By Greg Keller Posted December 14, 2015
RADIUS is a core protocol for managing network infrastructure. Over time, it has also become a useful part of managing users on WiFi networks. The challenge with RADIUS has been that it is difficult to implement, manage, and maintain. RADIUS is notoriously complex due to the variety of different authentication methods that need to be configured on devices. Recently, a new category of solutions, deemed RADIUS-as-a-Service, is outsourcing RADIUS.
First Use Case: RADIUS for WiFi Authentication
For many years, RADIUS has been leveraged within the network infrastructure portion of networks. Specifically, IT organizations leverage RADIUS to provide authentication services to switches, routers, storage equipment, VPNs, and sometimes even servers. More recently, RADIUS has become the protocol of choice for managing users on their WiFi networks. As organizations move to WiFi from wired networks, they must mitigate the greater security risk. Most WiFi networks are secured with an SSID and passphrase, and IT admins realize that those protocols offer relatively weak security. As a result, IT admins look to the RADIUS protocol as a way to connect the WiFi authentication process to the user’s credentials.
Setup Issues: RADIUS with Core Directory Services
The process of connecting RADIUS to the core directory services can be painful. In addition to configuring the WiFi access point to talk to the RADIUS server, an IT admin must connect the RADIUS infrastructure to the core identity provider. The last major step is to connect users to the WiFi network leveraging a supplicant. This process can be executed through policies, depending upon the operating systems in play within the network. The challenge is being able to set up all of these different steps, ensure high availability, and then, afterwards, maintain the entire infrastructure.
More Security & Control: Benefits of Outsourcing RADIUS
Another option is to outsource the RADIUS infrastructure. In combination with outsourcing directory services, IT admins find that there is very little work for them or the organization to do. WiFi access points are pointed to the cloud-based RADIUS server for authentication. User credentials are passed securely through to the cloud provider’s RADIUS infrastructure. If the RADIUS service is integrated with a Directory-as-a-Service platform, then those credentials are verified with the on-board user database. That process eliminates two core components of infrastructure that an IT organization needs to manage.
The benefits of outsourcing RADIUS are evident. Beyond implementation, maintenance, and management, the organization significantly steps up its security posture. No longer are users leveraging a shared set of WiFi credentials; rather, each user has unique access to the network that can be provisioned and deprovisioned at will and without impacting other users.
To learn more about how you can outsource your RADIUS infrastructure, drop us a note. We’d be happy to chat with you about how our next generation Identity-as-a-Service platform can do the heavy lifting for you with respect to RADIUS and your directory services. To try out our RADIUS-as-a-Service functionality, just set up a free account. The first 10 users are free.