What are RAS and IAS Servers?

By Stephen Byron Cooper

A remote access server guards the entrance to a private network where it connects to either a phone line or the Internet. The RAS refers to an authentication server that checks whether external users are authorized to access the network. The Internet Authentication Service is a type of authorization server; it forms part of Windows Server 2000 and Windows Server 2003.

Remote Access Servers

The RAS is the contact point between the remote user and the network. The remote user may be connecting to the network through a virtual private network. VPNs offer the same level of privacy available over a private network to data travelling over a common medium, like the Internet. It does this by a strong form of data encryption called “encapsulation.” When a VPN is in operation, it is the responsibility of the RAS to strip away the encapsulation by a process called “decapsulation.”

Internet Authentication Service

The Internet Authentication Service is a proprietary network server belonging to Microsoft. The IAS is a side server, not directly in the path of any connection. It only communicates with the RAS. When a client computer requests a connection to the network, the RAS has to check that computer's credentials. Those details are held on the IAS server. The RAS contacts the IAS server with the user name of the applying user to get authentication details.

RADIUS

IAS servers follow the Remote Authentication Dial-In User Service, or RADIUS, protocol. It specifies the three responsibilities of a RADIUS server as AAA: authentication, authorization and accounting. Following the RADIUS protocol, the IAS server keeps track of connection times and can limit users access to certain facilities of the network according to different levels of subscription. RADIUS servers, like IAS, only apply to dial-up connections.

Future

“Remote access server” is a generic term for servers required by networks. IAS, however is a specific product from Microsoft. The company discontinued IAS and replaced it with Network Policy Server, which is part of Windows Server 2008. RADIUS servers became defunct when DSL broadband connections were introduced. These services are on all the time and do not require AAA. However, a new method of connecting broadband, called Point to Point over Ethernet, or PPPoE, once again requires users to dial in to the network, and so RADIUS servers have been revived, though not IAS servers.