GCP™ Active Directory®

By Zach DeMeyer Posted April 20, 2019

Google® recently introduced a Google Cloud Platform™ (GCP) Active Directory® offering. This managed Active Directory (AD) is a catch-up response to Amazon® and their AWS® Directory Service, which also manages AD, Microsoft® Azure®, and the Azure AD family of solutions.

Of course, GCP has been embroiled in a battle for supremacy in the Infrastructure-as-a-Service (IaaS) space, but unlike its competitors, GCP has yet to release a managed AD service until now. But, many are curious to know what all the new GCP Active Directory offering actually entails.

A Struggle Among IaaS Options

Google’s Cloud group is intent on lifting and shifting on-prem and collocated data centers to their cloud infrastructure. The pitch is obviously that Google runs an amazing infrastructure and organizations can easily leverage the same type of capabilities for themselves without having to pay to build that infrastructure. But, in an industry dominated by Amazon Web Services and curtailed by Azure, increasing market share for Google is easier said than done.

As Google continues to attack the Infrastructure-as-a-Service market, they’re running up against both AWS and Azure. A key area for GCP to solve is how to give IT and DevOps organizations an easy way to extend their identities to the cloud. With most organizations leveraging Active Directory on-prem, it makes sense that all three of these IaaS providers would extend AD credentials to their respective cloud infrastructure.

Managed AD from Google

So, what is GCP Active Directory? For GCP customers that leverage Active Directory on-prem and that are interested in creating a domain for their Windows® cloud servers, the Google managed AD offering makes a great deal of sense. In essence, GCP managed Active Directory extends on-prem AD instances to the Google Cloud, creating a hybrid environment. GCP will then manage the hosted AD instance, taking the workload off IT admins who rely on AD for their identity management.

The use case that Google seems to be targeting with this managed AD service involves organizations that are deeply tied to the Microsoft-based identity provider. Given AD’s popularity among IT circles, it seems like Google is aiming rather broadly. For most organizations, the idea of extending their AD credentials to their Windows infrastructure hosted in Google Cloud makes a lot of sense, and Google is making that process easier.

The Problem with Heterogeneity

If we take a quick step back in time, IT organizations used to be dominated by Windows, and subsequently Active Directory. Once other non-Windows solutions (i.e. Mac® and Linux®, among other resources) joined the fray, Active Directory struggled to authenticate them in the Windows domain.

The challenge for admins of AD-centric IT environments didn’t stop there. Many of said organizations are now interested in shifting their identity provider to the cloud completely and are deeply leveraging non-Windows IT solutions and infrastructure. Unfortunately, just as Active Directory struggles with non-Windows resources, so does Google-managed AD. So, what are these heterogeneous IT organizations to do?

Cross-Platform, Centralized Identity Management

Thankfully, there is a cloud identity provider that manages user access to virtually all IT resources, be them Windows, Mac, Linux, Google, Amazon—you name it. With this cloud Directory-as-a-Service®, admins can extend their user identities to resources both on-prem and in the cloud, starting at the system level and propagating out to applications, IaaS (GCP, Azure, and AWS), networks, servers, and more.

Directory-as-a-Service, available from JumpCloud®, is a reimagination of Active Directory for the modern era. Akin to AD’s early days, Directory-as-a-Service creates a True Single Sign-On™ experience, where no resource is treated as a second-class citizen. What’s more, since it is a completely cloud-hosted directory service, all of the heavy lifting of implementing an identity provider like AD, along with all the required protocols and other add-ons needed for complete identity management, is removed from the shoulders of IT admins.

Try JumpCloud Free

You can try JumpCloud Directory-as-a-Service for free today. Your JumpCloud account will automatically include ten users, usable for free, forever. If you would like to learn more, please feel free to give us a call or leave a note. We’d be happy to help you embark on your journey with Directory-as-a-Service.

Zach DeMeyer

Zach is a writer and researcher for JumpCloud with a degree in Mechanical Engineering from the Colorado School of Mines. He loves being on the cutting edge of new technology, and when he's not working, he enjoys all things outdoors, making music, and soccer.

Recent Posts