By Rajat Bhargava Posted March 25, 2016
As more organizations leverage Linux platforms, a core part of the administration process involves user management. One challenge with this is that servers are no longer always located on-prem. And if there is a core user directory, servers often cannot be connected to it. As more organizations leverage Google Apps and shift to the cloud, the core identity provider seldom manages Linux users. Luckily, a new generation of Directory-as-a-Service® platforms is making Linux user management simple.
Examining Linux User Management Options
Historically, sys admins and ops personnel have had a limited number of options – all of which have significant drawbacks. Let’s take a closer look at some of those options:
Manual user management
Most organizations manually manage users on Linux systems. Many organizations don’t have a core directory service, or their systems won’t talk to their cloud-based Linux systems; as a result, IT pros end up manually managing users on each system. When new users need to be added, the admin manually logs into each machine and creates their account. The same is true upon account termination. The challenges stretch beyond it being a laborious process: it is easy to neglect granting or terminating access. The manual approach is also more difficult to manage and audit.
Configuration management tools
The next step up from manual user management is leveraging configuration management tools such as Chef or Puppet. Many DevOps organizations are using configuration automation tools to automate their server infrastructure. Managing users is a part of that process. In fact, user access is scripted in the files. So, what’s the problem with this approach? User access requires admins to write code. Because the code generally increases in complexity as the user access complexity increases, admins will take the simple path of granting all users the same level of access. This process can work for small environments, but as environments increase in size and scope, user access becomes more granular, resulting in significantly more effort for IT.
Connecting to the core user directory
A third approach that organizations will take is to connect their Linux systems to their core user directory. If the user store is Microsoft Active Directory, there can be challenges in managing user access. With OpenLDAP, there are less significant hurdles, but then again, OpenLDAP is not often the core user directory for the whole organization. The result is multiple directory services.
It’s Time to Investigate Directory-as-a-Service
As sys admins and ops personnel think about how they will manage their Linux users, those are often their available options. However, a new option has recently emerged. Directory-as-a-Service is a cloud-based directory services platform that centralizes user management of Linux, Windows, and Mac platforms. It also acts as a True Single Sign-On solution, connecting users to their applications and networks as well.
If you would like to learn more about how you can more easily manage your Linux users, drop us a note. Or feel free to give JumpCloud’s Directory-as-a-Service a try. Your first 10 users are free forever.