Log InYour network can go down for really simple reasons.
A junior system admin might inadvertently type the wrong thing into a command line, or a minor upgrade can break some obscure dependency between libraries resulting in a cascading set of errors that bring the network down. When your infrastructure stops working, (and it will, you just don’t know when), it is critical to fix it quickly.
Fortunately, there is a very easy, simple, and cheap way to design your infrastructure in anticipation of possible catastrophe. In fact, it’s easier, simpler, and cheaper than the alternatives!
Put your RADIUS server in a VM (Virtual Machine)
The simple step of running your RADIUS server inside of a VM means that when your network goes down due to broken configuration, you can get it up and running again in the time it takes to get a coffee. Simply restore from a backup, and everything will be OK.
One of the most common scenarios where networks fail is after a system upgrade. Tracking down the source of the problems and finding a fix can take hours, or even days. In the meantime, nobody can get onto your network.
If you have taken the precaution of running your RADIUS server in a virtual machine, all you have to do is take a snapshot of it before doing the upgrade. If your system stops working afterwards, you don’t need to spend time tracking down the issue. All you have to do is revert back to the snapshot you saved 10 minutes ago, and go for a coffee. When you come back, your system will be up and running again.
A VM is your cheapest insurance policy
The peace of mind of knowing you can quickly recover from errors is incredibly cheap.
Virtual Machine software is inexpensive. An external USB drive with a Terabyte of storage costs around $100. For all intents and purposes, this is essentially free, when compared to the cost of a network outage. Network outages can cost hours of your time. Network outages can have a huge impact on your customers.
What is the cost to your business and reputation if your network is down for hours or days? What is the cost of hiring network experts at emergency rates? If those costs are larger than the cost of a USB drive, then you should buy another drive, and use it for backups.
We can think of literally no reason avoid using a VM for your RADIUS infrastructure.
RADIUS and VM best practices
Putting your RADIUS server on a virtual machine is the first step. We also recommend some simple best practices to make sure you are leveraging this strategy in the most effective way.
1) Don’t put anything else on the same VM. The more you put on the same VM as your RADIUS server, the greater the odds are that obscure dependencies, will impact system resources. In short, all the benefits described above apply less and less, the more you add to the VM.
2) Resource your RADIUS VM adequately. Your RADIUS server is part of your critical infrastructure and it should be given lots of disk space and CPU. We recommend allocating enough CPU to your RADIUS VM so that it is using 5-10%CPU most of the time. This gives it a sufficient buffer to accommodate sudden surges in demand.
3) Resource the hardware adequately. A VM won’t help if the underlying physical hardware is overloaded. Ensure that the physical machine which is hosting the VM is also treated as critical. This means ensuring that not much else uses it, and that it always has plenty of CPU, memory, disk space, and network bandwidth. Anything that starves the physical machine of resources will starve the RADIUS VM.
4) Take snapshots of your VM regularly. At a bare minimum, we recommend taking a snapshot before performing any upgrades or any kind of system maintenance. It is also a wise policy to also take snapshots at regular intervals. In general, once a month is sufficient.
5) Keep the VM snapshots “off box”. The VM snapshots should not be on the same physical hardware as the VM, otherwise you don’t actually have backups. The snapshots should be copied to another machine, maybe even to another data centre. Disk space is cheap compare to a catastrophic network outage.
Need more help?
Network RADIUS has been helping clients around the world design and deploy their RADIUS infrastructure for 20 years. We specialize in complex systems and have seen pretty much every variation and problem out there. If you want help from the people who wrote FreeRADIUS, contact us for a consultation.
