By Rajat Bhargava Posted February 7, 2019
Directory services in the cloud are a hot topic these days. The two major Infrastructure-as-a-Service (IaaS) providers—Amazon Web Services® (AWS®) and Microsoft® Azure®—have realized they they must provide the functionality that IT admins need to manage users, specifically within their IaaS platforms. With this in mind, both providers have taken separate approaches in order to improve their directory services platforms. Yet, on both accounts, these infrastructure changes fall short. As a result, both of these solutions have failed to expand outside of their walled garden for the most part, which is enabling the management of users on servers and desktops hosted solely within each respective platform.
These cloud-based directories have varying capabilities when it comes to managing systems and other on-prem hardware, but they’ve never been designed to work perfectly with competing service providers. Once you start using one of these particular services, you’re stuck with that vendor. And, that’s not just at the infrastructure services level, each of these platforms is designed to work best with Windows systems. With that in mind, there are better, multi-device cloud-based options to explore. But first, let’s look at Azure AD vs AWS Directory Service.
A Closer Look at Amazon Web Services Directory Service
AWS Directory Service is essentially an on-prem Active Directory® instance hosted in Amazon’s cloud. This is not to be confused with Amazon Simple Active Directory, which is based on Samba. So, what AWS Directory Services boils down to is that it is AD-as-a-Service with some single sign-on (SSO) capabilities to Amazon products. With that you get all of the usual trappings of an on-prem Active Directory instance, except you need to manage the service through a separate Windows Server. So, you get the ability to deploy Group Policy Objects (GPOs) and manage user access on Windows systems without having to configure, maintain, and secure your own Active Directory instance.
But, of course, the downside is that Active Directory struggles to connect to non-Windows systems, like Mac® and Linux®. Plus, because this system is built to work at Amazon Web Services and their cadre of Windows-based products, you do gain user management to those platforms, but not to any competing products or additional on-prem infrastructure. That means if you were to try and leverage Google products like GCE, G Drive™, or G Suite™ you’d have to find some sort of work-around to extend Active Directory credentials. This scenario doesn’t even mention networks, files, web applications through SAML, on-prem apps via LDAP, or RADIUS for network infrastructure gear.
A Closer Look at Azure Active Directory
Many thought that Azure Active Directory was the next logical progression in the Active Directory story, that is, a cloud-based version of on-prem Active Directory. Sadly, for people looking for a product in that vein, they’ll have to look elsewhere. Like AWS Directory Services, Azure AD provides authentication and authorization support for Windows desktop and server instances in the Azure cloud platform (and remote Windows 10 devices). Azure AD also offers the ability to manage Office 365™ access. For organizations looking to use the full suite of Active Directory features, plus Azure web app SSO to Office 365 and hundreds of other web applications, Azure must be paired with an on-prem Active Directory instance. So, while Azure AD does great at managing objects within its web-based Azure domain, resources that exist outside of it are a struggle to effectively manage.
For instance, IT resources that fall outside of Azure AD management are very much like the objects that cannot be managed via AWS Directory Service. That means systems like Mac and Linux, competing infrastructure platforms, potentially including both AWS and Google’s stable of products, networks, files, on-prem applications authenticated via LDAP, and RADIUS-based network infrastructure gear. Clearly, both of these solutions leave a lot out when you consider the decentralized nature of the modern IT network.
Alternative to AWS Directory Service and Azure AD
Thankfully, we can cut through this clutter and take a different approach to directory services and user management that will satisfy a holistic identity management requirement. A cloud-based directory service, called Directory-as-a-Service® (DaaS) has emerged as the solution for cloud-forward organizations. DaaS is a cloud-based service optimized to authenticate, authorize, and manage user access to IT resources across any of the three major OSes (Mac, Windows, Linux), with any IT or web-based applications located on-prem or in the cloud. Because of its robust offering, organizations that use Directory-as-a-Service are free to utilize whatever systems and providers are best for their situation. This is the opposite of what AWS and Azure and AD have done with their directory solutions.
Learn More About JumpCloud
If you’re currently considering which would be better for your organization in the comparison between Azure AD vs AWS Directory Service, now is the time to also take a look at Directory-as-a-Service. Because JumpCloud is vendor neutral, you won’t be locked into using one or the other between these two providers. Of course, there are a lot of good reasons for leveraging an open directory. One such reason is the empowerment to make the best choices for your organization without worrying about whether you’ll be able to connect your users to the infrastructure they need to access. Sound good? Drop us a note if you have additional questions, or sign up today for a free account. Your first 10 users are free in the Directory-as-a-Service product and always will be.