By Rajat Bhargava Posted February 4, 2015
In this post of our multi-part series on the migration from Active Directory® to Directory-as-a-Service® we will analyze the pull of innovation around directory services—and why that innovation is happening now.
Within the multi-part series, we look at:
- The change in the IT landscape
- The impact of Google Apps (now known as G Suite) – (you’re here)
- Possible solutions
- How DaaS is addressing this problem
We hope you enjoy the series and look forward to your feedback.
As a quick recap, Part I of this series looked at the market shift in the overall IT landscape in the past decade. Part II (below) looks at the impact Google’s had on this trend. Google, through its Google Apps (now known as G Suite) and corporate Gmail solution, has single-handedly impacted the directory services market.
The Move from Exchange to Google Apps
Businesses are increasingly moving to the cloud. In fact, the 2014 survey on cloud computing trends found 94% of organizations surveyed are running applications or experimenting with Infrastructure-as-a-Service, and 74 percent of enterprises have a hybrid cloud strategy and more than half of those are already using both public and private cloud.
Everything from email to file storage/backup, CRM, and others are now being hosted by cloud-servers, allowing IT admins to reduce their server footprint on-premises as well as the time spent managing those services.
Why have businesses done this? It’s simple. Cloud-based solutions allow enterprises to focus a greater concentration on core business needs and goals without wasting money on expensive on-premise hardware.
In an era where demand for connectedness has never been more profound, and more and more employees work from home or travel more, cloud services are the most logical option business infrastructure option. Cloud services are always on, available worldwide, and generally device agnostic.
In the spirit of these decisions—to move infrastructure and applications to the cloud—many organizations are making the move, en masse, to Google Apps for their email or more widely by implementing the greater productivity suite from GApps (now G Suite). It’s an alluring solution because the productivity suite includes an array of tools such as word processing, spreadsheet creation, and presentation capabilities. It also has virtually unlimited and inexpensive storage capabilities, thereby eliminating equipment and management overhead. Knowing these perks, many organizations have traded their Microsoft Exchange servers for Google Apps’ extremely easy implementation and user provisioning.
But are those companies really getting what they need?
Gaps Between Microsoft AD / Exchange and Google Apps
Unfortunately, the Google Apps user directory isn’t an exact equivalent to a Microsoft Active Directory instance for two reasons among others:
- It doesn’t authenticate devices
- It doesn’t manage devices
Lack of device authentication
Users created and managed in the Google Apps control panel are primarily for access to the Google suite of products and can sometimes be used to federate access to other third party sites that allow access via OAuth or sometimes SAML. However, credentials in Google Apps are not easily leveraged to control access to a user’s device or internal services. Employees in the IT organization who need access to servers either on-premises or in the cloud are left out of luck. In this scenario, IT would still need to run Active Directory in order to provide an employee access to those machines.
As the above exemplifies, in an era where user access control is one of the most critical security functions that an IT organization can execute, a Google Apps-only solution will not suffice. A directory service must still be a part of the picture which is a significant drawback for most organizations.
Lack of Support for Device Management
The second unresolved issue when shifting from AD and Exchange to Google Apps is user device management. IT admins need to be able to manage and control these devices to meet corporate security standards and protect their organization. And, in short, Google Apps doesn’t support this critical need.
Google has indirectly and uniquely impacted the problem of directory services. What once was a packaged deal—Microsoft Exchange and AD—is no longer that. Organizations are shifting their email to Google Apps, but are unclear on what to do with the remnant AD directory service. This creates significant challenges for IT organizations as they would like to move more aggressively to the cloud, but have an anchor identity provider holding them back.
Stay tuned to the rest of our series by using the sign up form at the top right of the page to get the insider tips in how the most savvy businesses are addressing modern concerns with directory services and solutions. Part III of this series deals with directory service options while Part IV covers the modern approach to replacing AD.