This blog is part of a four-part series, as listed below:
- The Directory-as-a-Service Movement
- Heterogeneous IT: The #1 Reason your Directory will be in the Cloud
- Cloud Infrastructure is Reason #2 your Directory will be in the Cloud
- Business Gmail: Reason #3 why your Directory will live in the Cloud
This is the second in our four-part series on why your directory services will be in the cloud.
To continue our series discussing why your directory services will live in the cloud, we’ll now dive into the idea of heterogeneous IT.
Microsoft is losing its grip over the operating system for desktops, laptops, and servers. According to Forbes, Windows is now one in five devices versus where they were in the past being upwards of 9 in 10 or more.
But, as we know, most organizations still have the bulk of their productivity devices in the form of desktops and laptops. As Microsoft’s footprint narrows, it is replaced with more and more people choosing to use Apple Macs. This is driven by employee demand for easier user experience and better-designed form factor.
The few organizations that still rely on Microsoft PCs are often driven by Windows-only software requirements, but even they are seeing a greater number of Mac devices showing up in their network.
In some organizations, the movement to “bring your own device” (BYOD) culture is opening the floodgates to myriad device types and operating systems used from literally anywhere in the world.
IT admins struggle to bring these devices into the fold as traditional directories (think: Active Directory® and OpenLDAP™) weren’t built to authenticate and manage different device types that are often not on-premises. As such, Macs end up becoming largely un-managed devices introducing a significant security risk to the organization as well as overhead to IT admins.
How do you Deal With this Changing Heterogeneous IT Landscape?
For those IT admins that would like to manage their Macs, there are a few critical items to consider. Authenticating the user on a Mac can be done through AD, although some thought does need to be given to scenarios where the device is not on-premises. Macs, like Windows machines, need to be configured to communicate with the directory, and it’s cumbersome to implement for Macs given the vast difference in OS. It’s possible to script it, but that does require access to the device. Among other items that can be accomplished with AD and Macs, is the ability to define home directories on Windows file shares and leveraging AD groups with the Mac.
Unfortunately, that’s about all you can do when connecting Macs to the existing identity provider. Unlike Windows devices where there are hundreds, if not thousands, of group policy object (GPO) settings that can be managed through Active Directory; Macs have none of these. If Macs need to be managed, and the IT admin is thinking that AD can do it, they are out of luck. Because Mac users are generally administrators on their devices, even if they connect to the domain, the user can easily disable the connection to it. Effectively, local users can do whatever they want to on their personal device, circumventing any controls that IT has implemented.
Cloud-Based Directories Mitigate your IT Headaches
Cloud-based directory services solve this issue because they are built with current trends in mind. Cloud identity providers natively support the top operating systems, without need to favor one operating system over another. Further, the fact that a user/device pair may not be within the four walls of the organization doesn’t matter. The SaaS-based Identity-as-a-Service platform is in the cloud and can reach all corners of the globe.
Macs in the IT Landscape
Macs are clearly a critical part of the IT landscape, and a modern directory service needs to support that.
In our next two posts, we’ll discuss cloud infrastructure (AWS as the driver) and the bifurcation of Active Directory and Exchange by Google. If you would like to learn more about Directory-as-a-Service, drop us a note. We’d be happy to discuss the benefits of a cloud hosted, SaaS-based directory service.