Wednesday, June 12, 2024

Radiator as a CISCO CPAR replacement

Recently we have received a lot of queries on whether Radiator AAA would be a good solution for replacing Cisco CPAR (Cisco Prime Access Registrar). As it is known, Cisco CPAR has a released end of support date in October 2024, after which it will not receive software maintenance updates. Therefore many operators are looking to replace their existing CPAR setups with alternative established robust AAA solutions. If you are among these companies, Radiator AAA is the solution for you.

Why choose Radiator AAA as a Cisco CPAR replacement?


Known for its reliability and flexibility, Radiator AAA has been in the market for decades. Radiator is an actively developed and supported AAA server with RADIUS and TACACS+ functionalities. With modules focused on carriers, Radiator AAA can also be complemented with Diameter functionalities, SIM-based authentication with IMSI Privacy and other mobile network functionalities.

At the same time, Radiator AAA Server offers support for both Linux and Windows installations - and Radiator AAA has multi-vendor support and can be installed flexibly on different platforms on physical or virtual machines. Radiator has extensive support for different databases and authentication backends (SQL-based, LDAP, AD etc.) as well as support for MFA solutions with TOTP capable authenticators and tokens (Google and MS authenticator, Yubikey, DIGIPASS etc.)

The Radiator technical team consists of experts with vast experience in migration from other AAA solutions. We offer migration support and configuration assistance so you do not need to worry about meeting project schedules before the end of support for CPAR - we have already done these kinds of transitions. Radiator can integrate with existing databases and in most cases no changes to schema are needed.

With Radiator, you can compile your AAA use cases under one product: RADIUS, Diameter, TACACS+, SIGTRAN, you name it, we have it!

Want to know more?

For any questions or other inquiries about Radiator as Cisco CPAR replacement, please contact We always provide also simple, transparent and cost-effective licensing models, so there will be no surprises in the cost of ownership during the whole time your company is using Radiator.

Wednesday, May 22, 2024

Meet Radiator team at WGC Americas in Dallas!

Meet Radiator at WGC Dallas

We are delighted to announce that Radiator Software will be attending the top connectivity event of the summer: WGC Americas in Dallas on 10 – 13 June 2024. We are looking forward to meeting our current and prospective partners and customers in Texas.

Wireless Global Congress Americas

WGC is hosted by the Wireless Broadband Alliance and gathers together Wi-Fi industry leaders and experts from all around the world. As usual, the event is divided into two parts: WBA Members-Only Sessions and plugfest on 10 and 11 June hosted by AT&T, and WGC Americas Open Congress on 12 and 13 June held in Dallas Marriott Downtown.

Meet with Radiator team

We extend an invitation to all WGC Americas attendees to meet with Radiator managing director Karri Huhtanen, who is part of our conference delegation. You can find the Radiator team at the WBA Members-Only Sessions and in the Open Congress throughout the event.

To schedule a meeting or simply ask a question, please leave a message and we will get back to you. See you in Texas!

Monday, May 20, 2024

Radiator Simple WiFi Authentication – Introduction to Radiator Cloud

We are pleased to announce an expansion to the Radiator product offering – Radiator Cloud for Azure. We have ever so often been approached by companies and organisations that require a fast to set up, easy to use hosted WiFi authentication solution.

Often the trouble with Software-as-a-Service type WiFi solutions is the concern for privacy, who has access to customer data and how it is handled. To address the demand for a hosted solution with complete privacy to customer data, we’ve developed an Azure-native cloud solution – Radiator Cloud for Azure

Radiator Cloud for Azure is a managed application that is deployed, hosted, operated and monitored all in Azure. User data and logs stay within your Azure tenant with no external access. User and NAS client provisioning is done with enhanced Azure UI and the solution can be monitored with premade Azure Monitoring queries.

Radiator Simple WiFi authentication, powered by Radiator Cloud

The first application that is now live in Azure Marketplace is Radiator Simple WiFi authentication. It is a simple username-password authentication solution that allows organisations to take control of their wireless network with minimum requirements. The only prerequisites to deploying the solution are an active Azure subscription and access to one’s network device configuration.

Deployment is done within minutes from the Azure Marketplace. A user with at least Contributor permissions for their tenant can deploy the application. Provisioning and monitoring is made straightforward with Azure UI and billing is done together with the organisation's other Azure applications.

Radiator Simple WiFi authentication – Easy, Fast and Affordable

The main customer groups that benefit from the application are organisations who do not yet have any WiFi authentication solution in use, as well as organisations with multiple locations who want to centralise their WiFi authentication operations. Radiator Simple WiFi authentication provides an easy way for centralised user and device management with minimum prerequisites.

Radiator Simple WiFi authentication is easy, fast and affordable. The simple structure of the application, backed with comprehensive deployment guide and user manual, make the application easy to deploy and operate. Deployment process is automated and does not need any vendor approval. Provisioning is very straightforward. In a typical deployment, you have a working system within the same day.

The costs of the application consists of two parts: fixed monthly software cost and Azure running costs for hosting the application. All costs are transparent and easy to estimate. You are only billed by Azure, along with your other Azure applications.

The future of Radiator Cloud

While Radiator Simple WiFi authentication is already available for purchase in Azure Marketplace, we are also actively looking to expand the Radiator Cloud product family both horizontally with other use cases and vertically to other platforms.

Our two big roadmap items for Radiator Cloud are enterprise-grade WiFi authentication application and an application for WiFi authentication utilising Microsoft Entra IDs. Both of these address a direct need not only from new but also existing customers who are looking to move from their existing Active Directory on to Azure.

While these development news are all about Radiator Cloud, this is by no means a sign that we would have shifted focus from our on-site products. Radiator is committed to active development and latest standards and these efforts are made to make Radiator products more accessible to all organisations across different platforms and deployment models.

Want to know more?

If you have any questions about Radiator Simple WiFi Authentication or Radiator Cloud roadmap items, please do not hesitate to contact us at sales(a)

Thursday, May 2, 2024

WiFi offloading vs VoWiFi

In recent years we have encountered a lot of customers wanting to utilize their networks more efficiently, and provide premium service for their subscribers. WiFi offloading and VoWiFi are popular ways to to extend the mobile operator’s network coverage into wifi, free bandwidth from congested cellular networks and improve user experience with better connectivity. The technologies share many similarities and both use a 3GPP AAA server for SIM based authentication.

WiFi offloading offers some flexibility in the supported authentication backends and the SIM authentication can be done through various HSS and HLR interfaces depending on what the mobile operator has available. This is especially important in roaming scenarios where the WiFi provider has agreements with multiple MNOs to offload their subscribers.

WiFi calling is more strictly standardised to support high QoS for the voice call, and also the handover between VoWiFi and VoLTE. This allows users to move outside the range of the WiFi hotspot and seamlessly continue the call over VoLTE, and vice versa.

Let’s take a look at the key differences between the two related technologies:

Comparison WiFi offloading VoWiFi
Purpose Ease network congestion, Network CAPEX savings, Roaming cost savings, Secure authentication to private wireless networks: carrier, industrial, in-flight, underground, IoT Ease network congestion, Indoor coverage extension, Combat OTT apps, Roaming cost savings
Relationship between MNO and access network provider Agreement required between MNO and wifi provider No relationship between MNO and wifi provider
Access network Carrier or partner wifi Any public or private wifi
Traffic Data only Voice and video calls
SIM authentication protocol EAP-SIM, EAP-AKA, or EAP-AKA’ EAP-AKA
Supported HSS interfaces SWx, Wx, Cx, S6a SWx required
Supported HLR interfaces MAP, SIGTRAN Not supported
ePDG Not applicable ePDG mandatory
Security WPA Enterprise IPSec tunnel between UE and ePDG
IMSI Privacy Yes, supported by Radiator Yes, supported by Radiator

What is different?

The main difference between WiFi offloading and VoWiFi is the relationship between the mobile operator and the wifi provider: operator controlled data offloading always requires a prior agreement between the MNO and the WISP. WiFi offloading is often done in high traffic areas such as airports, sports stadiums and concert venues, since offloading users to WiFi is cheaper than adding microcells to boost the mobile signal. MNOs can invest in carrier wifi hotspots themselves, or make offloading agreements with wireless ISPs.

VoWiFi requires the mobile device to be connected to a wifi before attempting a VoWiFi call, but any type of wifi can be used for WiFi calling, including consumer home wifi. Therefore no relationship between the mobile operator and WiFi provider is required. However VoWiFi has specific technical requirements for the MNO: a HSS with SWx interface and ePDG are required.

Private network authentication

WiFi offloading technology is also applicable to private network offerings, such as industrial and IoT networks. SIM authentication provides a secure method to authenticate users into a private network using their SIM credentials and eliminates the human element of reusing and sharing passwords. In high security deployments the SIM authentication can be further combined with device IMEI check, to make sure that only authorised users and devices are able to access the private wifi network. VoWiFi is also possible in private networks, and can enable voice calls in challenging environments such as underground.

Interested in WiFi offloading or VoWiFi?

Radiator SIM Pack provides a fully featured 3GPP AAA server solution, with superb flexibility to connect with your environment. Please contact the Radiator team at sales (at) to get a quote.

Thursday, March 14, 2024

Meet Radiator team in Brisbane at IETF119

Radiator IETF 119

Radiator team continues the active engagement with RADIUS working groups at IETF and will be attending IETF 119 meeting in person at the Brisbane Convention and Exhibition Center 16 - 22 March 2024.

Staying at the forefront of industry developments is a top priority for Radiator development. As always, we are looking forward to working on RADIUS drafts and standards and implementing them in Radiator.

IETF RADIUS working groups

You can find the Radiator team at these sessions - click the links for the respective meeting materials and agendas.

  • RADIUS EXTensions (radextra)
  • EAP Method Update (emu)
  • MAC Address Device Identification for Network and Application Services (madinas)
  • Radext working group will be discussing reverse CoA and deprecating insecure practices in RADIUS. EMU group has Forward Secrecy for EAP-AKA on the agenda, and madinas group is addressing the current status of MAC randomisation. We also welcome Wireless Broadband Alliance presenting a document describing OpenRoaming protocols - for Radiator, we have released the Radiator OpenRoaming configuration guide on Github.

    For other IETF sessions, please see full meeting agenda here:

    Meet the team

    The point of contact is Radiator developer Heikki Vatiainen, whom you can find at the RADIUS working group sessions and around the venue. If you’re in Brisbane, come find us and say hi! Everyone else interested in Radiator development, please drop us an email!

    Friday, January 19, 2024

    Meet Radiator Software at Mobile World Congress 2024

    Like everyone else in the telecom industry, we’re busy preparing for the world’s largest connectivity event of the year: Mobile World Congress held at Fira Gran Via in Barcelona on 26th – 29th February 2024. We’re looking to catch up with old and new partners and customers in Barcelona!

    For MWC24, Radiator Software is showcasing Radiator solutions, which deliver a superb combo of flexibility, interoperability and performance to complex operator AAA deployments. We invite you to engage with our team of network authentication experts to discuss all things AAA: FTTH authentication, WiFi roaming, VoWiFi, IMSI Privacy, OpenRoaming, and more.

    Book a meeting here: Google Form

    Monday, January 8, 2024

    Radiator SIM Pack 2.9 released

    Recently, we have met increased demand for SIM authentication in different use cases and services. Radiator development is driven by the actual customer cases and we are now pleased to announce the release of Radiator SIM Pack version 2.9!

    Here are selected highlights from the new release:

    Cx support for EAP-SIM, EAP-AKA and EAP-AKA’ authentication

    Diameter Cx interface provides an alternative way of fetching the SIM authentication vectors when the standard SWx interface is not available from the MNO. Cx is an HSS interface that is typically used to authenticate users from the IMS side of the network, but Radiator can now also use it for SIM based Wi-Fi authentication.

    SIGTRAN location update features

    Support for MAP UpdateLocation, MAP UpdateGprsLocation and MAP CancelLocation have been implemented in SIGTRAN. Location update features make it possible to resolve the user MSISDN (i.e. mobile number) and use IMSI related profile for authorisation. As a result, different authorisation rules can be enforced based on the MSISDN, or mobile numbers can be included in logging, accounting and other customer specific requirements.

    Improved temporary identity generation

    Temporary Mobile Subscriber Identity or TMSI is a pseudonym for the subscriber’s actual identity, IMSI. Plain or encrypted IMSI is always used for the initial SIM authentication, but a temporary identity can be generated for the subsequent requests to make re-authentication faster and increase security. Radiator TMSI implementation has now been updated per recent 3GPP specification: the improved implementation no longer requires a SQL session database further enhancing the speed of re-authentication. Historical data is also retained better.

    For a full list of new features and changes, please see Radiator SIM Pack revision history.

    Trends in operator AAA cases

    In our recent projects with customers ranging from small private operators to major tier 1 carriers, we have seen these significant trends:

    • Demand for Wifi offloading and VoWiFi remains high for various reasons: coverage and capacity expansion, ease of congestion in high density areas, and cost saving, especially for saving international roaming costs.
    • Non-fixed backhaul connectivity cases (in-flight, train, maritime) cases are emerging.
    • New private LTE/5G operators need SIM authentication to add Wi-Fi networks to their offerings. Radiator is an integral part in different MVNE solutions in connecting the MVNO and MNO network elements.

    In addition, security requirements have increased. Demand for IMSI Privacy is driven by Android and iOS, and support for IMSI encryption is now a must for new offloading projects. RadSec is required for various roaming scenarios, including OpenRoaming. Both are supported by the Radiator SIM Pack - with a long track record of field proven production implementations.

    Would you like to know more?

    Radiator pre-sales team includes experienced engineers who can provide expertise for advanced Diameter and roaming use cases, including non-standard and custom cases.

    In addition to top tier technical support, we also provide a flexible licensing model to match your business case. Whether you have your own subscribers, IoT devices or roaming guests, you can grow your license at the same pace where your business grows - you can just buy add-on licensing as you are onboarding more SIM authentication or VoWiFi end users, for example.

    We always know that every customer case is different - so please do not hesitate to contact us at