By Vince Lujan Posted October 16, 2019
IT admins everywhere are reevaluating Microsoft® Active Directory® (AD). Although the legacy directory service has been a cornerstone in identity management for decades, a paradigm shift has occurred.
In short, IT organizations are no longer exclusively on-prem networks of Windows®-based resources. Consequently, IT admins are no longer interested in deploying a traditional on-prem solution in an attempt to manage them.
Fortunately, as the IT landscape shifts to the cloud, so too does identity and access management (IAM). Now, there are next-generation cloud identity management solutions that are effectively Active Directory and LDAP reimagined.
Why Reevaluate Active Directory?
Active Directory was designed to be the authoritative identity provider (IdP) for traditional Windows-based IT networks. This type of IT network was common in the late 1990s and early 2000s.
First introduced in 1999, AD quickly became the obvious choice for a directory services solution. The dominance of Windows justified the use of AD, and AD’s proprietary focus reinforced the desire for Windows solutions, creating a self-reinforcing cycle that was quite lucrative for Microsoft.
Nevertheless, the IT landscape started to change dramatically in the mid 2000s with the introduction of the cloud and non-Windows platforms. It began with web applications such as Salesforce® and Google Apps for Work (now called G Suite™). Then came an influx of macOS® and Linux® systems, cloud infrastructure, virtual file storage, and remote networks.
Non-Windows and cloud-based resources were difficult to manage directly with AD alone, but replacing the legacy platform wasn’t an option at the time. As a result, IT admins were forced to compensate for AD’s shortcomings with numerous third-party, add-on solutions.
Initially, with a small number of non-Windows or cloud resources, the add-on approach seemed doable, which is why it became the de facto standard. After all, admins could still use AD to manage the majority of their IT network, as it was still primarily Windows-based, and only purchase directory extensions for the handful of non-Windows resources they needed to reach.
Yet, as the disparities in the IT landscape evolved, more add-ons were required. Inevitably, the Windows-centric focus that once gave AD an advantage became its Achilles heel. With so many non-Windows and cloud resources in use today, well, IT admins are reevaluating Active Directory.
Evaluating an AD Alternative
With a new thought process toward Active Directory, IT admins are stepping back and creating a set of requirements for their next generation approach to identity management. The following are some of the key considerations.
Is it cloud-based?
IT admins want to reduce the cost and management overhead required to both implement and maintain their on-prem identity management infrastructure by shifting to the cloud. Not only that, but they want to shift the responsibility of continually updating and securing the solution to a third-party provider.
Does it connect to everything?
IT admins must be able to connect users to whatever they need, regardless of the platform, provider, protocol, or location. That means Windows, macOS, and Linux systems; web and on-prem applications via SAML and LDAP; physical and virtual file storage; and WiFi and VPN networks via RADIUS — without the help of third-party tools.
Can I manage system policies?
A key feature of the AD platform with respect to system management has been Group Policy Objects (GPOs). Although traditional GPOs are a proprietary AD feature, an alternative should offer an analogue, preferably for Windows, macOS, and Linux.
Is it secure?
With a move away from the traditional perimeter-based security of the domain-bound model, IT admins need a solution that supports their Zero Trust Security model and mobile workforce. A next generation alternative should be future-proof in that regard and not limiting admins to the traditional domain.
Is it cost effective?
Traditional AD deployments are notoriously expensive to implement and maintain due to the need for on-prem hardware, data centers, and updates. Ideally, an alternative would save time and money without sacrificing critical functionality.
Learn More About JumpCloud
Fortunately, JumpCloud® Directory-as-a-Service® was designed for this exact use case. JumpCloud has the ability to modernize directory services in a number of ways:
- If you don’t have a directory, simply implement Directory-as-a-Service and manage your network today.
- If you still need Active Directory, the JumpCloud AD Integration functionality can help you extend AD like a swiss army knife for your legacy infrastructure.
- If you still have AD, but want to replace it, leverage the JumpCloud AD Migration guide and utilities to import your existing directory database into the DaaS platform, and never look back.