By Vince Lujan Posted May 25, 2018
A cloud-based RADIUS server would certainly help IT secure wireless networks. The trouble is that RADIUS servers have historically been on-prem implementations that are typically adjunct to an on-prem directory services database and infrastructure. Fortunately, there are next generation cloud identity management platforms available that offer RADIUS authentication as a cloud-based service. We’ll discuss one such solution in this blog post, but let’s start with the basics.
What is RADIUS?
RADIUS is a networking protocol that serves to authenticate and authorize user access to remote networks. The RADIUS protocol follows the client/server model. In this case, the client is any RADIUS-enabled device attempting to connect to a RADIUS protected network and the server is the RADIUS server. RADIUS servers are typically adjunct to a directory services database, otherwise known as the core identity provider. This enables RADIUS servers to leverage the core identity provider as the source of truth for authenticating user access to RADIUS protected networks. The idea behind RADIUS authentication is to leverage core user identities to authenticate and authorize user access to a remote network. The key advantage is that network access can be administered on an individual basis from a core identity provider platform via RADIUS servers that are coupled with an associated directory database.
How does RADIUS work?
At a high level, RADIUS works by routing user requests for network access from a client to a dedicated RADIUS server for authentication. As a user attempts to access a RADIUS protected network from a device such as a laptop, desktop, or other RADIUS-enabled device, they are challenged to provide their unique user credentials. These credentials generally come in the form of the username and password that are associated with their core user identity, which is stored in the core directory database. Upon submission, the user credentials and a request for network access are routed from the client to a RADIUS-enabled WAP or switch via a supplicant – a program responsible for sending network access requests to wireless networks – which is then forwarded to a RADIUS server for authentication. Once received, the RADIUS server authenticates the user credentials against the core directory database acting as the source of truth for user identities. If the user submission matches the credentials associated with their core user identity, the RADIUS server authorizes the network connection to the client. If not, the RADIUS server returns a notice that the user request for network access has been rejected and the client cannot connect to the RADIUS protected network.
The Future of RADIUS
The RADIUS approach to network access management has certainly proven to be effective. However, the challenge with implementing RADIUS in modern IT organizations is that RADIUS servers have historically been on-prem implementations that are tightly integrated with on-prem identity management platforms such as Microsoft® Active Directory® (AD). In fact, AD offers its own ancillary RADIUS functionality as part of the platform. However, modern IT organizations are moving away from this antiquated approach to identity management in favor of comprehensive cloud alternatives. Yet, without anything on-prem, how do you continue to provide secure RADIUS authentication for wireless networks? Easy – leverage a next generation cloud directory that offers its own ancillary RADIUS capabilities as a cloud-based service. In other words, leverage JumpCloud® Directory-as-a-Service®.
RADIUS-as-a-Service with JumpCloud
JumpCloud Directory-as-a-Service is a comprehensive cloud-based directory services platform with the power to securely manage and connect users to systems, applications, files, and specifically for the purposes of this blog post, networks via RADIUS. In fact, the JumpCloud platform can provide centralized identity and access management capabilities for just about any IT resource from the cloud. This is because Directory-as-a-Service has taken a cross-platform, vendor neutral, protocol driven approach to managing modern networks. As a result, IT admins can leverage core user identities to manage access to IT resources throughout the network and without anything on-prem. These are a few of the reasons why we like to think of JumpCloud Directory-as-a-Service as the One Directory To Rule Them All®.
Sign up for a free account or schedule a demo to see a cloud-based RADIUS server in action. In fact, you can explore the full functionality of our comprehensive cloud directory at no cost, and we’ll even throw in 10 free users to help you get started. Of course, don’t hesitate to contact the JumpCloud team if you have any questions.