By Ryan Squires Posted February 28, 2019
As data centers around the globe pack up and move to AWS®, many DevOps engineers and IT organizations are grappling with how to manage access to that cloud infrastructure. From that, they’re coming up with a bunch of different ideas. Chief amongst them, many are considering how to use LDAP for AWS without servers. Ideally, there would be an identity provider (IdP), that could connect user to their AWS cloud resources, but also tie into their on-prem identities as well. Let’s dive in and see how DevOps engineers and IT organizations are making this integration a reality.
Limited by AWS
Of course, Amazon Web Services would like to solve this core problem for DevOps and IT organizations with their set of directory services solutions like AWS Directory Services. The challenge with AWS Directory Services stems from the fact that it leverages Active Directory® or an Active Directory model, which ultimately struggles with managing Linux® systems and the users who work on them. This challenge ultimately results in additional overhead and difficulty in connecting back to the on-prem identity provider. The key here is the Linux operating system.
Linux and LDAP for AWS Servers
A great deal of the high-value AWS infrastructure tends to be based on Linux. For this reason, LDAP often looks like a better authentication approach than trying to convert to a Windows-based IdP.Additionally, many DevOps applications can easily talk to an OpenLDAP™ server hosted at AWS. Of course, LDAP for AWS then creates a mismatch with Active Directory on-prem. See where we’re going here? Ultimately, the challenge of integrating cloud infrastructure with on-prem IT management tools is holding back organizations from full cloud transformations. If organizations really want to make cloud a priority, they need to look to the cloud to help them manage their IT resources.
Benefits of a Cloud-Based Facilitator
One such cloud-based solution is JumpCloud® Directory-as-a-Service®. It is a next generation approach to managing user identities not only for AWS but also for on-prem Windows®, macOS®, and Linux laptops and desktops, web and on-prem applications, physical and virtual file servers, and wired and WiFi networks.
In short, this cloud-based directory service is integrating on-prem Active Directory-like functionality, but for the cloud as well as on-prem IT resources. It’s completely vendor neutral, so your users can connect to an AWS cloud server, G Suite™ and/or Office 365™, GitHub or Slack, or cloud file servers such as G Drive™ and Box™. The best part of all of this is that there are no servers that you or your team will need to manage and configure. IT admins can offload the the heavy lifting of running LDAP servers at AWS or Active Directory instances on-prem to a third-party team of experts instead and save time to implement higher-value initiatives.
Those are just the benefits for IT admins. When you utilize Directory-as-a-Service, users are enabled to access all of those resources, both cloud and on-prem, via a single set of credentials with something we call True Single Sign-On™. So, you save a significant amount of time integrating and configuring solutions, and your users save time not having to remember dozens of passwords. Plus, it frees them of password fatigue. Side note: If you’re worried they’ll choose a weak password, JumpCloud enables IT admins to enforce password complexity requirements.
Learn More About JumpCloud
Ready to use LDAP for AWS without servers? Sign up for a JumpCloud account today. It’s free, and it empowers you to manage up to 10 users for free. Once you’ve signed up, check out our Knowledge Base for information to help you squeeze the most out of your account. Or, if you’d like to schedule a demo, you can do that too.