A requirement for all WPA2-Enterprise networks is the use of a RADIUS server. A vital part of the network, the function of a RADIUS is to authenticate the user and their device and authorize them for network access. The authentication process occurs each time a user re-connects to the network, and it takes the guesswork out of determining who is using your network.
Using a RADIUS is an effective way to boost network security and visibility, especially when considering that more than 80% of breaches in 2020 involved lost or stolen credentials or brute force. Each organization must choose between two RADIUS options: On-Site RADIUS or Cloud RADIUS. Instrument decided to use SecureW2’s Cloud RADIUS because they wanted to get rid of all their on-premise servers. Below we’ll discuss the differences between cloud and on-site RADIUS servers to see which best suites different organizations.
Should I Use Cloud or On-Site RADIUS?
On-Site and Cloud RADIUS both serve the same function; they authenticate users and maintain the security of the network. Where they differ raises the positives and negatives of both, so the decision falls to individual organizations weighing the options.
One of the benefits of mass market technology is the amount of available information. On-Site RADIUS is the first iteration of the technology that was developed, so there are many reputable distributors and many IT departments have experience using them.
An organization with this type of RADIUS has access to a vast collection of forums, documentation, and (ideally) trained professionals to assist with potential issues. Another benefit of being a mass market technology is that vendors offer copious add-ons and capabilities. This allows organizations to determine the level of complexity they want in their RADIUS and what its purpose will be in the network.
The setup process of an On-Site RADIUS is demanding, as it must be physically installed, configured, and maintained throughout its life. This represents a hugely enormous cost in materials, facilities, and training, not to mention continued labor over time.
A recent white paper by Digicert reveals the estimated cost differences between on-site and managed cloud RADIUS solutions. The difference is striking.
Modern On-Site RADIUS has a wide base and long use – it’s spawned a lot of technology to allow it to accomplish additional functions. However, as the RADIUS becomes more complex, so does the setup process.
In addition, an On-Site RADIUS has no built-in redundancy. Redundancy is the act of transferring authentication requests to another server if the first server cannot handle a high traffic event. So, if an On-Site RADIUS is overloaded, it cannot transfer requests unless you have two servers (and some companies will require you to purchase two licenses for that privilege). This server type offers much to consider, so how does a Cloud RADIUS stack up?
The most apparent benefit of a Cloud RADIUS are the general advantages of cloud technology. It is always readily available with built-in redundancy, there is just one license, and it’s more cost efficient because there is no hardware to deal with and no physical installation.
Setting up a Cloud RADIUS is also a simple process. You first configure the secure SSID on a WPA2-Enterprise network. After that, set up the cloud RADIUS in the controller or AP by sharing the RADIUS IP and the shared secret. You’re all done.
SecureW2’s CloudRADIUS is generated automatically for our users and benefits from built-in redundancy, meaning a high traffic event won’t slow down the authentication process. Overall, efficiency is the theme for Cloud RADIUS, as it benefits from lack of hardware and associated costs over time.
In fairness, cloud-technology and cloud RADIUS servers in particular are a newer phenomenon. There is limited information in circulation, so there is a chance of experiencing an issue that vendors haven’t seen before and cannot immediately solve. That risk is limited, and every day advances in crowd sourcing and AI pave the way to correct errors and improve features to match the reliability of an On-Site RADIUS.
A commonly mentioned limitation of Cloud RADIUS is that it requires cloud connectivity, so if the cloud goes down, users are unable to authenticate. This is a legitimate concern, but consider if this happened with the alternative. If local RADIUS servers go down, being unable to authenticate also locks the users out of network access.
Besides, most Cloud RADIUS servers (including ours) are hosted on AWS and have a 99.9% uptime.
Cloud Radius is Better than On-Site Radius for Most Organizations
If you can justify the immense startup costs and ongoing maintenance on an on-site RADIUS, more power to you. It’s a valid option for very large or very niche organizations.
For most people, however, the affordability and convenience of a CLOUD Radius far outweighs on-site/on-prem RADIUS. It’s more scalable and it leverages newer, more secure technology.
If you are considering a Cloud RADIUS solution, check out our aptly named CloudRADIUS product. SecureW2 offers affordable options for organizations of all shapes and sizes. Click here to inquire about pricing.