Solved

Clustering Questions

Posted on 2012-12-20
2
411 Views
Last Modified: 2013-01-03
I have read a whole bunch of TechNet articles, and various tech pages about clustering, and I am now confused.

I am new to clustering.

I am trying to setup NPS failover.

Our NPS runs on Server 2008 Ent. R2 SP1.  That box also runs ADDS, ADCS.

NPS is functioning as a RADIUS server that provides authentication for Cisco AnyConnect VPN clients, and also enforces Wireless connection policies.

Our RADIUS wireless APs use Certs both client and server side (WPA2-ENT, PEAP)

The fact that we have a CA really complicates things... this would be very simple without the CA, as I could just install NPS on two boxes with identical config, and configure a second RADIUS server on the ASA.

I guess I need clarification on something....  I have heard of CA clustering... is that the same as Clustering a whole server?

If we need to do an entire server as a cluster, I am confused about the storage setup...  do the cluster nodes share the same OS partition?  I am assuming for a cluster to be fault tolerant, their partitions would have to run on some sort of redundant storage SEPARATE from the cluster nodes, right?

Please enlighten me...

We do not have a SAN, or any kind of iSCSI at the moment, that is about a year off for us.
0
Comment
Question by:cschmidt5
2 Comments
 
LVL 76

Expert Comment

by:arnold
ID: 38712243
Radius should not be clustered, most devices support the functionality of multiple servers
I.e. server a
Server b
Server c
Server e
With that the functionality includes marking a server that does not respond to requests as "dead"

Depending on the number of clients, one can control the distribution of the requests to servers by altering the order or combinations of servers.

Similarly for a CA, ne usually has one offline root server which signed a pair of subordinate issuing CAs' Certificate. The issuing CAs will share the storage where certificates are stored, while each signs the submitted request.  The root CA (these days can exist as a VM) and need ney be brought back when the subordinate CA's certificate are due for renewal or when it's own certificate needs renewing.
Root CA 20 year cert. subordinate CAs 5 year cert.
client certificates are one year certs.
0
 
LVL 42

Accepted Solution

by:
kevinhsieh earned 500 total points
ID: 38712335
You don't need to have your CA online in order for NPS to work. The CA only issues new certificates and renewals. There is no requirement to have a CA online for daily NPS authentication to work. Therefore just use two or more NPS servers. Be sure that you have more than one domain controller, because NPS depends on ADDS.
0

Featured Post

Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

The question has been asked on multiple occasions as to how best to do printing in a remote desktop or terminal services environment.   It seems that this particular question has plagued several people and most especially as Terminal Services, as…
My previous article  (http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/Windows_Server_2008/A_4466-A-beginners-guide-to-installing-SCCM2007-on-Windows-2008-R2-Server.html)detailed one possible method to get SCCM 2007 installed an…
Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now