By Zach DeMeyer Posted June 7, 2019
Do you need a cloud RADIUS service within the Google Cloud Platform (GCP™)? For many situations, a RADIUS service is helpful for managing user access, especially to VPNs. With regard to a remote or global development team, using VPNs to access GCP makes a great deal of sense. So, with that in mind, is there an option for GCP cloud RADIUS?
While GCP doesn’t offer a SaaS RADIUS service directly, there is a next generation cloud identity management platform that offers RADIUS-as-a-Service. Admins can leverage it within GCP or anywhere else that may need RADIUS authentication, such as an on-prem WiFi network. But before we talk about that, let’s look at RADIUS as a whole.
RADIUS as a Whole
RADIUS (Remote Authentication Dial In User Service) has been used for several decades as an authentication protocol for network infrastructure, such as switches, routers, and VPNs. Unlike other forms of network authentication, RADIUS requires unique credentials (usually a username and password), instead of using a single shared access key. By doing so, RADIUS sharply increases network security, upping the barrier for entry and making it more difficult for bad actors to infiltrate the network.
In its early days, RADIUS was not as widely used by IT organizations, as implementing the protocol on wired networks was a difficult process rife with tedious maintenance tasks. With the shift of a good portion of the network to the cloud, that process has been dramatically reduced. Thanks to cloud infrastructure platforms such as GCP, AWS®, Azure®, and others, IT admins and DevOps engineers no longer need to really manage much of the network infrastructure on-prem, such as switches and routers.
But due to that, IT admins do now need to manage access to their servers and networks much tighter through VPNs and other mechanisms. Between VPNs and WiFi, the use of RADIUS has seen a resurgence, despite switching and routing infrastructure largely being managed by Infrastructure-as-a-Service (IaaS) providers.
Struggles with RADIUS
As we said earlier, the challenge for IT and DevOps organizations has often been the implementation process for RADIUS infrastructure. Generally, IT admins and DevOps engineers are required to stand-up a FreeRADIUS (or other similar) server and then connect that to the core identity provider, often Microsoft® Active Directory®.
On the other side, the various network devices that need authentication services have to be pointed to the RADIUS server using the proper protocol. While several of these devices can be managed by IaaS, all of this integration work still takes time and effort. It also ends up leaving an organization with a number of moving parts—where things can break.
RADIUS in the Cloud
In an ideal world, an organization would be able to avoid that work altogether and leverage a cloud-based RADIUS service rather than hosting the infrastructure on-prem. For those organizations leveraging GCP and requiring VPN access to it, a GCP-based RADIUS service might be helpful. Unfortunately, GCP doesn’t offer a hosted RADIUS service, but more critically, any virtual RADIUS service would need to support not only VPN access to GCP, but all the other network resources needing secure authentication.
The good news is that a SaaS-based RADIUS service is available that can not only support GCP VPNs and infrastructure, but also on-prem WiFi authentication as well. This RADIUS-as-a-Service leverages a global network of cloud-hosted FreeRADIUS servers, providing all the benefits with none of the work. In addition, the cloud RADIUS service is directly tied into a SaaS-delivered cloud identity provider, alleviating the need to direct the RADIUS service towards one on-prem.
This cloud RADIUS for GCP and more is available from JumpCloud Directory-as-a-Service®. Directory-as-a-Service is the first cloud directory service, leveraging RADIUS, LDAP, and SAML around a core identity provider to provide True Single Sign-On™ for end users and admins alike. That means that, with one set of credentials, users can access all of their IT resources, from systems and applications to networks and cloud IaaS, regardless of platform, protocol, provider, or location.
You can try all that Directory-as-a-Service has to offer absolutely free for your first ten users in the platform. Just sign up for JumpCloud to start managing your ten free users with full reign of the product. If you are solely interested in RADIUS-as-a-Service, consider checking out our a la carte pricing options after you sign up. Questions or comments? Contact us to learn more.