By Rajat Bhargava Posted August 30, 2016
For many in IT management and general management, the concept of a cloud-hosted directory service can be mind-bending.
Historically, most IT pros have been trained on the on-prem solutions Microsoft Active Directory and OpenLDAP. In some ways, the idea of a cloud-based directory service doesn’t even make sense to them. Maybe the absence of a domain controller and directory server where users authenticate is what’s most perplexing. How will employees even log into the network and gain access? Furthermore, placing an AD-like server on the public Internet seems like it would be a security risk. For these reasons and others, many IT leaders have questions about the concept of a SaaS-based directory service.
The good news is that these questions are nothing new for the cloud industry, and JumpCloud® in particular. Our Directory-as-a-Service® platform was built to solve a number of these issues. The benefits of a virtual identity provider can be significant for many organizations. The advantages include the ability to more quickly execute tasks, improved flexibility of platform choice, and better security. Let’s walk through some of the questions and concerns surrounding a cloud-based directory.
Answers To Your Cloud-Based Directory Service Questions
True Single Sign-On
Conventionally, a domain controller and on-prem AD server permitted users to authenticate into everything on-prem that was Windows based. With a cloud-directory service, think about this concept and extend it to all non-Windows and off-prem resources. This concept is called True Single Sign-On™ (SSO). It integrates cloud infrastructure such as:
- multiple device platforms (Windows, Mac, and Linux)
- SaaS services such as Google Apps and Office 365
- and more
Users can leverage all of their IT resources with just one set of credentials. IT can manage and centralize user access from one single place.
If the cloud directory service is offline, what does that mean to my organization? That’s a really good and common question. Similar to many of the other features within the cloud directory, resiliency is built in. Systems will continue to function without interruption. LDAP and RADIUS authentication requests will continue to be fulfilled via a global network of servers. The system was largely designed around the assumption that client systems must maintain operation even if the central directory database is offline.
Can Directory-as-a-Service be as secure as our own on-prem managed directory service? Yes, it can. In fact, the security should be better. A cloud directory service is constructed with the supposition that it is to live on the public Internet. As a result, there are a number of core design decisions that are made to ensure security, including one-way hashing and salting of credentials, secure communication channels via mutual TLS, and regular scanning and penetration testing. If you would like more details on security, drop us a note. We’d be happy to share our practices and our SOC 2 examination.
If a cloud-based directory service is so great, why hasn’t Microsoft done it already? Well, they do have a solution called Azure Active Directory. However, it is only intended for Azure. You’ve got your work cut out for you if you want to use it with all of your IT resources. You will need to add in Active Directory on-prem, a directory extender for Linux and Macs, another server to integrate Google Apps, and vast security and networking expertise for your AWS servers. In addition, if you need single sign-on services, then you will add yet another solution. It takes a lot of different solutions to cover the all of the things that JumpCloud’s Directory-as-a-Service already does.
Is a cloud-based directory service cost-effective? While you should do your own calculations, there are a number of cost savings associated with a SaaS-based solution. First of all, there is no hardware or software to purchase. Another advantage is that system maintenance and management are done by the provider. Finally, automation and user control help reduce work time for IT. If you would like to learn more about whether Directory-as-a-Service can be cost-effective for you, drop us a note and we’ll pass along our ROI calculator for you to leverage.
Put JumpCloud To Work For You
A cloud-based directory may not be for everybody. However, for most organizations, it can be a significant step-up in their ability to centralize user management, on-board and off-board users quickly and efficiently, increase security and reduce the chances of a breach, and integrate cloud and on-prem systems into one unified view.
If you would like to learn more about whether a cloud directory service can make sense for your organization, please reach out to us. We’ve worked with thousands of organizations and can help you figure out whether JumpCloud’s Directory-as-a-Service is right for you.