By Vince Lujan Posted December 9, 2019
Linux® user management is a core part of modern IT administration. The challenge is that Linux servers in the cloud are difficult to connect to a traditional user directory on-prem.
Fortunately, a new generation of Directory-as-a-Service® platform simplifies user management for Windows®, macOS®, and Linux machines. As a result, IT admins securely manage and connect users to all of their systems from the cloud.
How Have IT Admins Traditionally Managed Linux?
Historically, sysadmins and DevOps personnel had limited options with respect to Linux user management — all of which have significant drawbacks.
Manual User Management
Many IT organizations either don’t have a core directory service, or their existing identity management infrastructure won’t talk to cloud-based Linux devices. As a result, IT professionals end up managing Linux users manually.
In other words, the admin must log into each Linux machine and create a local account when new users need added. It’s a similar scenario when settings need changed or users require removal from the system, which becomes a difficult and laborious process as the organization scales.
The manual approach is also more difficult to manage and audit as it is highly decentralized. It quickly breaks down beyond a small number of Linux users.
Configuration Automation Tools
Leveraging configuration automation tools such as Chef or Puppet represents another method of administration. Many DevOps organizations have found success by using similar tools to automate their server infrastructure, and managing users is part of that process.
The problem with this approach is that configuring user access requires admins to write code. Essentially, providing Role Based Access Control (RBAC) means writing individual scripts for each user.
For IT admins tasked with managing fleets of Linux systems, this scenario is daunting. Ultimately, it becomes another process that is difficult to maintain as the organization grows in size and scope.
Integrate with a Core User Directory
Connecting Linux systems directly to an identity provider (IdP) describes a third approach. Of course, as previously noted, the challenge with this approach is that Linux servers in the cloud are difficult to connect to traditional user directories such as Microsoft® Active Directory® (AD) or OpenLDAP™.
After all, AD is designed exclusively for Windows user management. OpenLDAP is more flexible, but requires significantly more management overhead and maintenance.
It is possible to run them both in tandem to try and manage modern networks, but then the challenge becomes managing multiple directories. Clearly, a single source of truth for user management is ideal in modern system environments.
What is Directory-as-a-Service?
Fortunately, a new option has emerged that is reimagining traditional approaches to identity and access management (IAM). JumpCloud® Directory-as-a-Service is a next generation directory services platform that centralizes management of Linux, Windows, and macOS users in the cloud.
JumpCloud enables admins to create and manage users from a single pane of glass and provision them access to Linux, macOS, and Windows systems remotely. The Directory-as-a-Service also offers cross-platform GPO-like capabilities called Policies to help manage modern system environments.
Finally, JumpCloud is a True Single Sign-On™ solution, which connects users to their applications, files, and networks as well. The end result is that admins can securely administer and connect users to all of their IT resources from the cloud.
Learn More About JumpCloud
Contact JumpCloud to learn more about the Directory-as-a-Service platform. Sign up today and check it out for free. Your first ten users are free forever.