none
Always-on VPN Deployment - NPS placement

    General discussion

  • Do I need additional server for NPS? Can I handle this without NPS? Can NPS be placed on the same VPN/Route server?

    The requirements from whitepaper are;

    ·         You must be prepared to deploy one new physical server or virtual machine (VM) on your perimeter network, upon which you will install Remote Access. This server must have two physical Ethernet network adapters.

    ·         You must be prepared to install NPS as a RADIUS server on a server or VM. You can install NPS on a new physical server or on a new VM. If you already have NPS servers on your network, you can modify an existing NPS server configuration rather than adding a new server.


    Please remember to mark my post as an answer, if I really helped you out, or vote if usefull. Thank you!


    • Edited by yannara Friday, June 08, 2018 12:45 PM
    Wednesday, February 21, 2018 9:26 AM

All replies

  • I tried this out, that single VPN server without NPS, will do the trick (the connection) but certificate authorization will not have any effect. User can connect VPN even if cert is revocated. I´m still wondering, could NPS be installed on a same server? I understand that VPN server act as radius client and authorizates connections against NPS service. 

    Please remember to mark my post as an answer, if I really helped you out, or vote if usefull. Thank you!

    Saturday, April 07, 2018 7:41 PM
  • Did you end up finding out whether the NPS service can be installed on the same server? I'm interested to know as well. Online searches came up empty.
    Wednesday, April 11, 2018 6:57 AM
  • Did you end up finding out whether the NPS service can be installed on the same server? I'm interested to know as well. Online searches came up empty.

    Nope, I did not. Funny thing is, that Microsoft at least tried to "kill" the NPS product, but in 2016 whitepapers this solution is still used. 

    MCSE Mobility. Please remember to mark my post as an answer, if I really helped you out, or vote if usefull. Thank you!

    Thursday, April 12, 2018 5:48 AM
  • I was wrong about the Killing NPS. MS killed NAP, not NPS. They are different products. About the server placement;

    To optimize NPS authentication and authorization response times and minimize network traffic, install NPS on a domain controller.

    https://docs.microsoft.com/en-us/windows-server/networking/technologies/nps/nps-best-practices


    MCSE Mobility 2018. Expert on SCCM, Windows 10 and MBAM.

    Friday, June 08, 2018 12:21 PM