Firewalls typically separate the VPN server from the RADIUS server and the Internet. In most cases, multiple RADIUS replica servers are configured with a primary server for load balancing and failover. Additional RADIUS clients may also be configured, for example, as multiple wireless access points in strategic locations throughout a site. These details are somewhat hidden from administrators because most routine administration is applied to a primary server that replicates some of those changes to replica servers.
Some administration operations that are performed less frequently require administrators to know about replica servers for failover, disaster recovery, and other system maintenance purposes.
Remote users with direct Internet connections can access network resources using a RADIUS-enabled VPN server. Remote users without direct Internet connections can connect using telephone lines and dial-in modems connected to a RADIUS-enabled network access server. Wireless users can access the network over RADIUS-enabled wireless access points.
For all of these access methods, RADIUS provides the following capabilities:
Fine-grained access controls that allow administrators to tightly manage individual user access, restricting users to a specific network access device, session length, IP address or range, or other restriction.
Comprehensive and flexible accounting that allows administrators to tailor event log data to meet specific needs, whether in support of Sarbanes-Oxley or any other auditing requirement. You can save your log data to a flat file.