As many organizations shift to a work from home (WFH) model to comply with public safety warnings, IT admins wonder how Active Directory® (AD) accommodates WFH situations.
A Directory Service Designed for the Office
Historically, Microsoft® tools such as Active Directory and SCCM (System Center Configuration Manager) made managing an on-premises IT infrastructure a fairly easy process. A user could log in to their Windows® system inside of the office and subsequently access any Windows-based IT resources they had permissions to with ease.
The common theme here, of course, is the homogeneity of the IT environment of the time: Windows-centric desktops on physical networks in brick and mortar offices. AD was designed to manage this type of environment — its domain, if you will — and does so well.
As IT evolved due to recent innovations, however, the domain faltered. With the introduction of SaaS applications, Infrastructure as a Service (IaaS), macOS® and Linux® systems, mobile devices etc., the AD domain-bound model of IT management failed to keep up. That’s not even to mention security risks to identities and machines introduced by phishing, social engineering, bot attacks, and device theft.
Working From Home with AD
Now, with a global pandemic underway, how can IT admins make AD work while end users work from home? The short answer is that it’s possible, but not easy. The long answer is that IT admins need to reconsider the concept of the domain, asking: “Is the traditional model actually working, or is the domain as it was virtually dead? Is a ‘domainless’ alternative the future of IT management?” We’ll get to that in a second.
The Short Answer
Enabling a remote workforce with Active Directory first and foremost requires extensive VPN infrastructure. Each end user will need to have VPN access on their system, and be trained to use it securely and effectively.
IT admins will also need to set up their VPN server and ensure that it can scale and perform well for the size and scope of the remote workforce. Then, when both admin and user are connected via VPN, the admin can make changes to identities via AD and end users can update their passwords as needed.
The Long Answer
As users work remotely from the office, IT admins leveraging AD alone find their options limited. Even with a VPN and access to Active Directory, many end users need to access web applications, AWS® cloud servers, cloud-hosted files, etc.
Many opt to purchase cloud-based IDaaS solutions to securely extend AD identities beyond the domain. These can make up for AD’s limitations regarding applications and devices, but are often best-of-breed solutions, designed to fill particular niches, like web application single sign-on (SSO).
Although world class in their feature set, these solutions often come with a comparable cost. Additionally, since they only handle individual pain points in an AD-based approach, they also demand that IT admins:
- Set up and manage each solution
- Integrate the add-on platforms with the core IdP infrastruture
- Train the organization to use them all, both singularly and in conjunction with each other
- Deal with each disparate vendor for support
Managing each of these requirements across a fully remote workforce is nothing short of a headache. And, with recent threats of economic recession looming over organizations, having a multitude of point tools drains precious budget resources. All the while, organizations remain firmly dependent on their underperforming AD, and are struggling to manage it remotely.
The time has come to challenge the concept of the AD domain and find a solution that uses the cloud to extend AD identities beyond traditional boundaries. In order to accommodate a fully WFH model, and do so when times are tight, IT organizations need to find a single platform that can consolidate their AD extension needs and remotely manage AD without using a VPN, all while doing so at a lower cost than other methods.
Extending AD for WFH with the Cloud
If your organization leverages AD, but you’re tired of VPN-dependent management and a host of add-on tools, consider centralizing your needs with a cloud directory service that can either sit atop AD as the ultimate identity extension, or replace AD entirely as your domainless domain controller.
Learn more about how you can centralize your remote workforce management with a cloud directory service here.