locked
NPS Server scalability RRS feed

  • Question

  • Hi,

    Can anyone provide me with some information as to NPS server scalability?

    I mean if I have 1000 clients, how should I design the NPS roles? How many servers? etc
    If I have 30,000 clients - how would that be different, etc.

    Thank you,
    Tom
    Friday, July 17, 2009 3:26 PM

Answers

  • Greg,

    Yes, I still need info about scalability, no. of NAP servers, no. of SQL servers, etc...

    This is the plan:

    Total number of machines: approx 31,000

    Site A: 10,000
    Site B: 15,000
    Site C - L: 500 each = 5,000
    VPN clients: approx 300
    Misc clients (visitors): approx 500

    At this stage the enforcement will be most likely DHCP (Report Mode) and VPN (Report Mode).
    They may move to 802.1x & VPN at a later stage.

    Regards,
    Tom

    • Edited by D Wind Monday, August 24, 2009 8:30 AM
    • Marked as answer by D Wind Thursday, August 27, 2009 1:40 PM
    Sunday, August 23, 2009 8:11 AM

All replies

  • Hi Tom,

    The load that single NPS server can handle depends on the following details

    1. Authentication mechanism you are using.
    2. Enforcement mechanim you are using (802.1x or  VPN or TSG or IPSEC )
    3. Average number of client network connections you get per second using those enforcement mechanisms.
    4. Are you using NAP health evaluation, If yes the SHA's that you are using.
    5. Configuration of the machine on which you are installing the NPS role?

    Thanks,
    Srinivasulu.
    Tuesday, July 21, 2009 6:19 PM
  • Srini,

    I agree with your comments; any capacity planning must take these things into account.

    What I am actually looking for are actual some guidelines.

    The only thing I have managed to find so far is this comment on http://technet.microsoft.com/en-za/library/dd125301(en-us,WS.10).aspx:

    "A NAP design can range from a basic deployment that uses a single server to an advanced installation that uses multiple servers. The number of client computers supported by a NAP server infrastructure will vary, depending on the environment. The following tables provide hardware guidelines for use with a medium-sized NAP deployment. Each server role is assumed to be installed on a dedicated computer"

    But they do not clarify what they actually mean by medium-sized NAP deployment.

    Where can I find capacity planning guidelines for NAP/NPS deployment?

    Regards,
    Tom
    Wednesday, July 22, 2009 8:53 AM
  • Hi Tom,

    Sorry for the late response, I was checking with my performance team on the capacity planning guidelines. Unforunately we don't have one currently. But the good news is our perf team is working on this.

    If you can give me following details, I can give you guidelines on the NPS topology you could use and how you could scale.

    1. Authentication mechanism you are using.
    2. Enforcement mechanim you are using (802.1x or  VPN or TSG or IPSEC )
    3. Average number of client network connections you get per second using those enforcement mechanisms.
    4. configuraiton of the machine on which NPS is installed.

    I am guessing that you are not using NPS for health evaluation, If you are using it for health evaluation i wuld need the following details too.

    1. SHA and SHVs you are going to use for performing health evaluation.

    Thanks,
    Srinivasulu.
    Monday, July 27, 2009 7:17 AM
  • Tom,

    Do you have the information you need about scalability? If not, can you provide the requested details for Srini?

    In my estimate, a medium-sized deployment would be 500-2000 client machines.

    -Greg
    Saturday, August 22, 2009 6:36 PM
  • Greg,

    Yes, I still need info about scalability, no. of NAP servers, no. of SQL servers, etc...

    This is the plan:

    Total number of machines: approx 31,000

    Site A: 10,000
    Site B: 15,000
    Site C - L: 500 each = 5,000
    VPN clients: approx 300
    Misc clients (visitors): approx 500

    At this stage the enforcement will be most likely DHCP (Report Mode) and VPN (Report Mode).
    They may move to 802.1x & VPN at a later stage.

    Regards,
    Tom

    • Edited by D Wind Monday, August 24, 2009 8:30 AM
    • Marked as answer by D Wind Thursday, August 27, 2009 1:40 PM
    Sunday, August 23, 2009 8:11 AM
  • Hi Tom,

    I am quoting this guideline from the experience of our internal deployment and it is definitely not based on solid data (Perf team is under the process of doing the capacity testing).


    Assuming that these 10k/15k machines would request for health validation spreads across 2 hours (assuming 8 to 10 A.M is when people boot up their machines) You should be able to serve with one NPS on each of those sites  A and B. If the network between Site C and Site A is fast (LAN quality) and reliable, You can have DHCP in Site C talk to NPS in Site A, if not you can have a NPS server on a low end machine to serve the Site C. 

    As i mentioned earlier capacity testing is underway and I would let you know when perf team comes up with the capacity planning guide.

    Thanks,
    Srinivasulu.
    Thursday, August 27, 2009 9:09 AM
  • Thanks Srini, will use your advice in the meantime; and am looking forward to that white paper.

    Regards
    Thursday, August 27, 2009 1:39 PM