{"id":29973,"date":"2019-03-07T09:00:40","date_gmt":"2019-03-07T16:00:40","guid":{"rendered":"https:\/\/jumpcloud.com\/?p=29973"},"modified":"2023-05-11T15:59:50","modified_gmt":"2023-05-11T19:59:50","slug":"use-radius-server-when","status":"publish","type":"post","link":"https:\/\/jumpcloud.com\/blog\/use-radius-server-when","title":{"rendered":"When to Use a RADIUS Server – Standalone"},"content":{"rendered":"\n

As network infrastructure becomes more complex, many IT admins and DevOps engineers wonder when to use a RADIUS server and when it doesn\u2019t make sense to use one. In order to understand the use cases of RADIUS, we should take a step back and get a grasp on how IT networks have evolved over time. <\/span><\/p>\n\n\n\n

RADIUS Server and Dial-Up<\/span><\/h2>\n\n\n\n

The concept of RADIUS first appeared with dial-up networks a long time ago. RADIUS was what authenticated, authorized, and accounted for user access to networks. The protocol was often used by ISPs to enable access to the internet when modems and dialing in was still relevant. In fact, RADIUS was even in use before the idea behind Microsoft Active Directory<\/a> came to pass in the 1990s. <\/span><\/p>\n\n\n\n

Microsoft Active Directory and the Domain Controller<\/span><\/h2>\n\n\n\n

In those early years following the introduction of Active Directory, a key concept began to take shape. That concept was the <\/span>domain controller<\/span><\/a> and its role in controlling access to Windows-based IT resources. As Active Directory took off and found a home in more enterprises, the architecture behind networks became clear. A user logged into their Windows machine, when inside the network, and would immediately be granted access to their Windows-based IT resources. <\/span><\/p>\n\n\n\n

In these early days, <\/span>VPNs<\/span><\/a> were introduced for remote workers and when attached to the network, those workers authenticated against AD. It comes full circle when you realize that often, VPNs were back-ended by RADIUS to provide authentication to that layer and then enable AD authentication. <\/span><\/p>\n\n\n\n

How RADIUS Was Used<\/span><\/h2>\n\n\n\n

Over time, RADIUS found its niche as the protocol, or translation layer, from networking equipment such as VPNs, routers, switches, and more to the <\/span>core identity provider (IdP)<\/span><\/a> within an organization, often Active Directory. The reason Active Directory served as the IdP in most organizations was that IT networks were generally on-prem and Windows-centric. Stemming from the fact that IT networks were on-prem, there was really one path for remote workers into the network \u2014 VPN. As a result, the RADIUS server<\/a> was largely limited with regard to the benefits it provided organizations.<\/span><\/p>\n\n\n\n

\n

For a detailed look at the history of RADIUS, how it’s commonly used, and ways to implement it, take a look at our article: What is the RADIUS Protocol?<\/a>. <\/p>\n<\/div>\n\n\n\n

RADIUS Benefits Expand with WiFi and Cloud<\/span><\/h2>\n\n\n\n

That all started to change with the introduction of WiFi and the cloud. As networking infrastructure shifted and users became more mobile, different approaches to the authentication process started to necessitate change. While WiFi environments could be authenticated with a shared SSID and passphrase, IT admins realized that simply wasn\u2019t secure enough. At the same time, more mobile users made VPNs much more popular, which embedded RADIUS servers further into the mix.<\/span><\/p>\n\n\n\n

Then, as data centers and wireless network infrastructure continued to become more popular, the idea of user authentication for these IT resources was important to address. Further, with new security models such as <\/span>Zero Trust Security<\/span><\/a> appearing, RADIUS server implementations have increased dramatically. Additionally, innovations including hosted Cloud RADIUS solutions appeared on the market and effectively turned RADIUS implementation into a turnkey task. These cloud RADIUS platforms simply require a VPN, WiFi access point, or other networking solution to point their authentication path to the RADIUS endpoint. Then, the SaaS RADIUS provider handles the rest of the integration and management work. <\/span><\/p>\n\n\n\n

Utilize Cloud RADIUS Without an On-Prem Server<\/span><\/h2>\n\n\n\n
\n