How Much Does It Cost to Build and Run a RADIUS Server?

 RADIUS, or Remote Access Dial-Up Service, is a required technology for all organizations wanting to deploy WPA2-Enterprise and authenticate with 802.1x. The functions of RADIUS Servers are to authenticate users for network access, authorize how much network access they’re allowed, and account for all their activity on the network.

Using a RADIUS server will without a doubt boost your network’s security standards and visibility, but those aspects depend greatly on the type of RADIUS server used. Below we will compare the following scenarios.

• On-Premise RADIUS Server from a Vendor
• FreeRADIUS Open Source Server
• Cloud RADIUS Server from a Vendor

RADIUS Server Authentication Requirments

On-Prem Vendor: Highest Cost, Most Features

On-premise RADIUS is the first iteration of the technology and the one everyone is used to working with. The high amount of available information for on-prem hardware makes on-prem RADIUS seem like a no-brainer, but that’s not the case anymore.

However, that doesn’t mean it’s always the best option for your organization. Over the past few years, we’ve configured hundreds of RADIUS servers, and what we’ve found in the field is that On-Prem RADIUS servers are the most expensive option, but decades of development offer the most robust featureset.

The estimated cost of an on-prem RADIUS server is staggering. Digicert released a whitepaper breaking down the cost difference between on-prem solutions vs cloud-based services, which came to the conclusion that cloud services cost a third of an equivalent on-prem solution. This can be applied to on-prem RADIUS servers, and is on-par with what we have seen in the field, that On-Premise RADIUS Servers from major vendors are often 3 times the cost of comparable Cloud RADIUS servers, due to the extremely high costs of implementation, management, and hardware/licensing costs.

Software and hardware typically only count for a fraction of the total price, to the surprise of many admins who go with on-prem RADIUS. The other costs that often greatly surpass the expected costs include, but are not limited to:

1. Secure facilities for hardware
2. IT training
3. Software and hardware licensing
4. Backup and disaster recovery

On-prem RADIUS servers require a team of trained experts, either within the company or hired onto the project for deployment and management, the combined cost can easily surpass the cost of the Cloud RADIUS equivalent over it’s life expectancy.

In an age where cloud-based services are dominating the market and remote work has spiked due to the 2020 Coronavirus pandemic, on-premise hardware is becoming increasingly obsolete. On-prem RADIUS servers aren’t very scalable; if an organization’s business grows, they’ll need to add more software and hardware to their infrastructure just to keep up, increasing the overall cost.

Thousands of organizations are migrating their networks to the cloud, with many of them realizing how challenging it is when their environments are only designed to be on-premise (*cough cough* Active Directory).

Historically, there weren’t any alternatives to an expensive RADIUS solution on-premise. Large enterprises could get by using an on-prem RADIUS server because they had resources (internet forums, documentation, trained experts) at their disposal to mitigate any potential issues. But today, there are plenty of excellent Cloud RADIUS solutions and we are seeing more and more organizations go this route.

FreeRADIUS: Opensource, Still a Costly Project

FreeRADIUS is just what it sounds like; an open source and free RADIUS software. As stated earlier, many sysadmins that leverage on-prem RADIUS implementations do so with FreeRADIUS. Admins are given the ability to customize their RADIUS servers to best fit their needs and it is ostensibly free.

However, that “free” tag does still come with a hefty price – admins need to purchase the right servers, hire and train personnel for installation, and configure everything correctly so that FreeRADIUS can operate efficiently. The downfall of FreeRADIUS is its complexity, which makes it confusing for amateur admins and time-consuming for trained professionals.

To the best sysadmins, this project is no problem and they can get it done in a matter of hours, as long as they have read through hundreds of online forum posts and documentation pieces AND have the time to do so. If organizations want to use certificate-based authentication (which is an absolute must for security), FreeRADIUS setup can take months for even the most advanced Network Administrator.

Every IT professional will agree that they are overworked leading to alarming rates of burnout. Admins attempting to integrate their RADIUS with FreeRADIUS might get stuck trying to deploy TLS (FreeRADIUS can’t perform proper TLS integration) or configuring Certificate Revocation Lists (FreeRAIDUS can’t automatically download CRLs) and end up spending hours, or even days, looking for a solution. Even if they’re trained, circumstances such as the end of the 90-day password expiration policy could lead to an overload of support tickets and pull admins away from FreeRADIUS implementation.

Admins with no prior knowledge would find difficulty configuring FreeRADIUS with their environment because it’s incredibly convoluted and requires a team of trained experts (plus compensation reflective of their work).

Cloud RADIUS: A Third of the Cost of On-Premise

Thousands of customers are moving away from implementing and managing their own RADIUS server for a cloud-based option. Cloud-based RADIUS solutions succeed where their on-prem and FreeRADIUS counterparts fail: easy implementation, cost-effective, and strong security measures.

 Cloud RADIUS pricing saves an organization thousands of dollars because it’s less than a third of the cost of the equivalent on-premise servers. There are no hardware and associated costs and no physical installation required. The IT department is relieved of the time-consuming labor involved with the implementation and management of the servers. There’s also no man-hours or training required for maintaining the server, critical as the RADIUS server can never go down.

This is why SecureW2 created Cloud RADIUS, a turnkey RADIUS solution that can be implemented into virtually any environment because it works with all major SAML and LDAP Identity Providers like Google, Okta, and Azure. Designed from the ground up for certificate-based authentication, it eliminates the risk of sending credentials over the internet and eliminates the risk for credential theft.

Cloud RADIUS comes with all the benefits of cloud computing, including 24/7 availability and built-in redundancy to easily handle large onboarding events. Along with the benefits of being in the cloud, Cloud RADIUS is more scalable than on-prem alternatives, making it easy to expand your network’s capabilities if your business grows.

Security and user experience are bolstered by Cloud RADIUS because it performs digital certificate-based authentication and comes setup with SecureW2’s Managed Cloud PKI. Our PKI gives admins the ability to effortlessly deploy WPA2-Enterprise with 802.1x authentication, the gold standard for wireless security. Everything you need for certificate-based authentication can be set up in under an hour!

Cloud RADIUS is the Most Cost-Effective RADIUS Solution

Overall, the answer to the title of the article is “it can be really expensive!” The market is filled with really complex RADIUS Servers, mostly designed for legacy on-premise environments. That’s why we use a Cloud-hosted RADIUS server. Cloud RADIUS is a safe, flexible, and affordable solution that relieves sysadmins from the confusion and labor-intensive implementation of configuring FreeRADIUS and the overpriced and underperforming on-prem RADIUS. If you work for a large or niche organization, you might be able to justify the large startup costs and continual maintenance of on-prem RADIUS servers.

Otherwise, choose Cloud RADIUS, which offers far more versatility and scalability, can be set up in under an hour, and doesn’t require a team of trained professionals. This ends up making SecureW2’s Cloud RADIUS server the most affordable and efficient solution.