Audience: ClassLink Administrator
The LaunchPad Gateway 2.0 Server is required on-premises when it is expected that students and staff will authenticate to an in-house Active Directory environment. It is also required on-premises if it is expected that students and staff will have remote access to their files and folders that are stored on on-premises Windows file servers. Cloud hosting by ClassLink is not an option for this LaunchPad Gateway Server 2.0 as it needs to interact with a local Active Directory domain.
- Hardware Requirements
- Software Requirements
- DMZ Firewall (optional)
- Authentication Workflow
(physical or VM) minimum requirements
- CPU: At least 4vCPUs VM; 2.0 GHz o32-bit (x86) or 64-bit (x64)
- RAM: At least 6 GB Minimum
- HDD: At least 50 GB free space
- Operating System: Windows Server 2016 or 2019; domain member server
- All latest Windows updates installed
***OPTIONAL For terminal server application provisioning. HTML5 gateway need would need to be installed on a separate Virtual Machine to function. The second server for the HTML5 Gateway would need to be opened up for traffic on port 443. Any further configuration of the server would be performed by ClassLink personnel during the setup call.
DMZ Firewall (Optional)
|Outside to DMZ||Any||LaunchPad Gateway Server||
|DMZ to inside||DMZ||AD Server||
TCP/UDP 389 : LDAP
|DMZ to inside||DMZ||Terminal Servers||
|DMZ to File Server||ClassLink Server||File Server (for MyFiles)||TCP 135 : MS-RPC
TCP 1025 & 1026 : AD Login
TCP 445 : SMB, MS-DS
TCP 139 : SMB
UDP 137 & 138 : NetBIOS
UDP 88 : Kerboros v5
When users authenticate with Active Directory into LaunchPad, the process is the following:
- The user navigates to the LaunchPad website over TLS/SSL.
- The user enters their credentials into LaunchPad and it is sent encrypted using TLS/SSL to LaunchPad API servers.
- LaunchPad API services forward the credentials to the LaunchPad web service hosted at the school encrypted using TLS/SSL.
- The LaunchPad web service will validate the user against Active Directory.
- The response is sent back to the LaunchPad API servers.
- LaunchPad API server returns response to client.
Active Directory accounts are automatically provisioned on the first login in LaunchPad provided their groups are configured with access.
The process for auto-provisioning is the following:
- A user that has not previously used LaunchPad logs in to their sites custom portal page with their existing Active Directory credentials.
- LaunchPad validates the user against Active Directory using the LaunchPad Web Service.
- If the user exists, LaunchPad will verify the group membership with groups configured within LaunchPad.
- If the user’s groups are configured in LaunchPad, their account is automatically created and they are logged in to LaunchPad.
Updated: Dec 2018