ActivIdentity AAA Server
Strengths: Easy to use; lots of agents
Weaknesses: Can be complex to learn
Verdict: Robust and secure, AAA Server has agent support for all of the common servers and applications, including facilities to protect remote systems
ActivIdentity's AAA Server provides additional security to your network and servers with a slant towards Windows-based networks. It supports a wide variety of authentication devices, including smart cards, USB devices and a Soft Token for the PC.
The software is surprisingly simple to install and ships with a MSDE database, although you're free to use your existing ODBC-compliant database, including Microsoft's SQL Server or Oracle.
The server is managed through the ActivPack Administration Console. As with all products of this kind, you'll need to familiarise yourself with the system before you start trying to enable two-factor authentication, as it's quite a complex application to learn.
The Administration Console provides a single place from which to manage all your devices and profiles, which makes it easier to roll out the authentication over different platforms.
This product integrates with LDAP servers, so you can use your existing user data to define your authorisation policies. There's a high degree of granularity in these policies, so you define authentication procedures on a per-user or per-group basis.
For network control, the ActivClient, which you can circulate using your current software distribution package, is the heart of the PC's defence. This client sits in front of Windows' standard log-on screen and requires a single-use code to be entered before the password screen. It's effective and very easy to use.
The AAA server can also apply its authentication to a wide range of other servers through its client agents. The support applications include IIS and Sun One web servers, Microsoft's Outlook Web interface, Terminal services, the most popular remote access servers (VPN and dial-up) and support for 802.1x implementations for wireless networks.
In each instance, the agent just adds an extra level of security to the existing authentication method, which means you don't have to go through any difficult integration procedures to get two-factor authentication to work.
Should a user forget their device and need to log on remotely, administrators can create a password with a specified lifespan, so that the user can still access to the required resource.
It's a flexible authentication server that helps you secure your local and remote systems.