By Greg Keller Posted July 26, 2016
More organizations than ever are shifting their server infrastructure needs to the cloud. AWS now has well over a million business customers.
Large and small companies are realizing that it is more cost-effective to create their IT infrastructure with an Infrastructure-as-a-Service provider than it is to build it themselves. For its part, AWS has been adding significant capabilities to make it easier for an IT or development organization to run their business from the AWS cloud.
One of the most significant challenges that IT and sysadmins face is how to control user access to servers and applications hosted on AWS.
Made-to-Order Cloud Server User Management
The Directory-as-a-Service® platform from JumpCloud® features the ability to manage user access to Linux and Windows AWS servers. In fact, JumpCloud’s centralized user management functionality can manage servers that are hosted on AWS or another cloud infrastructure provider. It can even manage on-prem servers.
JumpCloud’s virtual identity management system eliminates the need for Microsoft Active Directory or OpenLDAP. There is no hardware or software for IT or development organizations to manage and maintain. Much like the AWS platform itself, JumpCloud’s cloud-based directory service is delivered as a SaaS-based service. In addition, IT and development organizations only pay for what they need and use.
How it Works:
AWS cloud servers are instantiated with an EC2 user for the most part. However, as sysadmins know, it is unwise to keep that user around and to share credentials. You are just asking for trouble with those security issues.
Sysadmins want to create unique accounts for their users that access the servers themselves, which is what DaaS provides. It is important to note that this is different from the IAM solution from AWS. Through JumpCloud, IAM controls access to the AWS console and grants users the access to create and destroy servers. Cloud server user management from JumpCloud is aimed at the actual physical login to the server itself.
AWS requires SSH login for Linux but does not require a username and password to servers. JumpCloud’s cloud directory enables the use of SSH keys and allows end users to manage their public keys.
Serving Up Centrally Managed Accounts
The JumpCloud Directory-as-a-Service platform works with both Linux and Windows systems at AWS. A lightweight agent is deployed on each server. User accounts are created locally but managed centrally. The agent communicates with the JumpCloud infrastructure via a mutual TLS connection; all communication is initiated by the agent. Servers and users can be grouped to make provisioning, deprovisioning, and modifications easy to manage. If you already have a Microsoft Active Directory instance, you can leverage those users into AWS without the networking and security hassle.
Let’s Dish About Directory-as-a-Service
If you would like to learn how you can easily centralize and manage your AWS cloud server users, drop us a note. JumpCloud’s Directory-as-a-Service feature for AWS cloud server user management has been instrumental in enabling organizations to leverage cloud infrastructure. Help yourself to a free JumpCloud account – your first 10 users are free forever.