Share This Article
Pricing for directory services that aren’t Active Directory® can differ from vendor to vendor. Depending on the size and scale of your enterprise, one option may enable greater savings over another. Amazon Web Services® (AWS®) in particular has a unique pricing equation, so it helps to understand exactly how you will be charged.
First of all, it’s important to differentiate between AWS Directory Services and a traditional directory service. The former is generally a tool for managing users on AWS virtual machines (generally Windows®) in the AWS Cloud, and the latter manages user identities (ideally) across all or most IT resources. Since AWS Directory Service is essentially Active Directory under the covers (depending upon which version you choose), generally you’re tied to AWS Windows server and their desktop-as-a-service solution, Workspaces. Connecting users to a wide range of other IT resources can be a struggle because of the hosted AD service’s location and platform preferences.
Coming back to pricing, the cost of AWS Directory Service is based on a per-hour charge. It comes in two editions, Standard and Enterprise, and allows you to set up your user directory in a single AWS account. The complicating factor is that AWS tiers their solution by the number of directory “objects” you have. This can be confusing and can change a great deal over time. If you need redundant domain controllers, you’ll need to pay for that as well – essentially an up-charge of 50% per DC that you provision and integration.
AWS does allow you to have their managed AD service cut across multiple AWS accounts and Amazon Virtual Private Clouds (VPCs). Note, however, that either way, you’re paying for the privilege.
And that payment can become substantial. First, there’s a sharing charge — also hourly — for each additional AWS account you decide to enroll. And while there is a 30-day limited free trial – not an unlimited free account, directory sharing does not qualify for it. You’ll also want to note that you’ll be charged slightly more for all of the offered services if you’re located in the Western Region of the United States.
What are the other costs to run AWS Directory Service?
As most sysadmins and DevOps engineers know, AWS Directory Service is really just a hosted version of Microsoft® Active Directory. The primary intent of it is to be able to manage user access to Windows-based servers or desktops hosted at AWS.
The reason many DevOps organizations will look at AWS Directory Service is because they’re already heavily invested in AWS overall. But to integrate AWS Directory Service with your on-prem infrastructure you’ll need to build the network infrastructure necessary to have the two securely communicate. This often requires VPNs, which means that not only are you paying for your AD on-prem and AWS Directory Services, but also the cost of a VPN and other supporting IT infrastructure.
The real challenge with AWS Directory Service is not the per-hour charges (which can clearly add up), but rather the additional functionality that’s required. To create a comprehensive identity and access management approach, you need not only the AWS infrastructure, but the rest of the components to run an enterprise service – high availability, load balancing, security, back-ups, and more.
Is there an alternative for the SMB?
For many small- to medium-sized businesses, the combined costs of setting up AWS Directory Service exceed the advantages to signing up for it. Many are looking for a single identity provider that can enable access to all the IT resources end users need, including:
- Systems: Windows, Mac, and Linux
- Servers: in the cloud or on-prem, LDAP or otherwise
- Applications: on-prem and in the cloud, LDAP and SAML
- File storage: on-prem and in the cloud, Synology, QNAP, DropBox™, etc.
- Network administration: WiFi access management through RADIUS
The good news is that there are alternatives to expensive, piecemeal IAM approaches. JumpCloud® Directory-as-a-Service® is one of these, and it’s specifically designed with the SMB in mind. Not only does it feature all the capabilities listed above, but there are no hourly or regionally-based charges. As well, you won’t be tied to AWS, Windows, or other vendors. You’ll be able to leverage the best technology for your organization.Want to continue your AWS research? Check out our blogs about AWS Cloud Directory Pricing and the Difference Between AWS Cloud Directory and AWS Directory Services.
