By Ryan Squires Posted August 22, 2018
What is the definition of RADIUS? Some may say the distance between the center of a circle and its perimeter. That is the correct answer in mathematics, but the capitalized letters probably indicated that this is an acronym. We’re not talking about math. In fact, it’s the IT definition we’re after. In IT, RADIUS is a networking protocol. Let’s go ahead and explore the definition of RADIUS.
RADIUS is an acronym for Remote Authentication Dial-In Service; it is a network connection protocol operating on port 1812 that enables end users’ ability to authorize and authenticate to to remote networks. This system ensures that a user with the correct credentials can “dial-in” (remember, this was all happening in the 1990s) to remote networks as well as routers, switches, and VPNs. In a modern use case scenario, RADIUS provides advanced security to WiFi networks since it requires unique credentials rather than shared SSID/password combinations.
RADIUS History, an Overview
RADIUS was developed as a part of the 1987 initiative of the National Science Foundation (NSF) to expand internet usage and ease of use to the general public. Expanding Internet usage would mean expanding NSF’s own network, NSFnet. Long story short, a non-profit named Merit won the contract to expand NSFnet.
Merit’s expertise was established by connecting university and college mainframes throughout the state of Michigan in the 90s. Merit started with three universities: the University of Michigan, Michigan State, and Wayne State. Users at the U of M were able to remotely dial-in to modems at Michigan State and Wayne State and vice versa. By 1990, Merit had connected most of the college and universities in Michigan by leveraging their own proprietary authentication protocol. But, because NSFnet’s network was based on the Internet Protocol (IP), Merit needed to update their dial-in authentication protocol to support it. This was done to maintain the functionality of allowing different universities to dial into their university counterpart’s modems (Interlink Networks).
So, Merit issued an RFI (request for information) and waited for responses to their needs and requirements. A lot of the companies and organizations that answered the RFI were unable to support Merit’s requirement for dial-in authentication across IP. That is, until Livingston Networks came along and submitted an early version of what would become RADIUS. Livingston Networks won the contract and RADIUS eventually expanded to allow authentication across dial-up, wireless, and mobile networks (Interlink Networks).
How does RADIUS Work?
RADIUS utilizes the client/server model in much the same way that LDAP authenticates and authorizes users to directory services. A user or client system seeks access to a network by submitting a request through a system directly connected to the network or a WiFi access point (WAP) to a RADIUS server for authentication. The RADIUS server, then usually coupled with a core directory service such as LDAP or Microsoft® Active Directory®, authenticates the credentials provided against what exists in the directory services database. The aforementioned process happens via a supplicant, which is basically a program that sits on the end user’s laptop or desktop and is tasked with creating login requests to a network. If the credentials match, the user or client system is granted access to the RADIUS-protected network. If not, a rejection notice is sent. The RADIUS server can also challenge for additional credentials in order to further increase security and manage identities.
RADIUS Today and in the Future
There is no doubt that RADIUS helps to ensure network security within an organization. But, given that RADIUS was introduced to the world of IT in 1987, RADIUS was and is an on-prem solution, which creates issues for cloud-forward companies. So what should RADIUS look like today?
First of all, a modern RADIUS solution should take advantage of the cloud. The cloud has matured to the point where it has proven its cost effectiveness and efficiency. That’s why 96% of IT organizations currently take advantage of the cloud (RightScale, 2018).
The next major factor is that RADIUS was primarily created to manage network infrastructure. But as IT networks shift to the cloud, there is less “network infrastructure” – i.e. routers, switches, and other networking gear – to manage. Often, an organization has simply outsourced their network infrastructure to AWS or GCP, so RADIUS isn’t as relevant to routers and switches, but is ideally suited to manage WiFi access points. Most modern WAPs are better suited for the RADIUS protocol as a means to control authentication to the WiFi network.
Additionally, IT organizations are interested in a SaaS delivery model where they just have to pay for using RADIUS remotely and no longer have to deal with configuring, maintaining, and securing a RADIUS server.
Lastly, IT organizations are also looking to create centralized identity management. They also want to provide their users with one set of credentials that they can use to access not only the WiFi network, but also their systems, on-prem and cloud servers (AWS®, GCP®), physical and virtual file servers (NAS appliances, Samba file servers, Dropbox™, etc.), and web applications (Salesforce®, Office 365™, Github, Slack, etc.). This is a tall order, but JumpCloud® Directory-as-a-Service® is serving it all on a silver platter in the cloud.
Redefining RADIUS with JumpCloud
So, the definition of RADIUS shifts as IT pivots to the cloud. You no longer need to configure, secure, and store a RADIUS server to get its benefits. With RADIUS-as-a-Service from JumpCloud, users will be able to access RADIUS-protected networks from any location there is an Internet connection. Because JumpCloud Directory-as-a-Service is a cloud-driven, platform agnostic solution, not only will users be able to access RADIUS, they’ll be able to access all of the IT resources they need with True Single Sign-On™ on any type of system they’re using— whether its Windows®, Mac®, or Linux® endpoints on-prem or off. Sign up today for a free account that is good for 10 users, forever. Beyond 10 users, we offer special reduced pricing for organizations that only need to use our RADIUS-as-a-Service feature. If you have any additional questions regarding the definition of RADIUS in today’s cloud-forward environment, drop us a line.