Do I really need a domain controller (DC)? That all depends on what your definition of one is. The Microsoft® definition of a domain controller is a server that allows a user to authenticate into a “domain,” which is a collection of devices and IT services grouped together. Effectively, you would log in to the domain to receive services such as access to the network, applications, printing, file sharing, and email. In a sense, the domain was the equivalent to modern day single sign-on (SSO). The exception, of course, being that those services were within your on-prem network rather than web applications.
But, that’s hardly the way networks work anymore. In fact, most of an organization’s IT resources are now located outside of their virtual four walls. There’s a new concept that many IT admins are exploring and it is called the Domainless Enterprise.
History of the Domain Controller
Domains were introduced under Windows® NT and subsequently became a core part of the back-office suite from Microsoft, which also included Active Directory® (AD) and Exchange®. The benefit of the domain was that you created a security model where you could give your employees access to critical internal resources and the IT admin staff could manage those devices/applications for support and troubleshooting. The domain model was closely tied to the physical model of offices.
Effectively, IT resources were locked away behind a perimeter, and in order to access them, the user would have to be within that network and physically connected to it via an ethernet cable. Alternatively, users could VPN into the network. That’s not how most IT network environments want to operate, however. With the shift in IT networks, admins want to utilize the Zero Trust Security model, because they know that not all devices, users, and applications are to be trusted simply because they are logged in to the domain.
With the further push into the cloud era, most recently spurred on by the global pandemic, is the domain even interesting anymore? Cloud infrastructure, web applications, remote work, and mobile users/devices are all contributing to a completely different landscape for a network. There are a number of factors that are changing the relevance of creating and managing domains that IT admins should evaluate. As mentioned above, there is also a new concept emerging – the Domainless Enterprise – that is driving a new model of IT.
Factors Decreasing Domain Controller Efficacy
We have to remember the era that the domain was first created in for us to have a good idea about why it isn’t effective now. Simply put, the scenarios that exist today are vastly different than those of the late 90s and early 2000s when the domain was the central aspect of most IT networks. This has been exacerbated through the global pandemic where remote work has become the norm and adoption of the cloud has dramatically accelerated. IT networks, simply put, are shifting outside of the domain, and not necessarily by choice. Here are five key reasons why the domain of yesterday is lost in today’s IT environments.
Less Windows-Centric Environments
The systems that you would find on networks during the late 90s and early 2000s would largely be Windows systems. But, with the influx of macOS® and Linux®-based systems, Active Directory and the domain controller have a much more difficult time managing those systems without cumbersome add-ons that require both monetary and time expenditures. Furthermore, many IT organizations are struggling with how to manage configurations, security settings, and performance of those macOS and Linux machines with respect to compliance requirements. With difficulty in joining non-Windows systems to a domain, many are leaving the domain behind altogether for the Domainless Enterprise.
Increasing Cloud Infrastructure Usage
Companies are taking advantage of cloud infrastructure like Amazon Web Services® (AWS®), Google Cloud, Azure, and Digital Ocean because of the overhead it eliminates from their operations – i.e. eliminating internal data centers. But, like Mac and Linux machines, these services exist outside of the scope of the domain controller. And, with cloud infrastructure usage comprising such a large portion of some workers’ day-to-day work, the concept of the domain begins to make less sense. Solutions such as Azure Active Directory Domain Services have created a domain environment within Azure, but that domain is distinct and different from the on-prem domain, thus requiring more integration work for system admins.
Long gone are the days of needing to install programs via disc. Now, users are getting a great deal of their work done on web applications like Microsoft 365™, Google Workspace, and Salesforce® housed in a browser window. So, the reliance on locally installed programs has lessened.
The problem is, extending identities within AD and authenticated by the DC to SaaS-based applications has been challenging because of the domain controller’s requirements for Windows-based auth protocols and a direct connection. That means IT admins are required to research, implement, and configure the right SSO solution, or Azure AD plus Azure AD Connect, and ensure that it is compatible with how their IT environment is constructed now (and into the future). On the other hand, with some companies working completely from the cloud, many of them have decided to forgo using AD on-prem altogether.
WiFi, New File Server Solutions
Nowadays, you don’t even really need to be on a domain in order to leverage some of the tooling that used to be made available by one. You can now connect to printers and send them documents as long as you’re on the right WiFi network. Another key feature of the domain was file sharing. But, with so many companies utilizing cloud file servers like G Drive™, Box™, and Dropbox™ as well as NAS and Samba devices there is much less need to configure your own traditional on-prem file server solution. Ultimately, this marks another strike against the domain and adds a check in the column of the Domainless Enterprise.
Adoption of Cloud Directory Services
Now, more organizations are looking to adopt a cloud-based directory model, such as the one JumpCloud® has created. With that shift, the need for domains may be completely supplanted. Cloud directories, or directory-as-a-service, can authenticate users regardless of where they are and what network they are currently using to the services they have been explicitly granted access to. This trend towards cloud-based directory services coincides nicely with the shift away from infrastructure on-prem. For example, the adoption of Google Workspace™ to take the place of a number of on-prem productivity solutions like Exchange, Office™, and Excel™. This shift away from the domain has been encapsulated in the concept of the Domainless Enterprise.
This also provides a centralized, cloud-based, and secure directory for authentication, authorization, and management of users and systems. The authentication of users and devices is a critical component when thinking about how you can potentially replace the functionality of your domain controller—or simply, to do without it. And like those early days of the domain, with SSO-like capabilities, JumpCloud provides True Single Sign-On™ via centralized user management, cloud-based LDAP, WiFi authentication through RADIUS, multi-factor authentication (MFA), system management with GPO-like Policies, SSO to legacy and web applications via LDAP and SAML, SSH key management, and much more.
JumpCloud does all of this using Zero Trust security principles. Each access transaction is verified for the person’s identity, their device posture, network health, and the proper authorization rights. These checks can be done regardless of where the resource is or what it is that the person is accessing. In short, the Domainless Enterprise can ensure that every atomic access transaction is secure and proper without the need or requirement to be on a certain platform or type of network.
Learn More About Cloud-Based Directory Services from JumpCloud
With the cloud era in full effect and fewer organizations utilizing Windows systems, admins are wondering if they even need a domain in today’s modern IT environments. For those organizations looking to make a shift to the Domainless Enterprise, sign up today for a JumpCloud Free account. It’s free and it enables you to manage up to 10 users and 10 systems with the full version of the platform.
Once you’ve signed up, take a look at our Knowledge Base for information on how to get the most out of your account or hit up your in-app chat 24×7 within the first 10 days for our Premium Support experience. And, if the concept of going domainless is causing you to have some reservations, feel free to contact us today to talk over your options.