By Ryan Squires Posted February 1, 2019
Does the IAM capability: VLAN assignment make any sense to you? Is the functionality of dynamically assigning users and devices to a specific VLAN an IAM capability, or is it more of a networking function? These are great questions, and with the changing IT landscape, it is clear that different IT areas are overlapping. The ability to access different parts of IT infrastructures, via a single set of credentials, makes the distinction moot.
The Trouble with Traditional VLAN Set Up
In the traditional sense, dynamic VLAN assignment has existed as solely a networking function. This is largely because it was so difficult to implement. Network admins needed to create VLANs and segments within their network through physical switches and routers.
Then, a FreeRADIUS server would be connected to the network, as well as the identity provider (IdP). This was most often an OpenLDAP server or Microsoft® Active Directory® instance. Effectively, the RADIUS server was a middleware translating authentication requests from the network to the identity provider and then, when authenticated, placing the user on the network segment they were assigned to.
Ultimately, this process, while a significant step-up in security, provided many pain points for IT admins to suffer through on their way to actually implementing it. But, once it was set up, IT admins had some peace of mind regarding their network security.
VLAN Assignment Today
Nowadays, WiFi equipment is making it easier to create network segments. Now, with the introduction of cloud RADIUS and hosted identity provider services, the function of dynamic VLAN assignment becomes much easier. Instead of having to gather and configure all of the components, (switches, routers, a freeRADIUS server, identity provider, and more) there is very little infrastructure that the IT organization needs to deploy, manage, and secure.
Instead, IT admins simply point their WiFi network to the cloud identity management infrastructure and assign users to the proper VLAN segments. Then, the Directory-as-a-Service® takes care of the rest.
Wait, Directory-as-a-Service® and VLAN Assignment?
So, why has VLAN assignment become an identity and access management capability? The short answer is that IT organizations are trying to completely centralize user access and control to systems, applications, files, and even networks.
Because identity security is the number one threat vector today, IAM solutions are integrating increasingly strong security features such as VLAN assignment, WiFi authentication via RADIUS, SSH key management, multi-factor authentication (MFA), and much more into a single platform. When all of these overlapping IT areas become centralized into a single platform, the differentiation between a networking capability and identity and access management becomes one and the same.
Furthermore, Directory-as-a-Service takes it one step further. Aside from all of these great IAM capabilities, when you employ JumpCloud you also get system management features rolled into the same console. So, security is enhanced two-fold. Once, at the user level with identity security functions. Second, with the ability to secure systems themselves with tools like full disk encryption (FDE), OS updates, and screen lock timeouts all able to be executed remotely via a cross-platform Policy or command.
Centralize Your IT Infrastructure Today
If you’re ready to put an end to cobbled together IAM strategies and get the IAM capability: VLAN assignment combined with other user access and system management features, contact us today. One of our product experts would be happy to talk to you about your specific needs. If you just want to try the platform out today, sign up for a free account. You can manage up to 10 users free with the full feature set of Directory-as-a-Service. Be sure to check out our Knowledge Base and YouTube channel for more.