Internet service providers (ISPs) and corporations maintaining remote access service for their employees are faced with the increasing challenge of managing all remote access from a single point of administration — regardless of the type of remote access equipment employed. The RADIUS standard supports this functionality in a homogeneous, as well as heterogeneous environment. RADIUS is a client-server protocol, which enables remote access equipment acting as RADIUS clients to submit authentication and accounting requests to a RADIUS server.
The RADIUS server has access to user account information and can check remote access authentication credentials. If the user's credentials are authentic and the connection attempt is authorized, the RADIUS server authorizes the user's access based on specified conditions and logs the remote access connections as accounting events.
The use of RADIUS allows the remote access user authentication and authorization and accounting data to be maintained in a central location, rather than on each network access server (NAS). Users connect to RADIUS-compliant NASs, such as a Windows 2000–based computer that is running the Routing and Remote Access service, which in turn, forward authentication requests to the centralized IAS server.
For more information about the RADIUS protocol, see RFCs 2138 and 2139.
IAS also allows companies to outsource remote access infrastructure to ISPs while retaining control over user authentication and authorization, as well as accounting.
Different types of IAS configurations can be created for using Internet technology, such as:
Dial-up access to your network.
Extranet access for business partners.
Outsourced corporate access through service providers.
A company might need to make certain resources on its network available to other companies with which it has partnership agreements. IAS can be used to limit partner access to the corporate network resources, based on restrictions defined for each partner.