NPS Proxy 伺服器負載平衡NPS Proxy Server Load Balancing

適用於:Windows Server 2016Applies To: Windows Server 2016

遠端驗證 Dial 使用者服務 (RADIUS) 戶端(例如私人網路 virtual (VPN) 伺服器以及 wireless 存取點的網路存取伺服器),建立連接要求,例如 NPS RADIUS 伺服器將它們傳送給。Remote Authentication Dial-In User Service (RADIUS) clients, which are network access servers such as virtual private network (VPN) servers and wireless access points, create connection requests and send them to RADIUS servers such as NPS. 有時候,NPS 伺服器可能會收到太多連接要求一次,會導致效能降低」或「多載。In some cases, an NPS server might receive too many connection requests at one time, resulting in degraded performance or an overload. 當多載 NPS 伺服器是新增到您的網路,以及設定的更多 NPS 伺服器負載平衡最好的做法。When an NPS server is overloaded, it is a good idea to add more NPS servers to your network and to configure load balancing. 當您平均散發多個 NPS 伺服器之間傳入的連接要求,以避免的一或多個 NPS 伺服器載時,稱為負載平衡。When you evenly distribute incoming connection requests among multiple NPS servers to prevent the overloading of one or more NPS servers, it is called load balancing.

負載平衡是適合用來:Load balancing is particularly useful for:

  • 使用最具擴充性驗證通訊協定-Tls (EAP-TLS) 或受延伸驗證通訊協定的組織 \ (PEAP)-TLS 進行驗證。Organizations that use Extensible Authentication Protocol-Transport Layer Security (EAP-TLS) or Protected Extensible Authentication Protocol (PEAP)-TLS for authentication. 這些驗證方法使用憑證的伺服器的驗證,以及使用者或 client 電腦驗證,因為載入 RADIUS proxy 伺服器上的為重密碼架構的驗證方法使用時於。Because these authentication methods use certificates for server authentication and for either user or client computer authentication, the load on RADIUS proxies and servers is heavier than when password-based authentication methods are used.
  • 必須以維持連續服務的可用性的組織。Organizations that need to sustain continuous service availability.
  • 網際網路服務提供者 (ISPs) 的外包 VPN 存取其他組織。Internet service providers (ISPs) that outsource VPN access for other organizations. 大量的驗證資料傳輸產生外部的 VPN 服務。The outsourced VPN services can generate a large volume of authentication traffic.

有兩種方法,您可以使用平衡連接要求傳送給您 NPS 伺服器的負載:There are two methods you can use to balance the load of connection requests sent to your NPS servers:

  • 設定多個 RADIUS 伺服器傳送請求連接您網路的存取伺服器。Configure your network access servers to send connection requests to multiple RADIUS servers. 例如,如果您 20 wireless 存取點兩個 RADIUS 伺服器、設定將連接要求傳送給這兩個 RADIUS 伺服器每個存取點。For example, if you have 20 wireless access points and two RADIUS servers, configure each access point to send connection requests to both RADIUS servers. 您可以負載平衡,並且設定將連接要求傳送給指定的優先順序訂單中的多個 RADIUS 伺服器存取伺服器提供容錯在每個網路的存取伺服器移轉。You can load balance and provide failover at each network access server by configuring the access server to send connection requests to multiple RADIUS servers in a specified order of priority. 此負載平衡最適合方法通常是小型不部署的 RADIUS 用大量的組織。This method of load balancing is usually best for small organizations that do not deploy a large number of RADIUS clients.
  • 使用 NPS RADIUS proxy 設定負載平衡連接要求之間多個 NPS 伺服器或其他 RADIUS 伺服器。Use NPS configured as a RADIUS proxy to load balance connection requests between multiple NPS servers or other RADIUS servers. 例如,如果您有 100 wireless 存取點,一個 NPS proxy,並三個 RADIUS 伺服器,您可以設定的存取點,將所有資料傳輸 NPS proxy 給。For example, if you have 100 wireless access points, one NPS proxy, and three RADIUS servers, you can configure the access points to send all traffic to the NPS proxy. 在 [NPS proxy 設定負載平衡使 proxy 平均分配之間的三個 RADIUS 伺服器連接要求。On the NPS proxy, configure load balancing so that the proxy evenly distributes the connection requests between the three RADIUS servers. 有許多 RADIUS 戶端與伺服器中型與大型的組織適合負載平衡此方法。This method of load balancing is best for medium and large organizations that have many RADIUS clients and servers.

很多時候,負載平衡的最佳方式是將 RADIUS 伺服器連接要求傳送給兩個 NPS proxy 伺服器,並設定進行負載平衡之間 RADIUS 伺服器 NPS proxy 設定。In many cases, the best approach to load balancing is to configure RADIUS clients to send connection requests to two NPS proxy servers, and then configure the NPS proxies to load balance among RADIUS servers. 這種方式提供容錯移轉與負載平衡,proxy NPS RADIUS 伺服器。This approach provides both failover and load balancing for NPS proxies and RADIUS servers.

RADIUS 伺服器優先順序和減重RADIUS server priority and weight

在 NPS proxy 設定過程中,您可以建立遠端 RADIUS 伺服器群組,然後再新增每個群組的 [RADIUS 伺服器。During the NPS proxy configuration process, you can create remote RADIUS server groups and then add RADIUS servers to each group. 若要設定負載平衡,您必須遠端 RADIUS 伺服器群組每一部以上的 RADIUS 伺服器。To configure load balancing, you must have more than one RADIUS server per remote RADIUS server group. 加入群組,同時,或建立 RADIUS 伺服器群組成員後,您可以存取新增 RADIUS 伺服器對話方塊負載平衡] 索引標籤上,設定下列項目:While adding group members, or after creating a RADIUS server as a group member, you can access the Add RADIUS server dialog box to configure the following items on the Load Balancing tab:

  • 優先順序Priority. 優先順序指定的 proxy 伺服器 NPS RADIUS 伺服器的重要性的順序。Priority specifies the order of importance of the RADIUS server to the NPS proxy server. 必須值,可為整數,例如 1、2 或 3 指派優先順序層級。Priority level must be assigned a value that is an integer, such as 1, 2, or 3. 越低數字,較高優先順序 NPS proxy RADIUS 伺服器提供。The lower the number, the higher priority the NPS proxy gives to the RADIUS server. 例如,如果 RADIUS 伺服器指定為 1 最高優先順序,NPS proxy 傳送連接要求 RADIUS 伺服器第一次。如果優先順序 1 伺服器無法使用,NPS 會傳送連接請求給 RADIUS 伺服器優先順序 2 等等。For example, if the RADIUS server is assigned the highest priority of 1, the NPS proxy sends connection requests to the RADIUS server first; if servers with priority 1 are not available, NPS then sends connection requests to RADIUS servers with priority 2, and so on. 您可以相同的優先順序為多個 RADIUS 伺服器,並進行負載平衡之間使用減重設定。You can assign the same priority to multiple RADIUS servers, and then use the Weight setting to load balance between them.

  • 減重Weight. NPS 使用這個減重設定,以判斷多少連接要求傳送給為每個群組成員時群組成員有相同的優先順序層級。NPS uses this Weight setting to determine how many connection requests to send to each group member when the group members have the same priority level. 介於 1 與 100,必須指派重量設定和百分比 100%代表值。Weight setting must be assigned a value between 1 and 100, and the value represents a percentage of 100 percent. 例如,如果遠端 RADIUS 伺服器群組包含優先順序層級 1 和的 50 減重評分兩者有兩個成員,NPS proxy 轉送 50%的每個 RADIUS 伺服器連接請求。For example, if the remote RADIUS server group contains two members that both have a priority level of 1 and a weight rating of 50, the NPS proxy forwards 50 percent of the connection requests to each RADIUS server.

  • 進階設定Advanced settings. 這些容錯移轉」設定提供的 NPS 判斷是否遠端 RADIUS 伺服器無法使用的方式。These failover settings provide a way for NPS to determine whether the remote RADIUS server is unavailable. 如果 NPS RADIUS 伺服器不是可用,就可以開始連接要求傳送給其他群組成員。If NPS determines that a RADIUS server is unavailable, it can start sending connection requests to other group members. 利用這些設定,您可以設定 NPS proxy 等待 RADIUS 伺服器回應之前它認為卸除; 要求秒的數卸除要求 NPS proxy 之前的上限辨識 RADIUS 伺服器無法使用。並秒之間 NPS proxy 之前,要求可經過數找出 RADIUS 伺服器無法使用。With these settings you can configure the number of seconds that the NPS proxy waits for a response from the RADIUS server before it considers the request dropped; the maximum number of dropped requests before the NPS proxy identifies the RADIUS server as unavailable; and the number of seconds that can elapse between requests before the NPS proxy identifies the RADIUS server as unavailable.

設定 NPS proxy 負載平衡Configure NPS proxy load balancing

設定之前負載平衡,建立部署計畫,包括如何的許多遠端 RADIUS 伺服器群組您需要時,所伺服器是每個特殊群組,與每個伺服器的優先順序和減重設定的成員。Before configuring load balancing, create a deployment plan that includes how many remote RADIUS server groups you require, which servers are members of each particular group, and the Priority and Weight setting for each server.

注意

請依照下列步驟進行假設您擁有已經部署,並設定 RADIUS 伺服器。The steps that follow assume that you have already deployed and configured RADIUS servers.

若要設定 NPS 做為 proxy 伺服器並向前連接要求 RADIUS 從遠端 RADIUS 伺服器,您必須執行下列動作:To configure NPS to act as a proxy server and forward connection requests from RADIUS clients to remote RADIUS servers, you must take the following actions:

  1. 部署 RADIUS 戶端 \(VPN 伺服器、撥號伺服器、車票服務閘道伺服器、802.1 X 驗證參數,以及 802.1 X 無線存取 points\)並將其連接要求傳送給您 NPS proxy 伺服器設定。Deploy your RADIUS clients (VPN servers, dial-up servers, Terminal Services Gateway servers, 802.1X authenticating switches, and 802.1X wireless access points) and configure them to send connection requests to your NPS proxy servers.

  2. NPS proxy,將設定為 RADIUS 戶端的網路存取伺服器。On the NPS proxy, configure the network access servers as RADIUS clients. 如需詳細資訊,請查看設定 RADIUS 戶端For more information, see Configure RADIUS Clients.

  3. NPS proxy,建立一個或多個遠端的 RADIUS 伺服器群組。On the NPS proxy, create one or more remote RADIUS server groups. 在此過程中,將 RADIUS 伺服器加入遠端 RADIUS 伺服器群組。During this process, add RADIUS servers to the remote RADIUS server groups. 如需詳細資訊,請查看設定遠端 RADIUS 伺服器群組For more information, see Configure Remote RADIUS Server Groups.

  4. NPS proxy,為您新增到遠端的 RADIUS 伺服器群組,每個 RADIUS 伺服器上按一下 RADIUS 伺服器負載平衡索引標籤,然後再設定優先順序減重,和進階設定On the NPS proxy, for each RADIUS server that you add to a remote RADIUS server group, click the RADIUS server Load Balancing tab, and then configure Priority, Weight, and Advanced settings.

  5. NPS proxy,來設定連接要求原則遠端 RADIUS 伺服器群組轉送給驗證及計量要求。On the NPS proxy, configure connection request policies to forward authentication and accounting requests to remote RADIUS server groups. 您必須建立遠端 RADIUS 伺服器群組每一個連接要求原則。You must create one connection request policy per remote RADIUS server group. 如需詳細資訊,請查看設定連接要求原則For more information, see Configure Connection Request Policies.