Going Domainless: Cloud Directory Migration Strategy

Written by Cassa Niedringhaus on April 3, 2020

Share This Article

IT departments can better equip themselves to meet the demands of the modern era and prepare for the future by implementing an entirely new and cloud-based architecture: a domainless enterprise.

In this post, we’ll define the concept of the domainless enterprise and explore how innovative new architecture can enable cloud-forward organizations.

The Domainless Enterprise Defined

In the last era of IT, admins secured users and devices via the concept of the Active Directory® (AD) domain. They used on-premises domain controllers to provision users to their in-office resources and secure those users’ workstations.

The domain controllers, in conjunction with firewalls and other security measures, managed a perimeter around offices — and users within that perimeter were trusted to access the office’s internal network. However, users needed to access this internal network to authenticate to their resources and change their core passwords even when they worked outside the office, and this posed various challenges.

Beyond that, AD struggled to manage new resources that cropped up outside the domain, such as SaaS apps, cloud infrastructure, and non-Windows operating systems. Admins required an increasing number of costly add-on solutions to extend on-prem identities to those off-prem and non-domain resources.

In the next era of IT, admins in cloud-forward organizations will instead use cloud infrastructure to provision users and secure devices, and the concept of an internal network will fade. In the domainless enterprise, users must assert their identity each time they access a permitted resource, which increases organizational security because no traffic is trusted by default. This dynamic authentication and authorization will happen regardless of where they’re located, and it won’t require them to tunnel back into the internal network to do so. 

Although it might seem daunting to move all identity and access management (IAM) infrastructure to the cloud, there are several prime reasons to do so.

Six Use Cases for Domainless Enterprise Architecture:

The domainless enterprise architecture enables organization to reduce their dependence on physical servers and address the following uses cases:

  • Securing remote users and/or remote offices
  • Managing a heterogeneous environment (i.e., mix of Mac®, Windows®, and Linux® systems)
  • Supporting merger, acquisition, or quick scaling 
  • Securing WiFi network access (cafe-style or other unsecured networks)
  • Reducing capital expenditures in favor of operational expenditures
  • Increasing agility & accessibility of IT infrastructure from any location

Migrate Directory Services to the Cloud 

Admins who implement the domainless enterprise architecture don’t simply replicate the AD/domain model in the cloud. They use an entirely new model instead — but tools exist to aid in this transition.

Admins can export users from AD and import them in bulk into a cloud directory service to avoid manually re-creating those users and their associated attributes. They can also convert Windows domain accounts to local user accounts to begin managing those machines from the cloud, too.

Once they’ve taken these steps, admins can begin to consolidate user and system management in the cloud directory service. Because modern cloud directory services are platform-agnostic, admins won’t require third-party vendors or identity bridges. Then can instead connect their various IT resources — including systems, apps, networks, and cloud infrastructure — straight to the directory. They can then federate core identities via protocols such as LDAP, RADIUS, and SAML, and implement new, cloud-based workflows.

Workflows in the Domainless Enterprise

With this new architecture in place, admins can provision users, manage access controls, and secure devices via a web-based console. The process is the same regardless of where the admins, the users, or the devices are located.

They can ensure users have one set of secure credentials (plus multi-factor authentication and SSH keys, where applicable) to access virtually all their IT resources, and they can manage and monitor those users’ devices.

By centralizing access control and device management in the cloud, admins improve both security and agility in responding to internal changes and external/market factors. Whether an organization acquires another with disparate resources or an organization needs to move quickly to an all-remote setup, admins have the tools they need to accommodate those changes and maintain centralized control.

At JumpCloud®, we’re committed to enabling the domainless enterprise with our Directory-as-a-Service®. Click here to learn more about securely connecting user identities to virtually all IT resources via the cloud.

Continue Learning with our Newsletter