By Rajat Bhargava Posted December 13, 2016
AWS has taken the world by storm. It is one of the fastest-growing infrastructure solutions. Over 1 million businesses use AWS as part of their infrastructure. Many startups have built their entire business around AWS, and enterprises are opting to forgo building data centers to just use AWS instead.
The economics make sense. AWS has tremendous functionality such that IT admins, system admins, and developers don’t need to build solutions in-house. One area, though, where AWS is weak is the ability to manage their cloud servers.
Major Areas of AWS Cloud Server Management
AWS cloud server management really is about two major areas. One is the management of users that have access to the server and the associated authentication mechanisms. These could be SSH keys or multi-factor authentication. The other half of the equation is the management of the operating system itself, including updating patches and executing tasks on those servers. Linux is being leveraged as the dominant operating system platform for the most part. However, Windows represents a fair amount as well.
Managing user access to AWS cloud servers is a major challenge. When organizations start leveraging AWS, they will often manually manage user access to the servers. AWS requires SSH key access to the servers. So the system admins need to collect public keys from the users that need access. It should be noted that we are talking about actual machine-level authentication when we talk about cloud server user access. Many cloud identity management platforms integrate with the AWS IAM web console, but that isn’t at the machine level. As an AWS deployment grows, machine-level user authentication can be quite painful to manage.
Make Short Work of Managing Users & Operating Systems
Many organizations grow out of the manual user management level and will often turn to scripting with either Chef or Puppet. This, too, is a painful exercise as system admins need to write the code to make it all work. The next thought is to leverage OpenLDAP or Microsoft Active Directory®. Unfortunately, setting up and managing a directory service in the cloud and integrating that with the existing on-prem directory service is also a challenge. Many organizations opt to leverage a cloud directory service called Directory-as-a-Service®. This platform integrates with an on-prem Active Directory instance or functions separately. There is no hardware or software to install, configure, and manage. Sys admins simply add their users and leverage a lightweight agent on each AWS Windows or Linux machine to control user access. It’s simple, easy, and scalable – just like AWS.
To manage the operating system, many IT organizations are leveraging Directory-as-a-Service’s command and script execution capabilities. The cloud directory service contains the ability to remotely execute tasks on those servers. Any language that the server supports can be leveraged to execute the task. Full audit capabilities are available, including whether the task executed or failed and any results.