Microsoft’s Network Policy Server (NPS) is a AAA RADIUS server that can be used for a variety of network connections. Most often, NPS is used for wireless authentication, dial-up, and VPN connections.
Organizations looking to strengthen their network security often turn to RADIUS servers to help with authentication. However it’s important to be aware that not all RADIUS solutions are created equal. In this article we’re going to look into NPS as an authentication solution and see where it may fall short.
What Is NPS?
NPS works under Windows Server, the operating system for large scale enterprise servers. along with Active Directory (AD).
Organizations that used Active Directory for 802.1X authentication often used NPS concurrently. It is commonly accomplished using EAP methods, such as PEAP-MSCHAPv2 or EAP-TLS, because these can be configured to use server certificates. NPS was originally intended to make integrating AD with network add-ons, such as VPN, much easier.
The Issues With NPS
The main issue that NPS has is that it is generally an on-premise RADIUS solution. Organizations who want to manage cloud-based resources will undoubtedly need additional network add-ons as well as a reliable IT department with some spare time. This is a significant issue organizations face when they want to move their AD to the cloud and use Azure while still supporting 802.1x. This isn’t even mentioning the extreme cost that goes into building physical servers. Services that organizations need to pay with on-premise servers include, but are not limited to:
- Software acquisition
- Licensing fees
- Scalability for user growth
- Hardware infrastructure
- Creation and management of group policies
- Certificate Revocation Lists management
- Certificate lifecycle management
- Personnel training
In total, it’s not out of the question to spend hundreds of thousands of dollars for an on-prem NPS server.
If you want to operate NPS in a cloud environment, you need to use it as a RADIUS proxy and combine it with a cloud-based RADIUS solution. A user would first send their authentication to the Cloud RADIUS and then the request would be forwarded to NPS for final authentication. This is an inefficient solution because it requires unnecessary steps for the same level of authentication.
Another issue with NPS is the fact that Microsoft’s products tend to only integrate smoothly with other Microsoft products. If your environment has devices with a number of different operating systems, NPS simply isn’t the solution for you.
SecureW2’s Azure RADIUS Solution
If you want to use Azure with a certificate solution, you are not limited to NPS. SecureW2 provides a solution that can seamlessly move your AD infrastructure to the cloud. Even if you have a non-Microsoft environment, SecureW2’s CloudRADIUS can integrate with any network infrastructure.
CloudRADIUS is one of the world’s most secure servers, and it comes with a user friendly certificate onboarding service that can integrate with AD CS and provision server and client certificates for authentication
SecureW2 provides all the necessary tools to deploy a certificate-backed network, including a turnkey PKI solution and JoinNow onboarding software. Users of JoinNow can manually configure their own certificates on any device in only a few clicks. This takes care of all the headaches usually associated with certificate distribution and will undoubtedly lead to less support tickets for your IT department.
Cloud-based RADIUS Authentication In An Any Environment
Using Microsoft NPS for RADIUS authentication requires specific tools and skills to get the job done properly. Not to mention a large amount of money and a skilled team of PKI professionals.
SecureW2’s CloudRADIUS is a vendor-neutral solution that can authenticate any network device and ensure your network is secure. JoinNow takes care of any provisioning issue you might be worried about. Check out our pricing page to see if our cost-efficient solutions can fit your organization.