Operating an Online RADIUS Server

While operating a network in the cloud is a growing trend for it's efficiency and security benefits, it's vital to choose infrastructure that was built FOR the cloud instead of just being able to operate in the cloud.

An ongoing trend in nearly all networking fields is the continual push to host more network infrastructure in the cloud. This migration isn’t the straightforward process many might expect; not all cloud technologies are compatible with one another and operate harmoniously with on-premise framework. 

Specifically, configuring a RADIUS server that operates smoothly with cloud infrastructure is not the easiest task. This is compounded when integrating a cloud RADIUS as not all vendors are created equal. There’s a significant difference between a RADIUS that can operate in the cloud and a true blue Cloud RADIUS.

Cloud RADIUS vs. RADIUS in the Cloud

Technically speaking, any RADIUS can be set up to operate in the cloud. It can be configured to communicate with cloud infrastructure through a proxy, combined with 3rd party technology to operate it through the cloud, or a number of other options. It’s far more important to consider what the server is built for and what network setup will maximize its overall efficiency and security.

For example, Microsoft’s NPS is traditionally an on-premise RADIUS server that has been outfitted to operate with a cloud network. It is a highly effective RADIUS server for Microsoft devices, but it does not natively work with the cloud. 


If an organization wants to operate their NPS server in the cloud, they are required to add a number of 3rd party additions. Essentially, this allows NPS to work as a proxy RADIUS that is fed authentication requests through an intermediary. The question IT leaders should always be asking is, “Is this the most efficient solution?”

The system isn’t exactly perfect as it requires a lengthy configuration process and significant upkeep overtime, even after all this set up, it’s an incomplete system. The fatal flaw is the lack of a proper cloud management portal to manage network users and monitor authentication events throughout the RADIUS’ operation. Linked here is a guide demonstrating how NPS can be configured with Azure for cloud authentication. The guide highlights the complexities of the set up process and the limited scope of its functionality.

Cloud RADIUS with SecureW2

SecureW2’s Cloud RADIUS is a fully functional cloud RADIUS designed to integrate with any network infrastructure and comes with a robust management portal. The result is full network control for admins. It enables user group assignments, unique policy settings, management of the entire certificate lifecycle, oversight over all authentication events, remote troubleshooting of any authentication issues, and more. If you’re looking for secure authentication, or want to upgrade from credentials to certificates, SecureW2 provides everything you need to launch a secure certificate-based network. 

Additionally, our Cloud RADIUS enables dynamic communication between the RADIUS and IDP for enhanced management of certificates. Traditionally, once a certificate is issued to a user, it is static and cannot be changed for security reasons. But this can become a problem for overall efficiency, such as in the case of an employee needing new network permissions as the result of a promotion. They will need access to different resources, so in the past, they had to be issued new certificates for every device. 

Dynamic Cloud RADIUS allows for direct communication with the IDP, so when a user authenticates, it checks the validity of that user in the IDP. The updated IDP identity can be edited to allow access to different resources based on policy settings. 

Authenticating via RADIUS is an effective authentication security tool, but it is only as effective as the tools it is surrounded by. If you’re authenticating with credentials rather than certificates, or using a proxy to enable your cloud network, it’s likely your network is operating with a less than ideal configuration. Check out SecureW2’s pricing page to see if our Cloud RADIUS solutions are the right fit for your organization’s transition to cloud networking.

Eytan Raphaely

Eytan Raphaely is a digital marketing professional with a true passion for writing things that he thinks are really funny, that other people think are mildly funny. Eytan is a graduate of University of Washington where he studied digital marketing. Eytan has diverse writing experience, including studios and marketing consulting companies, digital comedy media companies, and more.

Related Post