5

I need to ensure high availability for RADIUS service in Windows Server environment so it can withstand loss or even temporary downtime of any particular server holding NPS role. Most of technet articles state that I should use NPS Proxy, but in my understanding it still leaves me with a bottleneck of single proxy server. I came to a decision of setting up NLB cluster for NPS servers but, again, microsoft best practices state that NPS role should be installed on a Domain Controller to minimize traffic from NPS to DC. I have doubts that my DCs will be fine with NLB feature installed on them.

So, my questions is: 1. Is there any way to measure how hard exactly NPS traffic will hit my network and DC if installed on separate servers? 2. Am I missing something and there is another way to provide HA for NPS ?

P.S. Our network team says that they are able to specify multiple RADIUS servers on their side, but the problem is that network services in Windows Server start earlier than NPS, which leaves us with a gap when clients try to authenticate on server that is not fully functioning.

strange walker
  • 582
  • 3
  • 10
  • 2
    My reading (which lead me to your question) seems to suggest there is no true active HA for NPS. Instead, you have two/more (policy/RADIUS) servers configured distinctly, make changes on one, export it's config and import on another. Then RADIUS clients are configured to be aware of all NPS servers and do their own state awareness. – Ashley Jan 23 '17 at 22:22

1 Answers1

-1

Get 2 servers with VMware vSphere, you need vCenter for cluster, vSAN to provide shared storage for these 2 servers, activate failover and the VMs with NPS will stay in HA.

RiGiD5
  • 837
  • 1
  • 6
  • 10
Rodolfo
  • 11
  • 3
    This doesn't provide application HA, as is being asked for. For example, say the machine is going down for OS or software updates, the VMware HA cannot provide for this. – Ashley Jan 23 '17 at 22:19