By Ryan Squires Posted February 21, 2019
IT organizations can leverage cloud RADIUS for dynamic VLAN steering to boost their network security. With more and more IT management tools making the move into the cloud, organizations are wise to look into the ones that can help boost their security posture. One of those capabilities introduced and adopted has been a RADIUS-as-a-Service solution, but now IT organizations can fortify their networks even more with dynamic VLAN assignment capabilities. The question is, how do you implement dynamic VLAN steering with cloud RADIUS?
From Wired to WiFi
The concept of VLAN assignments has been around for a while with 802.1x as well as wired networks and on-prem switches. As the network shifted to WiFi connections, IT admins are looking for many of the same capabilities that came by way of 802.1x albeit without all the wires. Luckily, WiFi providers do indeed have many of those capabilities, but implementing them is another story. The challenge revolves around the integration of the on-prem RADIUS instance with the on-prem directory service, endpoints (ensuring the correct supplicant), and wireless access points (WAPs). Historically, integrating all of those components together has amounted to a great deal of integration work and frustration.
Cloud RADIUS to the Rescue
To contrast, with a cloud RADIUS solution, many of these steps have been handed off to a SaaS RADIUS provider. It is one of the many services provided in the vein of the XaaS model. With the SaaS RADIUS service, there is no need to set up a FreeRADIUS server because a globally dispersed infrastructure is provided already. The on-board directory service is already seamlessly integrated with that RADIUS server. That means you do not need to to run your own identity provider and connect the RADIUS instance to it. So, with all of that integration work taken care of, we can get to dynamic VLAN steering capabilities. All IT admins have to do is simply specify which users or groups are to be placed in what specific VLANs.
Why Use Dynamic VLAN Steering?
The value of placing users in specific VLANs can be to increase security, address compliance requirements, or handle load balancing or quality of service needs. The fact that you can gain these benefits without having to do all the integration work typically associated with setting up a RADIUS server and all of its integrations signals a win-win scenario for both you and your network security. First, less integrations and upkeep means more time to work on more high-priority tasks. Second, increased security means that you gain peace of mind. Your users will likely never know the difference, but you will.
Integrate No More
One way that IT admins are getting this done is with JumpCloud® Directory-as-a-Service® (DaaS). JumpCloud is a comprehensive cloud-based directory dedicated to connecting people to the IT resources they require quickly and securely, regardless of platform, protocol, provider or location. One key component of DaaS is its RADIUS-as-a-Service capabilities. JumpCloud has RADIUS servers based around the globe, preconfigured and ready for you to use. Not only that, as a complete cloud directory, the IdP is built in and there is no need for supplicants on your endpoints. All you need to do is install the JumpCloud agent on your systems (a process that can be automated) and point your WAPs to the RADIUS-as-a-Service.
Learn More About JumpCloud
To learn more about how JumpCloud is connecting users to their IT resources regardless of platform, provider, protocol or location, feel free to sign up today for a JumpCloud account. When you sign up, you can test cloud RADIUS dynamic VLAN steering for yourself and manage up to 10 users free, forever. Additionally, you can check out our Knowledge Base, YouTube channel, or drop us a note for more information.