Designing an Optimized IAS Solution
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
Optimize your IAS design by planning how to scale your IAS servers, whether or not to add IAS servers, where to place your IAS servers, and other steps as illustrated in Figure 7.9.
Figure 7.9 Designing an Optimized IAS Solution
.gif "Designing an Optimized IAS Solution")
IAS RADIUS clients and servers require minimal management and administration. However, over time, changes in the number of access clients, changes in WAN technology, and other factors can reduce the performance of IAS.
You can optimize IAS performance by positioning your IAS servers strategically. Use the following guidelines when deciding where to position your IAS servers:
Locate IAS servers in the same domain with the server that provides remote user account authentication.
Locate IAS on a domain controller and store the user account database in Active Directory.
In addition, the following factors can negatively impact IAS performance:
The current load of the domain controller.
The resolution of user principal names, resulting in an additional remote procedure call (RPC) query against the computer that contains the global catalog.
EAP-based authentication methods, involving multiple challenge-response exchanges.
The type of hardware in use.
Network latency between:
The IAS server and the domain controller.
The IAS server and the computer that contains the global catalog.
The IAS server and the access server.
You can optimize the performance of an IAS solution by scaling IAS to meet increasing demands in your organization and by including more than one RADIUS client and server in your network design.