How to Create a Cloud-Based RADIUS Server

In order to successfully configure a WPA2-Enterprise network, a RADIUS server is a must. The RADIUS authorizes and authenticates users signing into the network and eliminates any speculation into who is using your network. A properly configured RADIUS server can garner your organization tremendous advantages in regards to network security.

However, many network security professionals aren’t sure what options they have in moving their legacy on-premise RADIUS servers to the cloud. So, how exactly do you create a cloud based RADIUS? Let’s take a look at the difference between Cloud and On-prem RADIUS servers, the options available for moving to the cloud, and which is the best solution for you and your organization. 

Cloud RADIUS Vs. On-Site RADIUS

Both cloud and on-site RADIUS ostensibly serve the same purpose, however the differences provide stark contrasts in value. For example, The setup process of an On-Site RADIUS is demanding, as it must be physically installed, configured, and maintained for as long as it is used. This represents an enormous cost in materials, facilities, and training, not to mention continued labor over time.

A white paper by Digicert revealed the estimated cost differences between on-site and managed cloud security infrastructure solutions. The difference between the two costs is quite literally thousands of dollars. 

In regards to functionality, the most apparent benefit of a cloud-based RADIUS are the general advantages of cloud technology. It is always readily available from anywhere and requires no physical installation or maintenance. Setting up a Cloud RADIUS is also a simple process. You first configure the secure SSID on a WPA2-Enterprise network. After that, set up the cloud RADIUS in the controller or AP by sharing the RADIUS IP and the shared secret. You’re all done.

Cloud RADIUS Server Options

While there are a handful of Cloud RADIUS server options to choose from, we are going to focus on two common setups we often see in the field. 

Configuring FreeRADIUS in the Cloud 

An often used cloud RADIUS comes from FreeRADIUS. The benefits of FreeRADIUS can be summarized in 4 points: 

  1. It’s the most popular RADIUS server in the world for a reason; It works like a charm
  2. It is a no cost solution. 
  3. It’s multithreaded, so it can process more than one transaction at a time. 
  4. There are no license expenses, meaning that it costs the same to authenticate one device as it does hundreds. 

That being said, it can be difficult for admins with little RADIUS experience to set up FreeRADIUS. It can also be difficult for organizations that have unique use cases to configure and customize FreeRADIUS. 

However, many are unaware that FreeRADIUS offers consulting and support services at quite reasonable prices. Oftentimes it’s much cheaper to pay for FreeRADIUS services than paying for some of the traditional options. 

Cloud RADIUS

For organizations that don’t want to manage a RADIUS server, and eliminate password-based network authentication, a great option is Cloud RADIUS.

Cloud RADIUS is set up automatically for organizations, and only requires a few IP’s to be shared with Access Points and Firewalls. It also comes built with SecureW2’s turnkey PKI solution and JoinNow onboarding software. This allows users to self-service their devices for network-authentication certificates without the risk of misconfiguration. The process involves only a few clicks, and once completed, the user is equipped with a certificate and can be immediately authenticated. 

While you can easily host Microsoft NPS in the cloud, it will only work with on-premise Active Directory. Cloud RADIUS works natively with all modern Cloud Identity Providers. Using Industry-exclusive technology, it can talk to directories like Azure, Okta and Google to lookup user status in real-time and enforce user, group, and device policies. 

In conclusion, organizations wishing to use a Cloud RADIUS should consider FreeRADIUS or SecureW2’s Cloud RADIUS. Want to learn more? Check out our pricing page to see if our cost-efficient solutions can fit your organization.

Eytan Raphaely

Eytan Raphaely is a digital marketing professional with a true passion for writing things that he thinks are really funny, that other people think are mildly funny. Eytan is a graduate of University of Washington where he studied digital marketing. Eytan has diverse writing experience, including studios and marketing consulting companies, digital comedy media companies, and more.

Related Posts