Your network contains four servers named Server1, Server2, Server3, and Server4 that run Windows Server 2008 R2. The servers have the Network Policy Server (NPS) role service installed.
You configure a Remote RADIUS Server Group named Group1. Group 1 contains Server2, Server3, and Server4.
You need to configure load balancing for the members of Group1 to meet the following requirements:
Server1 must send 25 percent of all authentication requests to Server3.
Server1 must send 75 percent of all authentication requests to Server2.
Server1 must only send authentication requests to Server4 if Server2 and Server3 are unavailable.
What should you do from the Network Policy Server console?
A.
� For Server2, set the weight to 75 and the priority to 75, � For Server3, set the weight to 25 and the priority to 25.
� For Server4, set the weight to 100 and the priority to 200.
B.
� For Server2, set the weight to 75 and the priority to 1.
� For Server3, set the weight to 25 and the priority to 1.
� For Server4, set the weight to 100 and the priority to 100.
C.
� For Server2, set the weight to 1 and the priority to 75.
� For Server3, set the weight to 1 and the priority to 25.
� For Server4, set the weight to 100 and the priority to 1.
D.
� For Server2, set the weight to 75 and the priority to 25.
� For Server3, set the weight to 25 and the priority to 75.
� For Server4, set the weight to 100 and the priority to 1.
Explanation:
Reference: http://technet.microsoft.com/en-us/library/dd197433(WS.10).aspx
Load Balancing with NPS Proxy
2 out of 2 rated this helpful – Rate this topic
Updated: October 21, 2008
Applies To: Windows Server 2008, Windows Server 2008 R2
Remote Authentication Dial-In User Service (RADIUS) clients, which are network access servers such as virtual private network (VPN) servers and wireless access points, create connection requests and send them to RADIUS servers such as NPS. In some cases, an NPS server might receive too many connection requests at one time, resulting in degraded performance or an overload. When an NPS server is overloaded, it is a good idea to add more NPS servers to your network and to configure load balancing. When you evenly distribute incoming connection requests among multiple NPS servers to prevent the overloading of one or more NPS servers, it is called load balancing.
Load balancing is particularly useful for:
Organizations that use Extensible Authentication Protocol-Transport Layer Security (EAP-TLS) or Protected Extensible Authentication Protocol (PEAP)-TLS for authentication. Because these authentication methods use certificates for server authentication and for either user or client computer authentication, the load on RADIUS proxies and servers is heavier than when password-based authentication methods are used.
Organizations that need to sustain continuous service availability.
Internet service providers (ISPs) that outsource VPN access for other organizations. The outsourced VPN services can generate a large volume of authentication traffic.
There are two methods you can use to balance the load of connection requests sent to your NPS servers:
Configure your network access servers to send connection requests to multiple RADIUS servers. For example, if you have 20 wireless access points and two RADIUS servers, configure each access point to send connection requests to both RADIUS servers. You can load balance and provide failover at each network access server by configuring the access server to send connection requests to multiple RADIUS servers in a specified order of priority. This method of load balancing is usually best for small organizations that do not deploy a large number of RADIUS clients.
Use NPS configured as a RADIUS proxy to load balance connection requests between multiple NPS servers or other RADIUS servers. For example, if you have 100 wireless access points, one NPS proxy, and three RADIUS servers, you can configure the access points to send all traffic to the NPS proxy. On the NPS proxy, configure load balancing so that the proxy evenly distributes the connection requests between the three RADIUS servers. This method of load balancing is best for medium and large organizations that have many RADIUS clients and servers.
In many cases, the best approach to load balancing is to configure RADIUS clients to send connection requests to two NPS proxy servers, and then configure the NPS proxies to load balance among RADIUS servers. This approach provides both failover and load balancing for NPS proxies and RADIUS servers.
RADIUS server priority and weight
During the NPS proxy configuration process, you can create remote RADIUS server groups and then add RADIUS servers to each group. To configure load balancing, you must have more than one RADIUS server per remote RADIUS server group. While adding group members, or after creating a RADIUS server as a group member, you can access the Add RADIUS server dialog box to configure the following items on the Load Balancing tab:
Priority. Priority specifies the order of importance of the RADIUS server to the NPS proxy server. Priority level must be assigned a value that is an integer, such as 1, 2, or 3. The lower the number, the higher priority the NPS proxy gives to the RADIUS server. For example, if the RADIUS server is assigned the highest priority of 1, the NPS proxy sends connection requests to the RADIUS server first; if servers with priority 1 are not available, NPS then sends connection requests to RADIUS servers with priority 2, and so on. You can assign the same priority to multiple RADIUS servers, and then use the Weight setting to load balance between them.
Weight. NPS uses this Weight setting to determine how many connection requests to send to each group member when the group members have the same priority level. Weight setting must be assigned a value between 1 and 100, and the value represents a percentage of 100 percent. For example, if the remote RADIUS server group contains two members that both have a priority level of 1 and a weight rating of 50, the NPS proxy forwards 50 percent of the connection requests to each RADIUS server.
Advanced settings. These failover settings provide a way for NPS to determine whether the remote RADIUS server is unavailable. If NPS determines that a RADIUS server is unavailable, it can start sending connection requests to other group members. With these settings you can configure the number of seconds that the NPS proxy waits for a response from the RADIUS server before it considers the request dropped; the maximum number of dropped requests before the NPS proxy identifies the RADIUS server as unavailable; and the number of seconds that can elapse between requests before the NPS proxy identifies the RADIUS server as unavailable.