By Rajat Bhargava Posted November 21, 2016
Many organizations today don’t have Microsoft® Active Directory®. In fact, many of those that do are looking to replace Active Directory.
A question that frequently comes up for folks that either don’t have AD or are trying to migrate away from Active Directory is whether Azure® Active Directory® is an alternative. Unfortunately, it isn’t.
The Rise Of Active Directory
Let’s step back for a second and understand what Active Directory does and why it no longer is a good fit for IT organizations. A couple of decades ago, Tim Howes and his team invented LDAP, the most popular authentication protocol. It was a lighter weight way to confirm the identity of a user and grant them the proper access.
The open source LDAP protocol spawned the open source directory service, OpenLDAP™. Microsoft also got in the game with LDAP and by leveraging another protocol called Kerberos. Microsoft produced a solution called Active Directory, which was released in 1999 and quickly became the most dominant identity provider on the planet.
Active Directory was the market share leader for identity management for good reason. Most IT networks were dominated by Windows devices and applications. Data centers were largely hosted on-prem or via a VPN connection at another facility. Everything looked like one big network. We had words like WAN and LAN to describe things, but Active Directory was really managing an enclosed network.
IT Landscape Evolves, Leaves Active Directory Behind
As the world started to change over the past five to ten years, the downstream result was that AD was no longer as helpful to an organization. Cloud infrastructure, web applications, and the growth of Mac and Linux operating systems shifted the internal IT picture. Networks look substantially different when only one in five devices is Windows [Forbes]. Also, Active Directory is far less useful when it tries to manage non-Windows platforms and IT resources located in the cloud.
Azure Active Directory: Expectation vs. Reality
As a result, Active Directory is being replaced. “Azure Active Directory is the alternative” is the common refrain we hear. Unfortunately, the strategy for Azure AD is to be an adjunct to AD for the Azure platform. Organizations are still required to have AD on-prem and federate those identities into the cloud directory, Azure AD. If no Active Directory is available, IT admins can still leverage Azure AD as a local directory service for Azure. macOS and on-prem Windows and Linux devices aren’t able to be authenticated. Cloud infrastructure at AWS or Google Compute Engine is left out, as are on-prem applications.
In short, Azure Active Directory isn’t a central identity provider for an organization, but a local identity server for Azure.
Go Further, Faster With JumpCloud®
For many organizations, this is leading them to look for an Active Directory replacement. The most popular alternative is Directory-as-a-Service®. It functions as a unified cloud directory service that brings together on-prem and cloud environments to appear as one even when they aren’t on the same network or connected by VPNs. Cloud infrastructure at AWS®, Azure, Google Compute Engine, and others are seamlessly controlled and so are on-prem Mac®, Linux®, and Windows® desktops and laptops. Web or on-prem applications are centrally authenticated. WiFi authentication is seamless with the included cloud RADIUS infrastructure. Multi-factor authentication and other security features protect users and the devices and applications they utilize. In short, Directory-as-a-Service is Active Directory reimagined for the cloud era.
One Directory To Rule Them All®
If you would like to learn more about how JumpCloud’s cloud-hosted directory service can replace Active Directory or even be an alternative to Azure Active Directory, drop us a note. We’d be happy to walk you through the comparison and the pros and cons of our Identity-as-a-Service platform. Also, please feel free to give it a try yourself. Your first 10 users are free forever.