By Greg Keller Posted March 17, 2015
Infrastructure-as-a-Service is big business these days. Very few organizations are building their own data centers anymore. Most small to medium enterprises are outsourcing their infrastructure. Public cloud players like AWS, Google Compute Engine, and IBM / SoftLayer are capitalizing on this trend.
End user organizations are benefiting too. IT organizations don’t need to build and manage the network anymore. They don’t need to manage servers either – including their procurement, configuration, and repair. Companies can buy what they need when they need it, saving money.
The challenge with this process is connecting third party cloud infrastructure back to your organization. Many IaaS deployments look like a completely separate network with separate management. This often increases costs, reduces security, and adds complexity. A core mechanism to bring IaaS into the fold is to connect your cloud servers to your central identity management user store. There are three core reasons to do this:
# 1 Better Security
Cloud infrastructure often houses critical applications and data. One of the first steps in protecting your applications and data is ensuring that only the right people have access to that IT infrastructure. This means knowing who has access at all times, ensuring that their credentials are strong and secure, and then quickly terminating access for those that no longer need access. Your central directory services already do this. Connecting your user store to your cloud infrastructure ensures that your cloud servers are in sync with your user directory.
# 2 Efficiency
Manually managing user access to cloud infrastructure or leveraging scripts is often the way IT admins and sysadmins manage their cloud infrastructure access control. But this method is slow and prone to errors. Are all servers included in this process? Are all users included? How can you be sure?
Without an overarching, systematic solution there is a great deal of manual work to make sure that everything is taken care of. Thankfully there is a better way. With a central user directory, you can provision and deprovision access in a rigorous way and do it with leverage. A single add or delete will ripple through hundreds of systems.
# 3 Auditing
Knowing who is accessing your cloud infrastructure is important. It is required if you are subject to compliance regulations such as PCI. Even if your organization isn’t subject to compliance regulations, auditing access is a best practice for security. A central user store helps make that process much simpler.
Challenges to Connecting a IaaS to Directory Services
It is difficult and risky to connect most on-premises directories such as Microsoft Active Directory® or OpenLDAP™ to your cloud infrastructure. Your servers need to all be networked to your directory and this can be a challenge when you are talking about public networks talking to private on-premises servers.
The second challenge is ensuring that your directory is secure online. AD and LDAP were built in a time when the prevailing security view was that the perimeter of your network was their security protection. With modern networks effectively without a perimeter because of their use of cloud technologies, securing the directory is much more difficult.
The Simple IaaS Solution
There is an easy way to connect your IaaS to your existing identity store or leverage a new directory. Directory-as-a-Service® is designed to be a secure cloud-based directory service. DaaS easily connects cloud servers to your internal identities. If you already have Active Directory, JumpCloud’s AD Integration acts as a replica of your internal AD, but in the cloud. It then can securely communicate with your cloud infrastructure with in sync identities from your on-premises AD system. If you don’t have a directory, JumpCloud can be your core user store. Beyond controlling and managing your cloud servers, JumpCloud can also be the directory of record for your on-premise devices and applications as well.
Learn More About How to Connect IaaS
It’s smart business to connect your cloud servers to a central directory. It’s even smarter to leverage JumpCloud’s Directory-as-a-Service so that you don’t have to do the heavy lifting. Drop us a note if you would like to learn more. You can also try our cloud-based directory for yourself. Your first 10 users are free forever.