A case study on how Network RADIUS were able to assist a client to increase the stability of their RADIUS proxy system. We were able to reuse common configuration, maintain existing capabilities and make proxying more robust. A faster failover and more reliable system helped lower ongoing costs and increase revenue.
Project description
A client had a legacy system that used multiple RADIUS servers to proxy requests to different destinations. Each RADIUS server implemented a set of policies and was configured with all of the home servers. This duplication of information resulted in overly high maintenance costs.
How we solved it
Our approach
When the customer upgraded to our product, they had the choice of continuing to use multiple RADIUS servers or replacing them with one server and an updated configuration. In the case of the multiple RADIUS servers, our product was able to retain the existing capabilities and also to reuse the common configuration. This reuse would lower the ongoing costs.
The customer chose to replace the multiple RADIUS servers with one server. This one server implemented all of their policies in “walled gardens” that could not affect each other. This one server also performed all proxying to all home servers.
The results
One side-effect of this approach was that proxying became more robust. Instead of each server making fail-over decisions independently, the “one server” approach allowed information to be shared across each “walled garden”. This approach resulted in faster fail-over when there was a problem and faster fail-back when the home servers returned to service.
The result that was visible to the end users was fewer problems logging into the network. This result translated into higher end-use satisfaction and fewer support calls.
With their end users happy, our customer was happy. Upgrading their legacy systems increased their revenue and their profit.
Need more help?
InkBridge Networks has been at the forefront of network security for over two decades, tackling complex challenges across various protocols and infrastructures. Our team of seasoned experts has encountered and solved nearly every conceivable network security issue. If you're looking for insights from the architects behind some of the internet's most foundational authentication systems, you can request a quote for network security solutions here.
Related Articles
Email addresses are primary user identifiers?
There is a lot of advice out there that email addresses are not identifiers. Even Internet2 has a document explaining why email is not an appropriate user identifier. What does this mean for RADIUS, especially since RFC 7542 allows using email addresses as identifiers? Speaking as the author of RFC 7542, I think I can help you.
IETF Bangkok 122 recap: What we're doing to advance RADIUS standards
I've recently returned from IETF Bangkok, the Internet Engineering Task Force (IETF) 122 meeting, where I spent a week working with implementers, operators, and standards authors who are defining the future of RADIUS and other network protocols.