By Zach DeMeyer Posted September 26, 2019
What does the next generation of directory services look like? The directory service is a long-venerated tool of IT organizations, but recent shifts in the general IT landscape have opened up new possibilities for directory services. The next generation of directory services is more powerful, more adaptable, and better suited to modern IT.
Directory Services, Past and Present
The traditional directory service, most often Microsoft® Active Directory®, has served as the identity and access management (IAM) backbone for IT organizations worldwide. Active Directory (AD) was optimized for use in on-prem, Windows® OS-driven environments, making it a powerful force in the average office of yesteryear.
When AD wasn’t in use, IT organizations usually turned to an LDAP server for their IAM needs. Like AD (which also leverages LDAP), LDAP is aimed toward facilitating on-prem identity management, but doesn’t feature any system management capabilities like those of AD (Windows-based system management in AD’s case). Regardless, LDAP and AD have provided IT organizations with solid IAM for many years.
While this was an ideal scenario for most companies in the year 2000, the modern IT landscape has changed dramatically. Many organizations are opting to utilize cloud applications and infrastructure as their core work resources, forgoing on-prem tools of similar ilk. While Windows still holds the lion’s share of the OS market, macOS® and Linux® are rapidly gaining popularity as well.
Although it’s great at what it does, AD struggles to deal with these encroaching innovations, and, as such, presents IT organizations with a bit of a conundrum. Many organizations are deeply rooted in their AD instance, so seeking another option is somewhat out of the question. So, these organizations have had to turn to third-party tools, the most notable being web application single sign-on (SSO) solutions and identity bridges, to propagate their AD identities to cloud and/or non-Windows resources.
The Next Generation of Directory Services
IT admins with a more holistic view have seen the state of present day IT / identity and access management (IAM) and are curious about what they can do to modernize their directory service. Just as applications, infrastructure, and more have shifted to the cloud, a cloud directory service seems inevitable as the next generation of directory services. As it stands currently, there are three main ways IT organizations can integrate a cloud directory service into their environment.
Create a New Directory Service Instance
Many small businesses have not even considered the use of a directory service at all, or perhaps the task of setting one up on-prem is too daunting / expensive. These organizations can (and probably should) look into using a cloud directory service to begin managing their users, assets, networks, and more IT resources as they begin to scale.
Using a cloud directory service allows admins to leverage the abilities of a solution like AD or LDAP without any of the required infrastructure on-prem. Beyond that, there are cloud directory service options that aren’t associated with any particular OS vendor or protocol as the legacy solutions are. This means that they can provide more unified system management capabilities for heterogeneous system fleets as well as connect users to a wide range of IT resources.
Extend Active Directory
A cloud directory service can take the place of the slew of add-on tooling (i.e. SSO, identity bridges, MFA, governance, etc.) that organizations require to extend their AD identities to the cloud. With a cloud directory service, organizations cut down on the various costs of AD add-ons, as well as the overhead required to implement them. That way, they can still achieve the same level of functionality without breaking the bank, and most importantly, without having to completely restructure their pre-existing identities and IAM. The other side benefit is that they start migrating their core IT infrastructure to the cloud, taking advantage of those benefits.
Replace Active Directory
There are, of course, some organizations that are deeply rooted in AD, but wish to migrate completely to the cloud. Using a cloud directory service allows organizations to achieve much of the same functionality as their old directory service, but without many of the commonly faced hassles.
A cloud directory service automatically propagates identities to applications and infrastructure, while also managing users, systems, networks, and more. Since it is leveraged from the cloud, no physical hardware is needed, and access control is all centralized in a single browser-based admin console.
Learn More about Cloud Directory Services
The choice of these three options ultimately boils down to your organization’s situation and needs. If you would like some help evaluating your next generation directory services requirements, you can reach out to us. We’d be happy to assist you.