By George Lattimore Posted April 26, 2019
With so much focus from Microsoft® to create Azure® Active Directory® services and variants, a common question is whether a cloud RADIUS as a service is currently being offered by Microsoft through Azure. The short answer is no. Unfortunately, Azure’s AD services do not include a hosted RADIUS solution, nor does it work easily for managing access to VPNs and on-prem WiFi networks.
IT admins can certainly build out their own RADIUS services by using a FreeRADIUS server or Microsoft NPS server within Azure, but is it really worth it? Building out RADIUS architecture and then using VPNs to connect to networking equipment (on-prem and elsewhere) with those self-managed RADIUS servers within Azure requires serious management and maintenance. While this path is technically possible, many IT admins are looking for a SaaS RADIUS offering that is more turnkey. Let’s explore the need for a cloud RADIUS solution and consider some practical alternatives to avoid having to stand-up your own Azure-based RADIUS infrastructure.
Modern Cyber Security Needs RADIUS
First of all, why has managing WiFi network access become such a hot topic around IT? In 2019, one survey found that 64% of SMBs claim to have suffered a cyber attack. Therefore, it should come as no surprise that cyber security is seen by 89% of organizations as one of the top five priorities for their organization.
As IT organizations push harder on locking down their VPN and WiFi network access, a RADIUS-based solution is often considered. Both VPN and WiFi equipment seem to work best with the RADIUS protocol to uniquely authenticate users to the network. While other protocols are also possible (namely LDAP), the networking heritage of the VPN as well as wireless access point (WAP) manufacturers push most organizations to leverage RADIUS when thinking about management efficiency and leveling up security.
So, how does RADIUS work? As shown below, the general architecture flows as follows: the networking equipment passes along authentication requests via the RADIUS protoocol to a RADIUS server which subsequently integrates with the core identity provider to validate user credentials. Assuming a positive authentication, the user is then granted access to the network.
Shifting to the Cloud for Practicality
For many WiFi and VPN networks, this often takes place on-prem. So, if a RADIUS server is needed, it’s usually placed there. With an eye towards shifting to the cloud, however, many IT organizations are looking for a cloud RADIUS solution that can do the heavy lifting offsite. Of course, in order to streamline, the cloud RADIUS solution would need to integrate seamlessly with on-prem and cloud-based networking equipment as well as an identity provider. Ideally, the identity provider (IdP) would also be hosted in the cloud so IT is free to shift more of their management tools to the cloud and simplify their processes.
Streamline with a Turnkey Alternative
The good news is that there is a cloud RADIUS offering that can offload the heavy lifting and integration required with RADIUS, as well as integrate with Azure to leverage those credentials for authentication to WiFi and VPN networks, for example. With multi-factor authentication (MFA) layered on top of these credentials, you can be sure your VPN network is secure. What’s more, this solution isn’t Microsoft-centric, so you can avoid vendor lock-in, and it still works cross-platform for Mac® and Linux®, as well as Windows® machines.
Ready to see how this cloud RADIUS solution can be integrated within your organization? Get started with JumpCloud® today at no cost. All the features are available and your first 10 users are on the house. If you’d like to just use RADIUS-as-a-Service as a single protocol, that option is provided as part of JumpCloud’s One Protocol offering on the Pricing Page. If you’re more interested in using RADIUS along with system management, the PRO protocol offering includes all the features and full support.