Hi All,
We are currently looking at design a new Radius infrastructure and I have a few questions, that I hope you might be able to help answer.
Scenario:
Two Active Directory forests with a 2-way transitive trust between them (forest A, forest B)
Four datacenters (two primary and two secondary place in two countries) - both forests have Active Domain Controllers place in each datacenter.
We are going to utilize radius for the following services:
- Wireless Access, based on certificate's
- VPN
- Access to network equipment
We expect more then 50 Radius client requests.
And now to the design question.
Question 1 (solutions 1): For each primary datacenter (one placed in Europe and one placed in US), we need to decide if there should be two radius (NPS) servers per forests. that would be 4 radius servers in the European datacenter (two for each forest) or if it is enough to have two radius servers placed in one of the forests and then add into the Radius server group in the other forests. What would you recommend?
Questions 2 (Solution 2): Another question is if we should use two more Radius servers and use those as a Radius Proxy (none domain member) and then let it forward the traffic to the right forests. But then we have to use 6 Radius servers instead of 4 or 2. On the other hand we would only need two servers running the Windows 2012 Enterprise version (to handle more than 50 Radius Clients) instead of 4. What would you recommend?
We would of cause need the same setup in the primary datacenter in US, however for the backup datacenters I think it would be okay to have 1 in each, since those are only used if anything is wrong in the primary.
Question 3: Would you install the Radius service on and Active Directory Domain Controller or would you install it on it' s own server?
Question 4)Last but not least, to configure high availability we have thought about placing an F5 in front of the radius servers for load balancing. Is this something you would recommend or?
Thanks in advance for the help and the professional discussion.
Yours Sincerely,
Benjamin