By Rajat Bhargava Posted November 22, 2016
Protecting your WiFi network is becoming ever more critical. WiFi is now the most common network platform within organizations. There is little reason to implement wired networks given the WiFi technology available today. The method that IT admins are using to lock down their WiFi networks is to leverage RADIUS.
This raises a question, though, regarding what identities to use in cloud-forward environments. With Directory-as-a-Service®, IT organizations can leverage G Suite identities for their cloud RADIUS implementation.
G Suite Identities are Not an Active Directory Replacement
While IT admins would love to be able to use their G Suite identities as their replacement to Active Directory, that’s not how Google has created G Suite (formerly known as Google Apps). G Suite is a replacement for Microsoft Exchange, Windows file server, and Office. While G Suite directory is a local user management platform, it is not an alternative to Active Directory. In fact, that is why so many organizations integrate Directory-as-a-Service with G Suite as a replacement to Microsoft’s Exchange and Active Directory duo.
WiFi Authentication and The RADIUS Server
The interesting benefit for IT admins is the ability to leverage a cloud RADIUS implementation to secure their WiFi infrastructure. Most WiFi implementations are secured with a passphrase. Unfortunately, the security of that implementation is suspect, so IT admins look for a significant improvement. The best practice method to secure WiFi is to tie authentication to the wireless network with their core credentials stored in the directory server. The method to accomplish this is to leverage a RADIUS server. The laptop and WiFi access point pass the user’s unique credentials to the RADIUS server, which checks with the directory service to see if the person should be allowed on the network or not. As a result, this ensures that every person accessing the wireless network should be allowed access.
The challenge with this approach is that it is time consuming to implement and manage. Not only is it a painful process to build and maintain your own RADIUS server, but it also takes a lot of time to ensure that all of the connections work properly.
Leverage G Suite Identities for Cloud RADIUS
Directory-as-a-Service solves a number of the issues by leveraging G Suite identities for cloud RADIUS. First, all of the users are stored in the cloud directory. That virtual identity provider can be configured to store the same credentials as those used with G Suite. Subsequently, those credentials can then be the same credentials used to access a user’s laptop or desktop, cloud servers hosted at AWS, on-prem or cloud applications, and, in this case, for the cloud RADIUS implementation. The second part of the process that Directory-as-a-Service simplifies is that it provides a cloud-hosted RADIUS server. The WiFi access point can simply be pointed to the virtual RADIUS server rather than forcing the IT admin to implement their own. The third benefit is that end user devices don’t need reconfiguration. The cloud RADIUS service supports PEAP authentication, which doesn’t require reconfiguration of the devices.
Try the Virtual RADIUS Functionality from JumpCloud®
Leveraging G Suite identities for cloud RADIUS can simplify your end user experience while increasing security on your WiFi network. If you would like to learn more about how to implement a RADIUS-as-a-Service solution, drop us a note. Also, please sign up for a free account to try our virtual RADIUS functionality yourself. Your first 10 users are free forever.