Network Policy Server (Radius Server) Monitoring


Network Policy Server (Radius Server) - An Overview

Network Policy Server (NPS) is the Microsoft implementation of a Remote Authentication Dial-in User Service (RADIUS) server and proxy. As a RADIUS server, NPS performs authentication, authorization, and accounting for wireless, authenticating switch, and remote access dial-up and virtual private network (VPN) connections. NPS allows you to centrally configure and manage network access authentication, authorization, and accounting. Implementing an efficient tool for NPS monitoring will help to track performance and availability of the radius servers. NPS can be implemented as RADIUS Server or RADIUS Proxy or both.

RADIUS Server:

NPS performs centralized authentication, authorization, and accounting for wireless, authenticating switch, remote access dial-up and virtual private network (VPN) connections. When you use NPS as a RADIUS server, you configure network access servers, such as wireless access points and VPN servers, as RADIUS clients in NPS. You also configure network policies that NPS uses to authorize connection requests, and you can configure RADIUS accounting so that NPS logs accounting information to log files on the local hard disk or in a Microsoft SQL Server database.

RADIUS Proxy:

When you use NPS as a RADIUS proxy, you configure connection request policies that tell the NPS which connection requests to forward to other RADIUS servers and to which RADIUS servers you want to forward connection requests. You can also configure NPS to forward accounting data to be logged by one or more computers in a remote RADIUS server group.

Creating a new NPS Radius server monitor

Prerequisites for monitoring NPS Radius server metrics: Click here

Using the REST API to add a new NPS Radius server monitor: Click here

To create a new NPS Radius server monitor, follow the steps given below:
  1. Go to New Monitor and click on Add New Monitor link.
  2. Select Network Policy Server (Radius Server) under Services category.
  3. Enter the Display name of the monitor to be created.
  4. Enter the Hostname of the host where Network Policy Server runs.
  5. Choose the Roles that you want to monitor in the server. (Radius Server and Radius Proxy)
  6. Enter the credential details like user name and password for authentication, or select the required credentials from the Credential Manager list after enabling the Select from Credential list option.
  7. Select the Enable Kerberos Authentication checkbox if you want to monitor NPS Radius server through Kerberos authentication.
  8. Enter the polling interval time in minutes.
  9. If you are adding a new monitor from an Admin Server, select a Managed Server.
  10. Choose the Monitor Group from the combo box with which you want to associate NPS Radius server monitor (optional). You can choose multiple groups to associate your monitor.
  11. Click Add Monitor(s). This discovers NPS Radius server from the network and starts monitoring them.
Note: NPS Radius server monitor is supported only by Applications Manager installed in Windows OS and not in Linux.

Monitored Parameters

Go to the Monitors Category View by clicking the Monitors tab. Click on Network Policy Server (Radius Server) under the Services table. Displayed is the Network Policy Server (Radius Server) bulk configuration view distributed into three tabs:

  • Availability tab gives the Availability history for the past 24 hours or 30 days.
  • Performance tab gives the Health Status and events for the past 24 hours or 30 days.
  • List view tab enables you to perform bulk admin configurations.

On clicking a monitor from the list, you'll be taken to the NPS Radius server monitor dashboard. It has 3 tabs -

Performance Overview

Parameter Description
SYSTEM MONITORS
CPU Utilization Amount of CPU utilized by the NPS Radius server (in percentage).
Memory Utilization Amount of memory utilized by the NPS Radius server (in percentage).
POLICY ENGINE
Last Round Trip Time The time interval between the most recent request to the policy engine and its response (in ms).
Matched Remote Access Policies/sec The average number of remote access policies that have been matched per second.
Pending Requests The number of requests that have entered the policy engine but have not yet completed the process.
Network Interface
Name Name of the network interface.
Speed Speed of the network interface (in Mbps).
Input Traffic Rate at which data is received by the network interface (in Mbps).
Output Traffic Rate at which data is transmitted from the network interface (in Mbps).
Services
Display Name Name of the service. (Network Policy Server or Active Directory Domain Service)
Start Mode Indicates the start mode of the service.
State Indicates the status of the service.

Radius Server

Parameter Description
ACCOUNTING
Server - Accounting Requests/sec The average number of RADIUS Accounting-Requests received per second on the accounting port.
Server - Accounting Responses/sec The average number of RADIUS Accounting-Responses sent per second.
AUTHENTICATION
Server - Access Requests/sec The average number of RADIUS Access-Request packets sent per second.
Server - Access Challenges/sec The average number of RADIUS Access-Challenge packets sent per second.
Server - Access Accepts/sec The average number of RADIUS Access-Accept packets sent per second.
Server - Access Rejects/sec The average number of RADIUS Access-Reject packets sent per second.
ACCOUNTING FAILURES
Server Accounting - Bad Authenticators / Sec The average number of RADIUS packets per second that contain an invalid Message Authenticator attribute.
Server Accounting - Dropped Packets / Sec The average number of incoming packets per second that are silently discarded for a reason other than "malformed", "invalid Message Authenticator", or "unknown type".
Server Accounting - Invalid Requests / Sec The average number of RADIUS packets from unknown clients or remote RADIUS servers received per second.
Server Accounting - Malformed Packets / Sec The average number of packets containing malformed data received per second.
Server Accounting - Unknown Type / Sec The average number of unknown type (non-RADIUS) packets received per second.
AUTHENTICATION FAILURES
Server Authentication - Bad Authenticators / Sec The average number of RADIUS packets per second that contain an invalid Message Authenticator attribute.
Server Authentication - Dropped Packets / Sec The average number of incoming packets per second that are silently discarded for a reason other than "malformed", "invalid Message Authenticator", or "unknown type".
Server Authentication - Invalid Requests / Sec The average number of RADIUS packets from unknown clients or remote RADIUS servers received per second.
Server Authentication - Malformed Packets / Sec The average number of packets containing malformed data received per second.
Server Authentication - Unknown Type / Sec The average number of unknown type (non-RADIUS) packets received per second.

Radius Proxy

Parameter Description
ACCOUNTING
Proxy - Accounting Requests/sec The average number of RADIUS Accounting-Request packets sent per second to the accounting port.
Proxy - Accounting Responses/sec The average number of RADIUS Accounting-Response packets received per second on the accounting port.
AUTHENTICATION
Proxy - Access Requests/sec The average number of RADIUS Access-Request packets per second sent to this server.
Proxy - Access Challenges/sec The average number of RADIUS Access-Challenge packets per second received from this server.
Proxy - Access Accepts/sec The average number of RADIUS Access-Accept packets per second received from this server.
Proxy - Access Rejects/sec The average number of RADIUS Access-Reject packets per second received from this server.
ACCOUNTING FAILURES
Proxy Accounting - Bad Authenticators / Sec The average number of RADIUS packets per second that contain an invalid Message Authenticator attribute.
Proxy Accounting - Dropped Packets / Sec The average number of incoming packets per second that are silently discarded for a reason other than "malformed", "invalid Message Authenticator", or "unknown type".
Proxy Accounting - Invalid Addresses / Sec The average number of packets per second received from unknown addresses.
Proxy Accounting - Malformed Packets / Sec The average number of packets containing malformed data received per second.
Proxy Accounting - Request Timeouts / Sec The average number of request timeouts per second to this server.
Proxy Accounting - Retransmissions / Sec The average number of requests retransmitted per second to this server.
Proxy Accounting - Unknown Type / Sec The average number of unknown type (non-RADIUS) packets received per second.
AUTHENTICATION FAILURES
Proxy Authentication - Bad Authenticators / Sec The average number of RADIUS packets per second that contain an invalid Message Authenticator attribute.
Proxy Authentication - Dropped Packets / Sec The average number of incoming packets per second that are silently discarded for a reason other than "malformed", "invalid Message Authenticator", or "unknown type".
Proxy Authentication - Invalid Addresses / Sec The average number of packets per second received from unknown addresses.
Proxy Authentication - Malformed Packets / Sec The average number of packets containing malformed data received per second.
Proxy Authentication - Request Timeouts / Sec The average number of request timeouts per second to this server.
Proxy Authentication - Retransmissions / Sec The average number of requests retransmitted per second to this server.
Proxy Authentication - Unknown Type / Sec The average number of unknown type (non-RADIUS) packets received per second.