RADIUS servers enable IT to administer user access to networks on an individual basis. Yet, historically, they have also been on-prem implementations that are typically coupled with a separate on-prem identity management infrastructure. While effective, this approach can be difficult to achieve, especially for smaller or cloud-forward IT organizations. The good news is that a next-generation cloud directory has emerged that can setup a RADIUS server in the cloud with ease. Why is this alternative approach significant? This blog post explains, but first, let’s take a look at traditional RADIUS servers from a high level.
What is a RADIUS Server and How Does It Work?
RADIUS servers are responsible for securely authenticating and authorizing user access to remote networks. The RADIUS protocol follows the client/server model. In this scenario, the client is generally a user system or a wireless access point that is attempting to connect to a RADIUS protected network and the server is, of course, the RADIUS server.
How does RADIUS work? RADIUS servers are typically coupled with a separate directory services database (a.k.a., an identity provider), which is usually at the core of an organization’s identity management infrastructure. This enables RADIUS servers to leverage the core user identities stored within the associated directory database as the source of truth for authenticating user identities. When a user attempts to remotely access a RADIUS protected network, they are challenged to submit their unique credentials (usually a username and password) that are associated with their core user identity. Once submitted, the user credentials and a request for network access are routed from the client to the RADIUS server via a supplicant – a program tasked with routing login requests to wireless networks. Essentially, network access requests and user credentials are sent from the client to a RADIUS-enabled networking device (e.g. a WAP or switch), which then forwards the user information to the RADIUS server for authentication. Once received, the RADIUS server subsequently authenticates the user credentials against the associated directory services database. Essentially, if the credentials submitted by the user at the beginning of the authentication process match the core user credentials stored in the associated directory database, the request for network access is authenticated and the RADIUS server authorizes the network connection. If the credentials do not match, the RADIUS server rejects the user request for network access, which returns a rejection notice to the client resulting in the user being unable to connect to the RADIUS protected network.
The main concept behind RADIUS authentication is that each user leverages their core user identity to gain access to the RADIUS protected network. This approach enables IT to administer access to RADIUS protected networks on an individual basis from one centralized location (i.e., the core identity provider). In doing so, access to the network is far more secure compared to sharing credentials across a given user base, for example. In an age when massive amounts of data are lost or stolen every day from unsecured networks, anything that IT can do to secure networks should be a priority. So, it’s easy to see why RADIUS servers have drawn so much attention.
How to Setup a RADIUS Server
As previously mentioned, RADIUS servers have traditionally been on-prem implementations that are separate but tightly integrated with existing on-prem identity management infrastructure. This means admins generally require at least one additional server that is dedicated to RADIUS authentication, and a variety of RADIUS-enabled networking devices and systems – all of which must be integrated into their overall identity management infrastructure. Of course, therein lies the challenge for modern IT admins attempting to implement RADIUS, especially for those in smaller or cloud-forward organizations. The last thing they want to do is implement and maintain costly and complicated on-prem infrastructure. On the other hand, RADIUS authentication is one of the most secure means of network access management. What are IT admins to do?
Fortunately, a next-generation cloud identity management solution has recently come to market that can setup a RADIUS server in the cloud with ease. This solution is called JumpCloud® Directory-as-a-Service®, and it not only offers the functionality of a RADIUS server in the cloud, but it can also securely manage and connect users to virtually any IT resource regardless of the platform, provider, protocol, or location. With JumpCloud Directory-as-a-Service, IT can leverage a single cloud identity management platform that can manage all of the IT resources in a given environment, including systems, applications, files, and – in this case – networks via RADIUS without anything on-prem.
Learn More About Cloud RADIUS Servers
Sign up for a free account or schedule a demo to see a RADIUS server in the cloud in action. We offer 10 free users to help you discover all of the advantages of the JumpCloud platform before you pay a dime. You can also contact the JumpCloud team to answer any questions, or check out the following video for the three best practices for WiFi security.