By Rajat Bhargava Posted March 19, 2014
Organizations that hit a handful of users end up looking hard at a system that will help them organize and keep track of their privileged user accounts. User access control is a core system for most organizations and critically important as an infrastructure component, but it isn’t a place where organizations want to devote a lot of their time. Most companies realize that they need to be innovating on their product or service not on building out their user management infrastructure.
As a result, generally that means organizations start looking at a system like LDAP including some of the open source solutions in that space, e.g. OpenLDAP, when they experience the pain of dealing with their user management controls. That pain can include manually managing SSH accounts and Windows admin accounts, not having visibility into who has accounts on what systems, and when they are logging in / what they are doing. In short, they are creating accounts for users, but have no control around the process of access to servers and security.
When organizations hit this point, they often begin to look at LDAP as a potential solution for their directory service. Because they are generally manually managing accounts that may mean may mean shared root passwords, scripts to create and manage users, or Chef or Puppet as a user management system. All of these existing approaches end up being tedious and time consuming. As a result, an identity management solution such as LDAP becomes an interesting alternative.
As existing LDAP users know, the process to get LDAP up and running with an organization is difficult. As LDAP is effectively a database, it is time consuming to setup the system and get it operational. Add to that the cloud and you have dramatically increased the complexity. Connecting all of your cloud servers with your LDAP instance requires the right ports and permissions so that all systems can talk to each other. Another consideration when setting up LDAP becomes high availability. As LDAP will be the data store that your servers (and perhaps other devices and applications) will be authenticating against, an LDAP server that is down means that nobody is accessing their systems.
Adding users or terminating access becomes a largely manual process. The admin will go into LDAP and create the user’s account and give them the right permissions. The admin will then take the temporary password that was created and email it to the user and then have them login to the device or application and change their password. If the organization happens to use keys, then the admin will need to ask the user for their public key and then insert that into LDAP at the time of provisioning.
If you are able to get LDAP up and running quickly and you don’t have a lot of changes to your infrastructure – i.e. new users or changes in servers – then the maintenance ends up being reasonably contained. As soon as you begin to grow on any dimension such as users, servers, devices, applications, or multiple cloud providers, managing LDAP becomes a much more significant chore. And, as a busy DevOps or IT pro is that where you want to be spending your time?
JumpCloud is a Simple, Easy-to-Use Alternative to LDAP
It’s a Directory-as-a-Service® platform. No longer do you need to take the manual steps of setting up a server, deploying the LDAP software, configuring it, testing it, and then running it on an on-going basis. JumpCloud provides you with Windows, Mac, and Linux user management capabilities as a SaaS-based directory service. Simply register for an account, download the lightweight agent on all of your servers (use Chef or Puppet for quick, automated installation if you like!), and pop in a new user from the Web-based interface. Now, that user can quickly and easily be assigned to groups of servers. Simple. Fast. Painless. No LDAP servers to manage, code to hack, and passwords or keys to track down. JumpCloud takes care of the heavy lifting for you with a hosted LDAP service. Managed for you, and delivered as a SaaS-based service.
And, to round out the user management process, JumpCloud tracks who is logging into your systems and whether they are the right people. LDAP doesn’t give you that insight which in this day and age with phishing attacks and stolen credentials is a critical task for DevOps and IT admins. Creating a user and putting it into a database is only one small part of managing users securely and these steps are critical. JumpCloud simplifies and automates these tasks so you don’t need to review logs, filter them for key activity, and then follow-up on false alerts.
With the advent of the cloud, SaaS-based solutions, and DevOps practices, there’s no need to utilize a solution that was created in 1995. Leverage the latest approaches to managing users securely with an Identity-as-a-Service platform. Register for a JumpCloud account today or ask for a JumpCloud demo and save yourself from the manual effort of LDAP with a virtual LDAP service.