What is a cloud based DHCP server and how to set up your own?

What is a cloud based DHCP server and how to set up your own?

Do you really know all you need about the DHCP service?

This article will explain why shifting to a cloud-based DHCP server will help you answer your challenges and bring solutions concerning untrusted devices’ security. We will cover the benefits of adopting a cloud-based DHCP and provide a step-by-step guide set one up.

So let’s define what a DHCP server to start with is. A DHCP server is a Dynamic Host Configuration Protocol (DHCP) server is a network service that automatically assigns IP addresses and other network settings to devices on a network.

A cloud-based DHCP server is a DHCP server hosted in the cloud rather than being hosted on a local network. This server type can be helpful for organizations with a dispersed network or needing to scale their network quickly.

Let’s first understand what are the components of a DHCP server  

What is a DHCP Server?

The DHCP server is the go-to device for responding to IP address inquiries, allocating available addresses, and subsequently storing them during their lease periods. It also handles communication between client devices - a dedicated computer or part of the router.

What is a DHCP relay agent?

Network administrators can rely on a DHCP Relay agent when they require an intermediary to facilitate communication between clients and servers. This host or router forwards messages back and forth effortlessly, allowing the SD-WAN appliances’ DHCP Relay service to transmit requests and responses without interruption seamlessly.

What is a DHCP Client?

Every client device, from computers to mobiles and IoT devices, will require a DHCP client. This component is responsible for requesting an IP address and communicating with the server to ensure that it receives said address and all other pertinent data associated with this process to be successfully completed.

What is a DHCP scope? 

DHCP scope encompasses a range of IP addresses, which are then allocated by the DHCP server to its clients. Conventionally, the smallest number assigned is done first and continues until reaching the highest address in sequence.

What is a Subnet? 

Splitting a network into smaller subsections is referred to as subnetting. By doing this, you can easily manage different parts of the same network and create more efficient communication among its users.

What is a lease when it comes to the allocation of IP addresses? 

The assigned IP address lifetime specifies how long a client is allocated using that particular IP address before it expires.

What is a DHCP relay? 

As the communicator between the DHCP server and its client, the relay interprets messages and channels them to their appropriate destination.

DNS - What is a Domain Name Server? 

The Domain Name System (DNS) Server is a gateway that links website hostnames like example.com to their appropriate Internet Protocol or IP addresses. This server stores an index of public IPs and the associated domain names, allowing users to access websites quickly and efficiently.

What is an IP Sec tunnel? 

IPSec tunnels are revolutionary advancements in Internet security that enable users to securely connect across networks, encrypting packets of information as they travel from one IP address to another. Developed by the IETF and backed by effective standards, these protocols guarantee secure communication.

1- Why should you start considering shifting to cloud-based DHCP services?

A cloud-based DHCP server provides several benefits, including scalability, reliability, and cost savings

Cloudi-Fi cloud-based captive portal platform offers a range of tools secure and simplify internet access management for companies operating in multiple locations (shops, offices, manufacturers, buses…). Cloudi-Fi cloud-based captive portal solutions include a unique solution to bringing the DHCP server functionalities into the cloud. Cloudi-Fi is the gateway to a safe internet by providing the resource to authenticate untrusted devices and users and assign a unique IP address to each unique device. The platform also offers complete analytics reports and dashboards on the network, users, and locations connected.

A cloud-based DHCP service available to onboard unknown and, therefore, untrusted IoT devices allows the network administrators to configure and scale public / guests WiFi networks efficiently compared to location-based physical DHCP servers. 

Enabling DHCP service capabilities may increase the load on your network, as each device that connects will need to request an IP address from the DHCP server. Additionally, consider setting-up DHCP reservations to ensure that specific devices receive the same IP address. 

The Cloudi-Fi cloud-based DHCP management functionality already helps complex organizations manage the loads and generate a particular IP address for the required devices.

It is understood that the coming burgeoning of untrusted IoT devices will require a growing number of DHCP servers to maintain. Delivering a reliable cloud-based DHCP service will be key for modern organizations willing to secure their network against potential security attacks led by IoTs. Learn more about the rise of IoT in our series of blog posts here.

2- Main benefits of using a cloud-based DHCP service

  1. Scalability: A cloud-based DHCP server can scale quickly and easily to meet the changing needs of your organization.
  2. Reliability: A cloud-based DHCP server is highly reliable and hosted in a secure, redundant environment. 
  3. Cost savings: A cloud-based DHCP server can save you money compared to hosting a DHCP server on-premises, as you only pay for the resources you use.

Cloudi-Fi aims to assist its customers with these three cloud security pillars as the rise of IoT devices trying to connect to Wi-Fi networks will only increase in the months and years. Cloudi-Fi has been testing its DHCP cloud-based service with complex network infrastructure delivering great results and leading to the development of the Cloudi-Fi IoT security platform, now being released to selected customers only. 

3- How to set up a Cloud-based DHCP server?

A- Prerequisites

Before setting up your cloud-based DHCP server, it is essential to understand the basics of networking and have some experience with cloud computing and virtualization. Understanding DHCP and DNS and your specific cloud provider is also helpful.

DHCP Scopes

DHCP scopes are an essential part of setting up cloud DHCP servers. 

A DHCP scope is the IP address range within a network that is available for assignment to network devices. It is essential to understand that only the IP addresses in the defined DHCP scope can be used to assign IPs to clients on the network.

The subnet mask, gateway address, and DHCP lease time can also be specified within the scope. Configuring additional settings, such as DNS servers and default option values within the scope is also possible.

Configuring scopes and correctly setting up DHCP scope options is crucial to ensure clients can connect and remain connected to the network with minimal disruption. Proper planning and configuration of DHCP scopes should be considered when setting up any local or remote network infrastructure.

B- Step-by-step guide for setting up a Cloud-Based DHCP server

  1. Choose your cloud provider.
  2. Create a virtual machine(s) (VMs) in the cloud to host your DHCP server.
  3. Install an operating system on your VM
  4. Install DHCP server software on your VM
  5. Connect your location to the DHCP VMs through IPsec Tunnel or any private Network - This may require specific firewall configurations.
  6. Set up external monitoring.
  7. Provision your locations resources (IP subnets and DHCP parameters) 
  8. Test the end-to-end service and your DHCP server

Cloudi-Fi avoids the need to go through all these complex steps and simplifies the process by only requiring the user to provision its locations and a user-friendly admin panel, making it very easy to set up your cloud-based DHCP server.

You will only need to provision your locations on the Cloudi-Fi administration panel, as detailed in the screenshot below: 

C- Setting up Cloudi-Fi DHCP Server for Guests, BYOD and IoT

Dynamic Host Configuration Protocol (DHCP) is particularly useful for unmanaged guests. Untrusted guest devices require internet access. Our cloud-based DHCP will assign them the required IP address centrally, enabling the global organization to regain control of local site administration while consuming fewer network resources and reducing local hardware maintenance and potential failure. 

Before collecting information about your existing DHCP service, it is essential to correctly configure Cloudi-Fi’s unique cloud-based DHCP service. 

This includes the following steps:

  • The IP address range
  • The gateway address
  • DNS server addresses
  • And other settings related to the existing DHCP service. 

Write down all this information before proceeding with the next steps. 

Configure DHCP on the Network and Location

Once you have all the necessary information about your existing network, it’s time to start setting up Cloudi-Fi’s DHCP service for guests.

To do this, log into the admin portal and select “Network” and “Location” from the dropdown menu. 

Activate cloud DHCP module from Cloudi-Fi administration panel - Cloud-based DHCP server management

Wi-Fi location management from Cloudi-Fi administration panel - Cloud-based DHCP server management

Enter all of the parameters for your existing network and save the settings.
  • Parameters
  • Settings
  • Tunnel

Client IP: List of IPs with which to create a tunnel to the DHCP server

  • Subnet

Subnet: IP range to use for new Guest

Relay: IP of the DHCP relay routing DHCP traffic to the actual DHCP server (default gateway)

  • DHCP Leases Management

DHCP Leases Duration: lease for unauthenticated used

Extended Lease: lease duration for users already authenticated

  • Pool

Start address: first IP that can be used in the subnet

End address: last IP that can be used in the subnet

  • Options (information to share in the DHCP response)

Option: Gateway: Default gateway the Guest user need to use

Option DNS: DNS the Guest user needs to use

D- Build the IPSEC VPN Tunnel between your location and the Cloud DHCP

  • Local router or Firewall connected to the DHCP Client should act as a DHCP Relay Agent so that it can forward DHCP requests from the client to the Cloudi-Fi’s DHCP server across an IPsec tunnel.

Cloudi-Fi DHCP server overview - IPsec tunnel management between user - local firewall and Cloudi-Fi DHCP server

Recommended settings for the IPSec tunnel can be accessed here.

Once you have saved all of these settings, it’s time to confirm whether or not they were applied correctly. 

You can do this by connecting a device to your network and then checking whether or not it was assigned an IP address from within the range specified in your configuration settings. If so, everything was set up correctly, and you are ready to activate Cloudi-Fi’s DHCP service for guests on your network.

What are the next steps?

Once you have set up a cloud-based DHCP server, there are several next steps you may want to consider:

1- Monitor and optimize your DHCP server

Monitoring your DHCP server to ensure it functions correctly and efficiently is important. You may want to use tools like Cloudi-Fi’s network analytics to monitor your network usage and identify potential issues.

2- Configure DHCP reservations

Consider setting up DHCP reservations for specific devices on your network, such as servers or printers. This will ensure that these devices always receive the same IP address, which can help maintain network stability and consistency.

3- Set up DHCP options

DHCP options allow you to specify additional settings provided to devices when they request an IP address from the DHCP server. Some examples of DHCP options include DNS server addresses, domain name search lists, and default gateway addresses.

The massive shift to the all-cloud application is becoming crucial to building a secure gateway between the infrastructure where users’ devices and IoT sit in the cloud.

Cloudi-Fi cloud-based DHCP is the secure gateway for any unmanaged resources/devices connecting to the network.

Cloud-based DHCP service will help modern organizations implement ZTNA frameworks to onboard massive untrusted IoT devices to their network, massively reducing manual administration.

Related articles
Rethink Network Access Control (NAC) in the era of IoT
How to secure the enterprise network in the era of IoT?
Top 3 cloud security challenges in cloud computing
All articles