Can Defender Security Servers (DSS) be put behind an F5 load balancer using a VIP, with two DSS's in two different physical locations or using DNS round robin?
If not, is there any data on response times of Defender to configure an application to try one DSS then the other, if the first doesn't respond quickly enough?
You can put the Defender servers behind the load balancer, but Support does not have any documentation related to this.
With regards to response time, Support does not have any such data. Response time depends on the scenario involved, the environment, etc.
A normal case would be that a client is pointed to a particular Defender Security Server (DSS), and it (the DSS) communicates with Active Directory (AD). However, a Defender server will only not respond when the service is not running, or when there is some communication between the DSS and AD, or the DSS and the client.