1. Knowledge Base
  2. SurePassID Authentication Server

What deployment options are there for SurePassID Authentication Service?

The SurePassID Authentication Server offers two deployment options: a multi-tenant cloud version running on Azure or Amazon EC2, and a server-based application that can be installed on your own servers. Both options provide the same functionality, with a few minor differences.

You have the flexibility to choose the deployment configuration that best suits your needs.

  • SurePassID Cloud Version– In the SurePassID managed multi-tenant cloud version running on Windows Azure, you can obtain a license for a tenant. This environment is designed to be highly scalable and highly available, ensuring that your authentication needs are met effectively.
  • SurePassID Server Version – The SurePassID Server Version is a solution that is installed on your own servers or in your cloud instance, such as Windows Azure (Commercial, GCC, or GCC High) or Amazon EC2 (commercial, GovCloud). With this version, you have full control and management of the system.
  • SurePassID Private Cloud Version (Azure) - The SurePassID Private Cloud Version allows you to provision and install a comprehensive MFA (Multi-Factor Authentication) system directly in your Azure subscription. This system is implemented using industry-standard best practices for both security and business continuity. Here are some of the key features:

    1. Usage of Azure Key Vault: All secrets and certificates are securely protected using Azure Key Vault.

    2. Distribution across Azure Regions: The MFA server and applications are dispersed across different Azure regions, ensuring optimal performance and availability.

    3. Geo-load balancing: Traffic is intelligently balanced using various load balancing options, such as round robin and geo-proximity, to achieve high throughput.

    4. Support for Azure Application Insights: Gain valuable insights into the performance and usage of your MFA system with Azure Application Insights.

    5. Integration with Azure Sentinel and Splunk: Seamlessly integrate with Azure Sentinel and Splunk for advanced security monitoring and analysis.

    6. Dynamic automatic application scaling: The system automatically scales up and out to deliver high performance while minimizing costs.

    7. Usage of application gateways and Web Application Firewalls (WAFS): Ensure secure access to your applications with application gateways and WAFS. Each application region has only one external endpoint.

    8. Strict firewall rules: The system collects subnets and security groups with strict firewall rules to enhance security.

    9. Geo-replicated Azure SQL databases: Benefit from geo-replicated Azure SQL databases with automatic failover groups for data redundancy and disaster recovery.

    10. Built-in support for Microsoft Defender: Enjoy enhanced security with built-in support for Microsoft Defender.

    11. Installation options: The SurePassID Private Cloud Version can be installed in GCC (Government Community Cloud) or GCC High environments.

    12. Comprehensive components: The SurePassID Private Cloud Version includes the Authentication Server, ServicePass self-service portal, and SAML2 for seamless integration.

    13. Phishing-resistant MFA: All components of the SurePassID Private Cloud Version support phishing-resistant MFA to protect against unauthorized access.

    Choose the SurePassID Private Cloud Version to leverage the power of Azure and ensure a secure and reliable MFA solution for your organization.

  • SurePassID Server Multi-Tenant Edition - The SurePassID Server Multi-Tenant Edition is a versatile solution that can be installed on your own servers or in the cloud and is fully managed by you. With this edition, you have the ability to create and manage multiple tenants within the system. This makes it an ideal choice for large enterprises that require separate instances for different parts of their organization. Additionally, it is a great option for Managed Service Providers who want to offer the SurePassID system as a paid managed service to their clients.

Additional considerations:

  • The cloud version of SurePassID supports either SurePassID Directory or Azure Active Directory. On the other hand, the server version supports both traditional Active Directory and SurePassID Directory.
  • The cloud version of SurePassID supports SurePassID key management, which is implemented within a software container and can optionally utilize the Amazon Cloud Hardware Security Module (HSM or KMS). On the other hand, the server version also provides support for an on-premises HSM for key management purposes.
  • The system is compatible with the W3C WebAuthn standard, which provides a phishing-resistant multi-factor authentication (MFA) solution. This standard supports both password-less authentication and the use of a second factor for added security.