By Jon Griffin Posted June 9, 2017
Is a hosted Active Directory solution the next generation cloud identity management solution? Unfortunately, before we bring clarity to that issue, we are going to need to make it more complicated. Microsoft now has multiple Active Directory solutions and while you would think that they are interchangeable, they are far from it. The identity management space has historically been dominated by Microsoft Active Directory. But today, it is in a state of flux and change.
Microsoft’s Influence in Identity Management
Let’s back up and walk through how we got to where we are today. The LDAP protocol, which has been one of the core authentication protocols for directory services, was introduced in the early 1990s by our advisor Tim Howes. This set off some major initiatives in the identity management sector. The main commercial product came from Microsoft, who launched their LDAP and Kerberos-based solution for identity management called Active Directory in 1999. This may have been the seminal event in the early stages of directory services and identity management in the Internet era. AD quickly became the market share leader and dominant directory services platform.
Of course, Microsoft’s dominance with Windows and applications was a significant factor, but the move to tie all Windows-based IT resources together was a brilliant monopolistic move on Microsoft’s part. It locked in their customers even further. In fact, most in the identity management arena didn’t even consider an alternative to Active Directory to be viable. Over the next decade and a half, identity management would only focus on the fringe and never the core. Some theorized that Microsoft would always own the core user database.
As the cloud and shift to managed services was occurring, many thought about shifting to a hosted Active Directory solution. Simply move AD to the cloud and problem solved. This might have worked well if the rest of the IT network wasn’t undergoing massive change as well. As usual in the IT sector, different parts of the industry were transforming – including core platforms, providers, and protocols. Homogenous, All-Windows environments were shifting to heterogenous environments including macOS and Linux. Microsoft was giving way to Apple, Google, and AWS among many others. LDAP and Kerberos weren’t the only authentication protocols being leveraged. SAML, RADIUS, OAuth, and many more began to emerge. All of the changes meant that a hosted AD platform, while interesting, wasn’t going to solve identity management for IT organizations.
Next Gen Cloud IAM
The directory is the authoritative source of truth for the identity. As such, admins tend to see the directory as the foundation for all IAM (see pyramid above). It follows then that the next generation of cloud identity management solutions would need to be a reimagination of Active Directory for the cloud era.
Modern IDaaS, as it would come to be known, would need to solve for the problem of a mixed platform, provider, and protocol environment. No longer was the network homogeneous and on-prem. Users and IT resources would be around the world – in the cloud, on-prem, and in remote locations. IT organizations now needed to manage Windows, Mac, and Linux systems. SaaS-based applications would end up meshing with on-prem apps. But the challenge with all of this was figuring out how to centrally manage user access to all of these different types of resources.
Fortunately, a solution called Directory-as-a-Service® emerged as the leader in cloud identity management. This alternative to hosted AD would end up being the true cloud directory service that IT admins were searching for. Directory-as-a-Service can cut across platforms, providers, protocols, and location to securely manage and connect user identities to all of your IT resources.
Learn More About Hosted Active Directory
If you would like to learn more about hosted Active Directory and what the next generation in cloud identity management is, drop us a note. Or, sign-up for a free JumpCloud cloud directory account and check it out for yourself. Your first 10 users are free forever.