By Jon Griffin Posted February 3, 2018
Does G Suite feature the ability to manage groups of users and systems in a way that is equivalent to GPOs (Group Policy Objects)? The short answer is no, it doesn’t. But to really understand why, we need to look at what Google is doing with their G Suite Directory and Google Cloud Identity solutions. This will allow us to understand – or at least take a guess at – the path G Suite is taking and whether G Suite GPOs are a real possibility or merely a nice concept.
The Beginnings of G Suite
G Suite really started in 2006 as Gmail. One year later, Google released Google Apps Premier Edition, which included Google Docs and Sheets. Google Apps revolutionized the world of email and productivity software by taking advantage of emerging cloud technology. The popularity of Google’s SaaS productivity platform skyrocketed – sending a clear message to Microsoft Exchange, Windows® File Server, and Microsoft Office. As the Google Apps platform continued to grow, business adoption grew with it. Today Google Apps for Work has been rebranded to G Suite, and more than three million businesses are paying customers (TechCrunch 2017).
The reason for G Suite’s success was pretty straightforward. With G Suite, IT admins could off-load the cost and effort of Exchange servers, Windows file servers for file storage, and Microsoft Office. On top of that, users could get easy access to their email, documents, spreadsheets, and presentations all from the browser. It was a win-win for the enterprise.
In response to the popularity of G Suite, Microsoft adapted many of their offerings and released Office 365™. Today, the two productivity platforms are in fierce competition, but that’s a topic for another post.
Why G Suite GPOs Don’t Exist
G Suite is the ideal replacement for much of the old on-prem Microsoft infrastructure, and as a result it often brings up a couple of questions for IT admins. Can the G Suite Directory be a replacement to Active Directory? Can Google’s concept of identity/device management services be a replacement for AD GPOs?
Unfortunately for admins, G Suite Directory is not an alternative to Active Directory. This also means that Google’s identity/device management capabilities are not analogous to G Suite GPOs either. In fact, G Suite’s device management capabilities are confined to Chrome and Android devices, with some functions for iOS. The concept of setting policies, running scripts, and executing commands on Windows, Mac, or Linux machines isn’t part of Google’s vision for G Suite.
Google has never wanted to take on Active Directory directly. When Google Apps was introduced, AD was too ingrained into the infrastructure of enterprises. It was connected to the network, the applications, the identities, the hardware, and much more. It was not a feasible area to go after at the time with so much of the IT infrastructure remaining on-premises. The market looks much different today though. Now, there are heterogeneous system environments, cloud servers, web applications, and many organizations are looking to be completely cloud-based. It’s this environment that is opening the door for a new solution to offer the cloud-based GPO-like capabilities that admins are looking for.
True Cross-Platform GPOs
This new third party solution is called JumpCloud Directory-as-a-Service®. The first cloud-based directory services platform of its kind, JumpCloud is an Active Directory alternative with the cross-platform GPO-like capabilities admins need. As a cloud identity management platform, integrating Directory-as-a-Service with G Suite provides IT admins with the ability to completely shift their IT management infrastructure to the cloud. This means that there is one central location that admins can use to control both user access and systems, and it can all be with G Suite credentials. Systems (Windows, Mac, Linux), cloud and on-prem servers (AWS, GCP, internal servers), web and local applications (via SAML and LDAP), virtual and physical storage (e.g., Samba and NAS), and wired and WiFi networks (via RADIUS) can all be authenticated to and managed with the same G Suite credentials you use today.
Don’t believe us? See it for yourself by getting a free account on the Directory-as-a-Service platform. We offer 10 users free forever, with no credit card required, so you have the perfect opportunity to test out the features and see how it works for you. You can also set up a demo if you would prefer to watch it in action live. Unfortunately, G Suite GPOs likely will not be a concept, but that doesn’t mean that cloud user and system management aren’t either. Contact the JumpCloud team with any questions!