By Zach DeMeyer Posted November 24, 2019
Can you implement a RADIUS server without Active Directory® (AD) backending it? For a long time in IT, admins used the on-prem directory service as the source of user data for their RADIUS servers, ensuring their networks were as secure as possible. With the prevalence of the cloud in the IT landscape, however, on-prem server functions seem to be going out of style. So, the question becomes: how do you shift RADIUS to the cloud without AD backending it?
When compared to traditional methods, using RADIUS — or the Remote Access Dial-In User Service — allows organizations to tighten up their network security more thoroughly. Many organizations implement RADIUS to require a unique set of credentials to authenticate users to WiFi networks, which, when used in addition to just a shared WPA key, reduces the likelihood of a network breach.
RADIUS also enables the use of multi-factor authentication (MFA) on VPN connections. Although MFA is a more recent trend, securing VPNs was one of RADIUS’s core use cases.
Managing RADIUS Access through AD
In order to properly authenticate access, RADIUS requires a directory to compare relayed credentials against. Most RADIUS servers can authenticate against user credentials stored within it, but the process is made more secure by leveraging the core identity from a directory service. Given that AD has dominated the directory services scene since its inception, it made sense to pair it with RADIUS. Plus, historically, RADIUS servers are generally housed on-prem, which puts it directly in the range of the AD domain controller’s reach.
In fact, Microsoft® created its own RADIUS-like solution called Windows® NPS to provide RADIUS-like capabilities to the AD domain. For much of the early 21st century, IT admins equipped with Active Directory and NPS or a standalone RADIUS server, such as FreeRADIUS, could rest assured that they had tightly controlled network access.
The Cloud Changed Everything
Although they don’t have direct interactions with RADIUS, the host of cloud applications and infrastructure that has risen in prevalence in the modern IT landscape has changed the way RADIUS is viewed. In spite of their advancements in productivity and collaboration, these cloud-based resources have put a strain on AD-centric IT organizations.
Due to this, some organizations have started to rethink their directory service options. This decision ultimately trickles down to on-prem RADIUS servers as well.
After all, many server functions have been offloaded to the cloud (i.e. infrastructure/data centers in AWS®, Azure®, GCP™, etc.), so it’s natural to consider shifting RADIUS as well. Of course, simply hosting FreeRADIUS on a cloud server in AWS doesn’t preclude IT organizations from the work of managing, configuring, and updating their RADIUS implementations.
RADIUS Without Servers
Organizations looking to move their infrastructure to the cloud need a way to use RADIUS without Active Directory — or servers altogether. By implementing RADIUS integrated with a cloud directory service (and offered as-a-Service), IT organizations can reap much of the benefits of RADIUS authentication with barely any of the heavy lifting and legwork.
All of this and more are possible with JumpCloud® Directory-as-a-Service®. The first cloud directory service of its class, JumpCloud features baked-in RADIUS-as-a-Service, which leverages a global network of cloud-hosted FreeRADIUS servers to alleviate the burden of implementation from the shoulders of IT admins and network engineers. This includes the addition of RADIUS MFA for securing VPNs.
Beyond RADIUS-as-a-Service, JumpCloud is fully fledged with respect to user and system management, as well as authentication to applications and servers via SAML and LDAP. With JumpCloud, IT organizations can essentially replace their on-prem AD for a directory completely hosted in the cloud.
If you are interested in a RADIUS server without Active Directory, you can find one with JumpCloud. Simply contact us to learn more, or schedule a free, personalized demo to see the product in action.