Performance Tuning and Optimization

This section contains recommendations on IAS performance fine-tuning and monitoring. It also includes sample performance information that can be helpful in determining your IAS server performance and health conditions.

Consider the following points when fine-tuning the performance of an IAS server.

• If IAS authenticates users against a Windows 2000–based domain controller that is running in native mode, the domain controller should also contain the Global Catalog.

• High latency connections between the NAS and IAS server, or IAS server and the domain controller, can negatively impact authentication times, and cause retries and time-outs.

In very large ISP environments (millions of remote access users) with extremely heavy load conditions, where a large number of authentication requests, as well as accounting packets are being handled within seconds, the following items must be considered:

• As a general rule of thumb, number of authentications/second you get would depend on the hardware used for the domain controller. A faster domain controller should yield a better throughput.

• Consider using separate IAS servers for authentication and accounting.

• Consider running the IAS server on a domain controller with a Global Catalog. This would minimize network latency and would improve throughput.

• To achieve better throughput, use a registry entry to tune the number of concurrent authentication calls in progress at one time, between the IAS server and the domain controller. For information about registry entry details, see Windows 2000 Server Help.

• An administrator can deploy multiple IAS servers and use Windows Load Balance Service to point NASs to a single IP address representing a pool of IAS servers.