Network Policy Server (Radius Server) Monitoring

Network Policy Server (Radius Server) - An Overview

Network Policy Server (NPS) is the Microsoft implementation of a Remote Authentication Dial-in User Service (RADIUS) server and proxy. As a RADIUS server, NPS performs authentication, authorization, and accounting for wireless, authenticating switch, and remote access dial-up and virtual private network (VPN) connections. NPS allows you to centrally configure and manage network access authentication, authorization, and accounting. Implementing an efficient tool for NPS monitoring will help to track performance and availability of the radius servers. NPS can be implemented as RADIUS Server or RADIUS Proxy or both.

RADIUS Server:

NPS performs centralized authentication, authorization, and accounting for wireless, authenticating switch, remote access dial-up and virtual private network (VPN) connections. When you use NPS as a RADIUS server, you configure network access servers, such as wireless access points and VPN servers, as RADIUS clients in NPS. You also configure network policies that NPS uses to authorize connection requests, and you can configure RADIUS accounting so that NPS logs accounting information to log files on the local hard disk or in a Microsoft SQL Server database.

RADIUS Proxy:

When you use NPS as a RADIUS proxy, you configure connection request policies that tell the NPS which connection requests to forward to other RADIUS servers and to which RADIUS servers you want to forward connection requests. You can also configure NPS to forward accounting data to be logged by one or more computers in a remote RADIUS server group.

Creating a new NPS Radius server monitor

Prerequisites for monitoring NPS Radius server metrics: Click here

Using the REST API to add a new NPS Radius server monitor: Click here

To create a new NPS Radius server monitor, follow the steps given below:

Go to New Monitor and click on Add New Monitor link.
Select Network Policy Server (Radius Server) under Services category.
Enter the Display name of the monitor to be created.
Enter the Hostname of the host where Network Policy Server runs.
Choose the Roles that you want to monitor in the server. (Radius Server and Radius Proxy)
Enter the credential details like user name and password for authentication, or select the required credentials from the Credential Manager list after enabling the Select from Credential list option.
Select the Enable Kerberos Authentication checkbox if you want to monitor NPS Radius server through Kerberos authentication.
Enter the polling interval time in minutes.
If you are adding a new monitor from an Admin Server, select a Managed Server.
Choose the Monitor Group from the combo box with which you want to associate NPS Radius server monitor (optional). You can choose multiple groups to associate your monitor.
Click Add Monitor(s). This discovers NPS Radius server from the network and starts monitoring them.

Note: NPS Radius server monitor is supported only by Applications Manager installed in Windows OS and not in Linux.

Monitored Parameters

Go to the Monitors Category View by clicking the Monitors tab. Click on Network Policy Server (Radius Server) under the Services table. Displayed is the Network Policy Server (Radius Server) bulk configuration view distributed into three tabs:

Availability tab gives the Availability history for the past 24 hours or 30 days.
Performance tab gives the Health Status and events for the past 24 hours or 30 days.
List view tab enables you to perform bulk admin configurations.

On clicking a monitor from the list, you'll be taken to the NPS Radius server monitor dashboard. It has 3 tabs -

Performance Overview
Radius Server
Radius Proxy

Performance Overview

Parameter	Description
SYSTEM MONITORS
CPU Utilization	Amount of CPU utilized by the NPS Radius server (in percentage).
Memory Utilization	Amount of memory utilized by the NPS Radius server (in percentage).
POLICY ENGINE
Last Round Trip Time	The time interval between the most recent request to the policy engine and its response (in ms).
Matched Remote Access Policies/sec	The average number of remote access policies that have been matched per second.
Pending Requests	The number of requests that have entered the policy engine but have not yet completed the process.
Network Interface
Name	Name of the network interface.
Speed	Speed of the network interface (in Mbps).
Input Traffic	Rate at which data is received by the network interface (in Mbps).
Output Traffic	Rate at which data is transmitted from the network interface (in Mbps).
Services
Display Name	Name of the service. (Network Policy Server or Active Directory Domain Service)
Start Mode	Indicates the start mode of the service.
State	Indicates the status of the service.

Radius Server

Parameter	Description
ACCOUNTING
Server - Accounting Requests/sec	The average number of RADIUS Accounting-Requests received per second on the accounting port.
Server - Accounting Responses/sec	The average number of RADIUS Accounting-Responses sent per second.
AUTHENTICATION
Server - Access Requests/sec	The average number of RADIUS Access-Request packets sent per second.
Server - Access Challenges/sec	The average number of RADIUS Access-Challenge packets sent per second.
Server - Access Accepts/sec	The average number of RADIUS Access-Accept packets sent per second.
Server - Access Rejects/sec	The average number of RADIUS Access-Reject packets sent per second.
ACCOUNTING FAILURES
Server Accounting - Bad Authenticators / Sec	The average number of RADIUS packets per second that contain an invalid Message Authenticator attribute.
Server Accounting - Dropped Packets / Sec	The average number of incoming packets per second that are silently discarded for a reason other than "malformed", "invalid Message Authenticator", or "unknown type".
Server Accounting - Invalid Requests / Sec	The average number of RADIUS packets from unknown clients or remote RADIUS servers received per second.
Server Accounting - Malformed Packets / Sec	The average number of packets containing malformed data received per second.
Server Accounting - Unknown Type / Sec	The average number of unknown type (non-RADIUS) packets received per second.
AUTHENTICATION FAILURES
Server Authentication - Bad Authenticators / Sec	The average number of RADIUS packets per second that contain an invalid Message Authenticator attribute.
Server Authentication - Dropped Packets / Sec	The average number of incoming packets per second that are silently discarded for a reason other than "malformed", "invalid Message Authenticator", or "unknown type".
Server Authentication - Invalid Requests / Sec	The average number of RADIUS packets from unknown clients or remote RADIUS servers received per second.
Server Authentication - Malformed Packets / Sec	The average number of packets containing malformed data received per second.
Server Authentication - Unknown Type / Sec	The average number of unknown type (non-RADIUS) packets received per second.

Radius Proxy

Parameter	Description
ACCOUNTING
Proxy - Accounting Requests/sec	The average number of RADIUS Accounting-Request packets sent per second to the accounting port.
Proxy - Accounting Responses/sec	The average number of RADIUS Accounting-Response packets received per second on the accounting port.
AUTHENTICATION
Proxy - Access Requests/sec	The average number of RADIUS Access-Request packets per second sent to this server.
Proxy - Access Challenges/sec	The average number of RADIUS Access-Challenge packets per second received from this server.
Proxy - Access Accepts/sec	The average number of RADIUS Access-Accept packets per second received from this server.
Proxy - Access Rejects/sec	The average number of RADIUS Access-Reject packets per second received from this server.
ACCOUNTING FAILURES
Proxy Accounting - Bad Authenticators / Sec	The average number of RADIUS packets per second that contain an invalid Message Authenticator attribute.
Proxy Accounting - Dropped Packets / Sec	The average number of incoming packets per second that are silently discarded for a reason other than "malformed", "invalid Message Authenticator", or "unknown type".
Proxy Accounting - Invalid Addresses / Sec	The average number of packets per second received from unknown addresses.
Proxy Accounting - Malformed Packets / Sec	The average number of packets containing malformed data received per second.
Proxy Accounting - Request Timeouts / Sec	The average number of request timeouts per second to this server.
Proxy Accounting - Retransmissions / Sec	The average number of requests retransmitted per second to this server.
Proxy Accounting - Unknown Type / Sec	The average number of unknown type (non-RADIUS) packets received per second.
AUTHENTICATION FAILURES
Proxy Authentication - Bad Authenticators / Sec	The average number of RADIUS packets per second that contain an invalid Message Authenticator attribute.
Proxy Authentication - Dropped Packets / Sec	The average number of incoming packets per second that are silently discarded for a reason other than "malformed", "invalid Message Authenticator", or "unknown type".
Proxy Authentication - Invalid Addresses / Sec	The average number of packets per second received from unknown addresses.
Proxy Authentication - Malformed Packets / Sec	The average number of packets containing malformed data received per second.
Proxy Authentication - Request Timeouts / Sec	The average number of request timeouts per second to this server.
Proxy Authentication - Retransmissions / Sec	The average number of requests retransmitted per second to this server.
Proxy Authentication - Unknown Type / Sec	The average number of unknown type (non-RADIUS) packets received per second.