Driven by mobile and BYOD, the scale, complexity, and importance of enterprise WiFi networks is increasing dramatically. A well-architected, multifaceted access security infrastructure is an essential element of every enterprise WiFi deployment. This infrastructure typically must support the following functions:
- Authentication, to ensure that only authorized users gain access to the network
- User and device authorization, to configure the appropriate level of access and security for network clients
- Security, to prevent attacks on user credentials and data
In addition, these new WiFi requirements should ideally integrate into the network’s existing access management systems and architecture, to ensure administrative simplicity.
Enterprise scale WiFi deployments demand an authentication infrastructure capable of handling requests from a large number of users, accessing the network from geographically distributed locations, with different credentials, access rights, and security requirements, and via access gateways from a variety of vendors.
User and Device Authorization Requirements
In addition to a robust authentication infrastructure, enterprise WiFi networks typically must support different access levels, according to who (or what) is connecting. Employees, guests, and even IP-enabled devices must be able to gain access to the network, but each necessarily has different security requirements and access rights.
Best practices for WiFi access to enterprise LAN applications mandate the use of WPA2 Enterprise and 802.1X-based security; in addition, WPA2 and 802.1X are considered essential for securing WiFi access in healthcare (HIPAA), financial services (SOX), and other regulated environments. Captive Portal with Sign-on Splash is often used to enable guest and customer access to networks.
With its ability to centrally manage user authentication, authorization, and accounting, a RADIUS server is an integral component of an enterprise WiFi network. Cloudessa RADIUS is uniquely capable of handling the security and manageability requirements on these networks, for the following reasons:
- It supports industry-standard WiFi security, as well as lower-security guest access – Cloudessa RADIUS provides full support for the 802.1X security protocols that ensure authentication and session security, as well as captive portal solutions that permit customers or guests to access a restricted area of the network with less strong security requirements.
- It’s simple to administer – Cloudessa RADIUS is a multi-vendor RADIUS solution that supports your existing network access gateways. In addition, it authenticates WiFi users against the user data stores already in place on your network, including Active Directory, LDAP, SQL or Google user stores – with no manual re-entry of data required.
- It’s available as a public cloud service, or for installation on a virtual machine. Use or deploy Cloudessa RADIUS in the way that makes sense on your network:
- Use the hosted Cloudessa RADIUS service in the public cloud, where you can take advantage of a shared multi-tenant infrastructure. You enjoy the cost savings and management simplicity of RADIUS-as-a-Service, while critical user data stays under your control.
- Deploy Cloudessa RADIUS as a Virtual Appliance running on a distributed basis in a Private Cloud, Enterprise Data Center, or individual or regional locations. For enterprises who wish to keep RADIUS completely on-site and control service availability, this provides a cost-effective, WiFi-appropriate alternative to legacy RADIUS servers.
- It’s built on the market-proven FreeRADIUS code base – Cloudessa RADIUS is a time-tested RADIUS solution, based on code that is already deployed on thousands of servers around the world.
- It’s not just for WiFi – Cloudessa RADIUS is capable of authentication access requests not only from WiFi access points and gateways, but also VPNs, firewalls, and other access gateways. Use it to manage and secure all access to your network.
The following diagrams illustrate how Cloudessa RADIUS integrates into a typical WiFi network infrastructure.
Reference Architecture: Enterprise WiFi with WPA2 / 802.1x Security
Reference Architecture: Multi-homed Enterprise WiFi, secured via Cloudessa RADIUS Service