By Greg Keller Posted May 13, 2016
IT admins have been looking to move more of their infrastructure to the cloud. In recent years, more of their network and core infrastructure services have been converted to cloud-based services. Examples include database services, source code control, and even directory services. One area where IT has been largely forced to deploy in-house services has been RADIUS. The RADIUS infrastructure is an extension of the identity management infrastructure. RADIUS is often used to authenticate access to network infrastructure equipment, including WiFi networks. A virtual RADIUS server solution would be a welcome offering for IT organizations.
How Does a Virtual RADIUS Server Work?
Often called RADIUS-as-a-Service, the cloud-based virtual RADIUS server is the endpoint that other IT components leverage to authenticate access. The process works as follows:
- WiFi access points are pointed to the cloud-based virtual RADIUS server.
- A secure authentication protocol (EAP-TTLS) is performed over a mutual TLS connection for strong security.
- Credentials are entered into a device’s supplicant once.
- The credentials are then passed to the wireless access point that subsequently forwards it to the RADIUS server.
- The server verifies the credentials against the core user directory to see if they are valid.
- When a user’s credentials are confirmed, the user is allowed to access the WiFi network.
Cloud-Based RADIUS and Increased WiFi Security Efforts
This example of how a cloud-based RADIUS service would function highlights two critical benefits. The first is that no equipment is necessary on-premises. The RADIUS server will live in the cloud managed by the third-party provider. The virtual RADIUS server can be easily scaled to accommodate increased demand. The directory service can live in the cloud as well, so the only component in the equation that needs to live on-premises is the wireless access point. The second significant benefit is that organizations can dramatically step-up their WiFi security. Historically, organizations have only leveraged minimal WiFi security measures; a shared SSID and passphrase was all that was needed to gain access. As organizations have increased their security measures, attaching the WiFi network to the core directory service is a major security advancement.
By connecting the WiFi network to a user’s network credentials, it forces users to be individually authenticated rather than through a shared passphrase. What happens if a user is terminated? They are automatically removed from the WiFi network when their credentials are terminated in the identity provider. This is powerful, especially considering that a new passphrase would need to be generated and distributed to all of the users in a shared passphrase scenario. A virtual RADIUS server infrastructure is an easy way to step-up the security of the WiFi network without the heavy lifting.
Maximize Your Results with RADIUS-as-a-Service
If you would like to learn more about how RADIUS-as-a-Service can support your identity management platform, drop us a note. We’d be happy to help walk you through how a virtual RADIUS server works along with its benefits. If you would like to try it for yourself, feel free to sign-up for a free account. Your first 10 users are free forever.