Virtual FreeRADIUS

By Rajat Bhargava Posted February 18, 2016

As more organizations shift their infrastructure to the cloud, IT admins are looking for ways to shift their on-prem solutions, too. Historically, one solution has lived on-prem: the RADIUS server. RADIUS is leveraged to manage user authentication and authorization to network infrastructure equipment. RADIUS was first introduced in the early 1990s and gained some popularity with ISPs (Internet Service Providers). The open source FreeRADIUS solution is a well-known standard within the community. For IT organizations, the real challenge lies in how to shift to a virtual FreeRADIUS implementation.

Challenges of Moving to Virtual FreeRadius

To make matters worse, that challenge is actually two-fold: shifting the implementation to the cloud and then running it as a SaaS-based service. Generally, FreeRADIUS implementations are behind the firewall or within a private network. That makes securing the RADIUS server far more straightforward, since the network architecture can provide some significant protection to the service. As the RADIUS implementation moves to the cloud, it may require more security measures. RADIUS-as-a-Service platforms have hardened the service and ensured that those endpoints that are connecting to the virtual FreeRADIUS service have been properly authenticated and have the ability to communicate with the service.

Directory-as-a-Service®: The FreeRadius Management Remedy

The issue of outsourcing the FreeRADIUS management can be resolved by leveraging a Directory-as-a-Service platform. The concept of DaaS is to securely connect users to the IT resources, including systems, applications, or networks, that those users need. The cloud directory service is meant to be provider and platform independent, so IT organizations can leverage the best IT resources for their organization. That means that Windows, Mac, and Linux devices are all treated as first-class citizens. A user will be able to single sign-on into an application whether it is located in the cloud or on-prem. For WiFi networks, this platform is incredibly helpful.

Transport to the Cloud With Ease via DaaS

Directory-as-a-Service effectively does the heavy lifting of implementing WiFi authentication with your directory service. In order to step-up your WiFi security by authenticating each of your users, you’ll need to connect your WiFi access points to your RADIUS infrastructure before RADIUS connects to the core user directory. With a SaaS-based directory service, the components are taken care of for you. A virtual FreeRADIUS endpoint is available for your user, and the on-board virtual directory service is integrated, so the components already talk to each other. There is no integration work necessary from the IT organization.

If you are intent on stepping up your WiFi security through the use of RADIUS and a directory service, take a look at our RADIUS-as-a-Service functionality. Drop us a note to learn how the integrated virtual FreeRADIUS server could save you a tremendous amount of work.

Rajat Bhargava

Rajat Bhargava is co-founder and CEO of JumpCloud, the first Directory-as-a-Service (DaaS). JumpCloud securely connects and manages employees, their devices and IT applications. An MIT graduate with two decades of experience in industries including cloud, security, networking and IT, Rajat is an eight-time entrepreneur with five exits including two IPOs, three trade sales and three companies still private.

Recent Posts