cloud vs. on site RADIUS server

Cloud vs. On-Site RADIUS: The Authentication Confrontation

Jake Ludin Uncategorized

Cloud vs. On-Site RADIUS: The Authentication Confrontation

A requirement for all WPA2-Enterprise networks is the use of a RADIUS server. A vital part of the network, the function of a RADIUS is to authenticate the user and their device and authorize them for network access. The authorization process occurs each time a user re-connects to the network, and it takes the guesswork out of determining who is using your network. Using a RADIUS is an effective way to boost network security and visibility, but each organization must choose between two RADIUS options: On-Site RADIUS or Cloud RADIUS.

On-Site and Cloud RADIUS both serve the same function; they authenticate users and maintain the security of the network. Where they differ raises the positives and negatives of both, so the decision falls to individual organizations weighing the options.

One of the benefits of mass market technology is the amount of available information. On-Site RADIUS is the first iteration of the technology that was developed, so there are many reputable distributors and many IT departments have experience using them. An organization with this type of RADIUS has access to a vast collection of forums, documentation, and trained professionals to assist with potential issues. Another benefit of being a mass market technology is that many vendors offer copious add-ons and capabilities. This allows organizations to determine the level of complexity they want in their RADIUS and what it’s purpose will be in the network.

The setup process of an On-Site RADIUS is demanding, as it must be physically installed, configured, and maintained throughout its life. This represents a significant cost in materials and labor over time to ensure that the RADIUS can perform its duties. Modern On-Site RADIUS can encompass a lot of technology to allow it to accomplish additional functions, but this must be weighed against the prospect of setting it up. As the RADIUS becomes more complex, so does the setup process. In addition, an On-Site RADIUS has no built-in redundancy. Redundancy is the act of transferring authentication requests to another server if the first server cannot handle a high traffic event. So, if an On-Site RADIUS is overloaded, it cannot transfer requests unless you have two servers (and some companies will require you to purchase two licenses for that privilege). This server type offers much to consider, so how does a Cloud RADIUS stack up?

The most apparent benefit of a Cloud RADIUS is the general benefits of cloud technology. It is always readily available with built-in redundancy, there is one license, and it’s more cost efficient because there is no hardware to deal with and no physical installation. Setting up a Cloud RADIUS is also a simple process. A brief overview of the required tasks require you to first configure the secure SSID on a WPA2-Enterprise network. Once configured, you must set up the cloud RADIUS in the controller or AP by sharing the RADIUS IP and the shared secret. SecureW2’s Cloud RADIUS is generated automatically for our users and benefits from built-in redundancy, meaning a high traffic event won’t slow down the authentication process. Overall, efficiency is the theme for Cloud RADIUS, as it benefits from lack of hardware and associated costs over time.

At this point, it may seem that the Cloud RADIUS is superior to On-Site, but Cloud does the disadvantage of being a new technology in comparison to On-Site. With any new technology, there is a learning curve for vendors in developing and maintaining a Cloud RADIUS. Since there is limited information in circulation, there is a chance of experiencing an issue that vendors haven’t seen before and cannot immediately solve. The risk of this occurring is limited, and everyday advances in crowd sourcing and AI pave the way to correct errors and improve features to match the abilities of an On-Site RADIUS. A commonly mentioned limitation of Cloud RADIUS is that it requires cloud connectivity, so if the cloud goes down, users are unable to authenticate. This is a serious drawback, but consider if this happened with the alternative. An On-Site RADIUS would be able to authenticate users if the cloud went down, but they’d have no ability to access the cloud for regular use. Although this has greater consequences with Cloud RADIUS, both would be ineffective in the event of cloud connectivity failure.

Organizations will come to different conclusions about which type of RADIUS to deploy. Some may want the reliability of an On-Site RADIUS that is backed by vast amounts of documentation and people with experience. Others may turn to the efficiency and convenience of a Cloud RADIUS to authenticate their network. Regardless of which is chosen, both operate to accomplish the same goal; keep the network secure and authenticate those who are allowed to connect.