Network Policy Server (Radius Server) Monitoring
Network Policy Server (Radius Server) - An Overview
Network Policy Server (NPS) is the Microsoft implementation of a Remote Authentication Dial-in User Service (RADIUS) server and proxy. As a RADIUS server, NPS performs authentication, authorization, and accounting for wireless, authenticating switch, and remote access dial-up and virtual private network (VPN) connections. NPS allows you to centrally configure and manage network access authentication, authorization, and accounting. Implementing an efficient tool for NPS monitoring will help to track performance and availability of the radius servers. NPS can be implemented as RADIUS Server or RADIUS Proxy or both.
RADIUS Server:
NPS performs centralized authentication, authorization, and accounting for wireless, authenticating switch, remote access dial-up and virtual private network (VPN) connections. When you use NPS as a RADIUS server, you configure network access servers, such as wireless access points and VPN servers, as RADIUS clients in NPS. You also configure network policies that NPS uses to authorize connection requests, and you can configure RADIUS accounting so that NPS logs accounting information to log files on the local hard disk or in a Microsoft SQL Server database.
RADIUS Proxy:
When you use NPS as a RADIUS proxy, you configure connection request policies that tell the NPS which connection requests to forward to other RADIUS servers and to which RADIUS servers you want to forward connection requests. You can also configure NPS to forward accounting data to be logged by one or more computers in a remote RADIUS server group.
Creating a new NPS Radius server monitor
Prerequisites for monitoring NPS Radius server metrics:Click here
Using the REST API to add a new NPS Radius server monitor:Click here
To create a new NPS Radius server monitor, follow the steps given below:
- Go to New Monitor and click on Add New Monitor link.
- Select Network Policy Server (Radius Server) under Services category.
- Enter the Display name of the monitor to be created.
- Enter the Hostname of the host where Network Policy Server runs.
- Choose the Roles that you want to monitor in the server. (Radius Server and Radius Proxy)
- Enter the credential details like user name and password for authentication, or select the required credentials from the Credential Manager list after enabling the Select from Credential list option.
- Select the Enable Kerberos Authentication checkbox if you want to monitor NPS Radius server through Kerberos authentication.
- Enter the polling interval time in minutes.
- If you are adding a new monitor from the Central Server, select a Probe Server.
- Choose the Monitor Group from the combo box with which you want to associate NPS Radius server monitor (optional). You can choose multiple groups to associate your monitor.
- Click Add Monitor(s). This discovers NPS Radius server from the network and starts monitoring them.
Note: NPS Radius server monitor is supported only by Applications Manager installed in Windows OS and not in Linux.
Monitored Parameters
Go to the Monitors Category View by clicking the Monitors tab. Click on Network Policy Server (Radius Server) under the Services table. Displayed is the Network Policy Server (Radius Server) bulk configuration view distributed into three tabs:
- Availability tab gives the Availability history for the past 24 hours or 30 days.
- Performance tab gives the Health Status and events for the past 24 hours or 30 days.
- List view tab enables you to perform bulk admin configurations.
On clicking a monitor from the list, you'll be taken to the NPS Radius server monitor dashboard. It has 3 tabs -
Performance Overview
| Parameter | Description |
|---|
| SYSTEM MONITORS |
| CPU Utilization | Amount of CPU utilized by the NPS Radius server (in percentage). |
| Memory Utilization | Amount of memory utilized by the NPS Radius server (in percentage). |
| POLICY ENGINE |
| Last Round Trip Time | The time interval between the most recent request to the policy engine and its response (in ms). |
| Matched Remote Access Policies/sec | The average number of remote access policies that have been matched per second. |
| Pending Requests | The number of requests that have entered the policy engine but have not yet completed the process. |
| Network Interface |
| Name | Name of the network interface. |
| Speed | Speed of the network interface (in Mbps). |
| Input Traffic | Rate at which data is received by the network interface (in Mbps). |
| Output Traffic | Rate at which data is transmitted from the network interface (in Mbps). |
| Services |
| Display Name | Name of the service. (Network Policy Server or Active Directory Domain Service) |
| Start Mode | Indicates the start mode of the service. |
| State | Indicates the status of the service. |
Radius Server
| Parameter | Description |
|---|
| ACCOUNTING |
| Server - Accounting Requests/sec | The average number of RADIUS Accounting-Requests received per second on the accounting port. |
| Server - Accounting Responses/sec | The average number of RADIUS Accounting-Responses sent per second. |
| AUTHENTICATION |
| Server - Access Requests/sec | The average number of RADIUS Access-Request packets sent per second. |
| Server - Access Challenges/sec | The average number of RADIUS Access-Challenge packets sent per second. |
| Server - Access Accepts/sec | The average number of RADIUS Access-Accept packets sent per second. |
| Server - Access Rejects/sec | The average number of RADIUS Access-Reject packets sent per second. |
| ACCOUNTING FAILURES |
| Server Accounting - Bad Authenticators / Sec | The average number of RADIUS packets per second that contain an invalid Message Authenticator attribute. |
| Server Accounting - Dropped Packets / Sec | The average number of incoming packets per second that are silently discarded for a reason other than "malformed", "invalid Message Authenticator", or "unknown type". |
| Server Accounting - Invalid Requests / Sec | The average number of RADIUS packets from unknown clients or remote RADIUS servers received per second. |
| Server Accounting - Malformed Packets / Sec | The average number of packets containing malformed data received per second. |
| Server Accounting - Unknown Type / Sec | The average number of unknown type (non-RADIUS) packets received per second. |
| AUTHENTICATION FAILURES |
| Server Authentication - Bad Authenticators / Sec | The average number of RADIUS packets per second that contain an invalid Message Authenticator attribute. |
| Server Authentication - Dropped Packets / Sec | The average number of incoming packets per second that are silently discarded for a reason other than "malformed", "invalid Message Authenticator", or "unknown type". |
| Server Authentication - Invalid Requests / Sec | The average number of RADIUS packets from unknown clients or remote RADIUS servers received per second. |
| Server Authentication - Malformed Packets / Sec | The average number of packets containing malformed data received per second. |
| Server Authentication - Unknown Type / Sec | The average number of unknown type (non-RADIUS) packets received per second. |
Radius Proxy
| Parameter | Description |
|---|
| ACCOUNTING |
| Proxy - Accounting Requests/sec | The average number of RADIUS Accounting-Request packets sent per second to the accounting port. |
| Proxy - Accounting Responses/sec | The average number of RADIUS Accounting-Response packets received per second on the accounting port. |
| AUTHENTICATION |
| Proxy - Access Requests/sec | The average number of RADIUS Access-Request packets per second sent to this server. |
| Proxy - Access Challenges/sec | The average number of RADIUS Access-Challenge packets per second received from this server. |
| Proxy - Access Accepts/sec | The average number of RADIUS Access-Accept packets per second received from this server. |
| Proxy - Access Rejects/sec | The average number of RADIUS Access-Reject packets per second received from this server. |
| ACCOUNTING FAILURES |
| Proxy Accounting - Bad Authenticators / Sec | The average number of RADIUS packets per second that contain an invalid Message Authenticator attribute. |
| Proxy Accounting - Dropped Packets / Sec | The average number of incoming packets per second that are silently discarded for a reason other than "malformed", "invalid Message Authenticator", or "unknown type". |
| Proxy Accounting - Invalid Addresses / Sec | The average number of packets per second received from unknown addresses. |
| Proxy Accounting - Malformed Packets / Sec | The average number of packets containing malformed data received per second. |
| Proxy Accounting - Request Timeouts / Sec | The average number of request timeouts per second to this server. |
| Proxy Accounting - Retransmissions / Sec | The average number of requests retransmitted per second to this server. |
| Proxy Accounting - Unknown Type / Sec | The average number of unknown type (non-RADIUS) packets received per second. |
| AUTHENTICATION FAILURES |
| Proxy Authentication - Bad Authenticators / Sec | The average number of RADIUS packets per second that contain an invalid Message Authenticator attribute. |
| Proxy Authentication - Dropped Packets / Sec | The average number of incoming packets per second that are silently discarded for a reason other than "malformed", "invalid Message Authenticator", or "unknown type". |
| Proxy Authentication - Invalid Addresses / Sec | The average number of packets per second received from unknown addresses. |
| Proxy Authentication - Malformed Packets / Sec | The average number of packets containing malformed data received per second. |
| Proxy Authentication - Request Timeouts / Sec | The average number of request timeouts per second to this server. |
| Proxy Authentication - Retransmissions / Sec | The average number of requests retransmitted per second to this server. |
| Proxy Authentication - Unknown Type / Sec | The average number of unknown type (non-RADIUS) packets received per second. |
