By Rajat Bhargava Posted October 24, 2016
The world is shifting to the cloud.
One of the early entrants was AWS with their cloud infrastructure. AWS enabled organizations to eliminate the need to build their own data centers and manage a great deal of infrastructure, including servers, routers, switches, cooling equipment, and monitoring systems.
The benefits were enormous, and AWS created a massive new industry.
The challenge for many organizations became how to integrate AWS cloud servers into their IT infrastructure. One critical mechanism for integrating AWS into the core IT processes is leveraging a cloud directory service. A critical Directory-as-a-Service® use case is managing AWS cloud servers, and that benefit extends throughout the IT infrastructure.
The Reasons behind AWS Rapid Adoption
AWS has enabled developers and operations personnel to shift IT infrastructure to the cloud. AWS has created core infrastructure such as virtual server hosting, storage, database hosting, and many other services.
Effectively, Amazon’s goal has been to eliminate an organization’s need to build its own data center infrastructure. IT organizations can purchase these resources on demand and in the appropriate quantity. Startup organizations moved to AWS in droves. Many of these companies are cash constrained, so the infrastructure investments that AWS made can be leveraged by these startups on a monthly cost basis. Of course, AWS does charge a premium for this service, but the “pay-as-you-go” model is more palatable for startups. Over time, larger organizations also started using AWS because of the reduction in capital investment and better cash flow.
As AWS continued to innovate and add to its capabilities, it became an easy decision for companies of all sizes to shift to AWS.
Managing Identities and Access with AWS
One significant challenge, though, has always existed with AWS cloud infrastructure. That challenge is how to manage the identity and access control over the AWS infrastructure and cloud servers. AWS provided access control with their IAM function to the overall AWS portal. However, organizations needed to manage access at the server level or database level. That ability has stymied IT admins, sysadmins, and developers everywhere.
The common approaches to solving the problem have been as follows:
Manual User Management
For small organizations and AWS implementations, manually managing cloud users is reasonable. A sysadmin or developer can manually log into each machine and do a useradd, userdel, or even modify user permissions.
This user management model can work at a small scale.
Configuration Automation Tools
Automation of server management tasks has been a major interest point for IT and sys admins. These tools require coding and scripting but can allow some user management functions. Generally, it is quite a coarse-grained approach. All users have access to all machines with the same permissions.
This can scale a little greater than the manual approach. However, it breaks down as soon as you have any compliance needs or a more sophisticated permissioning model.
Active Directory or OpenLDAP
Another approach to identity management at AWS can be to spin-up a Microsoft Active Directory instance or OpenLDAP server. Both of these require the manual work to install, configure, and maintain. Also, you will have to do some networking to sync it with your on-prem directory service, depending upon the model.
This is probably the heaviest weight option, but it does give you the detailed control that AD and LDAP have built.
JumpCloud®: The Better Approach For Managing AWS Cloud Servers
AWS customers have been opting to skip all of these options and move to a cloud-based directory service called Directory-as-a-Service® (DaaS).
This SaaS-based service fits the scalability, on-demand, and pay-as-you-go model of AWS. Directory-as-a-Service can connect an organization’s user identities with the systems, applications, and networks that the user needs. These IT resources can be located in the cloud, on-prem, or mobile around the world. This unified cloud directory doesn’t discriminate based on platforms. It treats Linux, Mac, Windows, Office 365, Google Apps, AWS, and much more equally.
An IT organization can simply choose whatever platforms are best for their organization. DaaS connects it all together for you.
DaaS and AWS
With AWS cloud servers, Directory-as-a-Service is an ideal fit. IT admins can leverage the Identity-as-a-Service platform as their core, authoritative directory. Users can then be created on their AWS cloud servers as necessary. Those AWS servers can be either Linux or Windows.
A lightweight agent is placed on each server. That agent then communicates with the cloud-hosted directory service. Users are always synchronized between the agent and the SaaS directory service. All users are now centrally managed without any code. Further, there is no need to replicate users or have multiple instances because the AWS cloud servers can securely communicate with the cloud directory.
In short, Directory-as-a-Service is the simplest, strongest solution for managing AWS cloud servers.
Put To Use Directory-as-a-Service
If you would like to learn more about the Directory-as-a-Service use case of managing AWS cloud servers, drop us a note. Please feel free to give our cloud identity management platform a try for yourself. Your first 10 users are free forever.