{"id":5964,"date":"2022-06-29T11:44:24","date_gmt":"2022-06-29T15:44:24","guid":{"rendered":"https:\/\/www.jumpcloud.com\/blog\/?p=5964"},"modified":"2024-01-29T14:03:04","modified_gmt":"2024-01-29T19:03:04","slug":"radius-in-the-cloud","status":"publish","type":"post","link":"https:\/\/jumpcloud.com\/blog\/radius-in-the-cloud","title":{"rendered":"On-Prem vs. Cloud RADIUS"},"content":{"rendered":"\n

RADIUS<\/a> is a core protocol in the management of network infrastructure and Wi-Fi authentication, providing authentication, authorization, and accounting (AAA). The protocol was devised during the dial-up era, but it continues to evolve to meet the requirements of modern small and medium-sized enterprises (SMEs). <\/p>\n\n\n\n

How it\u2019s delivered to clients has changed with many organizations opting for the efficiency and security of a cloud-based service over self-managed servers. RADIUS servers remain a viable option for SMEs, but there are a multitude of requisite tasks for its setup and configuration, as well as extra steps for integration with identity stacks.<\/p>\n\n\n\n

This article examines each of those deployment options with emphasis on their respective advantages and differences. It also discusses how cloud migrations can deliver additional value to enable IT unification and include RADIUS within a Zero Trust cybersecurity strategy.<\/p>\n\n\n\n

What Is Cloud RADIUS?<\/h2>\n\n\n\n

Cloud RADIUS services are managed by a third party that provides high availability and standards of security compliance that are typically unobtainable by an SME. For instance, JumpCloud has completed independent assessments for SOC 2 Type 2 examination.<\/p>\n\n\n\n

JumpCloud Cloud RADIUS is pre-integrated with directory services and multi-factor authentication (MFA). RADIUS has typically utilized PEAP or EAP-TTLS for authentication without MFA. MFA is a NIST (800-171 compliance) requirement for local and network access to privileged accounts and for network access to non-privileged accounts. In other words, use MFA whenever possible.<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

Zero Trust Security Controls<\/h3>\n\n\n\n

The effectiveness of MFA is bolstered by other security controls such as conditional access policies. These policies specify where a client may access resources from, can make MFA mandatory for groups of users, and can restrict access to managed devices. The JumpCloud platform makes these security capabilities immediately available without any additional installations. <\/p>\n\n\n\n

It also includes features that manage devices running every major desktop and mobile operating system through Mobile Device Management (MDM) and GPO-like policies. MDM sets up, controls, and manages devices. Patch management is another feature.<\/p>\n\n\n\n

Third-Party Identities<\/h3>\n\n\n\n

The JumpCloud RADIUS service also makes it possible to consume third-party identities via a username and password. This permits users to access Wi-Fi networks with the same credentials that they use everywhere else. <\/p>\n\n\n\n

Having built-in options for authentication spares IT admins the difficulty of connecting to an external directory such as Microsoft Azure, which may be unsupported and require custom development or licensing a purpose-built third-party solution. A standalone RADIUS server cannot accomplish this without an associated LDAP server that\u2019s specially configured for Azure AD (or another cloud directory platform).<\/p>\n\n\n\n

How Does Cloud RADIUS Work?<\/h2>\n\n\n\n
\n