This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

XIQ: using 802.1X-TLS in a enterprise SSID with a certificate stored in cloud (XIQ)

XIQ: using 802.1X-TLS in a enterprise SSID with a certificate stored in cloud (XIQ)

Volker_Kull
Contributor

‎11-04-2020 03:35 PM

In XIQ we have the possibility to use the cloud authentication service where accounts stored in a DB in the XIQ. Why not using a central cloud stored certificate from a private or public PKI to authenticate users/devices with enterprise SSIDs ?

Currently you will need a external radius server only for checking the certificates.

 

br

Volker

0 Kudos
3 REPLIES 3

AlexN
Extreme Employee

‎12-04-2020 04:51 PM

That one is really good, I’m only thinking where to stick it in - XIQ or Extreme Guest Essentials ? But that’s rhetoric question, let me figure it out inside..

BTW RaaS based on RadSec isn’t really insecure, as TLS authentication there is mutual.

Best regards/Un saludo
Alex

Volker_Kull
Contributor

‎12-02-2020 10:02 AM

Hi Alex,

With XiQ we can use several internal (cloud based) authentication sources (guest users, PPSK accounts and users in a XIQ cloud DB which we can match to a 802.1X-PEAP profile). Making life easier and more secure for the customers we want to use this existing internal 802.1X authentication feature to expand this for 802.1X-TLS authentication and use a certificate stored in XIQ for authenticating devices. The goal is to limit the external interfaces like Radius for a simple TLS authentication.

With a cloud only strategy at the customer need to use a cloud based RaaS but with unsecure Radius protocol. This is not secure and difficult to manage: which AP/switch will communicate with RaaS, redundancy, content of response,…

With that this will be a unique selling point.

br Volker

0 Kudos

AlexN
Extreme Employee

‎12-02-2020 09:16 AM

Hi Volker,

 

but what prevents you from using cloud-based RADIUS server? Azure, for instance, provides such option via Azure AD directory services and/or NPS VM in their cloud.

XIQ is not an Identity Provider/catalog itself. Yes, it provides some identity storage capabilities for simple cases, but there is no intention to turn it into full-fledged cloud IdP.

So I would suggest using integration capabilities of our Cloud solutions to “marry” them with external IdPs, which can be either on-prem or cloud-based. 

Best regards/Un saludo
Alex
0 Kudos
GTM-P2G8KFN