Use Load Balancing with Multiple IAS Servers

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

If you add multiple IAS servers for performance reasons, you must load balance the servers. You can load balance and provide failover at each access server by configuring the access server to send queries to multiple RADIUS servers in a specified order of importance. You can also load balance by using IAS as a RADIUS proxy server that forwards connection requests to IAS servers in groups called remote RADIUS server groups. These configurations are useful for the following:

• Organizations that use EAP-TLS for authentication, which increases the load on RADIUS proxies and servers. For example, ISPs and corporations that want to provide wireless or authenticating switch access often use EAP-TLS.

• Organizations that need to sustain continuous service availability.

• ISPs that outsource VPN access for other organizations. The outsourced VPN services can generate a large volume of authentication traffic.

You can use RADIUS proxies to balance the load of a large volume of authentication traffic. Without RADIUS proxies, each network access server balances its RADIUS requests across multiple RADIUS servers and detects unavailable RADIUS servers.

When RADIUS proxies are in place, the load of authentication, authorization, and accounting traffic is distributed across all of the IAS servers in the organization. Additionally, there is a consistent scheme for failure detection and RADIUS server failover.