By Rajat Bhargava Posted June 18, 2014
When we spin up our first servers, we know it’s easy to manage users. Creating and removing users is only a couple of commands:
Adding a user:
Even easier to remove a user:
But, that’s not the issue. In the old days, servers were expensive commodities and we loaded them up with multiple tasks. If we were lucky, we could afford to have a single purpose per machine. In either case, there just weren’t as many server instances as there are today.
With amazing cloud providers, such as AWS, Digital Ocean, Google Compute Engine, Rackspace, and SoftLayer, companies are building out extensive server infrastructures. They can do it with API calls or just quickly clicking a few buttons. And, there’s the rub.
Common User Management Issues
Once you have even a modest number of servers, manually managing users becomes painful. Here are a few examples of the issues you’ll face manually managing users across a server fleet.
- Adding, deleting, and managing users across many servers in a controlled and granular way are all difficult tasks. This is especially relevant in the case of removing users because you have to know where they are, and that’s cumbersome – i.e. logging into each machine and checking.
- A deleted user’s files remain on the server, eating up valuable disk space and potentially creating security issues if they are allowed open access to confidential files.
- When adding a new user and password login is disallowed, the user must supply their public key(s) to their system admin. Consequently, that admin has to edit a file and put them into the correct location.
- If password login is used, once a user is added, you need to provide the password to the end user (ideally in a secure fashion, which can be difficult for users in different locations), for each server, and they have to go login and verify that they can get in. If they can’t, they have to call the sysadmin again and repeat the password process.
- If a user forgets their password, they have to go back to the system admin to reset it.
- If a user wants to rotate their SSH key, they have to login to every single server that holds their public key, edit a file to remove the old key, and add the new one.
- If an admin wants to give someone temporary access, they have to add the access, and then make sure to come back and remove it when their access expires.
- Forcing your users to reset their passwords everywhere in the case of a security breach is nearly impossible to do effectively.
These are just some of the significant problems that admins face when manually managing users. Ironically, doing this manually is actually less secure!
JumpCloud® User Management through Directory-as-a-Service®
Now, let’s take a look at how you would accomplish user management tasks with JumpCloud’s cloud directory service:
- Adding, deleting, managing users – Web-based point and click interface with the opportunity make bulk changes as needed. Also, you have a rich API that can do anything you can do from the UI through code.
- Setting up other service accounts – You can automatically create accounts in other services, like databases, just by adding a user to a server tag and running a command that is launched on user add.
- Cleaning up user data – Simply run a command when a user is deleted thanks to JumpCloud’s device management ability. Also, you can automatically archive their home directory and ship it to a backup server before removing it from the local server.
- Managing SSH access – it’s a snap. JumpCloud’s self-service portal allows users to upload their public keys. JumpCloud places the keys in the right spot on all of the right servers so your users have the right access – in seconds.
- Communicating passwords – as an admin, you are out of this loop. JumpCloud’s cloud directory service automatically interfaces with your users to securely allow them to set their passwords.
- Password reset – self serve! JumpCloud’s portal is available to your end users to reset their passwords.
- Rotate keys – users can rotate their keys through JumpCloud’s self-service portal. Admins can force rotation and password expiration on a set schedule.
- Temporary access – easy and simple. Just go into the JumpCloud interface and give somebody access for a limited amount of time. JumpCloud automatically disables the login after your specified time period.
Boom, it’s that easy. Point and click to manage users. Make changes in bulk and significant increases in security, since lack of user credential security is the number one reason organizations are breached!
JumpCloud Makes Manually Managing Users Across Servers Obsolete
Our goal is to connect your user identities to the resources they need. Centralized user management is one of the top items that sysadmins spend their time on. Let us help you make it more efficient and secure with an Identity-as-a-Service platform! Give JumpCloud a try for free and let us know what you think.