The Emergence of Cloud RADIUS

Written by Rajat Bhargava on June 27, 2016

Share This Article

RADIUS is an important protocol for managing users who are connected to a network infrastructure. The protocol was introduced in 1991 and gained significant traction with network ops community in order to help them manage their switches, routers, and other networking equipment.

WiFi: The Evolution of RADIUS

As switches became less important with the advent of WiFi and wireless access points (WAPs), those same manufacturers and IT admins leveraged RADIUS to manage the new generation of networking technology – WAPs.

RADIUS began to serve as a core protocol that could help bridge user access from a networking device such as a WAP to the core directory service or identity provider. Historically, this required an on-prem RADIUS server which connected the two other systems together.

The Cloud: The Next Evolution of RADIUS

Today, a new generation of technology has emerged that harness the cloud to make RADIUS more efficient and powerful. Cloud RADIUS solutions are eliminating the hassle of the RADIUS implementation, but still retaining the benefits for IT organizations.

Below are a few of the key benefits of leveraging a cloud RADIUS solution along with a Directory-as-a-Service® platform.

Uniquely authenticate users to your network – 

In the days of wired networks, you were able to manage one-to-one authentication. You knew exactly where a person was sitting based on the Ethernet drop that they were using and the switch port that they were connected to.

With WiFi, they could be anywhere. If there is general access, it is far more difficult to uniquely authenticate users to your network.

This is all bundled in with the concept of the domain, but  the domain has been dying along with Microsoft Active Directory. The on-prem directory service is being replaced with the concept of cloud Identity-as-a-Service platforms such as Directory-as-a-Service®.

Stop the hassle of changing SSIDs and passphrases – 

Every time you on-board or off-board a person, that’s a change. Those changes then cause you to make changes to your systems.

In the case of off-boarding, that person has access to your WiFi network. Their computer has stored the SSID and passphrase to log on to the network. Whether you have critical applications, systems, or data on the internal network or not, that’s a security risk.

Anybody on the network has an opportunity to see packets are flowing within the network. And, remember, if a person has access to your WiFi network, that doesn’t mean that they have to be within your four walls to get connectivity. They could be sitting in the parking lot or the office next door and sniffing the network.

This is the reason that you off-board and historically that process required a change in the passphrase. That meant sending out an email to the entire staff and having them update their passphrase. While not complicated, it is a hassle and completely unnecessary when you can leverage a RADIUS-as-a-Service solution to manage one-to-one access via your cloud directory service.

Dramatically increase security – 

One of the weakest points in any network is the WiFi connection. While the benefits of WiFi are dramatic (with increased flexibility and productivity being at the top of the list), security has historically been one of the weaknesses of WiFi.

WPA and WEP encryption are widely viewed as weak and hackable. With the trend towards WiFi because of its flexibility and cost-effectiveness, the challenge for IT admins has been how to secure that vector of attack. Connecting the WiFi network to the directory service is one of the best ways to increase security and the way to do that easily is a cloud RADIUS implementation.

Eliminate managing FreeRADIUS – 

Historically, to leverage RADIUS functionality IT organizations needed to implement a RADIUS server. The most popular RADIUS server is the open source FreeRADIUS implementation.

The challenge with FreeRADIUS is the same as most open source – it takes time, you need to be knowledgeable, and it is generally hosted on-premises. That’s time and effort managing something that could be outsourced to a cloud RADIUS solution.

No on-prem equipment – 

One of the beauties of a cloud RADIUS solution is that there is no on-prem equipment. No RADIUS server on-premises and no directory service. Everything is hosted in the cloud and managed remotely. The only piece of equipment on-prem is your WAP.

Office moves, changes, integrations, and other physical changes are a snap with the cloud – there is little to move and change physically because it is all hosted in the cloud. Move your WAPs and your office is back in business.

Upgrade to Cloud RADIUS

If you would like to learn more about how a cloud RADIUS solution and support your organizations, drop us a note. Or, feel free to give JumpCloud’s RADIUS-as-a-Service platform a try. We think you’ll enjoy some of the key benefits that we outlined above.

Continue Learning with our Newsletter