RADIUS servers enable IT to administer user access to networks on an individual basis. Yet, historically, they have also been on-prem implementations that are typically coupled with a separate on-prem identity management infrastructure. While effective, this approach can be difficult to achieve, especially for smaller or cloud-forward IT organizations. The good news is that a next-generation cloud directory has emerged that can setup a RADIUS server in the cloud with ease. Why is this alternative approach significant? This blog post explains, but first, let’s take a look at traditional RADIUS servers from a high level.
What is a RADIUS Server and How Does It Work?
RADIUS servers are responsible for securely authenticating and authorizing user access to remote networks. The RADIUS protocol follows the client/server model. In this scenario, the client is generally a user system or a wireless access point that is attempting to connect to a RADIUS protected network and the server is, of course, the RADIUS server.
How does RADIUS work? RADIUS servers are typically coupled with a separate directory services database (a.k.a., an identity provider), which is usually at the core of an organization’s identity management infrastructure. This enables RADIUS servers to leverage the core user identities stored within the associated directory database as the source of truth for authenticating user identities. When a user attempts to remotely access a RADIUS protected network, they are challenged to submit their unique credentials (usually a username and password) that are associated with their core user identity. Once submitted, the user credentials and a request for network access are routed from the client to the RADIUS server via a supplicant – a program tasked with routing login requests to wireless networks. Essentially, network access requests and user credentials are sent from the client to a RADIUS-enabled networking device (e.g. a WAP or switch), which then forwards the user information to the RADIUS server for authentication. Once received, the RADIUS server subsequently authenticates the user credentials against the associated directory services database. Essentially, if the credentials submitted by the user at the beginning of the (Read more...)
*** This is a Security Bloggers Network syndicated blog from Blog – JumpCloud authored by Vince Lujan. Read the original post at: https://jumpcloud.com/blog/radius-server-in-the-cloud/