Manualshelf

Security Solutions

ManualsBrandsHP ManualsSoftwareHP ProCurve Access Control Client Software
201202203204205206207208209210
3-90
Designing Access Controls
Choose RADIUS Servers
The first step is estimating the number of logins your network (or site, if you
are planning a multi-site distributed architecture) experiences in an average
day. Next, you should consider how many logins the network experiences in
the busiest minutes of the day. Of course, you cannot come up with exact
numbers, but you can make educated guesses. Answer these questions:
How many users are in your network?
Do PEPs force endpoints to re-authenticate? If so, how often?
Although re-authentication occurs in the background (without the user’s
knowledge), the RADIUS server still must handle the request. The more
frequently PEPs require endpoints to re-authenticate, the greater the
burden on a RADIUS server.
Do users all log in at roughly the same time, or are logins staggered
throughout the day?
For example, at a traditional office, most employees arrive around 9:00 in
the morning, which means that the RADIUS server might receive a flood
of requests at that time. At a university, on the other hand, students might
log in to the network at various times of the day and night.
Multiply the first two answers to arrive at an estimate of logins-per-day.
Factoring in the third answer can be slightly trickier. Still, you should be able
to come up with a reasonable estimate. For example, you might decide that
in the busiest minute of the day, around 9:00 in the morning, twenty percent
of the users will attempt to log in.
You should be able to check your estimates by searching RADIUS accounting
logs. A database management system (DBMS) can help you analyze these logs.
After gauging the demands that will be placed on your RADIUS server, check
its documentation for its capabilities. Then determine if you need to install
multiple servers in a particular location to meet the demand.
Choose Your RADIUS Servers and Finalize the Plan
The final step is choosing the type of RADIUS servers that you will deploy. If
you have chosen an integrated server/proxy or integrated server/proxy to
turnkey server strategy, you will choose multiple types—servers built into
hardware as well as the proxy servers.