By Rajat Bhargava Posted April 21, 2017
Many companies thought that they would never be able to replace Microsoft Active Directory®. However, the idea is not as far-fetched as you might think. In fact, replacing AD has been happening more and more these days. With cloud, mobile, and mixed platform environments, many IT admins have started asking why they should still be using Active Directory. This question is becoming quite common, so we are going to explore why it makes sense to be replacing Active Directory, and go through some of the options for different approaches.
The World is Moving On from Active Directory
Let’s start with why it makes sense to eliminate Active Directory from your network. If you are a cloud-forward organization and have a mixed platform environment, then it is very likely that Active Directory is managing a small piece of your overall infrastructure.
However, with the professional environment changing quickly, the percentage of your infrastructure that AD can manage has continued to shrink. Mac and Linux devices have become far more prevalent than ever before. Microsoft Exchange is being eliminated for Google Apps for Work and Office 365 (now called G Suite). Web applications have become the new norm. The data center is moving to the cloud with AWS and other Infrastructure-as-a-Service providers (e.g. Google Cloud, Digital Ocean, IBM Softlayer).
Additionally, security is more critical than ever and multi-factor authentication (MFA) is now vital in protecting identities. All of these shifts in the IT landscape are sending a signal to IT organizations that it is time to replace Active Directory for a more modern approach to identity management.
Replacing Active Directory
Of course it is easy to say we should eliminate Active Directory, but it’s more difficult to actually implement something better. When considering an alternative to Active Directory, each organization should look at what is critical for their environment. What is important for security, control, and end user productivity? This knowledge is what will drive the decision making on solutions.
There are largely three ways to replace AD.
#1 Manual Management
The first option for replacing Active Directory, is to configure and manage the directory function manually. In this case, this solution is usually employed by smaller organizations with a limited number of IT resources. Managing and paying for AD on an on-going basis doesn’t make sense for these small organizations. It may just be easier to manually manage everything. If you have a limited staff and set of IT resources, this can be more cost-effective and time efficient.
#2 Open Source Software
The second approach is to leverage open source software such as SAMBA, OpenLDAP, or FreeIPA. All of these solutions are free to use, but the implementation costs can be significant. All of them have strengths and weaknesses, but in general the knock on open source software is that it is painful to implement and manage. You need your own team that can understand the code and the changes that are made on a regular basis to ensure that it will all continue to function as updates are made. For certain situations, open source software can make sense, but for organizations that view identity management as a part of doing business it rarely makes sense to do it yourself.
The third option, and also the most popular, is to leverage Directory-as-a-Service®. This option is an independent cloud hosted directory service that works with Mac, Linux, Windows, AWS, GApps, O365, and much more. As a cloud identity management platform Directory-as-a-Service is protocol agnostic as well, supporting LDAP, SAML, RADIUS, SSH, and others. This Identity-as-a-Service platform can work from the cloud, for the cloud, or on-prem. It is the next generation of Active Directory and OpenLDAP reimagined for the cloud era.
If you would like to learn more about options for replacing Active Directory, drop us a note. Or, give JumpCloud’s unified cloud directory a try for yourself. Your first 10 users are free forever – no credit card required.