RADIUS Authentication

miniOrange implements RADIUS protocol depending upon business scenarios using Side-By-Side, Include & Extend and Custom RADIUS

RADIUS AUTHENTICATION

RADIUS (Remote Authentication dial In User Service) is a networking protocol that provides client authentication, authorization, and accounting for the network. RFC standards 2865 and 2866 describe the RADIUS accounting, respectively.

RADIUS protocol is implemented by a number of severs including Free RADIUS, Steel Belted RADIUS etc.

A strong authentication server is one that protects applications and other network resources like Virtual desktop Infrastructures and Cisco VPN's etc.

It supports various authentication methods like password based, one time password etc.

If any RADIUS server is installed (to protect the access to a network) side by side to a strong authentication server (to protect the access to network resources), then it would be advantageous to integrate these two servers so that the end user can access the resources he needs by signing on once(Single Sign-on or SSO).

How does RADIUS Authentication work?

miniOrange can configure our Authentication product in three possible ways with your RADIUS server.

  • Side by Side - Use an existing RADIUS server and configure it Side by Side to delegate authentications to your Authentication Server

    • PROS: Quick Turnaround compared to other options. Use existing RADIUS implementation Supports PAP, PAP with a Shared Secret, EAP-TLS

    • CONS: Messy Configuration Heavy footprint

  • Include and Extend - Use an existing RADIUS server and an existing extensible mechanism to delegate authentications to your Authentication Server

    • PROS: Better design than above, supports PAP, PAP with a Shared Secret, EAP-TLS

    • CONS: Heavier footprint than above

  • Custom RADIUS - Implement a custom RADIUS implementation and delegate authentications to your Authentication Server

    • PROS: Best Design, Very lightweight Supports PAP, PAP with a Shared Secret, CHAP, MSCHAP, EAP-TLS

    • CONS: Complex implementation

Recommendation - Depending on our Business Case, Go with a staged approach where we do option 1 or 2 in the short term and explore Option 3. In the mid to long term, implement Option 3.


RADIUS Integration with Active Directory

miniOrange has a lot of experience in implementing RADIUS Protocol and depending on Business Scenario can evaluate and implement one of these three options :

  • Side by Side

    Use an existing RADIUS server and configure it side by side to delegate authentications to your Authentication Server which can be an option to turnaround quickly and supports Supports PAP, PAP with Shared Secret , EAP-TLS but this option leads into not so easy configuration set up

  • Include and Extend

    Use an existing RADIUS server and an existing extensible mechanism to delegate authentications to your Authentication Server leads to better design which also supports Supports PAP, PAP with a Shared Secret , EAT-TLS but is heavier footprint than above option

  • Custom RADIUS

    Implement a custom RADIUS implementation and delegate authentications to your Authentication Server - This is a complex but best design and very lightweight implementation It also supports Supports PAP, PAP with a shared secret, CHAP, MISCHAP, EAP-TLS SAMPLE USE CASES Strong Authentication Server and RADIUS integration can be done in the context of the following two use cases:

    • An end user wants to access his Virtual Desktop using VMware view which is protected by a RADIUS Server which in turn delegates all the authentication requests to your strong Authentication Server

    • An end user wants to access a Virtual Private network using Cisco VPN which is protected by RADIUS server which in turn delegates all authentication requests to your Strong Authentication Server.