By Greg Keller Posted January 30, 2015
This is the 1st blog of our four part series on cloud server user management. Here’s a list of the others.
- Cloud Server User Management (you’re here!)
- 6 Ways to Manage Users on Cloud Servers
- Challenges of Connecting Directory Services to Cloud Computing
- Connecting Cloud Servers to your AD or LDAP Store
Organizations have traditionally leveraged Microsoft Active Directory® (AD) or the Lightweight Directory Access Protocol (LDAP) solution OpenLDAP™ for managing access to their on-premise server infrastructure. LDAP and AD manage things like who has access to what within the organization. LDAP and AD are the core identity provider for an organization.
In recent history, cloud Infrastructure-as-a-Service (IaaS) has started playing an important role throughout IT solutions. An increasing number of businesses have replaced antiquated hardware with remote, cloud-based solutions for corporate infrastructure. This shift affects the dynamics of managing user access control. Servers, which used to exist on premises in data centers, are being replaced with web-based hosting services like Amazon Web Services (AWS), Google Compute Engine, Rackspace, SoftLayer or other cloud hosting providers.
How do organizations manage access to these cloud servers? How do they ensure that the servers remain secure and aligned with user access privileges? When their development and operations teams are all over the world and there is no ‘on-prem’ network, how do you secure access?
Cloud Server User Management Workarounds
Currently, IT admins use the following approaches to manage users on cloud servers:
- Manual user management
- Config automation (e.g. Chef/Puppet)
- Expose AD/LDAP to the Internet
- Secondary AD/LDAP user store
- Enterprise Identity and Access Management solution
In a separate post, we dig into each one of these potential options, highlighting the benefits and shortcomings of each approach. As you’ll see in the end, each of these options is sub-optimal for IT organizations. The real solution is implementing a cloud-based directory service, such as Directory-as-a-Service®, that integrates with an organization’s current setup. This Identity-as-a-Service is a game changer for organizations that are not bound by location, protocol, or platform.
Cloud servers are a core part of an organization’s IT infrastructure. Determining how to connect them to your user store is an important task. If JumpCloud’s cloud identity provider approach can help you think about this problem, please drop us a note. Or feel free to try our Identity-as-a-Service platform. Your first 10 users are free forever.