Our website analytics and inbound enquiries tell us that the role of RADIUS, and the options available, in enterprise Wi-Fi is a popular subject. Time, we thought, to document what a RADIUS server delivers to enterprise Wi-Fi.
Driven by mobile and BYOD, the scale, complexity and importance of enterprise Wi-Fi networks is increasing dramatically. A well-architected, multifaceted access security infrastructure is an essential element of every enterprise Wi-Fi deployment. This infrastructure typically must support the following functions:
- Authentication, to ensure that only authorised users gain access to the network
- User and device authorisation, to configure the appropriate level of access and security for network clients
- Security, to prevent attacks on user credentials and data
In addition, these new Wi-Fi requirements should ideally integrate into the network’s existing access management systems and architecture, to ensure administrative simplicity.
Enterprise scale Wi-Fi deployments demand an authentication infrastructure capable of handling requests from a large number of users, accessing the network from geographically-distributed locations, with different credentials, access rights, and security requirements, and via access gateways from a variety of vendors.
User and Device Authorisation Requirements
In addition to a robust authentication infrastructure, enterprise Wi-Fi networks typically must support different access levels, according to who (or what) is connecting. Employees, guests, and even IP-enabled devices must be able to gain access to the network, but each necessarily has different security requirements and access rights.
Best practices for Wi-Fi access to enterprise LAN applications mandate the use of WPA2 Enterprise and 802.1X-based security; in addition, WPA2 and 802.1X are considered essential for securing Wi-Fi access in healthcare (HIPAA), financial services (SOX), and other regulated environments. Captive portal where a sign-on splash is often used to enable guest and customer access to networks.
The GlobalReach RADIUS
With its ability to centrally manage user authentication, authorisation, and accounting, a RADIUS server is an integral component of an enterprise Wi-Fi network. GlobalReach RADIUS is uniquely capable of handling the security and manageability requirements on these networks, for the following reasons:
- It supports industry-standard Wi-Fi security, as well as lower-security guest access: The GlobalReach RADIUS provides full support for the 802.1X security protocols that ensure authentication and session security, as well as captive portal solutions that permit customers or guests to access a restricted area of the network with less strong security requirements.
- It’s simple to administer: GlobalReach RADIUS is a multi-vendor RADIUS solution that supports your existing network access gateways. In addition, it authenticates Wi-Fi users against the user data stores already in place on your network, including active directory, LDAP, SQL or Google user stores, with no manual data re-entry required.
- It’s built on the market-proven FreeRADIUS code base: The GlobalReach RADIUS is a time-tested RADIUS solution, based on code that is already deployed on thousands of servers around the world.
- It’s available as a public cloud service, or for installation on a private virtual cloud in a data centre: Use or deploy the GlobalReach RADIUS in the way that makes sense on your network:
- Use the hosted GlobalReach RADIUS service in the public cloud, where you can take advantage of a shared multi-tenant infrastructure. You enjoy the cost savings and management simplicity of RADIUS-as-a-service, while critical user data stays under your control.
- Deploy GlobalReach RADIUS as a virtual RADIUS in a private cloud, enterprise data centre, or individual or regional locations. For enterprises who wish to keep RADIUS completely on-site and control service availability, this provides a cost-effective, Wi-Fi-appropriate alternative to legacy RADIUS servers.
- It’s not just for Wi-Fi: GlobalReach RADIUS is capable of authentication access requests not only from Wi-Fi access points and gateways, but also VPNs, firewalls, and other access gateways. Use it to manage and secure all access to your network.