Cloud-based Apple Open Directory

By Greg Keller Posted March 15, 2016

Is it possible to have a cloud-based Apple Open Directory service? The answer is yes. Of course, it is possible, but it hasn’t really been done all that often. There could be a variety of different reasons for this, including the fact that the Apple server hardware isn’t being sold any longer and as a result there aren’t many hosting grade Mac servers available. Another reason may be because cloud directory services are a relatively new concept and Apple hasn’t encouraged a cloud-based service around it’s OS X Server components. Additionally, while there are many all Apple offices, those organizations still need to connect to other platforms as well. As such, using Apple Open Directory as the core directory service can sometimes be challenging for many IT organizations.

Apple Open Directory Maintains On-premises Status

Directory service is meant to be the core, authoritative user store for all user credentials. In addition, it connects users to the IT resources that they need to access. Those IT resources include systems, applications, and networks. In the case of Apple Open Directory, it has been optimized for Apple solutions. Other on-premises directory services like Microsoft Active Directory and OpenLDAP have been focused in other areas. AD is for Windows networks and OpenLDAP is generally focused on the more technical Linux infrastructure. The new challenge for IT organizations and their identity management programs is the cloud. Cloud-based infrastructure and applications are changing directory services for the better.

A Need for Cloud-based Directory Services

Traditional directory services solutions such as AD, OpenLDAP, and Open Directory are on-premises and have difficulty managing cloud systems and applications. There are three major difficulties – networking, security, and protocol support. Most on-premises directories were created to be hosted behind the firewall and as a result, connecting cloud systems to the on-premises directory requires exposing the directory to the Internet– a potentially major security risk. The systems will likely need to be networked together securely and that often requires a great deal of time and effort. Most of the directories have focused on their core devices or protocols, but the cloud is multi-protocol. Systems and applications are using a wide variety of protocols. Unfortunately, many of those protocols aren’t supported by the on-premises directory services.

Directory-as-a-Service®

The shift to the cloud and to SaaS-based solutions means also moving the directory to the cloud. There is a new generation of technology emerging called Directory-as-a-Service. This cloud-based directory service platform is connecting users to the IT resources they need regardless of platform, location, or protocol. SaaS-based directory services can work with Windows, Mac, and Linux machines. On-premises, legacy LDAP applications, and web-based SAML applications can all be authenticated to the core cloud user directory as well. And, WiFi networks can be backed by the directory leveraging RADIUS-as-a-Service functionality.

While it may not be easy to find a cloud-based Apple Open Directory service, you may want to investigate Directory-as-a-Service. DaaS treats Macs as equal to their counterparts and gives IT admins a wide range of other capabilities including True Single Sign-On™, LDAP-as-a-Service, RADIUS-as-a-Service, centralized user management, device management, and more. Feel free to give JumpCloud’s Directory-as-a-Service platform a try for yourself. Your first 10 users are free forever.

Greg Keller

Greg is JumpCloud's Chief Product Officer, overseeing the product management team, product vision and go-to-market execution for the company's Directory-as-a-Service offering. The SaaS-based platform re-imagines Active Directory and LDAP for the cloud era, securely connecting and managing employees, their devices and IT applications.

Recent Posts