Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Clustering Questions

Posted on 2012-12-20
2
Medium Priority
?
488 Views
Last Modified: 2013-01-03
I have read a whole bunch of TechNet articles, and various tech pages about clustering, and I am now confused.

I am new to clustering.

I am trying to setup NPS failover.

Our NPS runs on Server 2008 Ent. R2 SP1.  That box also runs ADDS, ADCS.

NPS is functioning as a RADIUS server that provides authentication for Cisco AnyConnect VPN clients, and also enforces Wireless connection policies.

Our RADIUS wireless APs use Certs both client and server side (WPA2-ENT, PEAP)

The fact that we have a CA really complicates things... this would be very simple without the CA, as I could just install NPS on two boxes with identical config, and configure a second RADIUS server on the ASA.

I guess I need clarification on something....  I have heard of CA clustering... is that the same as Clustering a whole server?

If we need to do an entire server as a cluster, I am confused about the storage setup...  do the cluster nodes share the same OS partition?  I am assuming for a cluster to be fault tolerant, their partitions would have to run on some sort of redundant storage SEPARATE from the cluster nodes, right?

Please enlighten me...

We do not have a SAN, or any kind of iSCSI at the moment, that is about a year off for us.
0
Comment
Question by:cschmidt5
2 Comments
 
LVL 80

Expert Comment

by:arnold
ID: 38712243
Radius should not be clustered, most devices support the functionality of multiple servers
I.e. server a
Server b
Server c
Server e
With that the functionality includes marking a server that does not respond to requests as "dead"

Depending on the number of clients, one can control the distribution of the requests to servers by altering the order or combinations of servers.

Similarly for a CA, ne usually has one offline root server which signed a pair of subordinate issuing CAs' Certificate. The issuing CAs will share the storage where certificates are stored, while each signs the submitted request.  The root CA (these days can exist as a VM) and need ney be brought back when the subordinate CA's certificate are due for renewal or when it's own certificate needs renewing.
Root CA 20 year cert. subordinate CAs 5 year cert.
client certificates are one year certs.
0
 
LVL 42

Accepted Solution

by:
kevinhsieh earned 1000 total points
ID: 38712335
You don't need to have your CA online in order for NPS to work. The CA only issues new certificates and renewals. There is no requirement to have a CA online for daily NPS authentication to work. Therefore just use two or more NPS servers. Be sure that you have more than one domain controller, because NPS depends on ADDS.
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I have put this article together as i needed to get all the information that might be available already into one general document that could be referenced once without searching the Internet for the different pieces. I have had a few issues where…
Background Information Recently I have fixed file server permission issues for one of my client. The client has 1800 users and one Windows Server 2008 R2 domain joined file server with 12 TB of data, 250+ shared folders and the folder structure i…
This course is ideal for IT System Administrators working with VMware vSphere and its associated products in their company infrastructure. This course teaches you how to install and maintain this virtualization technology to store data, prevent vuln…
This video shows how to quickly and easily deploy an email signature for all users in Office 365 and prevent it from being added to replies and forwards. (the resulting signature is applied on the server level in Exchange Online) The email signat…

916 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question