By Ryan Squires Posted March 7, 2019
As network infrastructure becomes more complex, many IT admins and DevOps engineers wonder when to use a RADIUS server and when it doesn’t make sense to use one. In order to understand the use cases of RADIUS, we should take a step back and get a grasp on how IT networks have evolved over time.
RADIUS Server and Dial-Up
The concept of RADIUS first appeared with dial-up networks a long time ago. RADIUS was what authenticated, authorized, and accounted for user access to networks. The protocol was often used by ISPs to enable access to the internet when modems and dialing in was still relevant. In fact, RADIUS was even in use before the idea behind Microsoft® Active Directory® came to pass in the 1990s.
Microsoft Active Directory and the Domain Controller
In those early years following the introduction of Active Directory, a key concept began to take shape. That concept was the domain controller and its role in controlling access to Windows-based IT resources. As Active Directory took off and found a home in more enterprises, the architecture behind networks became clear. A user logged into their Windows machine, when inside the network, and would immediately be granted access to their Windows-based IT resources. In these early days, VPNs were introduced for remote workers and when attached to the network, those workers authenticated against AD. It comes full circle when you realize that often, VPNs were backended by RADIUS to provide authentication to that layer and then enable AD authentication.
How RADIUS Was Used
Over time, RADIUS found its niche as the protocol, or translation layer, from networking equipment such as VPNs, routers, switches, and more to the core identity provider (IdP) within an organization, often Active Directory. The reason Active Directory served as the IdP in most organizations was that IT networks were generally on-prem and Windows-centric. Stemming from the fact that IT networks were on-prem, there was really one path for remote workers into the network—VPN. As a result, the RADIUS server was largely limited with regard to the benefits it provided organizations.
RADIUS Benefits Expand with WiFi and Cloud
That all started to change with the introduction of WiFi and the cloud. As networking infrastructure shifted and users became more mobile, different approaches to the authentication process started to necessitate change. While WiFi environments could be authenticated with a shared SSID and passphrase, IT admins realized that simply wasn’t secure enough. At the same time, more mobile users made VPNs much more popular, which embedded RADIUS servers further into the mix.
Then, as data centers and wireless network infrastructure continued to become more popular, the idea of user authentication for these IT resources was important to address. Further, with new security models such as Zero Trust Security appearing, RADIUS server implementations have increased dramatically. Additionally, new innovations including RADIUS-as-a-Service solutions appeared on the market and effectively turned RADIUS implementation into a turnkey task. These cloud RADIUS platforms simply require a VPN, WiFi access point, or other networking solution to point their authentication path to the RADIUS endpoint. Then, the SaaS RADIUS provider handles the rest of the integration and management work.
Utilize RADIUS-as-a-Service Without an On-Prem Server
For many IT organizations, a cloud RADIUS service can help them dramatically step up their network security without the heavy lifting of learning and implementing on-prem FreeRADIUS servers. But, does it come as a standalone service or how can IT organizations deploy it? A key component of JumpCloud® Directory-as-a-Service® (DaaS) is RADIUS-as-a-Service. Because DaaS backends the RADIUS component, implementation, integration, and ultimately network security are each easily achievable via the hosted RADIUS service. And because RADIUS-as-a-Service is a part of DaaS, you get identity management, G Suite™ / O365™ integration, system management via GPO-like Policies, LDAP-as-a-Service, single sign-on, and much more all rolled into one cloud-based, comprehensive directory service.
If you’re ready to try it out for yourself, sign up today for a JumpCloud account. It’s free, requires no credit card, and enables you to manage up to 10 users with the full breadth of the Directory-as-a-Service product. Feel free to peruse our Knowledge Base or contact a product expert for more information on how to help you get RADIUS-as-a-Service set up and functional today.