High availability and disaster recovery

To enable high availability (HA), set up a secondary RADIUS server installation with the same configuration as the primary. Both servers can run at the same time.

If the RADIUS client can be configured to use both a primary and a failover secondary RADIUS server, then use this configuration for HA. To distribute the load between the primary and secondary servers, alternate the primary and secondary configuration for each client.

If only the one RADIUS server can be configured into the client, then use a load balancer in front of the two RADIUS servers. However, multiple user datagram protocol (UDP) packets can be involved in a single user authentication sequence, and these packets must all flow to and from the same RADIUS server. Thus the load balancer must maintain session persistence between the RADIUS client and RADIUS server for the full authentication operation. The session persistence must be based on the RADIUS client IP address and port.