By Zach DeMeyer Posted January 14, 2019
While some thought it was just a seasonal change in the weather of IT, the cloud is officially here to stay. Forbes states that, by 2020, over 80% of global enterprise workloads will be cloud-based. While that finding bodes well for organizations seeking the cloud for swiftness and efficacy, the IT admins of said orgs are faced with a problem. How do you manage identity access to the cloud? Today we will evaluate two Microsoft® solutions in the space and pit them against one another: Active Directory® Domain Services (AD DS) vs Azure® AD.
The Nature of IAM
Before we dive in to each solution, let’s step back and examine identity and access management (IAM) as a whole. Historically, IAM has fallen on the shoulders of the directory service. In many cases, the most widely used directory service has been Microsoft Active Directory. Based in Windows® and on-prem, AD connected users to their core resources: their systems, Windows applications, wired networks, server stacks, etc. Directory services like AD were ideal for a working world that sat in stuffy offices, complete with ethernet connections and clipped out Dilbert cartoons T-pinned to cubicle walls.
Today’s IAM scene is considerably different than that of merely a couple decades ago. Employees leverage whatever system they choose, be it Windows, Mac®, or Linux®. Gone are the days of cubicles, as more people are finding they can do their work remotely without ever stepping foot in an office. And, heading the charts, cloud adoption continues to rise, as Software-as-a-Service quickly becomes the norm for delivering enterprise solutions and resources and Infrastructure-as-a-Service providers (e.g. AWS®) are replacing on-prem and colocated data centers. Traditional directory services require a host of added on tools to manage modern IT advancements. It is with this idea of modern IAM that we evaluate AD DS vs Azure AD.
Comparing AD DS vs Azure AD
A comparison of Active Directory Domain Services and Azure Active Directory is one that makes sense. After all, AD DS is Microsoft’s bread and butter when it comes to the IAM space. Azure AD, on the other hand, technically isn’t a full-fledged directory, but rather a way for admins leveraging the Azure cloud platform to manage user identities in the platform itself. While Azure AD also features single sign-on (SSO)-like capabilities for a select group of web applications, we would be remiss to call it a directory service as AD DS is.
Armed with this knowledge, it makes comparing the two solutions a bit tricky. While they are both Windows-focused user management systems, AD DS is an actual directory service, connecting identities to a wide variety of Windows-based resources, but is also grounded on-prem. Azure AD touts the usefulness and versatility of the cloud, but is limited by the fact that it doesn’t federate to on-prem systems, networks, and apps as well as non-Windows resources (e.g. AWS, GCP).
Combining AD DS and Azure AD?
Clearly, while both solutions are effective for their purposes, neither option is an ideal version of a cloud directory service. If a solution could combine the directory service functionality latent in AD DS with Azure AD’s cloud-forward environment and support heterogeneous environments, it would truly be a directory service for the modern era. Such a solution would also need to be able to federate access to users’ identities, resources, and their systems regardless of their choice of platform, provider, protocol, or location.
If this idea of combining (rather than pitting AD DS vs Azure AD) interests you, consider contacting us at JumpCloud®. We would be happy to introduce you to such a solution, the world’s first cloud directory service, the Directory-as-a-Service®. Directory-as-a-Service federates user identities to virtually all IT resources, no matter the choice of provider, cloud or on-prem. Learn more at our blog or YouTube channel.