Solved

Clustering Questions

Posted on 2012-12-20
2
454 Views
Last Modified: 2013-01-03
I have read a whole bunch of TechNet articles, and various tech pages about clustering, and I am now confused.

I am new to clustering.

I am trying to setup NPS failover.

Our NPS runs on Server 2008 Ent. R2 SP1.  That box also runs ADDS, ADCS.

NPS is functioning as a RADIUS server that provides authentication for Cisco AnyConnect VPN clients, and also enforces Wireless connection policies.

Our RADIUS wireless APs use Certs both client and server side (WPA2-ENT, PEAP)

The fact that we have a CA really complicates things... this would be very simple without the CA, as I could just install NPS on two boxes with identical config, and configure a second RADIUS server on the ASA.

I guess I need clarification on something....  I have heard of CA clustering... is that the same as Clustering a whole server?

If we need to do an entire server as a cluster, I am confused about the storage setup...  do the cluster nodes share the same OS partition?  I am assuming for a cluster to be fault tolerant, their partitions would have to run on some sort of redundant storage SEPARATE from the cluster nodes, right?

Please enlighten me...

We do not have a SAN, or any kind of iSCSI at the moment, that is about a year off for us.
0
Comment
Question by:cschmidt5
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 78

Expert Comment

by:arnold
ID: 38712243
Radius should not be clustered, most devices support the functionality of multiple servers
I.e. server a
Server b
Server c
Server e
With that the functionality includes marking a server that does not respond to requests as "dead"

Depending on the number of clients, one can control the distribution of the requests to servers by altering the order or combinations of servers.

Similarly for a CA, ne usually has one offline root server which signed a pair of subordinate issuing CAs' Certificate. The issuing CAs will share the storage where certificates are stored, while each signs the submitted request.  The root CA (these days can exist as a VM) and need ney be brought back when the subordinate CA's certificate are due for renewal or when it's own certificate needs renewing.
Root CA 20 year cert. subordinate CAs 5 year cert.
client certificates are one year certs.
0
 
LVL 42

Accepted Solution

by:
kevinhsieh earned 500 total points
ID: 38712335
You don't need to have your CA online in order for NPS to work. The CA only issues new certificates and renewals. There is no requirement to have a CA online for daily NPS authentication to work. Therefore just use two or more NPS servers. Be sure that you have more than one domain controller, because NPS depends on ADDS.
0

Featured Post

MIM Survival Guide for Service Desk Managers

Major incidents can send mastered service desk processes into disorder. Systems and tools produce the data needed to resolve these incidents, but your challenge is getting that information to the right people fast. Check out the Survival Guide and begin bringing order to chaos.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

The question has been asked on multiple occasions as to how best to do printing in a remote desktop or terminal services environment.   It seems that this particular question has plagued several people and most especially as Terminal Services, as…
The System Center Operations Manager 2012, known as SCOM, is a part of the Microsoft system center product that provides the user with infrastructure monitoring and application performance monitoring. SCOM monitors:   Windows or UNIX/LinuxNetwo…
I've attached the XLSM Excel spreadsheet I used in the video and also text files containing the macros used below. https://filedb.experts-exchange.com/incoming/2017/03_w12/1151775/Permutations.txt https://filedb.experts-exchange.com/incoming/201…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question