By Rajat Bhargava Posted December 6, 2016
An interesting comparison to think about is AWS Directory Service versus Microsoft Azure Active Directory. In a lot of ways, the comparison is a little nonsensical. And it is unclear why AWS would want to leverage the legacy Active Directory service for use in their cloud infrastructure. It seems like that would put them at a significant disadvantage to Microsoft’s Azure Active Directory considering that Azure AD is a completely new product.
In fact, both platforms are actually partial solutions with significant drawbacks for IT organizations.
AWS Directory Service for Active Directory: Hosted AD in the Cloud
AWS Directory Service for Active Directory is really just a hosted AD instance in the cloud. Customers were requesting a directory service for their AWS infrastructure. AWS’s first foray into this space was using the open source SAMBA platform. The platform had no management tools and was difficult to use and implement. So it is understandable why customers just requested the real thing, Active Directory.
Disadvantages of This Solution
The problem with this approach is that AD is a traditionally on-prem hosted platform. It doesn’t have great security because it relies on the organization’s network security to protect it. In this instance, however, AWS is placing AD in a public cloud scenario. This then requires IT admins to ensure that they are securing the platform.
AD also authenticates users and devices via direct connect, which means that it is difficult to use a cloud-hosted Active Directory instance to manage on-prem systems and applications. As a result, IT organizations are faced with having at least two instances of AD. Ultimately, the approach may work for AWS devices. However, it is largely a siloed solution.
Azure Active Directory Struggles with the Same Problems
The same holds true for Microsoft’s Azure Active Directory. Built from the ground up to be focused on Azure and be cloud hosted, Azure AD is really only aimed at Azure services. It doesn’t authenticate systems on-prem, at AWS, or anywhere outside Azure.
This approach makes a lot of sense for Microsoft since they are using the same playbook as they did with Active Directory. AD was a tool to lock organizations into the Microsoft eco-system. macOS and Linux were hard to manage and integrate with Microsoft AD, and the same is mainly true with Azure AD. The benefit that Azure has over AWS is that Azure AD is the next generation of directory services while AWS is offering its customers the legacy product. But here, too, customers will be locked in and segmented. Neither of these solutions provides a true central cloud directory service.
JumpCloud® Delivers a Better Cloud Directory
For that, organizations need to turn to Directory-as-a-Service®. DaaS is delivered as a cloud directory service that is independent. It works with AWS, Azure, Google Compute Engine, and many more. In fact, it integrates on-prem directory services with your cloud infrastructure. You don’t have two directories, you have one central management console to manage all of your users and IT resources. macOS, and Linux are treated as first-class citizens. Google Apps is as seamless to integrate as Office 365. IT organizations no longer need one directory service on-prem and another hosted at their cloud provider. A single cloud-hosted directory service can cover it all.
Drop us a note to learn more about why the question isn’t AWS Directory Service for AD versus Azure Active Directory, but really how to migrate to Directory-as-a-Service. We would be happy to go through how our customers are leveraging our Identity-as-a-Service platform alongside AWS and Azure. Since your first 10 users are free forever, sign up for a free account.