Is there an Alternative to Windows NPS?

Eytan Raphaely Education, Tech Trends

Is there an Alternative to Windows NPS?

Microsoft’s Network Policy Server (NPS) is a AAA RADIUS server used for a number of different types of network connections. It can be used for wireless authentication, VPN connections, dial-up, and more.

As organizations continue the trend of transitioning to the cloud, NPS has lost some utility. NPS and Active Directory (AD) do not come inherently with a cloud solution, so choosing the right add-on solution to enable cloud-based authentication is key. In this article we will be looking at the potential alternatives to Windows NPS.


What Is NPS?

NPS works under Windows Server, the operating system for enterprise server workloads along with Active Directory (AD).

NPS has been a staple for institutions using Active Directory for 802.1x authentication. It is commonly accomplished using EAP methods, such as PEAP-MSCHAPv2 or EAP-TLS, because these can be configured to use server certificates. The original intent was to allow users to connect to various network add-ons, such as VPN, with easy integration into AD.

NPS is generally an on-premise RADIUS solution, and using it to manage cloud-based resources will require many additional network add-ons and a significant amount of time and resources from IT. This is a significant issue organizations face when they want to move their Active Directory to the cloud and use Azure while still supporting 802.1x.

In order to operate NPS in the cloud, you need to combine Windows NPS as a RADIUS proxy with a cloud-based RADIUS solution. A user would send their authentication request to the cloud RADIUS, and in turn, it would be forwarded to NPS for final authentication.

Unfortunately, Microsoft’s products tend to only integrate smoothly with other Microsoft products. This, paired with the lack of cloud capability, has led IT administrators to question NPS’s viability for the future.


The FreeRADIUS Alternative

The first choice for an alternative to NPS often comes from FreeRADIUS. The benefits when compared to NPS can be summarized as follows:

  1. It is a no cost solution.
  2. It’s multithreaded, so it can process more than one transaction at a time. (NPS can only do one)
  3. It uses far less memory and takes little time to update.
  4. There are no license expenses, meaning that it costs the same to authenticate one device as it does hundreds.

Unfortunately, there are some negatives that come with FreeRADIUS. FreeRADIUS requires server hardware to operate. On-prem servers can be costly and often require maintenance to operate, which can take time away from your IT staff. FreeRADIUS also requires a lot of technical knowledge to correctly implement to your system, especially if you want to use FreeRADIUS with AD.


SecureW2’s Cloud RADIUS Solution

Luckily, SecureW2 provides a solution that can seamlessly move your network infrastructure to the cloud. While NPS can be difficult to integrate into a non-Microsoft environment, SecureW2’s Cloud RADIUS is designed to integrate with any network infrastructure. Not only do you get the world’s most secure Cloud RADIUS server, but you also get easy-to-use certificate and onboarding services that can easily enable AD CS and provision server and client certificates for authentication.

SecureW2 provides all the necessary tools to deploy a certificate-backed network, including a turnkey PKI solution and JoinNow onboarding software. Allowing users to manually configure certificates without an onboarding solution will undoubtedly lead to numerous support ticket requests due to the complex configuration process associated with certificates.

JoinNow allows users to self-configure their devices for certificates in minutes. The process involves only a few clicks, and once completed, the user is equipped with a certificate and can be immediately authenticated. Our certificate solution makes working with AD a breeze.

Using Microsoft NPS for RADIUS authentication requires specific tools and skills to get the job done properly. SecureW2’s Cloud RADIUS is a vendor-neutral solution that can authenticate any network device and ensure your network is secure. Check out our pricing page to see if our cost-efficient solutions can fit your organization.


Learn About This Author

Eytan Raphaely

Eytan Raphaely is a digital marketing professional with a true passion for writing things that he thinks are really funny, that other people think are mildly funny. Eytan is a graduate of University of Washington where he studied digital marketing. Eytan has diverse writing experience, including studios and marketing consulting companies, digital comedy media companies, and more.