Network administrators are recognizing the importance of moving away from using WPA2/WPA3 pre-shared key (PSK) on their Wi-Fi networks and embracing 802.1X authentication. Shared Wi-Fi passcodes are easily obtained by attackers, enabling them to launch attacks against your IT systems and steal credentials or other valuable information over the air.
Savvy admins know 802.1X requires a RADIUS server, often integrated with cloud identity providers like Microsoft Azure AD/Entra ID, Google Workspace, or Okta. And seasoned admins will be familiar with the venerable FreeRADIUS, a free and open-source RADIUS server that has been around for decades.
It’s tempting to embark on a project to install, configure, and maintain your own RADIUS server using FreeRADIUS or other open-source software. Unfortunately, as many Foxpass customers have learned, free software doesn’t mean no or low cost.FreeRADIUS Doesn’t Mean Free or Low Cost
Unlike setting up a Linux distribution or issuing a package install command for one of the popular software packages, deploying and configuring FreeRADIUS is a complicated operation. There are many knobs to twiddle and configuration files to tweak. The power of FreeRADIUS lies in the rich set of capabilities it has accumulated over decades, plus the multitude of scenarios and esoteric setups it can support. However, the number of experts well-versed in FreeRADIUS is limited. For the high-end deployments that telecom carriers, ISPs, or Fortune 500 organizations need, the team behind FreeRADIUS offers custom consulting.
However, for most customers, bringing up your RADIUS server can take longer than expected, and incorrect configuration can leave your network vulnerable. For these organizations, we suggest looking at cloud-hosted alternatives like Foxpass RADIUS. Foxpass leverages the proven and trusted FreeRADIUS engine but offers a fully managed, expertly maintained, and closely monitored secure cloud-based alternative to DIY.The True Cost of DIY RADIUS
Our experience with many customers indicates that procuring the underlying platform (on-premises or in the cloud), installing, and configuring your own RADIUS server takes between 2-4 weeks for a skilled system administrator with a strong directory background paired with a network engineer familiar with Wi-Fi and switching. After the initial setup, there’s an ongoing half-day to a day per month to maintain the underlying server, operating system, supporting libraries, and the RADIUS server itself.
Let’s add up the underlying costs:
At $75-100/hour each for US-based system administrators and network engineers, setup costs $12,000 to $16,000 (assume two weeks on the low end).
Add another week to train a backup system administrator (to step in when the assigned administrator isn’t available) post-setup at $3,000 to $4,000.
Annually, ongoing maintenance costs run $7,200 to $9,600, assuming half a day each from a system administrator and network engineer per month to manage, patch, and update the RADIUS service and platform.
Cloud server costs (two servers for high availability and a load-balancing service) on a cloud infrastructure-as-a-service (IaaS) platform runs between $1,600 to $3,200 a year, including computing, database, storage, load balancer, managed DNS, reserved IP address, and monitoring software costs.
The above estimate does not include any additional software licenses, certificate costs (or cost of a managed PKI service), or the effort to perform periodic system upgrades when major new software or operating system releases are available. Assuming those happen annually and take a week of effort from the system administrator and network engineer, each adds another $6,000 to $8,000 yearly.
If the customer chooses to run and host their own self-hosted PKI, that could add another $1,600 to $3,200 a year to host the PKI infrastructure without taking into account the setup and maintenance costs. Likewise, there’s additional development overhead to integrate the RADIUS and PKI infrastructure with an existing MDM solution if needed.
There are also additional costs to maintain compliance, provide security vetting, and provide 24x7 service monitoring. Even ignoring those and not factoring the PKI or MDM components, we already have the following costs:
Fundamentally, free software doesn’t translate to low or no-cost configuration, deployment, and maintenance.Foxpass Saves Time, Money, and Provides Peace of Mind
Instead of taking the uncertain path of setting up a DIY RADIUS server and burdening internal teams with learning an esoteric system that they are unfamiliar with, we suggest subscribing to a cloud-based RADIUS service like Foxpass.
The Foxpass RADIUS Proposition
Plug and Play: We handle the heavy lifting, allowing you to achieve fast time-to-value and secure your network in minutes, not weeks or months.
All-Inclusive: Our service includes high availability server infrastructure, security updates, monitoring, and user management, eliminating your annual upkeep.
Seamless Integration: We seamlessly integrate with your existing directory services, including G Suite, O365, Okta, and OneLogin. Plus, your favorite MDM systems like Microsoft Intune, Kandji, Mosyle, or JAMF.
Security First: We protect your data with best-in-class encryption in flight and at rest and perform regular security audits.
Robustness and Confidence: We’ve designed Foxpass RADIUS with no single point of failure. Our dedicated team of RADIUS specialists ensures uninterrupted service 24x365 globally. And we provide customers with a 99.99% uptime guarantee.
Foxpass customers love the product and our award-winning customer Service:
Secure Your Wi-Fi Today with a Free Foxpass RADIUS Trial
#1 in G2 Crowd: It’s not us saying how great we are; see what customers say: we’re rated #1 in every PAM subcategory, including customer service.
24/7 Support: Expert help is a click or call away. No more racking your brain when you need assistance.