By Rajat Bhargava Posted June 13, 2017
A common challenge that we hear from DevOps organizations is that they are often struggling to create a single identity for their technical personnel in the organization. AWS requires a unique account, GitHub requires a unique account, and in most cases these accounts are different than your G Suite or Office 365 logins. On top of that, your developer’s laptop or desktop has a different set of credentials as well. Many IT admins have started to ask the question: “How can I give my technical staff one identity for all of their DevOps functions?”
Challenges for DevOps Engineers
As most IT and engineers know, the complexity of managing a DevOps organization and the technical infrastructure that goes along with it can be staggering. As organizations grow, their IT infrastructure can scale far ahead of their headcount growth. Plus, these systems are no longer located solely on-prem and within easy reach. They aren’t from the same vendor and based on the same platforms. There isn’t one person to call when there is a problem. This environment is causing modern DevOps teams to need to manage a wide variety of infrastructure resources.
Another major part of the DevOps organization’s charter is to focus on security. Ensuring that their systems are protected and their users are secure is of paramount importance. A key part of that process is controlling the user identities across all of the DevOps systems including infrastructure like AWS, source code repositories at GitHub, monitoring systems such as Nagios or NewRelic, storage systems on-prem or in the cloud, and networking gear among any number of other systems. Unfortunately, today’s current model requires DevOps engineers and IT admins to manage many of these user accounts separately. Add in a growing organization and infrastructure, and the amount of time – and risk – being spent on identity management is far too high.
Many DevOps engineers have been searching for a better way to manage all of the different identities that their team has. Traditional approaches to the problem have largely focused on manual user management, config management solutions such as Chef, Puppet, Salt, or Ansible, or the legacy directory services approach with OpenLDAP™ or Microsoft Active Directory®. None of these approaches have achieved the goal of having one identity for each person though. This leads to greater risk, more work, and less automation.
DevOps Management Solutions
A new approach to identity management is solving this problem. Through a cloud identity management solution called Directory-as-a-Service®, DevOps organizations are centralizing their IAM (identity and access management) function into a cloud based directory service. The novel approach of this virtual identity provider is to create one identity that cuts across platforms (Windows, Mac, Linux), providers (AWS, Google Cloud, Azure, G Suite, etc.), protocols (LDAP, SAML, RADIUS, and many others), and locations (cloud, on-prem, remote). This approach to identity management centralizes control and eases the implementation approach for DevOps organizations.
A central identity provider in the cloud helps IT and DevOps organizations automate many of their one-off identity management processes. Consolidating to one identity also increases security (with strong passwords, SSH keys, and multi-factor authentication) and enables DevOps organizations to leverage the platforms that are right for their organization. You won’t be locked in to Google Cloud, AWS, G Suite, or Microsoft – instead, you’ll choose the platforms that are best for your organization, but still leverage one cloud directory.
One Identity for DevOps
If you would like to learn more about creating one identity with JumpCloud for each of your technical personnel that can cut across AWS, GitHub, Jenkins, Docker, and more, reach out to us directly. We’d be happy to talk with you about the benefits a centralized cloud directory can have for your IT and DevOps organization. Give our cloud directory a try for yourself – your first 10 users are free forever.