Clients can discover OneSpan Authentication Server Appliance instances:
- Manually. This is done by manual configuration in each Microsoft Windows client or by using the Active Directory (AD) group policy infrastructure to push configuration.
Automatically. This is done using DNS Service (SRV) records:
- Using anonymous DNS update.
Using Transaction SIGnature (TSIG) authentication.
TSIG is used primarily by the domain name system (DNS) to authenticate updates to a dynamic DNS database. It uses shared secret keys and one-way hashing to provide a cryptographically secure way of identifying whether each endpoint of a connection is allowed to make or to respond to a DNS update.
To support failover it is possible to configure primary and backup OneSpan Authentication Server Appliance instances in a replication setup (see Replication).