What can one do with RADIUS on a CS141/BACS?

RADIUS (Remote Authentication Dial-In User Service) is widely used in modern IT. This service makes it relatively easy to authenticate and authorize users wishing to log into a network from a location outside the network itself. As such, RADIUS can also be used, for example, if you want to bill certain services according to usage time (accounting), or manage company WLAN access in a quick and efficient manner.

For the CS141/BACS, RADIUS primarily plays a role in dynamic password management or direct network access based on LAN access. A CS141/BACS offers central user management via dynamic password management and displays exactly the menus that an administrator has intended for the user.

RADIUS with CS141/BACS – What are the basics?

Normally, a given device has its own administrative access in the network. There are no limits to access options -- depending on the device, distinct user credentials can be created for technicians, administrators, OPS, and so on. 
With a larger team of technicians, 3 users can mean up to 80 individual user names/password combinations that have to be maintained manually, even with 20 devices. If 2 colleagues leave the team and a new colleague comes in, this can quickly cascade into:

• 20 Logins with the administrator acount
• 40 Users to delete (on account of the two departing colleagues)
• 20 Users created with password, etc. (1 new colleague)
• Additional time and effort required for the login and navigation as necessary for the new user dichotomy.

Such efforts can keep an administrator busy for quite a while - and that's not even many users, compared to what might be required for larger IT infrastructures! One can quickly imagine that this micromanagement will not work with a medium-sized corporation with 800 - 1200 employees, access controls, external consultants and consulting firms, etc…

How can RADIUS improve such a scenario?

In a well-configured RADIUS environment, with the exception of a local administrator, the end device no longer needs to facilitate its own users in its own localized database; instead, it utilizes an authentication service to which it can in principle delegate login functionality. Depending on the device, it is a question of whether someone is allowed to log on via WLAN, for example, and then gain access to certain network resources, or if the user wishes to log directly onto a device, the device then requests authorization from the RADIUS server.

This makes things manageable for both the administrator and the user: Depending on the level of autonomy or categorization of services the administrator may only have a single list which is automatically distributed to the corresponding user groups. Accordingly, the centralized administration of users and passwords facilitates the simplified care of the active users in a network. For the technician or office worker, they would only need their personal username and password; their access level and associated network resources are aligned over the RADIUS server automatically as accords with the distinct login credentials.

The CS141/BACS device is able to be fully integrated within a RADIUS Server-driven infrastructure

The CS141/BACS fully supports the central management of a username and password authentification system as well as the assignment of a specific menu share via RADIUS with its share level based upon a defined user role or set of user roles. As a result, administrators are able to individually adapt access to the CS141/BACS as an integrated cog within their network.