By Greg Keller Posted May 17, 2017
Just about every type of on-prem software is shifting to the cloud. But there has been one service that has remained stuck: directory services. The main culprit of this is Microsoft’s Active Directory®.
It has been widely believed that AD couldn’t move to the cloud (and Microsoft has reinforced this belief). The prevailing wisdom was that the on-prem domain controller needed to be, well, on-prem to control user access to the network and Windows® systems. Recently though, there has been a great deal of chatter about Microsoft AD in the cloud.
The talk around AD in the cloud started with the thought process that Active Directory could be hosted remotely at a data center. If there was a direct VPN connection from the on-prem office location to AD in the cloud, then authentications could pass over the network and be processed by the remote Active Directory server. Of course, this would add a bit of latency, but it would still be manageable.
The next generation of thought around AD in the cloud was to shift the Active Directory instance from the organization’s own data center to be a third party, perhaps multi-tenant instance. It would still be an Active Directory instance, but it would be delivered by a third party managed service provider. The IT organization could pay for the solution on a monthly basis, and the MSP could even have a multi-tenant type of solution. Of course, the VPN connection to the provider would need to remain, but the IT organization could shift the burden of managing the AD server to the MSP.
A Challenge AD can’t Overcome
As IT networks started to change and shift to WiFi and minimal on-prem resources, the idea of having hardware to manage the VPN became more of a stumbling block. IT admins wondered why they couldn’t just shift to an AD in the cloud, let their users be anywhere they needed to be, and allow their IT resources to be remote. Of course, they quickly realized that Active Directory wasn’t made for this approach. Users and IT resources being scattered all over the world without VPNs or networking wasn’t what the creators of AD had envisioned almost two decades ago when they introduced the product.
Furthermore, as IT organizations started to adopt mixed platform environments including Macs®, Linux® machines, AWS®, G Suite®, Office 365®, and many more, the challenges only increased. Microsoft® recognized some of these issues, and in response introduced Azure Active Directory®. But, Azure AD wasn’t Microsoft AD in the cloud. In fact, it wasn’t even a replacement to the on-prem Active Directory, but rather a complement. If IT organizations wanted AD in the cloud, they would need to look in a different direction.
The Active Directory Replacement
That direction is to a new generation of cloud identity management solutions, called Directory-as-a-Service®. Delivered from the cloud, this IDaaS product works across operating systems (Mac, Linux, Windows), platforms (AWS, G Suite, Office 365, etc.), a variety of protocols (LDAP, RADIUS, SAML, SSH, REST, and more), and cloud and on-prem IT resources. It really is the reimagination of Active Directory for the cloud era we are in now.
Learn More about Microsoft AD in the Cloud
If you would like to shift from Microsoft Active Directory to the cloud, drop us a note. We’d be happy to walk you through your options including Azure AD and Directory-as-a-Service. You’ll be able to easily compare and contrast the cloud identity management platforms, and learn which is right for you. Alternatively, feel free to sign-up for a JumpCloud® cloud directory service account. Your first 10 users are free forever.