Published
11 November 2018
Category
Blog Post
Tags
#AAA #RADIUS #WiFi Authentication #Wi-Fi Accounting #Wi-Fi Authorisation #Secure Wi-Fi #RADIUS Clusters #Wi-Fi Architecture

The GlobalReach RADIUS in Enterprise Wi-Fi Deployments

Our website analytics and inbound enquiries tell us that the role of RADIUS, and the options available, in enterprise Wi-Fi is a popular subject. Time, we thought, to document what a RADIUS server delivers to enterprise Wi-Fi.

Driven by mobile and BYOD, the scale, complexity and importance of enterprise Wi-Fi networks is increasing dramatically. A well-architected, multifaceted access security infrastructure is an essential element of every enterprise Wi-Fi deployment. This infrastructure typically must support the following functions:

  • Authentication, to ensure that only authorised users gain access to the network
  • User and device authorisation, to configure the appropriate level of access and security for network clients
  • Security, to prevent attacks on user credentials and data

In addition, these new Wi-Fi requirements should ideally integrate into the network’s existing access management systems and architecture, to ensure administrative simplicity.

Authentication Requirements

Enterprise scale Wi-Fi deployments demand an authentication infrastructure capable of handling requests from a large number of users, accessing the network from geographically-distributed locations, with different credentials, access rights, and security requirements, and via access gateways from a variety of vendors.

User and Device Authorisation Requirements

In addition to a robust authentication infrastructure, enterprise Wi-Fi networks typically must support different access levels, according to who (or what) is connecting. Employees, guests, and even IP-enabled devices must be able to gain access to the network, but each necessarily has different security requirements and access rights.

Security Requirements

Best practices for Wi-Fi access to enterprise LAN applications mandate the use of WPA2 Enterprise and 802.1X-based security; in addition, WPA2 and 802.1X are considered essential for securing Wi-Fi access in healthcare (HIPAA), financial services (SOX), and other regulated environments. Captive portal where a sign-on splash is often used to enable guest and customer access to networks.

The GlobalReach RADIUS

With its ability to centrally manage user authentication, authorisation, and accounting, a RADIUS server is an integral component of an enterprise Wi-Fi network. GlobalReach RADIUS is uniquely capable of handling the security and manageability requirements on these networks, for the following reasons:

  • It supports industry-standard Wi-Fi security, as well as lower-security guest access – GlobalReach RADIUS provides full support for the 802.1X security protocols that ensure authentication and session security, as well as captive portal solutions that permit customers or guests to access a restricted area of the network with less strong security requirements.
  • It’s simple to administer – GlobalReach RADIUS is a multi-vendor RADIUS solution that supports your existing network access gateways. In addition, it authenticates Wi-Fi users against the user data stores already in place on your network, including active directory, LDAP, SQL or Google user stores – with no manual data re-entry required.
  • It’s built on the market-proven FreeRADIUS code base – GlobalReach RADIUS is a time-tested RADIUS solution, based on code that is already deployed on thousands of servers around the world.
  • It’s available as a public cloud service, or for installation on a private virtual cloud in a data centre – Use or deploy GlobalReach RADIUS in the way that makes sense on your network:
    • Use the hosted GlobalReach RADIUS service in the public cloud, where you can take advantage of a shared multi-tenant infrastructure. You enjoy the cost savings and management simplicity of RADIUS-as-a-service, while critical user data stays under your control.
    • Deploy GlobalReach RADIUS as a virtual RADIUS in a private cloud, enterprise data centre, or individual or regional locations. For enterprises who wish to keep RADIUS completely on-site and control service availability, this provides a cost-effective, Wi-Fi-appropriate alternative to legacy RADIUS servers.
  • It’s not just for Wi-Fi – GlobalReach RADIUS is capable of authentication access requests not only from Wi-Fi access points and gateways, but also VPNs, firewalls, and other access gateways. Use it to manage and secure all access to your network.