Where to run RadiusNT/Single point of failure elimination?

Fox, Thomas L. ( tfox@foxberry.com )
Mon, 21 Jul 1997 22:12:31 -0400

I'm soliciting general opinions (everybody has one)...

Is it wise/appropriate to run the primary authentication instance
of RadiusNT on the same machine as the SQL server/Access database?

We're thinking of an authentication "system" that looks like this:

PRIMARY RADIUS (SQL) SERVER -- All terminal servers authenticate to this 1st

SECONDARY RADIUS SERVER -- All terminal servers use this as alternate authentication
All terminal servers us this as alternate accounting

ACCOUNTING SERVER - All terminal servers dump accounting here

While this scenario covers failure of the accounting server and primary RADIUS instance
on the primary radius server, it doesn't account for a failure of the primary MACHINE
(i.e., power supply dies at 3am). If that machine dies, we lose authentication and
accounting as that is where the database lives.

I guess it boils down to I'm looking for a way to eliminate the single point of failure.
Would using RadiusNT in "both" mode with a text based user's file on the accounting
and secondary servers suffice to provide authentication in the event of the failure of
the SQL machine? I know the nas will hold accounting records for a while (and if I lose
some, that isn't as important as users not being able to authenticate).

If so, are there any triggers/routines to create the text based users file on some periodic
basis?

And, on a Livingston Portmaster note, does anyone know if I can have more than one
alternate authentication and accounting device (i.e., set alt 2, set alt 3, set account 2,
set account 3)?

Thanks,
Tom