Redefining Directory Services

Written by Rajat Bhargava on May 4, 2016

Share This Article

The rapidly changing IT industry is hard to keep up with. There are only a few things that have remained the same over time. More and more frequently, parts of the IT industry are becoming obsolete, while others morph into new and updated versions of themselves. It is interesting to note that the directory services category has stayed largely unchanged over the last fifteen years. However, in the last few years, a new era of cloud-based directory services solutions have been changing the landscape. These solutions known as Identity-as-a-Service are redefining directory services for the cloud era.

In the Beginning

The onset of directory services really began with Microsoft’s introduction of Active Directory in 1999. Prior to that, there were a few solutions that helped to control user access, but it wasn’t until Microsoft released Active Directory (AD) that it became ubiquitous. The reason for this was because of Microsoft’s Windows undisputed dominance of  the industry. At that time, IT networks were almost exclusively Windows devices and applications. Therefore, it made sense for Microsoft to build a user directory service to centrally manage access. AD was based on the open source LDAP protocol and leveraged Kerberos for authentication services. The benefit of this approach was that AD, along with the domain controller, enabled single sign-on access for the user. This era of directory services was largely simple and had three distinct benefits: a single operating system platform all hosted securely behind the firewall, the ability for IT admins to centrally control user access, and the fact that all the user needed to remember was a single login.

Moving Away from Microsoft AD

This model started to break down in the mid-2000s for a number of reasons. The advent of a number of IT technologies and new solutions changed the face of identity management in many organizations. Web applications began appearing with the introduction of Salesforce and Google Apps, among others. These services weren’t on-premises and, as a result, required a new and different approach to connecting to the core user directory. This innovation was a new category called web app SSO. The new solution connected to the core user directory to federate identities to web applications. The resurgence of Apple introduced more Macs into the IT environment and, of course, the steady rise of Linux created a mixed operating system situation. Since AD didn’t support alternate platforms very well, a new category called directory extensions appeared. Add the management of cloud server infrastructure and multi-factor access and it becomes a very different identity management architecture. The core is still the directory service, but now there is a suite of solutions supporting the shortcomings of AD.

Fixing the Problem

For a while now, because AD has been so entrenched, IT admins have just lived with these shortcomings. They were forced to bolster the pieces that need to be supported with other complementary solutions. It wasn’t until Directory-as-a-Service® appeared that a dramatic change in the definition of directory services occurred. Instead of viewing the directory as a user database for a single platform or protocol, cloud directory services are tasked with securely connecting users with the IT resources they require, regardless of platform type, location, or protocol. Today’s modern organization is far more complex and cloud forward than in the past. The modern directory services is delivered as an SaaS-based platform and connects and manages Windows, Mac, and Linux platforms. It handles single sign-on to web-based SAML applications and on-premises LDAP apps as well. Solutions such as Google Apps are seamlessly integrated into the platform as well as authentication to the WiFi network. Due to the significant changes in the security environment, multi-factor authentication needs to be an included part of the directory service. Directory-as-a-Service platforms are integrating a variety of different identity management categories into one comprehensive Identity-as-a-Service platform.

Directory services is no longer just an on-premises solution for Windows networks. The new generation of directory service is cloud-based, independent, and highly secure. If you would like to learn more about how you can leverage a cloud-based directory service, drop us a note. Or, feel free to give JumpCloud’s Directory-as-a-Service a try for yourself. Your first 10 users are free forever.

Continue Learning with our Newsletter