By Zach DeMeyer Posted January 13, 2020
How do you create a cloud-based RADIUS server? Although traditionally housed on-prem, a RADIUS server in the cloud removes heaps of work from an IT admin’s schedule. Let’s walk through the reasons why an organization would want RADIUS in the first place, and then how to create a cloud-based RADIUS server.
RADIUS, or Remote Access Dial-In User Service, is a protocol used to gate access to wireless networks. It requires a set of unique credentials for authentication instead of the shared password of WPA security. When in play, a RADIUS server communicates directly with a user directory — such as an identity provider (IdP) — to authorize network access against user identities stored there. Because it requires both a username and a password for network access, RADIUS makes networks more difficult to compromise than those that only use a shared WPA key.
IT admins can also use Virtual Local Area Networks (VLANs) through RADIUS reply attributes to segment network access. Doing so allows admins to control their networks more tightly, limiting access to certain sections based on role, status, or department. This VLAN segmentation is beneficial for building a zero-trust security environment. Beyond that, IT organizations can leverage RADIUS to implement two-factor authentication (2FA), which is critical for securing VPN access.
Why Cloud RADIUS?
Traditionally, RADIUS has existed on-prem, hosted on local servers and maintained by IT admins. Like many other on-prem implementations, RADIUS requires technically intensive configuration and continual management to function properly. In the event that the core server has an outage, on-prem RADIUS also requires supplementary failover servers for redundancy.
In the modern era, many functions previously on-prem, such as development infrastructure and file storage, have been offloaded to the cloud. These resources, now offered as-a-Service, can be accessed from anywhere, and alleviate the burden of implementation. So, given the amount of on-prem infrastructure already sent cloudward, it makes sense RADIUS should follow.
How to Create a Cloud-Based RADIUS Server
Thankfully, there are a couple options for organizations looking to shift their RADIUS infrastructure.
Host a FreeRADIUS Instance Using Cloud Infrastructure
The first option is to stand up the open-source solution, FreeRADIUS, within an Infrastructure-as-a-Service (IaaS) solution. There are, of course, other RADIUS server options, but only a handful of them are free. Regardless, organizations opting for this method will still have to pay for their IaaS usage and their time.
Although this method technically creates a cloud-based RADIUS server, it still features some drawbacks reminiscent of hosting RADIUS on-prem. For starters, IT admins still have to go through the pain of implementation, configuration, and maintenance of the RADIUS instance itself. Doing so in the cloud requires additional expertise when dealing with availability and server failover.
Beyond that, there’s the issue of the IdP. As aforementioned, RADIUS servers require a connection to an IdP in order to authenticate a user’s network access against their core credentials. Many RADIUS servers feature an on-board user directory for this purpose, but the majority of organizations rely on their on-prem directory services to do so.
Unfortunately, on-prem directory services historically struggle to extend their identities to the cloud. So, although this method does technically create a cloud-based RADIUS server, it can end up being more trouble than it’s worth.
Another option for organizations looking for cloud RADIUS is RADIUS-as-a-Service, which uses a global network of pre-implemented RADIUS servers hosted in the cloud. IT organizations can then point their wireless access points (WAPs) and VPNs to it and begin authenticating network access in an instant.
This RADIUS-as-a-Service feature is available in tandem with a cloud Directory-as-a-Service, which reimagines on-prem directory services for modern IT organizations. The integration of these two means admins can leverage RADIUS while avoiding the hassle of implementing RADIUS servers and tying them into identity management infrastructure.
Beyond RADIUS, organizations can leverage Directory-as-a-Service to unify their end users’ resource access, including systems, networks, applications, and more, with a single set of credentials for all resources. That way, organizations can completely offload their identity management needs to the cloud.
If you’re interested in implementing a cloud-based RADIUS server through RADIUS-as-a-Service, please contact us or schedule a free demo. We’d be happy to walk you through how you can offload your identity management to the cloud.