Here are our recommendations and information you will need for your WiKID server and network configuration:
- RAM: 4+ GBs..
- 2 CPUs
- Hard Drive: 50-100 GBs.
- Externally routeable IP. The tokens talk to the WiKID server over port 80. (We use asymmetric encryption so no need for SSL). The IP address qill be zero-padded as the domain identifier. So 126.96.36.199 would be 054083000181.
- NIC cards: We typically recommend two - one for external token traffic and one for internal RADIUS etc traffic. You can, however NAT, the WiKID server. Use the externally routeable IP as the basis for the domain identifier.
- Network clients. A network client is your VNP or a RADIUS server that looks to WiKID as an authentication server. You need to know the IP address of your network clients and each network client will need a shared secret.
- Ports. The WiKID tokens use port 80. The WiKIDAdmin uses 443 and should not be exposed to the Internet. RADIUS uses port 1812 UDP and should also not be exposed over the Internet. (RADIUS traffic is not encrypted.) LDAP is 389 and TACACS+ is 49. 99% of customers use RADIUS
- Passphrases: we use passphrases to protect the server's certificates. You will also need the typical information for cert creation: Hostname, Organization, Department, City, State, Country.
Read our guide for more information on how to implement two-factor authentication in your network, including how to have Active Directory authorization.