By Greg Keller Posted March 19, 2015
Recently, Amazon Web Services (AWS) announced Directory Service as their solution to managing Windows users within a virtual private cloud (VPC) and on Workspaces. AWS’ solution enables its customers to create, manage and delete users from their AWS Windows instances. The service can connect back to an on-premise Active Directory server. At this stage it doesn’t look like Linux is supported out of the box, although we have figured out how to make Linux work (note it is not for the faint of heart).
What Does This Mean?
The solution is built with Samba as its underpinnings, and as a result does leverage the Kerberos protocol. The service allows AWS users to control their Windows user population, but it is managed from AD tools – there is NO interface to AWS Directory Service. AWS Directory Service is focused on authentication and authorization of Windows users primarily by connecting back to your on-premise AD instance. Because the service is Samba-based you can also leverage Group Policies.
The service may appeal to AWS customers who leverage Workspaces and Windows EC2 instances, but aren’t looking for too many bells and whistles associated with user management or cross platform support. It’s clearly a step up from managing users manually or utilizing Chef or Puppet. The service does not, however, seem optimal for situations where Linux is part of the mix or where there is no directory services. Perhaps they will add these features over time. Nor does it work with off-premise (from AWS) devices or devices at other providers. AWS’ goal here was to make it easier to manage the Windows users on AWS Workspaces and Windows servers.
How Does This Relate to JumpCloud?
There is nominal overlap with JumpCloud’s Directory-as-a-Service® solution—mostly in the area of managing AWS Windows server users. The critical difference is that JumpCloud’s solution is a complete cloud-based directory that authenticates, authorizes, and manages a variety of user types and IT devices/applications. The devices don’t have to be Windows and can be laptops, desktops or servers located on the organization’s premises, in a data center, or in any cloud and Windows, OSX, or Linux. Another critical difference is that JumpCloud’s directory services enable device management on a cross platform basis—much like what Microsoft Active Directory® does with Windows machines through group policy objects (GPOs).
AWS has taken a positive step forward to help its customers manage their Windows servers / Workspaces desktops, but it isn’t a Directory-as-a-Service solution. The simplest way to describe what they are doing is lightweight AD for AWS services.
If you’re looking for a cloud-based directory, JumpCloud’s DaaS is likely the best solution for you. If you want to see for yourself, try out our cloud based directory. It’s free forever for the first 10 users.