By Ryan Squires Posted February 18, 2019
FreeRADIUS is the leading RADIUS server and has been for quite some time. As an open source solution, it has been incredibly well received for multiple decades now. Part of that recognition stems from the fact that FreeRADIUS has been critical to IT networks while maintaining its functionality in the face of father time. That functionality does not come without hardship, however. A FreeRADIUS server is difficult to set up. For that reason, IT admins are asking whether there is a FreeRADIUS as a service solution that offloads the heavy lifting of implementing it to the cloud or a third party.
Benefits of FreeRADIUS
Recently, RADIUS implementations have become more popular because they provide the ability for IT organizations and MSPs to lock down their WiFi networks and VPNs. FreeRADIUS enables IT admins the ability to toss out shared SSID and passphrase combinations only for WiFi and instead require each of their users to log in with their own unique set of credentials. Essentially, this ties wireless authentication to the core identity provider (IdP) (generally OpenLDAP™ or Microsoft® Active Directory®). Another ability that comes by way of this pairing has to do with VLANs. When IdPs, FreeRADIUS, and networking infrastructure tools are set up correctly, IT admins gain the ability to place users in separate virtual local area networks (VLANs). Both tasks dramatically step up security for WiFi networks.
Challenges and Results of Traditional FreeRADIUS
Traditionally, the ability to lock down a WiFi network requires a number of moving parts and pieces including, of course, FreeRADIUS. But, it wasn’t just the implementation of FreeRADIUS that provided pain points. It was the fact that WiFi access points need to integrate with FreeRADIUS, which in turn needed to integrate with the identity provider. Of course, then comes the issue of endpoints. Laptops and desktops needed to be configured properly with a supplicant in order to ensure they’re using the correct RADIUS protocol. All of this required a number of integration points, which created extra work, not to mention the risk of failures or potential outages.
Stemming from the pain of actually implementing FreeRADIUS to lock down WiFi authentication, many IT organizations opted to forgo the security benefits in favor of simplicity. While not a great trade-off, the justification for doing so was avoiding the tremendous overhead that the FreeRADIUS infrastructure would put on the IT team. That said, ideally, there would be a way for IT organizations to offload the heavy lifting of the RADIUS infrastructure while gaining the benefits of increased control and security.
For organizations that don’t want to risk security, but also don’t want to manage the overhead of a FreeRADIUS server on-prem, there is a FreeRADIUS-as-a-Service platform they can leverage. Called Directory-as-a-Service®, this cloud-based directory service includes a virtual RADIUS infrastructure that IT organizations can simply point to and use. Plus, it’s already backended with the identity provider. There is no set up, configuration, integration, or maintenance overhead for the IT team to contend with. Plus, Directory-as-a-Service enables IT admins to segment their networks into VLANs on a per user or group basis. When networks are segmented, only users who have been explicitly granted access to a specific network portion can utilize it. Security goes up, and risk decreases.
Try Directory-as-a-Service® Today
If you’re ready to utilize the security aspect of FreeRADIUS without all the configuration, sign up today for a free JumpCloud account. There is no risk to you, and you can manage up to 10 users for free, forever. If you’d like to discuss further options, please contact us. Feel free to visit Knowledge Base and YouTube channel for more information.