By Zach DeMeyer Posted November 24, 2019
Can you implement a RADIUS server without Active Directory® (AD) backending it? For a long time in IT, admins used the on-prem directory service as the source of user data for their RADIUS servers, ensuring their networks were as secure as possible. With the prevalence of the cloud in the IT landscape, however, on-prem server functions seem to be going out of style. So, the question becomes: how do you shift RADIUS to the cloud without AD backending it?
When compared to traditional methods, using RADIUS — or the Remote Access Dial-In User Service — allows organizations to tighten up their network security more thoroughly. Many organizations implement RADIUS to require a unique set of credentials to authenticate users to WiFi networks, which, when used in addition to just a shared WPA key, reduces the likelihood of a network breach.
RADIUS also enables the use of multi-factor authentication (MFA) on VPN connections. Although MFA is a more recent trend, securing VPNs was one of RADIUS’s core use cases.
Managing RADIUS Access through AD
In order to properly authenticate access, RADIUS requires a directory to compare relayed credentials against. Most RADIUS servers can authenticate against user credentials stored within it, but the process is made more secure by leveraging the core identity from a directory service. Given that AD has dominated the directory services scene since its inception, it made sense to pair it with RADIUS. Plus, historically, RADIUS servers are generally housed on-prem, which puts it directly in the range of the AD domain controller’s reach.
In fact, Microsoft® created its own RADIUS-like solution called Windows® NPS to provide RADIUS-like capabilities to the AD domain. For much of the early 21st century, IT admins equipped with Active Directory and NPS or a standalone RADIUS server, such as FreeRADIUS, could rest assured that they had tightly controlled network access.
The Cloud Changed Everything
Although they don’t have direct interactions with RADIUS, the host of cloud applications and infrastructure that has risen in prevalence in the modern IT (Read more...)