By Ryan Squires Posted July 23, 2019
Many IT admins and DevOps engineers considering how to manage their access to networking infrastructure will compare FreeRADIUS vs Cisco® ISE. While both solutions are technically RADIUS servers, each making use of the RADIUS protocol to connect user identities to networking infrastructure, they also serve very different purposes.
This blog will help to illuminate the differences between FreeRADIUS and Cisco ISE while providing the basis for if the comparison is an apt one or not.
In short, Cisco’s highly expensive Identity Services Engine (ISE) is effectively more of a policy engine that decides who should access the network through a variety of data points, and then executing on those through tight integration with Cisco networking gear. A portion of that process involves the on-board RADIUS server to pass authentications from systems and devices to a directory service.
Once users are on a Cisco ISE-controlled network, the biggest benefit to IT admins is network visibility. At a moment’s notice, an IT admin or DevOps engineer can see who is connected to the network, what sort of device they’re using (personal or work-issued), where they’re located, if the connection is wired or wireless, the types of applications that they are using and much more. All of this info is presented in a graphical user interface so admins just point and click to find out what is happening on their networks.
The major drawback to Cisco ISE has to do with price. Aside from cost, when you utilize the Cisco ISE platform you’re going to need to utilize a range of Cisco-based products, which could ultimately lead to vendor tie-in.
On the other hand, FreeRADIUS is an open source solution that is perhaps the most robust RADIUS server on the planet. Available for free, the solution only requires your time and technical expertise to implement. The focus of FreeRADIUS is not to decide access as a policy engine, but rather it is able to take inputs from other solutions, mainly an identity provider (IdP), to execute on access control.
FreeRADIUS will not provide the same level of network visibility as Cisco ISE, but it is so flexible that you can utilize a wide range of hardware and Linux®-based operating systems to run it on including Ubuntu®, Red Hat®, and Debian. That means you don’t need to purchase specialized hardware, and FreeRADIUS works with many different infrastructure providers outside of just Cisco. As such, flexibility is generally a trademark of open source software.
Some drawbacks of FreeRADIUS include the fact that it is often run through a command line, which may be a challenge for some IT admins. Further, while FreeRADIUS is open source and therefore may be free to use, there are costs associated with actually standing the server up. Add this to the overhead required for configuring it to work in your environment, and the costs can add up.
FreeRADIUS vs Cisco ISE Conclusion
In general, the comparison of FreeRADIUS vs Cisco ISE isn’t really an apt one because rarely will IT admins be forced to choose one over the other. However, both solutions rely on a core identity provider for input on whether a user should gain access, and in that case, JumpCloud® Directory-as-a-Service® can serve as a cloud-based solution to that problem.
JumpCloud provides a platform-neutral directory that can immediately slot into your environment and provide a painless way to provide core user identities to either your FreeRADIUS or Cisco ISE implementation. Plus, because it’s in the cloud and delivered “as-a-Service” you pay for only what you need—no more and no less.
And if you’re looking to go all cloud—with no on-prem hardware to set up, configure, and maintain—JumpCloud offers RADIUS-as-a-Service to help both secure your network and propel you into a cloud-based future. Plus, it’s already backended with a directory, so you can get to work right away adding users to your directory and connecting those identities to your networking gear via RADIUS.
Try JumpCloud Free Today
Sign up for a free JumpCloud account and evaluate the entire platform at no cost to you. Every free account comes with the ability to manage 10 users to see if the platform can work in your environment. If you have additional questions, feel free to contact a product expert or drop us a line.