By Rajat Bhargava Posted May 29, 2015
JumpCloud bridges existing Active Directory user directories to cloud-based servers
For the past decade or more, and most especially in Microsoft-centric shops, the corporate user directory was and remains a critical piece of networking infrastructure, installed and managed exclusively on-premise. Systems like Microsoft’s Active Directory® (AD) or LDAP, the open source protocol Active Directory is loosely based upon, required dedicated machines with always-on SLAs and hardened systems for security needs as its purpose and importance is at the epicenter of every employee’s ability to access infrastructure in the enterprise (i.e. logging in to computers, system file servers, etc.). Directory implementations pre-dated cloud computing and therefore in many shops remain on-premise or directly managed colos (colocated servers), even as their companies move other pieces of infrastructure to cloud services like Amazon’s AWS, Rackspace and similar platforms. Employees must now be able to gain access to those systems, services, and infrastructure on those cloud platforms just as if it was on-premise.
Manage Cloud Services Manually?
Unfortunately, the current model to manage those cloud services is manual. Admins will either provision and de-provision user accounts manually, or they will be required to write and maintain scripts. Some organizations will rely on configuration automation solutions such as Chef or Puppet in order to run the scripts. In every one of these instances, it ends up being a process outside of the core directory. This means that changes in the main AD or LDAP directory are not propagated downstream to the cloud servers or cloud infrastructure services. This can, of course, create significant security risks in addition to being inefficient and disabling access to users.
Sysadmins know that this isn’t the preferred method of managing users, but there really aren’t a lot of great alternatives. IT admins generally like to lock down their user store, so connecting cloud-based servers to the on-prem user store is generally a non-starter. Additionally, many cloud servers are based on Linux and as a result are more challenging to connect with Microsoft Active Directory. So, admins are pushed in one direction, one that is time consuming and distracting from the core and important tasks they should be working on for their businesses – they end up having to manually manage their cloud server users.
User Management Solution
The solution to this problem is a core part of Directory-as-a-Service®. We know that an existing directory store may still have value, but extending it to handle modern cloud infrastructure is critical. Infrastructure-as-a-Service solutions are being used by many organizations, and controlling access through the existing central user store would be ideal. Unfortunately, as discussed above, that doesn’t happen, and that’s the problem that JumpCloud wants to solve. It should be simple and easy to leverage an existing directory to control access to Linux and Windows cloud servers. It should be easy to connect with LDAP enabled IT applications.
So, we built a bridge to connect existing Active Directory and LDAP implementations to cloud-based infrastructure. You simply install our lightweight agent on your AD or LDAP instance on-prem or wherever it is being managed. It securely syncs your user accounts with our cloud-based directory to provide access to your users need to any cloud-infrastructure. Your cloud-based servers either point to our LDAP user store to authenticate access agent-lessly or you can deploy our agent to do the same. Now, anytime you have a change in your central user directory those changes are mirrored to JumpCloud and subsequently to your cloud-based infrastructure. Everything is up-to-date and in-sync. Plus, you don’t need to expose your on-prem directory to the Internet.
The benefits of this model are that you can continue to leverage your existing directory, but get in on the benefits of cloud-based infrastructure. You get to keep that critical infrastructure safe by knowing exactly who has access, and you don’t need to do heavy lifting around changing your networking and security model. If extending your AD/LDAP instance to the cloud would help you gain more control over your IaaS, drop us a note and we’d be happy to help.