By Rajat Bhargava Posted October 8, 2014
Organizations that rely on Active Directory (AD) today are presented with a challenge when extending their identities to Infrastructure-as-a-Service (IaaS) providers such as AWS, Rackspace, or SoftLayer. Sharing any directory services user store across cloud service providers makes sense – you can both update your user and access information in one place, as well as propagate it to every place it must be…either on-prem or in your cloud.
However, while this theory has been around for a long time, the actual practice is unfortunately much more difficult to apply. There are several issues with exporting identities to cloud servers. For one, many of the servers are Linux-based systems and integrating AD with Linux has historically been a challenge. There are both open source and commercial systems that you can deploy that let you connect Linux servers with AD, but they’re often enterprise class pieces of software with complicated deployment architectures and usually are hosted on-premise, not in the cloud, thus perpetuating the need to manage more infrastructure on-site.
The second area of complication is that most organizations host AD on-premise and as such do not open AD to the Internet. This has been a good security practice but it consequently limits the ability to share the core identity provider with IaaS providers.
The third issue is a little different, but is a trend making this problem even more complex. Many organizations are moving away from AD, not towards it. They’re embracing Google Apps (including corporate Gmail) and other cloud-based technology. Extending AD or adding a cloud AD deployment is in opposition to this trend.
Extending Active Directory with a Cloud-Based Directory Service
Today, there is a different, and much simpler, way for organizations that have AD but would like to federate with their IaaS infrastructure: JumpCloud’s Directory-as-a-Service®.
JumpCloud is a cloud-based directory service that can extend your existing AD, LDAP, or Google Apps user store to your cloud-based infrastructure. JumpCloud’s hosted directory service mirrors your existing directory service so there’s just one place to update. But, because JumpCloud is located in the cloud, it makes it easy for admins to connect their cloud server infrastructure back to their directory. JumpCloud can mirror your existing groups such as development, production, staging, QA, etc. One of the other benefits is that you don’t need to manage the SaaS-based directory services infrastructure. You don’t need to purchase software and hardware, ensure that it is networked properly, and highly available. JumpCloud handles all of those details for you – and, we ensure that our virtual directory service is always in synch with your master AD or GApps user store.
Leveraging the JumpCloud agent on your base server infrastructure build (you can deploy the agent via Chef or Puppet or just have it be in your image / AMI), JumpCloud will always know about all of your servers, laptops, desktops, and users, ensuring that you don’t have systems with inconsistent user access (which could leave them open to compromise).
JumpCloud simplifies the challenge of extending and sharing your AD user store with your IaaS infrastructure (and on-prem non-Windows devices). Give us a call if you have any questions or just download and give JumpCloud’s Directory-as-a-Service a try. JumpCloud installs in seconds and begins mirroring your existing AD store. You create a more efficient and secure infrastructure in the process.