[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 409
  • Last Modified:

Redundant Network Policy Servers and how to implement them?

We currently have one Network Policy Server role installed on a domain controller, that is used to authenticate wireless clients onto our domain from a Cisco Aironet WAP.

How do we implement redundancy in case that NPS server goes down and can not authenticate? What are our options? I have read of load balancing NPS servers, but would prefer other options.

Do they have a hot standby option for the NPS role?
0
meade470
Asked:
meade470
  • 2
2 Solutions
 
rauenpcCommented:
The way I've done it in the past was to run a schedule task to export the NPS configuration on the primary server, and on the secondary server I had a similar task scheduled to import the file that was created by the first. This way, every hour the two NPS servers essentially synchronized settings so you would only need to configure one server.
On networking equipment, you can specify multiple radius servers so that if one doesn't respond, it will try the other.
Below is a link explaining the commands for export/import.

http://technet.microsoft.com/en-us/library/cc732059%28v=ws.10%29.aspx
0
 
meade470Author Commented:
Thanks rauenpc - how often does the configuration change? is it needed to keep loading the configuration?
0
 
rauenpcCommented:
Only as often as you change it. If you only have, say, a couple policies and a handful of radius clients, then just configure the two NPS servers and configure your network devices with both radius servers and move on.
In the environments that I set this up, there were usually a few changes made per month when it comes to policies and adding clients, so to reduce mistakes and ensure consistency I setup the scheduled tasks.
0

Featured Post

New Tabletop Appliances Blow Competitors Away!

WatchGuard’s new T15, T35 and T55 tabletop UTMs provide the highest-performing security inspection in their class, allowing users at small offices, home offices and distributed enterprises to experience blazing-fast Internet speeds without sacrificing enterprise-grade security.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now