• United States

RADIUS One for remote authentication

Mar 08, 20043 mins
Access ControlEnterprise Applications

* Infoblox RADIUS One server

A few years ago in my Windows Networking newsletter, I praised Infoblox’ DNS One server product, a “black box” appliance that combines hardware, Linux and a DNS server. I quoted founder and CTO Stuart Bailey as saying: “DNS One is so easy to install that a junior network administrator can have it up and running in 10 minutes or less.”

DNS One didn’t seem like the sort of appliance I should be pointing out to you, dear readers, who strike me as the sort of folk who re-do their DNS database as a rainy-day fun activity. But it is a neat product you can point out to your less technically-inclined fellow network managers.

I was less impressed when Infoblox rolled out its LDAP One server, although it did make some sense for organizations without a directory service (such as Linux shops) or with a non-standard implementation (such as many Windows-based networks).

Now, though, there’s another Infoblox black box that I believe does deserve your consideration: RADIUS One server. The Remote Authentication Dial-In User Service (RADIUS) was developed (and named) when most organizations still used dial-up as their major means of access (before the days of cheap IP connections, at least relatively inexpensive ones). As an IETF standard for remote access, though, RADIUS continues to be important to a well-designed (and well-protected) network.

Network World Fusion’s encyclopedia ( tells us that RADIUS server software includes three parts:

* An authentication server.

* Client protocols.

* An accounting server.

These pieces can all run on one machine or on separate ones outfitted with different operating systems. It works by having a user dial in to a remote access server and pass logon name and password information to it. The information is forwarded to a RADIUS authentication server that validates the user and returns the information necessary for the access server to initiate a session with the user.

Infoblox can combine all of these functions within the RADIUS One server, or it can work with a separate LDAP One server (for authentication) or even some third party server. But Infoblox suggests that security needs are best met when everything runs on one server, the RADIUS One box. As its marketing materials put it: “Infoblox’s secure appliance approach (no open ports or user accounts and one-button upgrades) ensures that customers wishing to deploy RADIUS One outside the firewall don’t need to take any special security precautions.” Plus, just like the DNS One appliance, any junior network administrator can have it up and running in 10 minutes or less.

Remote authentication is important to your overall identity management scheme. RADIUS could be important to your remote authentication and, if so, Infoblox’ RADIUS One device could be just the tool you need.