AuthLite is licensed on a per-user basis, so you don't have to worry about counting the number of servers or workstations.  Here is some high level guidance on where software needs to be installed, and what is supported.  For scenarios not covered here, please contact us for assistance.

Note: 32 and 64 bit platforms are supported.

Domain Controllers

AuthLite runs as an authentication service in the DCs to assist with domain authentication.  There is not any way to restrict what DC domain clients will choose, therefore you must install the software on every DC that could be used to authenticate AuthLite users.

AuthLite uses an Application Partition to store and distribute its user data.  By default, each DC where you install AuthLite will be registered to host a replica of the data partition.

Read-only DCs

AuthLite can function on RODCs, but because it uses one-time passcodes, at each successful logon the RODC must update OTP counter attributes on a writeable DC.  The necessary configuration and permissions to allow this RODC-to-WDC access are applied automatically.

"Core" (command-line mode) DCs

AuthLite supports server Core.  Please see this KB article. 

Domain Member Servers

See below

Workstations

Unless cached logon is disabled by group policy, you should install AuthLite software on any workstations that will have AuthLite users logging on.

Standalone system with local users

At this time, AuthLite can only be used on Domain member machines.