The Best RADIUS Solution For AWS

We’re going to explore how to best control and manage AWS authentication through RADIUS solutions.

Amazon Web Services (AWS) is Amazon’s solution to Cloud computing. In reality, the Amazon product provides many different services including servers, storage, networking, remote computing, email, mobile development, and security. AWS is so large and present in the computing world that it’s far outpaced its competitors. As of February 2020, one independent analyst reports AWS has over a third of the market at 32.4%.

Jeff Bezos is quoted comparing AWS to power utilities: “You go back in time a hundred years, if you wanted to have electricity, you had to build your own little electric power plant, and a lot of factories did this.” Essentially, AWS provides consumers with the ability to pay for the amount of computer infrastructure on an as-needed basis. 

This new change in mindset allows organizations to worry less about costly on-prem infrastructure and computing power and instead focus on their businesses growth. It’s a simple, cost-effective, and efficient solution to an expensive problem.

While AWS comes with a host of different applications, it’s not without its difficulties. There are a number of factors that affect proper management of AWS cloud servers. In this article, we’re going to explore how to best control and manage AWS authentication through RADIUS solutions.

Can I Use AWS While Using NPS?

Microsoft’s Network Policy Server (NPS) is a AAA RADIUS server used for a number of different types of network connections. It can be used for wireless authentication, VPN connections, dial-up, and more.

But as organizations continue to move to cloud-based operations, NPS has become a less favored solution. NPS and Active Directory (AD) do not come inherently with a cloud solution, so choosing the right add-on solution to enable cloud-based authentication is key. 

In order to operate NPS in the cloud, you need to combine Windows NPS as a RADIUS proxy with a cloud-based RADIUS solution. A user would send their authentication request to the cloud RADIUS, and in turn, it would be forwarded to NPS for final authentication. 

This process requires specific configuration of RADIUS policies to match NPS. Settings such as the EAP method, which Event Logs to record, the network adapters that authentication requests would traffic, and more. Once configured, users would send their authentication requests to the cloud-based RADIUS and it would be authenticated securely with Microsoft NPS.

While this solution leaves a lot to be desired, here is a link to a complete guide if you are still interested. 

Building a RADIUS Server with FreeRADIUS

FreeRADIUS is one of the most widely used open-source RADIUS servers available. The benefits of FreeRADIUS can be summarized in 4 points:

  1. It’s the most popular RADIUS server in the world for a reason; It works like a charm.
  2. It is a no cost solution and it’s Open Source.
  3. It’s multithreaded, so it can process more than one transaction at a time.
  4. There are no license expenses, meaning that it costs the same to authenticate one device as it does hundreds.

That being said, it can be difficult for admins with little RADIUS experience to set up FreeRADIUS. It can also be difficult for organizations that have unique use cases to configure and customize FreeRADIUS. 

Here is a guide for integrating FreeRADIUS with MFA to AWS. Immediately, you’ll notice the high level technical skill you need to properly configure FreeRADIUS. So the question remains, which RADIUS solution is best for efficiency and security?

Configuring Cloud RADIUS with AWS

SecureW2’s Cloud RADIUS is the most advanced RADIUS solution to date. Our team has designed Cloud RADIUS to seamlessly integrate with any network infrastructure while also providing an easy-to-use certificate onboarding service. If you want a set and forget RADIUS solution while still maintaining bulletproof security, Cloud RADIUS is for you.

Our turnkey PKI solution and JoinNow onboarding software allows users to manually configure without the risk of any onboarding misconfigurations. JoinNow allows users to self-configure their devices for certificates in minutes. The process involves only a few clicks, and once completed, the user is equipped with a certificate and can be immediately authenticated. Our solution makes working with any IDP a breeze.

With our Dynamic Policy Engine, everytime a user is authenticated for network access, admins can enforce network policies in real time. Cloud RADIUS automatically checks user status, what groups they’re in, if they’ve changed departments, and ties them to custom network policies created by administrators in our easy to use management system. You gain all the benefits of historic LDAP authentication with none of the risks associated with credential-based authentication.

With SecureW2, you can have a secure network set up in a matter of hours that easily integrates with your AWS infrastructure. Check out our pricing page to see if our solutions can help secure your network.

Eytan Raphaely

Eytan Raphaely is a digital marketing professional with a true passion for writing things that he thinks are really funny, that other people think are mildly funny. Eytan is a graduate of University of Washington where he studied digital marketing. Eytan has diverse writing experience, including studios and marketing consulting companies, digital comedy media companies, and more.

Related Post