Mitigating Latency and Downtime in branch offices with Distributed Authentication

Share Post

Just about everyone can identify with the frustration caused by poor Wi-Fi connectivity at home or a downed Internet connection. What's worse than not being able to access what you want when you need it?  Imagine a connectivity problem at your branch office when upper management at HQ is expecting results, and you cannot do your job.

When RADIUS servers were initially implemented for secure authentication, the thought of authenticating users in branch offices was not top of mind for network architects, so in many cases, the servers were located at HQ. IT definitely did not foresee the number of device authentications grow significantly due to the BYOD phenomena in the branch as well.

In this centralized architecture, the supplicant would have to pass credentials all the way through to the authentication server in the main HQ over the WAN. As a result, enterprises with branch offices often had difficulties authenticating users in a timely fashion if latency or an outright WAN outage was an issue.

With experience gained and the growing number of devices in the branch, a distributed authentication model is required. The answer is to deploy a centrally managed solution, that includes distributed authentication services as well. In fact, it is no longer just about the authentication, it is about delivering enforceable policies regardless of where users are that help protect enterprise networks from unknown personal devices and poor user behavior.  Distributed policies allow for users to reach what they need when they need it.

ClearPass policy management includes Industry leading web-managed, active/active clustering that allows IT to create an environment that keeps authentications local to where users are. Configuration changes are performed on a "Publisher", which distributes the changes to "Subscribers". All authentication records are recorded locally to minimize WAN traffic.


For more information on ClearPass, please visit here.