none
Clustering of NPS Proxy Servers

    Pregunta

  • Hello,

    I am planning to introduce Windows RADIUS in our network for which, I am reading various articles and technical documents for preliminary preparedness.

    As recommended in various forums, I am also planning to put a RADIUS Proxy before my RADIUS Servers to ensure high availability for authentication and authorization.

    However, I have a question regarding redundancy of RADIUS Proxy server. This is because unavailability of RADIUS Proxy will have a large impact on authentication requests.

    Since I could not find any article on how to build redundancy for RADIUS Proxy server, I thought to post this matter here for getting some more idea.

    Thanks,

    Amit Jogi

    jueves, 29 de diciembre de 2016 4:38

Respuestas

  • Hi Amit Jogi,

    Based on my understanding, you want to make NPS proxy high available.

    Generally, we do not have necessary to deploy NPS proxy high available, and there's no build-in setting to configure it for NPS proxy. NPS proxy is already a load balancing solution for AAA functions.

    Maybe you can try failover cluster for NPS, while I didn't find working implement about this during my research.

    Best Regards,

    Anne


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • Marcado como respuesta Amit Jogi jueves, 29 de diciembre de 2016 8:21
    jueves, 29 de diciembre de 2016 8:16
    Moderador

Todas las respuestas

  • Hi Amit Jogi,

    Based on my understanding, you want to make NPS proxy high available.

    Generally, we do not have necessary to deploy NPS proxy high available, and there's no build-in setting to configure it for NPS proxy. NPS proxy is already a load balancing solution for AAA functions.

    Maybe you can try failover cluster for NPS, while I didn't find working implement about this during my research.

    Best Regards,

    Anne


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • Marcado como respuesta Amit Jogi jueves, 29 de diciembre de 2016 8:21
    jueves, 29 de diciembre de 2016 8:16
    Moderador
  • Hi Anne He,

    Is this still valid today? I would like to configure 2 NPS proxies for HA and for the authentication service to work even if one of the two proxies fails.

    I read this in the official MSFT Docs, but I don't know if I interpreted it correctly:

    In many cases, the best approach to load balancing is to configure RADIUS clients to send connection requests to two NPS proxy servers, and then configure the NPS proxies to load balance among RADIUS servers. This approach provides both failover and load balancing for NPS proxies and RADIUS servers.

     

    <cite style="margin:0in;font-family:Calibri;font-size:9.0pt;color:#595959;">Desde <https://docs.microsoft.com/en-us/windows-server/networking/technologies/nps/nps-manage-proxy-lb></cite>

    The final question would be: is it possible to implement this solution with 2 NPS proxies or should only 1 NPS proxy be used in failover clusters?.

    Thanks a lot.

    viernes, 06 de julio de 2018 7:40