AWS® Cloud Server Authentication Microservice

Written by Zach DeMeyer on July 5, 2018

Share This Article

Amazon Web Services (AWS®) has been adept at providing all kinds of different microservices for IT, development, and DevOps organizations. Considering the microservice market, the concept of authentication as a microservice has been gaining some steam as the world shifts to the cloud. So, as these organizations continue to leverage cloud infrastructure many are asking, is there an AWS cloud server authentication microservice?

Signs point to no, but there is another cloud server authentication microservice that can not only operate in tandem with AWS solutions, but with an assortment of other on-prem and web-based resources, no matter the platform. Before we talk about that, however, let’s explore the world of identity and access management (IAM) and the role microservices play in it.

The IAM Market

IAM Market

The modern era of authentication and identity management really kicked off with the advent of LDAP, or the Lightweight Directory Access Protocol. Two major authentication platforms were spawned from LDAPs functionality – Microsoft® Active Directory® (MAD or AD) and OpenLDAP. Both of these would go on to become on-prem standards for proprietary and open source directory services, respectively. They were hardly considered lightweight, however, and were limited in the platforms and systems they could service. In fact, as the IT world has shifted to the cloud, many IT organizations have been struggling with their on-prem identity provider approach.

With the migration of IT to the cloud, an array of resources, such as cloud infrastructure from AWS, productivity suites from Google® and Microsoft (G Suite™, Office 365™), Mac® and Linux® systems, Samba file servers and NAS appliances, and more flooded the IT market. While they provided (and continue to provide) a bouquet of benefits to an enterprise, these services are driving significant challenges in the identity management approach for IT, dev, and DevOps organizations. Non-Windows®, off-prem platforms present a major challenge to Active Directory, which was designed to operate in Windows-based environments.

Send in the Microservices

Authentication Microservice

IT organizations were caught in a bit of a pickle. On one hand you have a time-honored directory service that manages user identities, but only connects them to Windows resources. On the other, there’s an explosion of non-Windows IT resources such as Mac, Linux, AWS, G Suite, and thousands of others, many of which create problems for said directory service. That is where microservices came in.

The concept of a microservice is an approach to a problem that is extremely focused and usually can be called with APIs or handled simply. The benefit is that the solution has been optimized to solve a singular problem, for example, authentication services. Software-as-a-Service (SaaS) can provide an enterprise with the concept of microservices, but delivered by a third party. In this instance, an authentication microservices solution would need to be able to handle a wide array of IT resources, yet still be simple and lightweight..

Unfortunately, identity and access management hasn’t been headed down the microservices route, but is rather an approach that stacks solutions on top of solutions with MAD at the core. An example of this are web application single sign-on (SSO) solutions. These piggyback on top of Active Directory and authorize users into their web-based applications, but that was all they could connect users to. Then other solutions like identity bridges emerged to help support other non-Microsoft resources like Mac and Linux systems. And, then still others emerged for privileged identity management, multi-factor authentication, and governance among a long list of others. But, add-on solutions began to take a toll on organizations because IT needed a whole variety of them to support all of the different, modern IT resources used in their environment. This created an uptick in work and costs for IT organizations.

A New Cloud Server Authentication Microservice

Make work happen with Directory-as-a-Service

The end result is that organizations are looking for a different approach to the concept of an authentication microservice, especially one that can intertwine with cloud infrastructure. This authentication microservice would be able to be invoked in a number a different ways for a variety of platforms, protocols, providers, and locations. Many believed that AWS would be able to fill such a void in the microservice space. Unfortunately, while AWS provides a number of services in the IT market, none of them can really offer the functionality the ideal authentication microservice would.

As we said earlier, one central identity provider can serve as the core authentication platform for an entire organization, connecting users to systems, applications, files, and networks all with one identity. The solution is called JumpCloud® Directory-as-a-Service®, and it is a microservice that is a platform-agnostic reimagination of Active Directory for the cloud era.

For organizations leveraging AWS cloud servers, JumpCloud Directory-as-a-Service doesn’t necessitate yet another identity provider and more infrastructure to develop, build, and manage. You simply deploy a lightweight agent on each AWS cloud server (Linux or Windows), and users are added, modified, and deleted on the system locally. Any changes are passed along to the server so that all user access is up-to-date including SSH keys.

Learn More

Have questions about using Jumpcloud as an AWS cloud server authentication microservice and more? Contact our support team with questions or concerns. If you want to try JumpCloud for yourself, try it today. Your first ten users are free.

Continue Learning with our Newsletter