Microsoft enhanced its technology that offers single sign-on capability and presented it with little fanfare when Windows Server 2003 started shipping in late April.
Internet Authentication Service (IAS) centrally authenticates and accounts for the remote access infrastructure of an enterprise. When a user reaches the edge of a network and electronically asks for access, the network takes the credential and passes it along to IAS, which then enforces policies that are written within Active Directory, said Ali Jaleel, technical product manager in Microsoft's Windows Server product group.
IAS began shipping several years ago, with the release of Windows 2000, as a service that customers could use or choose to ignore. The technology is Microsoft's implementation of a Remote Authentication Dial-in User Service (RADIUS) server and part of Microsoft's Remote Routing and Access Server implementation of the server operating system.
IAS is important for several reasons, said Dan Blum, senior vice president and research director at the Burton Group, a Midvale, Utah, consulting firm. For one thing, it enables dial-up and virtual private network (VPN) access. It works with or without Active Directory, but if it's used with Active Directory, it enables centralized policy-based administration and user administration.
Aside from better integration with Active Directory, the latest version of IAS includes several new features. There is a failover capability, so if one server goes off line for some reason it can shift to another. There is also improved XML SQL logging that logs all the authentication data to a SQL database.
"Administrators can see who is logged in and with what credentials, whereas before there was no record," Jaleel said.
There are improved load balancing capabilities and the addition of the RADIUS proxy, a routing enhancement that gives an administrator more flexibility in terms of where they locate the authentication server.
IAS is not so necessary in small-sized networks, because even though users may come into the network in several ways, it's still possible to manage the authentication, Jaleel said. On an enterprise network, however, it's more convenient to have a central method of applying rules for network access.
RADIUS is a standard for authentication that is used in network equipment, said Andy Evans, a security expert at Ecora Corp., a Portsmouth, N.H., security software company. Historically, it was used by ISPs to log in users and within firewalls for authentication. Microsoft has taken Active Directory and made it the database for the RADIUS server, which can be handy if you are using a lot of Microsoft software in your enterprise.
Users can also buy VPN gateway products from networking vendors such as Cisco Systems Inc., Nortel Networks Ltd. and Cambridge, Mass.-based Funk Software Inc.
FOR MORE INFORMATION:
Featured Topic: A new identity for AD?