By Zach DeMeyer Posted January 1, 2019
As a new generation of IT management tools emerges, it can be valuable to step in the old Wayback machine to understand and appreciate history. In particular, there has been a generation of Microsoft® tools that set the foundation for a number of IT markets. In this blog, we’ll focus on the identity and access management (IAM) space and start with a history lesson on one of the most important identity management solutions of the PC generation—Microsoft Active Directory®. Welcome to Active Directory 101.
Microsoft released Active Directory (AD) in 1999, but likely had been working on the product for a number of years before then. After all, one of the main protocols AD was based upon, LDAP, had already been around for several years at that point. The move to build an identity provider was a brilliant one on Microsoft’s part. They already owned the operating system and productivity space with solutions such as Windows®, Office, and Exchange.
Active Directory would be the tie that bound all of these solutions together in an organization. A user could login to their Windows machine and be immediately given access to anything on the on-prem network including servers, applications, files, and, of course, the network itself.
Microsoft relied on two identity management protocols to help make this happen: LDAP and Kerberos. To make the solution even more successful, they included it with Windows Server, so as long as you had purchased Windows Server and the appropriate client access licenses, AD was effectively “free”.
Active Directory was a huge hit, and likely Microsoft’s largest market share product. Over the years, Microsoft would complement AD with other solutions such as SCCM (previously known as SMS) and automation frameworks like PowerShell. All of this would further embed AD into the enterprise. At the turn of the century into the early 2000s, Microsoft was the king of the IAM market, and AD, its bold knight and domain controller.
A Storm Rises
While things were going well for Microsoft and Active Directory during this time, the IT world started to undergo some high impact changes. Foremost of these changes was the creation and adoption of the cloud. The cloud enabled vendors to deliver a whole new section of software solutions, called Software-as-a-Service (SaaS). These new offerings completely revolutionized the IT space.
Challenges to Active Directory started to appear as the world explored new cloud infrastructure and web application options. An influx of non-Windows devices (Mac® and Linux®) hit the workplace as well, providing more versatility in choice for employees. All of these non-Windows based and on-prem solutions started to create hurdles for IT admins with Active Directory.
Due to the fact that AD was so entrenched on-prem, it required something more to bridge the gap between it and the cloud. After all, cloud servers at AWS®, web applications such as Salesforce®, Slack, GitHub, and macOS® and Linux systems were gaining popularity at an untenable rate. A whole ecosystem of add-on solutions cropped up in response to help solve the problems of connecting AD to the cloud. Some of these included web-app single sign-on (SSO) solutions, MFA enablement tools, and governance solutions. Over time though, the weight of all of these pieces of infrastructure led IT organizations to consider alternatives to Active Directory.
IT solutions were moving to the cloud at a rapid rate, yet despite this, the directory had not. Ideally, the thought was if a cloud directory service existed that was cross-platform and delivered as a SaaS-based service, it could meet the pace of the growing cloud space. Unfortunately, such a solution did not exist—until now.
Active Directory from the Cloud?
A next generation Active Directory-like platform has emerged, moving the domain controller and identity provider into the cloud. This serverless cloud IAM platform takes the best of AD, including cross-platform GPO-like capabilities, and combines it with LDAP/SAML-based SSO for apps regardless of location, RADIUS-as-a-Service for configurable network management, and more. This cloud-based, third-party AD alternative is called JumpCloud® Directory-as-a-Service®.
If this Active Directory 101 didn’t quite slake your thirst for IAM knowledge, you can contact us with questions/comments. To learn more about Directory-as-a-Service, check out our blog or YouTube channel. You can also try the DaaS product completely free, with ten users included to get you started.