I need to ensure high availability for RADIUS service in Windows Server environment so it can withstand loss or even temporary downtime of any particular server holding NPS role. Most of technet articles state that I should use NPS Proxy, but in my understanding it still leaves me with a bottleneck of single proxy server. I came to a decision of setting up NLB cluster for NPS servers but, again, microsoft best practices state that NPS role should be installed on a Domain Controller to minimize traffic from NPS to DC. I have doubts that my DCs will be fine with NLB feature installed on them.
So, my questions is: 1. Is there any way to measure how hard exactly NPS traffic will hit my network and DC if installed on separate servers? 2. Am I missing something and there is another way to provide HA for NPS ?
P.S. Our network team says that they are able to specify multiple RADIUS servers on their side, but the problem is that network services in Windows Server start earlier than NPS, which leaves us with a gap when clients try to authenticate on server that is not fully functioning.
Get 2 servers with VMware vSphere, you need vCenter for cluster, vSAN to provide shared storage for these 2 servers, activate failover and the VMs with NPS will stay in HA.