Designing Access Controls
Choose RADIUS Servers
The first step is estimating the number of logins your network (or site, if you are planning a
■How many users are in your network?
■Do PEPs force endpoints to
Although
■Do users all log in at roughly the same time, or are logins staggered throughout the day?
For example, at a traditional office, most employees arrive around 9:00 in the morning, which means that the RADIUS server might receive a flood of requests at that time. At a university, on the other hand, students might log in to the network at various times of the day and night.
Multiply the first two answers to arrive at an estimate of
Factoring in the third answer can be slightly trickier. Still, you should be able to come up with a reasonable estimate. For example, you might decide that in the busiest minute of the day, around 9:00 in the morning, twenty percent of the users will attempt to log in.
You should be able to check your estimates by searching RADIUS accounting logs. A database management system (DBMS) can help you analyze these logs.
After gauging the demands that will be placed on your RADIUS server, check its documentation for its capabilities. Then determine if you need to install multiple servers in a particular location to meet the demand.
Choose Your RADIUS Servers and Finalize the Plan
The final step is choosing the type of RADIUS servers that you will deploy. If you have chosen an integrated server/proxy or integrated server/proxy to turnkey server strategy, you will choose multiple
