Deploy the local RADIUS server container using Docker Desktop on Windows

In this topic, you will learn how to deploy the Portnox™ Cloud local RADIUS server container using Docker Desktop on a local Windows machine (physical or virtual).

Read the following important information before you begin:

  • We assume that the Windows machine is already installed, configured, updated, and connected to the local network. This guide includes only the installation and configuration of Docker Desktop and the Portnox Cloud local RADIUS server container.

  • You cannot place NAS devices behind a NAT because the local RADIUS server uses the source IP address of the connection, and with a NAT in place, that address would be the same for several NAS devices.

  • We recommend running Portnox Docker containers using Linux for performance reasons. Portnox Docker images are built for Linux so in Windows, they have to be run using virtualization. If you run Docker Windows in a virtual machine, you will need nested virtualization, which can affect performance.

Note:
This procedure has been tested on Windows 10 Enterprise running in a Hyper-V virtual machine. It applies either unmodified or with little modifications to all other Windows versions that are still supported by Microsoft and Docker, as long as they support Hyper-V or WSL, which is required by Docker Desktop.

Install Docker Desktop

In this section, you will learn how to follow Docker documentation to install Docker Desktop on the Windows machine.

Skip this section if Docker Desktop is already installed.

  1. Optional: If you want to run Docker Desktop in a virtual machine, enable nested virtualization in your hypervisor on the host machine.

    This step depends on the hypervisor that you are using. Below are some examples for popular hypervisors. Consult the documentation of your hypervisor for more information.

    • Hyper-V: Execute the following command in PowerShell with administrative privileges:

      Set-VMProcessor -VMName "vm_name" -ExposeVirtualizationExtensions $true

      where vm_name is the name of your virtual machine.

    • VirtualBox: Go to your virtual machine > Settings > System > Processor and turn on the Enable Nested VT-x/AMD-V option.

    • VMware Workstation: Go to your virtual machine > Edit virtual machine settings > Processors and turn on the Virtualize Intel VT-x/EPT or AMD-V/RVI option.

  2. Enable the Windows Subsystem for Linux (WSL) and install Ubuntu:
    Note:
    For detailed instructions on how to enable WSL and install Ubuntu, see official Microsoft documentation.
    Note:
    You can run Docker Desktop with WSL or Hyper-V. WSL is recommended for performance reasons. If you need to run Docker Desktop with Hyper-V instead, refer to the official Docker and Microsoft documentation.
    1. Open Windows PowerShell with administrative privileges.
    2. Run the following command to enable WSL and install Ubuntu: 
      wsl --install

    Result: WSL with Ubuntu is ready and you can proceed with Docker installation.

  3. Install Docker Desktop:
    Note:
    For detailed instructions on how to install Docker Desktop, see official Docker Desktop documentation.
    1. Download the Docker Desktop installer from the official website.

      The links to download the latest versions of Docker Desktop for Windows are available in the official Docker Desktop documentation.

    2. Run the downloaded installer file and in the installer window, when prompted, activate the Use WSL 2 instead of Hyper-V checkbox.

    3. Restart Windows when prompted.
  4. Run Docker Desktop from the Start menu or the desktop icon.

  5. Optional: Test Docker in the Windows command line:
    1. Open the Windows command line (cmd).
    2. Run the following command: 
      docker run hello-world

      Result: If you see the following output, it means your installation was successful and Docker is ready:

Run the Portnox Cloud local RADIUS container

In this section, you will deploy the local RADIUS server Docker container locally to the Windows machine.

  1. Open a command prompt with administrative privileges and run the portnox/portnox-radius Docker container. 
    docker run -d -p 1812:1812/udp -p 1813:1813/udp ^
  --name portnox-radius --restart=always ^
  -v portnox-radius-data:/data ^
  -e RADIUS_GATEWAY_PROFILE=copied_RADIUS_GATEWAY_PROFILE ^
  -e RADIUS_GATEWAY_ORG_ID=copied_RADIUS_GATEWAY_ORG_ID ^
  -e RADIUS_GATEWAY_TOKEN=copied_RADIUS_GATEWAY_TOKEN ^
  portnox/portnox-radius:latest

    where copied_RADIUS_GATEWAY_PROFILE, copied_RADIUS_GATEWAY_ORG_ID, and copied_RADIUS_GATEWAY_TOKEN are the values of the three environment variables that you saved earlier. You can also copy them now directly from Portnox Cloud: Settings > Services > LOCAL RADIUS SERVICE > Local RADIUS images > your RADIUS instance.

    Note:
    The -v option creates and mounts a Docker volume that preserves the local RADIUS server data in case the container stops running, for example, if the machine is restarted or crashes. Without this option, local RADIUS cached data would be lost if the container stops running. To learn more about Docker volumes and an alternative, bind mounts, see Docker documentation.
  2. Optional: View the logs for the portnox/portnox-radius Docker container. 
    docker logs portnox-radius -f
  3. Optional: Check if your NAS is configured correctly and if the RADIUS packets are reaching your Docker container. 
    docker exec -it portnox-radius sh
/ #apk add tcpdump
/ #tcpdump -i eth0 -v port 1812

Result: Your local RADIUS server is active.

You can check its status in Portnox Cloud, in the Settings > Services > LOCAL RADIUS SERVICE > Local RADIUS instance section.

Automatically update the existing local container

In this section, you will learn how to automatically update your Docker container to the latest version by deploying another Docker container: portnox-autoupdate.

Important:
You cannot manually update a running Docker container. To update it, you must remove the existing container, pull the latest version of the container image, and then deploy a new container from that image. The portnox-autoupdate Docker container automates this complex process. It automatically updates all other Portnox Docker containers to their latest versions as soon as they are available. If you already deployed the portnox-autoupdate Docker container to automatically update another Portnox Docker container, you do not need to deploy it again.
  1. Find the organization ID:
    1. In Portnox Cloud, go to Settings > Services > General Settings > Self Onboarding.
    2. In the Self Onboarding section, see the URL that is displayed.
      Note:
      If self-onboarding is not activated, click on the Edit link and temporarily turn it on to see the URL.

      The organization ID is the last part of the URL, after the last / symbol.

      For example, if the URL is https://user-registration.portnox.com/b2973887-1274-45c4-91d0-4a342a861c76, then the organization ID is b2973887-1274-45c4-91d0-4a342a861c76.

  2. Get an API token from Portnox Cloud:
    1. In Portnox Cloud, go to Settings > Profile Settings > Cloud API tokens
    2. Click on the Generate token link.
    3. In the GENERATE A NEW TOKEN window, enter the name for the token that describes its purpose and click on the Generate token button.
    4. Click on the  ⧉  button to copy the code and store it in a safe place.

      Important:
      You will not be able to access this code again after closing this window.
  3. Deploy the portnox-autoupdate Docker container: 
    docker run --restart=always -d --name portnox-autoupdate ^
  -v /var/run/docker.sock:/var/run/docker.sock ^
  -v portnox-autoupdate-logs:/app/logs ^
  -e AUTO_UPDATE_ORG_ID=your_organization_ID ^
  -e AUTO_UPDATE_PORTNOX_API_TOKEN=your_API_access_token ^
  portnox/portnox-autoupdate:latest

    For example:

    docker run --restart=always -d --name portnox-autoupdate ^
  -v /var/run/docker.sock:/var/run/docker.sock ^
  -v portnox-autoupdate-logs:/app/logs ^
  -e AUTO_UPDATE_ORG_ID=b2973887-1274-45c4-91d0-4a342a861c76 ^
  -e AUTO_UPDATE_PORTNOX_API_TOKEN=zZD0XR18UmNc8gG1TRt9ZyMhHnl ^
  portnox/portnox-autoupdate:latest

Remove an existing local RADIUS container

In this section, you will learn how to manually remove an existing local RADIUS container.

Important:
If you do not want to run the portnox-autoupdate container to automatically update all other Portnox Docker containers, you have to manually remove the existing local RADIUS container as described here, and then deploy it from scratch, as described above.
  1. Get the container ID. You will need this ID to delete the container. 
    docker ps | findstr radius

    Result: The first hexadecimal characters will represent the container ID, which you will need for next steps.

    For example:

    445f02908491   portnox/portnox-radius:1.1.211   (...)
  2. Stop the running container. 
    docker stop container_id

    For example:

    docker stop 445f02908491
  3. Delete the container. 
    docker rm container_id

    For example:

    docker rm 445f02908491
  4. Get the image ID. You will need this ID to delete the old image. 
    docker images | findstr radius

    Result: The hexadecimal characters in the third column represent the image ID, which you will need for next steps.

    For example:

    portnox/portnox-radius    1.1.211    cf8ade0f37e5   (...)
  5. Delete the image. 
    docker rmi image_id

    For example:

    docker rmi cf8ade0f37e5