This excerpt was pulled from JumpCloud’s “Leveling the Playing Field for SMEs” eBook. The eBook itself dives into topics related to recent workplace changes and modern expectations, as well as how to deal with it all as an IT professional through technology unification, improved onboarding, centralized and secure device management, and the use of multi-factor authentication.
This excerpt is focused on the apparent challenges that Active Directory (AD) brings to small to medium sized enterprises (SMEs) and how a cloud-based approach not only simplifies those challenges, but also provides advantages against others who maintain an on-premise approach.
Active Directory — A Monolithic Solution in a Distributed World
Many IT admins wind up using Active Directory to manage IT resources because they feel like they don’t have a choice. Unfortunately, that means many employees wind up without a choice when it comes to how they work. That can be a sore spot for organizations trying to compete in an increasingly open and flexible world.
Active Directory (AD) is a behemoth built for legacy environments. AD was developed late last millennium to replace Windows NT domains, a domain management and user authentication solution that had a few performance issues of its own.
But as time marches on, digital transformation and cloud migration trends have resulted in Microsoft adding layers upon layers to retrofit AD for modern architectures — or worse, ignoring them completely.
And just like any behemoth, AD is slow-moving and riddled with blind spots. AD was designed for the historic network operating system model that is now largely obsolete.
The trends of the past two decades have been further catalyzed by the shift to remote work. Employees want the seamless experience of working from anywhere on any device, but AD doesn’t always support that goal.
When COVID hit, we were — from a user and account management standpoint — not ready for it. That really moved us forward to accommodate this strange occurrence where everyone’s now remote. They’re not connecting to the VPN reliably, and any time there’s a password issue it’s a nightmare and a half to get them back online.Mitch Anderson, Director of Systems Engineering at Boulder Heavy Industries
Even before the realities of remote work became the new normal, IT admins struggled with AD when they wanted to use non-Microsoft resources, such as Google Workspace or Apple devices. MacOS adoption has increased more than 300% in the past 10 years and a quarter of organizations are completely cloud-based. AD tethers organizations to the Windows domain at a time when flexibility and choice are at a premium.
When it comes to cloud services, Active Directory lacks native integration with web-based applications (via SAML) or infrastructure (like Amazon Web Services). In heterogeneous environments, AD lacks native endpoint management, group policy functions, and multi-factor authentication (MFA) for both Mac and Linux. AD is a monolithic solution that is ill-suited for modern environments.
Even Azure AD, Microsoft’s cloud-based directory offering, is intended to function as an extension, rather than a replacement, of an on-prem AD instance. Azure AD incorporates more cloud functionality into its stack, but it has limited directory management functionality when compared to AD, including the loss of group policy management, organizational unit management, and legacy authentication functions like LDAP and Kerberos. Microsoft’s cloud-based version of a domain controller, Azure Active Directory Domain Services (AADDS), solves some of these problems by offering a full directory that doesn’t rely on on-premise infrastructure. However, it too comes with its share of limitations, like more restricted administrative privileges.
Because of these gaps, organizations have frequently had to invest in additional mobile device management (MDM) and identity and access management (IAM) solutions, which usually require additional identity bridges and connections to implement and manage. And that, in turn, just complicates the user experience.
Cloud-Based Directory Services — One Directory for All
But there’s a new approach that avoids these additional costs and complications. JumpCloud’s solution is to enhance AD — or replace it entirely — by extending directory services to virtually any resource (and in so doing offering the freedom of choice to IT managers and the employees they support). In fact, JumpCloud’s solutions have been developed from the ground up with lightweight modern standards, enabling more speed and flexibility when agility is a competitive advantage. After all, no one wants to tell their allstar DevOps team that they can’t use Linux or their CEO that they can’t use a MacBook.
The fact that AD does not connect to cloud or non-Microsoft resources natively means that IT admins have to supplement AD with additional directories in each application or on each service, which require time-consuming manual processes to manage. Managing multiple directories and identities per employee through a collection of third-party services is both inefficient and insecure.
That’s why JumpCloud’s solutions enable organizations to unify their entire IT stack, replacing AD, MDM, and IAM solutions with an all-in-one access control and device management solution. With JumpCloud, SME IT admins can securely connect their users to virtually all of their resources with a single identity. That means their users can use any service on any application from anywhere, no problem.
JumpCloud also enables organizations to centralize their identities, manage access, control device settings, and more. And because it is cloud-based, there is no hardware required — that means lower costs and less complexity. That is especially beneficial for IT admins of rapidly scaling businesses that would rather focus their resources elsewhere.
It’s been nice having centralized control over our global IT environment. We have 30+ offices across 12 countries, and there are only seven of us in IT. Some of our offices don’t have their own IT department, so we have to manage their environment remotely. It’s been incredibly helpful to have a cloud directory service with a web-based console that enables every Cabify IT administrator to easily manage an office’s IT environment regardless of where the office is.Enrique Salgado, Global IT Director at Cabify
It’s an approach that’s been carefully crafted to enhance not just the employee experience, but the IT manager’s experience, as well. JumpCloud empowers IT admins to provision user identities and access to applications through SAML, Just-in-Time (JIT) provisioning, and SCIM, enabling easy integrations with resources typically out of reach for AD. JumpCloud supports Windows, Mac, and Linux authentication and provides group-based access and policy management to control device settings. Organizations can enforce MFA and use conditional access controls to enforce Zero Trust device security.
What’s more, JumpCloud makes it easy to migrate Windows systems from existing AD environments with its Active Directory Migration Utility (ADMU). Alternatively, organizations that aren’t ready to rip-and-replace AD can extend it with JumpCloud Active Directory Integration, which connects on-premise AD identities to domain and non-domain resources alike, such as Mac and Linux devices, cloud services, and more. With a bi-directional identity sync, AD Integration enables organizations to tackle their roadmap of consolidation at a pace that works for them; while they systematically incorporate and integrate the JumpCloud platform throughout their stack, they can fully manage their AD users remotely from the cloud. That’s a pretty big deal in an era of remote work
JumpCloud is really empowering us to let our people work from anywhere.Mitch Anderson, Director of Systems Engineering at Boulder Heavy Industries
In short, JumpCloud really does offer one platform for all. Whether in the cloud or on-prem, organizations can securely manage identities, devices, and access, all from a single platform, regardless of where employees work. That means organizations can eliminate extraneous point solutions they need to manage non-Microsoft products like Google Workspace, macOS, Zoom, or Slack.
So think about it. What is the real cost of AD to your organization? Besides the obvious costs of hardware and software, AD requires additional investments in things like maintenance, add-on software requirements, and network equipment, plus the time required to manage it all. But the JumpCloud directory platform offers a cost-effective solution that covers all aspects of managing your identity, device, and access in one consolidated platform — no point solutions required. Employees can work however they like with no hassles for IT admins. “We use the time we save using JumpCloud to build experiences for our customers,” said Doddi.