basic and Intermediate VMware Topics.  As a Virtualisation Consultant, we implement many different virtual…
A procedure for exporting installed hotfix details of remote computers using powershell
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of installing the necessary services and then configuring a Windows Server 2012 system as an iSCSI target. To install the necessary roles, go to Server Manager, and select Add Roles and Featu…

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now