^ System           ^ Cost               ^ Platform                                                                ^ Pros                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          ^ Cons                                                                                                                                                                                                                                                                                                                                                                                                            ^ Why to choose                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                 ^
| FreeRADIUS       | Free               | * Linux (and similar e.g. Mac OS)\\ * Packaged with most distributions  | * Integrates with a wide range of authentication backends, including AD, LDAP, Kerberos, and multiple flavours of SQL.\\ * Supports all EAP flavours commonly used for user authentication in govroam (EAP-PEAP, EAP-TLS, EAP-TTLS-PAP, EAP-TTLS-MSCHAPv2)\\ * Flexible configuration language for defining complex policies.\\ * Allows breakout into Perl or Python for exceptionally complex policies. Or integration with more escoteric data sources.\\ * Extensible via plugin modules.\\ * Supports RadSec natively.\\ * Fast and efficient - a pair of RADIUS servers is usually sufficient for govroam deployments.  | * Does not yet support DNS based Dynamic Discovery for RadSec (not yet relevant to govroam for ORPS deployments)\\ * Can be difficult to configure due to the number of options available, especially for novice system administrators                                                                                                                                                                          | * It's extreme flexibility and high performance means that FreeRADIUS is a good fit for most govroam sites, which is why it is the most deployed RADIUS servers within the eduroam federation.\\ * The upshot of it's popularity is that there are many technical guides already published which take some of the edge of the sharp learning curve.\\ * JISC can provide in-house consultancy.                                                                                                                                                                                                                                                |
| Microsoft NPS    | Free with Windows  | * Windows                                                               | * Windows GUI means no linux or scripting skills or experience needed\\ * Works well with AD\\ * Can be made to do the basics of the required job                                                                                                                                                                                                                                                                                                                                                                                                                                                                             | * Filtering of RADIUS attributes not properly supported, but over-write workround is satisfactory\\ * Doesn't support Status Server\\ * Doesn't support Operator-Name injection\\ * Doesn't support Chargeable User Identity\\ * GUI interface limits what you can configure\\ * Everything is policy-based, which makes configuration based on logic somewhat difficult\\ * Logging is minimal and inflexible  | * If you're primarily a Windows shop you may be comfortable with the familiar interface and feel confident in selecting a fully supported product whilst accepting NPS's limitations.                                                                                                                                                                                                                                                                                                                                                                                                                                                         |
| OSC RADIATOR     | From ~£1,000       | * Linux\\ * Windows                                                     | * Integrates with a wide range of authentication backends, including AD, LDAP, Kerberos, and multiple flavours of SQL.\\ * Supports all EAP flavours commonly used for user authentication in govroam (EAP-PEAP, EAP-TLS, EAP-TTLS-PAP, EAP-TTLS-MSCHAPv2).\\ * Flexible configuration language for defining complex policies.\\ * Supports RadSec natively.\\ * A pair of RADIUS servers is usually sufficient for govroam deployments.\\ * Fully supported product - a range of support options are available                                                                                                               | * Written in PERL so when your configuration get large and complex the server will get slower.                                                                                                                                                                                                                                                                                                                  | * Its extreme flexibility means that RADIATOR is a good fit for most govroam sites.\\ * The upshot of its popularity is that there are many technical guides already published which take some of the edge of the sharp learning curve and it is provided with a 'goodies' directory containing many recipes ready for use or to start off with.\\ * If you need a flexible RADIUS server, and have the in house expertise to configure it, RADIATOR is a good choice\\ * RADIATOR is written in PERL and can be run on Windows servers (with a prerequisite PERL interpreter installed) which would suit if you're primarily a Windows shop  |
| Cisco ACS/ISE    | From ~£1,000       | * Appliance                                                             |                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                               | * Doesn't support Status Server                                                                                                                                                                                                                                                                                                                                                                                 | * An obvious choice if site already makes heavy use of Cisco wireless.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        |
| Aruba Clearpass  | From ~£4,000       | * Appliance\\ * VM                                                      |                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                               |                                                                                                                                                                                                                                                                                                                                                                                                                 | * FreeRADIUS under the bonnet with a GUI front end\\ * An obvious choice if site already makes heavy use of Aruba wireless                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    |
| radsecproxy      | Free               | * Linux (and similar)\\ * Packaged with most distributions              | * Very small foot print.\\ * Simple, flat configuration.\\ * Good performance.\\ * Supports all the requirements for govroam (e.g. attribute filtering, Operator-Name).\\ * Support RADSEC and non-RADSEC connections.                                                                                                                                                                                                                                                                                                                                                                                                        | * Just a proxy - no ability to authenticate                                                                                                                                                                                                                                                                                                                                                                     | * If your platform cannot do good filtering or add attributes then if you use this at the border to talk to the NRPS you can leverage these abilities.\\ * Can be easily dropped in as a pure ORPS.                                                                                                                                                                                                                                                                                                                                                                                                                                           |