By Zach DeMeyer Posted December 23, 2019
Microsoft® Active Directory® (AD) has long been the go-to identity and access management (IAM) tool for sysadmins. In today’s IT landscape, however, AD doesn’t seem to be as well suited as it once was. Cloud-forward sysadmins are exploring their options and trying to find the best way to make Active Directory work for them, or even finding something new altogether.
The Developing Struggles of Active Directory
Looking at Active Directory’s history, it’s plain to see how it cornered its place as the dominant force in the directory services marketplace. Microsoft already had a tight hold on the early enterprise system and applications markets with their Windows® operating system. Capitalizing on this advantage, Microsoft introduced AD as a way to manage user identities and their access to the host of Microsoft products that already populated the workplace.
For a long while, Active Directory was the exact solution IT admins needed. It soon became a monolith within the identity and access management space: massive, uniform, and unchanging. Like a title-winning sumo wrestler, AD planted its feet firmly into the IT environment — seemingly immovable.
Over the past few decades, the enterprise IT market experienced several major innovations that have changed everything. For starters, the monopoly that Microsoft held on the system market waned following the rise of Mac® and Linux® systems into the scene. The cloud also revolutionized the industry, paving the way for the introduction of the “as-a-Service” boom.
These new breakthroughs meant leaps and bounds in freedom of choice and productivity, but they came with a catch. IT had little to no identity/access control over these resources. While Active Directory excelled at managing the on-prem, Windows domain, it was less adept at managing resources that lived outside of the domain.
Although some admins refused to let non-Windows and cloud-based technologies enter their environment, cloud-forward sysadmins began adopting these innovative non-Windows and cloud technologies into their fold. Of course, while their organizations as a whole could feel the benefits these innovations brought, the admins themselves were stuck with the job of securely managing all of these IT resources and bringing it under the umbrella of a unified IAM strategy.
Active Directory needed to become stronger to manage these resources outside of its core domain. Before Microsoft could make changes to AD, however, a host of vendors capitalized on the opportunity, introducing many add-on solutions into the market. These add-ons filled in the gaps in AD left by the modern IT landscape, most often typified by web application single sign-on (SSO) and non-Windows identity bridging tools.
While these tools helped sysadmins cover their modern IAM needs, they came at a cost—quite literally. The burgeoning list of add-ons IT organizations needed on top of their AD instance pushed many organizations’ budgets to their limits, both in terms of capital and in the effort to properly integrate them into their environments.
Cloud-forward sysadmins were left in a conundrum. They obviously wanted to incorporate new IT innovations from the cloud as they came, but each new change seemed to push them further and further from the unified IAM approach that AD once allowed.
A Light on the Horizon
A next-generation solution has emerged to fill the demand of modern unified IAM: the cloud directory service. The cloud directory service flips the script on Active Directory for cloud-forward sysadmins. With a cloud directory service, IT organizations can opt to extend their AD instances to the cloud through one centralized solution. Or, if they so choose, a cloud directory service replaces AD altogether, reimagining directory services for the cloud era.
Active Directory is a monolith of IAM, and much like the great obelisks of the Egyptians, it doesn’t bend easily. For organizations entrenched in AD, a cloud directory service fills the role of the majority of AD add-on solutions combined, extending AD identities to non-Windows and cloud resources. A cloud directory with AD Integration incorporates non-domain-bound resources into an AD environment without removing AD’s hands from the wheel.
The cloud directory service has reimagined Active Directory altogether. That means, in essence, the cloud directory service is the next-gen Active Directory for cloud-forward sysadmins. A cloud directory service requires no hardware on-prem, no work or payment for add-on services, and most importantly, no worrying about managing identity access to resources outside of the domain — virtually all IT assets and resources exist within the domain of the cloud directory service. What’s more, IT organizations can leverage cloud directory service functionality to completely migrate off of their existing AD infrastructure to the cloud.
If you are a cloud-forward sysadmin who thinks a cloud directory service might be your Active Directory panacea, contact us. We are experts in the cloud directory service space, and can point you in the right direction for your needs.