Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Clustering Questions

Posted on 2012-12-20
2
442 Views
Last Modified: 2013-01-03
I have read a whole bunch of TechNet articles, and various tech pages about clustering, and I am now confused.

I am new to clustering.

I am trying to setup NPS failover.

Our NPS runs on Server 2008 Ent. R2 SP1.  That box also runs ADDS, ADCS.

NPS is functioning as a RADIUS server that provides authentication for Cisco AnyConnect VPN clients, and also enforces Wireless connection policies.

Our RADIUS wireless APs use Certs both client and server side (WPA2-ENT, PEAP)

The fact that we have a CA really complicates things... this would be very simple without the CA, as I could just install NPS on two boxes with identical config, and configure a second RADIUS server on the ASA.

I guess I need clarification on something....  I have heard of CA clustering... is that the same as Clustering a whole server?

If we need to do an entire server as a cluster, I am confused about the storage setup...  do the cluster nodes share the same OS partition?  I am assuming for a cluster to be fault tolerant, their partitions would have to run on some sort of redundant storage SEPARATE from the cluster nodes, right?

Please enlighten me...

We do not have a SAN, or any kind of iSCSI at the moment, that is about a year off for us.
0
Comment
Question by:cschmidt5
2 Comments
 
LVL 77

Expert Comment

by:arnold
ID: 38712243
Radius should not be clustered, most devices support the functionality of multiple servers
I.e. server a
Server b
Server c
Server e
With that the functionality includes marking a server that does not respond to requests as "dead"

Depending on the number of clients, one can control the distribution of the requests to servers by altering the order or combinations of servers.

Similarly for a CA, ne usually has one offline root server which signed a pair of subordinate issuing CAs' Certificate. The issuing CAs will share the storage where certificates are stored, while each signs the submitted request.  The root CA (these days can exist as a VM) and need ney be brought back when the subordinate CA's certificate are due for renewal or when it's own certificate needs renewing.
Root CA 20 year cert. subordinate CAs 5 year cert.
client certificates are one year certs.
0
 
LVL 42

Accepted Solution

by:
kevinhsieh earned 500 total points
ID: 38712335
You don't need to have your CA online in order for NPS to work. The CA only issues new certificates and renewals. There is no requirement to have a CA online for daily NPS authentication to work. Therefore just use two or more NPS servers. Be sure that you have more than one domain controller, because NPS depends on ADDS.
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Remote access server vs NAP 4 88
server program files 24 71
Event ID: 2005 / Source: Microsoft-Windows-PerfNet 4 105
SRV.SYS Causing Server Crash During Backup 11 30
Back in July, I blogged about how Microsoft's new server pricing model, combined with the end of the Small Business Server package, would result in significant cost increases for many small businesses (see SBS End of Life: Microsoft Punishes Small B…
Introduction: Sometimes when I receive a call from my users to solve their problems it is very difficult for me to found their computer IP address. Even finding their computer Host to provide remote support can be a problem.  So I resorted to Goo…
Although Jacob Bernoulli (1654-1705) has been credited as the creator of "Binomial Distribution Table", Gottfried Leibniz (1646-1716) did his dissertation on the subject in 1666; Leibniz you may recall is the co-inventor of "Calculus" and beat Isaac…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question