Securing a network with RADIUS and a VPN

What are components and cost (initial and ongoing) involved in setting up and maintaining a RADIUS Server and a Virtual Private Network on a wireless network?

What are components and cost (initial and ongoing) involved in setting up and maintaining a RADIUS Server and a Virtual Private Network on a wireless network?

-- Michelle Terrelonge

This is not a simple question. Your costs, both initial and ongoing, will depend on the size of your network, the number of users serviced by this configuration and whether you choose commercial or open-source options for the RADIUS and VPN systems. Open-source obviously cost nothing upfront, leaving you only with the costs of hardware. But don't forget to factor in the hidden costs of open source - including your time for diagnosing and fixing problems (unless you find a commercial vendor that supports your applications).

As to the RADIUS server, you may have several options, depending on what operating systems are on your network. Windows has an Authentication service available on Windows 2000/2003 that can provide most, if not all, of the functionality of a RADIUS server. This may be easier to implement than bringing up a Linux RADIUS server if you don't have a lot of experience working with Linux or cheaper than buying a commercial RADIUS server software package. One thing to think during your evaluation is what are you looking to accomplish with implementing a RADIUS Server and what systems you are looking to integrate/interface.

The two main options for a VPN are an SSL-based VPN setup - which uses a Web browser to access a network - and a conventional VPN configuration, which requires a VPN client. The latter is good if you know exactly how many users will need to access your network because commercial VPN products typically carry a per-user licensing fee.

However, you can look at using open source here as well. You may find that you have to assemble serveral different pieces written by different authors to get a functional system. Keeping track of the different patches that may need to be applied over time and figuring out how to fix things may take more time than you would think. If you can tolerate some downtime when working on things, then the potential costs savings with open source may be worth considering. If you need to have little to no downtime when there are problems and help in getting support quickly when you do have problems, you may want to limit your choices to the commercial offerings.

I know that it seems like I may not have answered your question directly. Your question is broad enough that there isn't a simple "look up it up on the chart" response. What may be best for you may be the entirely wrong solution for another company. It is a good ideal to reevaluate your choices on a periodic basis. It is possible that an open-source option may be an option worth considering later on once you have substantial experience with the Commercial offerings for both of the items you have questioned here. Even though you could save money with the open-source options, you may have less hidden costs in terms of ongoing support and keeping things running when patches appear to go awry.

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.
Now read: Getting grounded in IoT