There are thousands of deployed instances of Windows RADIUS Server across the world, but users still debate its capabilities to keep their large networks intact and secure, giving rise to questions like:
“Is a Windows RADIUS Server sufficient for my organization?”
“Is Windows RADIUS Server still in use?”
“Are there better alternatives?”.
After all, cybersecurity is constantly in the news these days. Every day a different company is victimized by hackers. According to research by IBM, it takes 280 days to find and contain the average cyberattack, while the average attack costs $3.86 million—which is why providing robust network security for your users is more important than ever. Let’s examine the pros and cons of using the Microsoft solution for network access control.
What is a Windows RADIUS Server?
A Windows RADIUS Server is a RADIUS server created using Microsoft’s Network Policy Server (NPS). NPS performs authentication, authorization, and accounting (AAA) for the connection requests from:
- Wireless network
- Virtual Private Network (VPN) remote access
- 802.1x switches
- Dial-up
- Router to router connections
A Network Access Server (NAS) acts as a RADIUS client and sends all connection requests from users to NPS, which then provides authorization data back to the NAS.
The Pros and Cons of NPS
Windows RADIUS comes with both pros and cons. To make the best decision for your organization, use this list to come up with a solution that best suits your organization.
Advantages of a Windows RADIUS Server
Confidentiality Of Data
The biggest advantage is that NPS as a RADIUS houses applications and data on-premise and in-house, allowing you to maintain full control over that data. It’s the only way to ensure that a third party never sees your data (assuming your cybersecurity is up to snuff).
For some organizations, keeping the data on-premise may be a requirement for compliance and audits.
Solve Problems On The Spot
Another convenience that results from the local storage of data is that, in the case of network problems or internet interruption, data can still be accessed with on-premise solutions. Assuming the IT team is on-site, which may be a big assumption, it can be addressed without the need for intervention by a third party.
No Dependence On Internet
With cloud servers, your access is only as good as your connection. NPS eliminates this concern since you can access all your company data as long as the power is on.
Load Balancing
NPS allows the creation of both network policies for connection request authentication/authorization and configures RADIUS to forward connection requests to remote RADIUS servers, which helps load-balancing the connection requests.
NPS Accounting
You can store RADIUS accounting data in log files or a SQL database. NPS can log accounting data, such as user authentication and accounting requests, in three formats:
- IAS format
- Database-compatible format
- Microsoft SQL Server logging
Disadvantages of a Windows RADIUS Server
The Troubles Of On-Premise Servers
NPS requires physical installation, space, and configuration that depends on a skilled contractor in most cases, or an experienced and dedicated on-site manager. As a result, NPS’s dependence on regular maintenance can be costly. If you are using multiple on-site servers, it multiplies the number of headaches (and locations) you will need to service when things go wrong.
Forget about hacking, your servers could be physically stolen without adequate physical protection. Loss of hardware is one thing, what’s scary is, theft is specifically aimed at stealing servers with valuable data on them. Unavoidable natural calamities such as fires, earthquakes, jeopardizing the entire network is a real possibility.
On the other hand, a Managed Cloud RADIUS server gives you a centralized infrastructure. It removes the hassle of maintaining and updating systems, allowing you to invest your time, money and resources into fulfilling your core business strategies. Providing real-time visibility of the entire network regardless of the location, with guaranteed 24/7 access and disaster recovery, cloud servers are becoming the number one choice for businesses, with adoption rates reaching 88% in 2021.
NPS Is Not Economical For Anything But The Largest Organizations
NPS has a higher overall cost compared to cloud solutions. It requires hardware, maintenance, physical space, and dedicated staff (both IT employees to run it and security to guard the physical location). It’s also a “one-size-fits-all” solution, you are stuck with a fixed plan and must shell out money for services you may never use. In contrast, the Software as a Service (SaaS) model of cloud RADIUS vendors lends itself to a “pay-as-you-use” plan that can scale to fit your needs.
NPS Requires Redundant Servers
Enterprises with on-premise solutions such as NPS, need redundant servers on hand when trouble strikes or during service outages, because 100% uptime is critical. Whereas the customers of cloud infrastructure are provided redundancy, disaster recovery, and fail-over natively.
No Automatic Scalability
Users of NPS must set up new hardware when looking to scale up and take the hardware out when scaling down. Cloud Server expansion is virtually limitless and provides users with on-demand virtual resources and offer unrivaled scalability in a click.
NPS Doesn’t Support Cloud
NPS was designed to be used as an on-premise solution with Active Directory, because it was made long before cloud solutions were possible. There is no native ability to connect NPS with cloud directories. It doesn’t even work with Microsoft’s own cloud platform, Azure AD (Microsoft Entra ID), without workarounds and proxy servers.
NPS Is Less Secure Than Cloud RADIUS
Mandiant Threat Intelligence observed that roughly 80% of successful cybersecurity breaches stem from zero-day attacks (i.e “zero days” to fix it). It’s more likely than you think that physical servers are vulnerable to zero day exploits because the servers go unattended for a long time when the team is asleep. Whereas cloud servers run 24/7 under the care of network engineers, with up-to-date software and zero downtime, leaving no excuse for zero day attacks.
NPS Server Failures
The end of a server’s life is rarely an enjoyable time. With it comes re-evaluating applications and preparing for migrations. Failures start to occur as servers age, a four year-old server has an 11 percent annual failure frequency. Unplanned incidents and emergencies start to rise as the server gets older. A Cloud Radius server makes sense because you can avoid the high upfront cost and effort of replacing the servers.
NPS is Outdated
NPS was made long before cloud computing became popular. It was designed first in 2003 to be used as an on-premise solution with Active Directory, and it’s had four major updates since then. The latest version (2019) still clings to that tradition, lacking the modern protocols and methods that cloud solutions provide. With cloud taking the stage, NPS may become obsolete.
A Windows RADIUS Server in the Cloud
In general, Cloud RADIUS server is loved by end users and admins alike because it’s a breeze (just like the cloud!). Cloud RADIUS comes with many benefits that a physical server simply cannot match. It has built-in redundancy, modern protocols, integrations for cloud applications, limitless resources/storage, can perform all the RADIUS functions with no physical servers and authenticate remote users securely.
Ultimately, the only really compelling reason for a business to stay on-prem is the need to keep all of their data in-house and not leave in the hands of a third party.
Check out our pricing page to see if SecureW2’s Cloud RADIUS servers fit the network needs of your organization.
